-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.html
More file actions
706 lines (597 loc) · 83.7 KB
/
index.html
File metadata and controls
706 lines (597 loc) · 83.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
<!DOCTYPE html><html lang="zh-CN" data-theme="light"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no"><title>Sword的博客 - 本人很菜,希望各位师傅多多指教!</title><meta name="author" content="Sword,[email protected]"><meta name="referrer" content="no-referrer"><meta name="copyright" content="Sword"><meta name="format-detection" content="telephone=no"><meta name="theme-color" content="#f7f9fe"><meta name="mobile-web-app-capable" content="yes"><meta name="apple-touch-fullscreen" content="yes"><meta name="apple-mobile-web-app-title" content="Sword的博客"><meta name="application-name" content="Sword的博客"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-status-bar-style" content="#f7f9fe"><meta property="og:type" content="website"><meta property="og:title" content="Sword的博客"><meta property="og:url" content="https://www.sword-blogs.com/index.html"><meta property="og:site_name" content="Sword的博客"><meta property="og:description"><meta property="og:locale" content="zh-CN"><meta property="og:image" content="https://gitee.com/jianhao_com/picture/raw/master/202309171732810.jpg"><meta property="article:author" content="Sword"><meta property="article:tag"><meta name="twitter:card" content="summary"><meta name="twitter:image" content="https://gitee.com/jianhao_com/picture/raw/master/202309171732810.jpg"><meta name="description"><link rel="shortcut icon" href="/favicon.ico"><link rel="canonical" href="https://www.sword-blogs.com/"><link rel="preconnect" href="//npm.elemecdn.com"/><link rel="preconnect" href="//npm.onmicrosoft.cn"/><link rel="preconnect" href="//www.google-analytics.com" crossorigin=""/><link rel="preconnect" href="//hm.baidu.com"/><link rel="preconnect" href="//static.cloudflareinsights.com"/><link rel="preconnect" href="//busuanzi.ibruce.info"/><meta name="google-site-verification" content="xxx"/><meta name="baidu-site-verification" content="code-xxx"/><meta name="msvalidate.01" content="xxx"/><link rel="stylesheet" href="/css/index.css"><link rel="stylesheet" href="https://cdn.cbd.int/[email protected]/dist/snackbar.min.css" media="print" onload="this.media='all'"><link rel="stylesheet" href="https://cdn.cbd.int/@fancyapps/[email protected]/dist/fancybox/fancybox.css" media="print" onload="this.media='all'"><link rel="stylesheet" href="https://npm.elemecdn.com/[email protected]/swiper/swiper.min.css" media="print" onload="this.media='all'"><script>var _hmt = _hmt || [];
(function() {
var hm = document.createElement("script");
hm.src = "https://hm.baidu.com/hm.js?49826c029b45e95b46e42916731950d0";
var s = document.getElementsByTagName("script")[0];
s.parentNode.insertBefore(hm, s);
})();
</script><script async="async" src="https://www.googletagmanager.com/gtag/js?id=G-HNTE78TTVF"></script><script>window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-HNTE78TTVF');
</script><script defer="defer" data-pjax="data-pjax" src="https://static.cloudflareinsights.com/beacon.min.js" data-cf-beacon="{"token": "ed2fac49b5d345a0a5d56d551aafb3aa"}"></script><script>const GLOBAL_CONFIG = {
linkPageTop: undefined,
peoplecanvas: {"enable":true,"img":"https://upload-bbs.miyoushe.com/upload/2023/09/03/125766904/ee23df8517f3c3e3efc4145658269c06_5714860933110284659.png"},
postHeadAiDescription: {"enable":true,"gptName":"AnZhiYu","mode":"local","switchBtn":false,"btnLink":"https://afdian.net/item/886a79d4db6711eda42a52540025c377","randomNum":3,"basicWordCount":1000,"key":"xxxx","Referer":"https://xx.xx/"},
diytitle: {"enable":true,"leaveTitle":"w(゚Д゚)w 不要走!再看看嘛!","backTitle":"♪(^∇^*)欢迎肥来!"},
LA51: undefined,
greetingBox: {"enable":true,"default":"晚上好👋","list":[{"greeting":"该睡觉了,大半夜的别卷了!!!😴","startTime":0,"endTime":5},{"greeting":"早上好鸭👋, 祝你一天好心情!","startTime":6,"endTime":9},{"greeting":"上午好👋, 状态很好,鼓励一下~","startTime":10,"endTime":10},{"greeting":"11点多啦, 在坚持一下就吃饭啦~","startTime":11,"endTime":11},{"greeting":"午安👋, 宝贝","startTime":12,"endTime":14},{"greeting":"🌈充实的一天辛苦啦!","startTime":14,"endTime":18},{"greeting":"19点喽, 奖励一顿丰盛的大餐吧🍔。","startTime":19,"endTime":19},{"greeting":"晚上好👋, 在属于自己的时间好好放松😌~","startTime":20,"endTime":24}]},
twikooEnvId: '',
commentBarrageConfig:undefined,
root: '/',
preloader: {"source":3},
friends_vue_info: undefined,
navMusic: true,
mainTone: undefined,
authorStatus: {"skills":null},
algolia: undefined,
localSearch: {"path":"/search.xml","preload":true,"languages":{"hits_empty":"找不到您查询的内容:${query}"}},
translate: {"defaultEncoding":2,"translateDelay":0,"msgToTraditionalChinese":"繁","msgToSimplifiedChinese":"简","rightMenuMsgToTraditionalChinese":"转为繁体","rightMenuMsgToSimplifiedChinese":"转为简体"},
noticeOutdate: {"limitDay":365,"position":"top","messagePrev":"It has been","messageNext":"days since the last update, the content of the article may be outdated."},
highlight: {"plugin":"highlighjs","highlightCopy":true,"highlightLang":true,"highlightHeightLimit":330},
copy: {
success: '复制成功',
error: '复制错误',
noSupport: '浏览器不支持'
},
relativeDate: {
homepage: true,
simplehomepage: false,
post: true
},
runtime: '天',
date_suffix: {
just: '刚刚',
min: '分钟前',
hour: '小时前',
day: '天前',
month: '个月前'
},
copyright: {"copy":true,"copyrightEbable":false,"limitCount":50,"languages":{"author":"作者: Sword","link":"链接: ","source":"来源: Sword的博客","info":"著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。","copySuccess":"复制成功,复制和转载请标注本文地址"}},
lightbox: 'fancybox',
Snackbar: {"chs_to_cht":"你已切换为繁体","cht_to_chs":"你已切换为简体","day_to_night":"你已切换为深色模式","night_to_day":"你已切换为浅色模式","bgLight":"#425AEF","bgDark":"#1f1f1f","position":"top-center"},
source: {
justifiedGallery: {
css: 'https://cdn.cbd.int/[email protected]/dist/fjGallery.css'
}
},
isPhotoFigcaption: false,
islazyload: true,
isAnchor: true,
shortcutKey: {"enable":true,"delay":100,"shiftDelay":200},
autoDarkmode: true
}</script><script id="config-diff">var GLOBAL_CONFIG_SITE = {
configTitle: 'Sword的博客',
title: 'Sword的博客',
postAI: '',
pageFillDescription: '',
isPost: false,
isHome: true,
isHighlightShrink: false,
isToc: false,
postUpdate: '2023-09-21 21:49:15',
postMainColor: '',
}</script><noscript><style type="text/css">
#nav {
opacity: 1
}
.justified-gallery img {
opacity: 1
}
#recent-posts time,
#post-meta time {
display: inline !important
}
</style></noscript><script>(win=>{
win.saveToLocal = {
set: (key, value, ttl) => {
if (ttl === 0) return
const now = Date.now()
const expiry = now + ttl * 86400000
const item = {
value,
expiry
}
localStorage.setItem(key, JSON.stringify(item))
},
get: key => {
const itemStr = localStorage.getItem(key)
if (!itemStr) {
return undefined
}
const item = JSON.parse(itemStr)
const now = Date.now()
if (now > item.expiry) {
localStorage.removeItem(key)
return undefined
}
return item.value
}
}
win.getScript = (url, attr = {}) => new Promise((resolve, reject) => {
const script = document.createElement('script')
script.src = url
script.async = true
script.onerror = reject
script.onload = script.onreadystatechange = function() {
const loadState = this.readyState
if (loadState && loadState !== 'loaded' && loadState !== 'complete') return
script.onload = script.onreadystatechange = null
resolve()
}
Object.keys(attr).forEach(key => {
script.setAttribute(key, attr[key])
})
document.head.appendChild(script)
})
win.getCSS = (url, id = false) => new Promise((resolve, reject) => {
const link = document.createElement('link')
link.rel = 'stylesheet'
link.href = url
if (id) link.id = id
link.onerror = reject
link.onload = link.onreadystatechange = function() {
const loadState = this.readyState
if (loadState && loadState !== 'loaded' && loadState !== 'complete') return
link.onload = link.onreadystatechange = null
resolve()
}
document.head.appendChild(link)
})
win.activateDarkMode = () => {
document.documentElement.setAttribute('data-theme', 'dark')
if (document.querySelector('meta[name="theme-color"]') !== null) {
document.querySelector('meta[name="theme-color"]').setAttribute('content', '#18171d')
}
}
win.activateLightMode = () => {
document.documentElement.setAttribute('data-theme', 'light')
if (document.querySelector('meta[name="theme-color"]') !== null) {
document.querySelector('meta[name="theme-color"]').setAttribute('content', '#f7f9fe')
}
}
const t = saveToLocal.get('theme')
const isDarkMode = window.matchMedia('(prefers-color-scheme: dark)').matches
const isLightMode = window.matchMedia('(prefers-color-scheme: light)').matches
const isNotSpecified = window.matchMedia('(prefers-color-scheme: no-preference)').matches
const hasNoSupport = !isDarkMode && !isLightMode && !isNotSpecified
if (t === undefined) {
if (isLightMode) activateLightMode()
else if (isDarkMode) activateDarkMode()
else if (isNotSpecified || hasNoSupport) {
const now = new Date()
const hour = now.getHours()
const isNight = hour <= 6 || hour >= 18
isNight ? activateDarkMode() : activateLightMode()
}
window.matchMedia('(prefers-color-scheme: dark)').addListener(e => {
if (saveToLocal.get('theme') === undefined) {
e.matches ? activateDarkMode() : activateLightMode()
}
})
} else if (t === 'light') activateLightMode()
else activateDarkMode()
const asideStatus = saveToLocal.get('aside-status')
if (asideStatus !== undefined) {
if (asideStatus === 'hide') {
document.documentElement.classList.add('hide-aside')
} else {
document.documentElement.classList.remove('hide-aside')
}
}
const detectApple = () => {
if(/iPad|iPhone|iPod|Macintosh/.test(navigator.userAgent)){
document.documentElement.classList.add('apple')
}
}
detectApple()
})(window)</script><meta name="generator" content="Hexo 6.3.0"></head><body data-type="anzhiyu"><div id="web_bg"></div><div id="an_music_bg"></div><div id="loading-box" onclick="document.getElementById("loading-box").classList.add("loaded")"><div class="loading-bg"><img class="loading-img nolazyload" alt="加载头像" src="https://gitee.com/jianhao_com/picture/raw/master/202309171732810.jpg"/><div class="loading-image-dot"></div></div></div><script>const preloader = {
endLoading: () => {
document.getElementById('loading-box').classList.add("loaded");
},
initLoading: () => {
document.getElementById('loading-box').classList.remove("loaded")
}
}
window.addEventListener('load',()=> { preloader.endLoading() })
setTimeout(function(){preloader.endLoading();},10000)
if (true) {
document.addEventListener('pjax:send', () => { preloader.initLoading() })
document.addEventListener('pjax:complete', () => { preloader.endLoading() })
}</script><link rel="stylesheet" href="https://cdn.cbd.int/[email protected]/progress_bar/progress_bar.css"/><script async="async" src="https://cdn.cbd.int/[email protected]/pace.min.js" data-pace-options="{ "restartOnRequestAfter":false,"eventLag":false}"></script><div class="page" id="body-wrap"><header class="not-top-img" id="page-header"><nav id="nav"><div id="nav-group"><span id="blog_name"><a id="site-name" href="/" accesskey="h"><div class="title">Sword的博客</div><i class="anzhiyufont anzhiyu-icon-house-chimney"></i></a></span><div class="mask-name-container"><div id="name-container"><a id="page-name" href="javascript:anzhiyu.scrollToDest(0, 500)">PAGE_NAME</a></div></div><div id="menus"><div class="menus_items"><div class="menus_item"><a class="site-page faa-parent animated-hover" href="/archives/"><span> 隧道</span></a></div><div class="menus_item"><a class="site-page faa-parent animated-hover" href="/categories/"><span> 分类</span></a></div><div class="menus_item"><a class="site-page faa-parent animated-hover" href="/tags/"><span> 标签</span></a></div><div class="menus_item"><a class="site-page faa-parent animated-hover" href="/comments/"><span> 留言板</span></a></div><div class="menus_item"><a class="site-page faa-parent animated-hover" href="/music/"><span> 音乐馆</span></a></div><div class="menus_item"><a class="site-page faa-parent animated-hover" href="/about/"><span> 关于本人</span></a></div><div class="menus_item"><a class="site-page faa-parent animated-hover" href="javascript:toRandomPost()"><span> 随便逛逛</span></a></div></div></div><div id="nav-right"><div class="nav-button" id="randomPost_button"><a class="site-page" onclick="toRandomPost()" title="随机前往一个文章" href="javascript:void(0);"><i class="anzhiyufont anzhiyu-icon-dice"></i></a></div><div class="nav-button" id="search-button"><a class="site-page social-icon search" href="javascript:void(0);" title="搜索🔍" accesskey="s"><i class="anzhiyufont anzhiyu-icon-magnifying-glass"></i><span> 搜索</span></a></div><input id="center-console" type="checkbox"/><label class="widget" for="center-console" title="中控台" onclick="anzhiyu.switchConsole();"><i class="left"></i><i class="widget center"></i><i class="widget right"></i></label><div id="console"><div class="console-card-group-reward"><ul class="reward-all console-card"><li class="reward-item"><a href="https://npm.elemecdn.com/[email protected]/img/post/common/qrcode-weichat.png" target="_blank"><img class="post-qr-code-img" alt="微信" src= "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" onerror="this.onerror=null,this.src="/img/404.jpg"" data-lazy-src="https://npm.elemecdn.com/[email protected]/img/post/common/qrcode-weichat.png"/></a><div class="post-qr-code-desc">微信</div></li><li class="reward-item"><a href="https://npm.elemecdn.com/[email protected]/img/post/common/qrcode-alipay.png" target="_blank"><img class="post-qr-code-img" alt="支付宝" src= "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" onerror="this.onerror=null,this.src="/img/404.jpg"" data-lazy-src="https://npm.elemecdn.com/[email protected]/img/post/common/qrcode-alipay.png"/></a><div class="post-qr-code-desc">支付宝</div></li></ul></div><div class="console-card-group"><div class="console-card-group-left"><div class="console-card" id="card-newest-comments"><div class="card-content"><div class="author-content-item-tips">互动</div><span class="author-content-item-title"> 最新评论</span></div><div class="aside-list"><span>正在加载中...</span></div></div></div><div class="console-card-group-right"><div class="console-card tags"><div class="card-content"><div class="author-content-item-tips">兴趣点</div><span class="author-content-item-title">寻找你感兴趣的领域</span><div class="card-tags"><div class="item-headline"></div><div class="card-tag-cloud"><a href="/tags/qsnctf/" style="font-size: 1.05rem;">qsnctf<sup>1</sup></a><a href="/tags/web/" style="font-size: 1.05rem;">web<sup>1</sup></a></div></div><hr/></div></div><div class="console-card history"><div class="item-headline"><i class="anzhiyufont anzhiyu-icon-box-archiv"></i><span>文章</span></div><div class="card-archives"><div class="item-headline"><i class="anzhiyufont anzhiyu-icon-archive"></i><span>归档</span></div><ul class="card-archive-list"><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/09/"><span class="card-archive-list-date">九月 2023</span><div class="card-archive-list-count-group"><span class="card-archive-list-count">2</span><span>篇</span></div></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/08/"><span class="card-archive-list-date">八月 2023</span><div class="card-archive-list-count-group"><span class="card-archive-list-count">3</span><span>篇</span></div></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/07/"><span class="card-archive-list-date">七月 2023</span><div class="card-archive-list-count-group"><span class="card-archive-list-count">1</span><span>篇</span></div></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/05/"><span class="card-archive-list-date">五月 2023</span><div class="card-archive-list-count-group"><span class="card-archive-list-count">1</span><span>篇</span></div></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/03/"><span class="card-archive-list-date">三月 2023</span><div class="card-archive-list-count-group"><span class="card-archive-list-count">1</span><span>篇</span></div></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2022/12/"><span class="card-archive-list-date">十二月 2022</span><div class="card-archive-list-count-group"><span class="card-archive-list-count">1</span><span>篇</span></div></a></li></ul></div><hr/></div></div></div><div class="button-group"><div class="console-btn-item"><a class="darkmode_switchbutton" title="显示模式切换" href="javascript:void(0);"><i class="anzhiyufont anzhiyu-icon-moon"></i></a></div><div class="console-btn-item" id="consoleHideAside" onclick="anzhiyu.hideAsideBtn()" title="边栏显示控制"><a class="asideSwitch"><i class="anzhiyufont anzhiyu-icon-arrows-left-right"></i></a></div><div class="console-btn-item on" id="consoleCommentBarrage" onclick="anzhiyu.switchCommentBarrage()" title="热评开关"><a class="commentBarrage"><i class="anzhiyufont anzhiyu-icon-message"></i></a></div><div class="console-btn-item" id="consoleMusic" onclick="anzhiyu.musicToggle()" title="音乐开关"><a class="music-switch"><i class="anzhiyufont anzhiyu-icon-music"></i></a></div><div class="console-btn-item" id="consoleKeyboard" onclick="anzhiyu.keyboardToggle()" title="快捷键开关"><a class="keyboard-switch"><i class="anzhiyufont anzhiyu-icon-keyboard"></i></a></div></div><div class="console-mask" onclick="anzhiyu.hideConsole()" href="javascript:void(0);"></div></div><div class="nav-button" id="nav-totop"><a class="totopbtn" href="javascript:void(0);"><i class="anzhiyufont anzhiyu-icon-arrow-up"></i><span id="percent" onclick="anzhiyu.scrollToDest(0,500)">0</span></a></div><div id="toggle-menu"><a class="site-page" href="javascript:void(0);" title="切换"><i class="anzhiyufont anzhiyu-icon-bars"></i></a></div></div></div></nav></header><main id="blog-container"><div id="home_top"><div class="swiper_container_card" style="height: auto;width: 100%"><div id="bannerGroup"><div id="random-banner"><canvas id="peoplecanvas"></canvas><a id="random-hover" href="javascript:toRandomPost()"><i class="anzhiyufont anzhiyu-icon-paper-plane"></i><div class="bannerText">随便逛逛<i class="anzhiyufont anzhiyu-icon-arrow-right"></i></div></a></div><div class="categoryGroup"><div class="categoryItem" style="box-shadow:var(--anzhiyu-shadow-blue)"><a class="categoryButton blue" onclick="pjax.loadUrl("/categories/漏洞复现/");" href="javascript:void(0);"><span class="categoryButtonText">漏洞复现</span><i class="anzhiyufont anzhiyu-icon-dove"></i></a></div><div class="categoryItem" style="box-shadow:var(--anzhiyu-shadow-red)"><a class="categoryButton red" onclick="pjax.loadUrl("/categories/CTF/");" href="javascript:void(0);"><span class="categoryButtonText">CTF</span><i class="anzhiyufont anzhiyu-icon-fire"></i></a></div><div class="categoryItem" style="box-shadow:var(--anzhiyu-shadow-green)"><a class="categoryButton green" onclick="pjax.loadUrl("/categories/vulnhub靶机/");" href="javascript:void(0);"><span class="categoryButtonText">vulnhub靶机</span><i class="anzhiyufont anzhiyu-icon-book"></i></a></div></div></div><div id="swiper_container_blog"><div class="blog-slider swiper-container-fade swiper-container-horizontal" id="swiper_container"><div class="blog-slider__wrp swiper-wrapper" style="transition-duration: 0ms;"><div class="blog-slider__item swiper-slide" style="width: 750px; opacity: 1; transform: translate3d(0px, 0px, 0px); transition-duration: 0ms;"><a class="blog-slider__img" href="2022/12/27/hello-world/" title="博客自述"><img width="48" height="48" src= "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" onerror="this.onerror=null,this.src="/img/404.jpg"" data-lazy-src="https://gitee.com/jianhao_com/picture/raw/master/202309170441234.png?_r_=65fa27f5-274e-e1cb-f2b8-49e4b2eae304" alt="图片" onerror="this.src=undefined; this.onerror = null;"></a><div class="blog-slider__content"><span class="blog-slider__code">2022-12-27</span><a class="blog-slider__title" href="2022/12/27/hello-world/" alt="博客自述">博客自述</a><div class="blog-slider__text">由于博主很穷,兜比脸干净,所以主打的就是一个白嫖
博客是用GitHub+hexo搭建,图传用的是PicGo+Github+Gitee
hexo主题用的是安知鱼
hexo地址:https://hexo.io/zh-cn/
安知鱼下载地址:anzhiyu-c&#x2F;hexo-theme-anzhiyu: 这是一个简洁美丽的hexo主题。 (github.com)
安知鱼使用文档:安知鱼主题官方文档 | 一个简洁、美丽的静态hexo主题 (anheyu.com)
由于各种白嫖,所以访问速度很慢,图片经常出现加载不出来的情况,各位大佬见谅,如遇到图片没有加载请多刷新几次页面!
</div><a class="blog-slider__button" href="2022/12/27/hello-world/" alt="博客自述">详情 </a></div></div><div class="blog-slider__item swiper-slide" style="width: 750px; opacity: 1; transform: translate3d(0px, 0px, 0px); transition-duration: 0ms;"><a class="blog-slider__img" href="2023/05/12/CTF/青少年CTF-B2-PHP特性练习/" title="青少年CTF-B2-PHP特性练习01-04"><img width="48" height="48" src= "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" onerror="this.onerror=null,this.src="/img/404.jpg"" data-lazy-src="https://gitee.com/jianhao_com/picture/raw/master/202309170441198.png?_r_=8406ef1f-46dc-4ee9-1c75-d33f6052e178" alt="图片" onerror="this.src=undefined; this.onerror = null;"></a><div class="blog-slider__content"><span class="blog-slider__code">2023-05-12</span><a class="blog-slider__title" href="2023/05/12/CTF/青少年CTF-B2-PHP特性练习/" alt="青少年CTF-B2-PHP特性练习01-04">青少年CTF-B2-PHP特性练习01-04</a><div class="blog-slider__text">PHP特性01payload:
1?username[]=admi&amp;password[]=admin
qsnctf{ca5f80d8-085c-4a8d-b474-a74bd1a4aada}
PHP特性02payload:
1?value=%0c1
qsnctf{c6c71221-f298-41ad-9da8-ca53b4a8b144}
12345//在php中:&lt;?phpnum = %0c36;var_dump($num!==&#x27;36&#x27; and $num==&#x27;36&#x27;);// ---&gt; True?&gt;
对于比较运算符号:如果两个操作数都是 数字字符串,或者一个操作数是数字而另一个是 数字字符串,则比较以数字方式进行。当比较是&#x3D;&#x3D;&#x3D;或!&#x3D;&#x3D;因为这涉及比较类型和值时,不会发生类型转换 ,因此此时类型和数值都要比对
所以:**&#x3D;&#x3D;比较的是类型转换之后的数值 而 !&#x3D;&#x3D;不仅要比较数值还要比较类型**
payload构造的时候只要 ...</div><a class="blog-slider__button" href="2023/05/12/CTF/青少年CTF-B2-PHP特性练习/" alt="青少年CTF-B2-PHP特性练习01-04">详情 </a></div></div><div class="blog-slider__item swiper-slide" style="width: 750px; opacity: 1; transform: translate3d(0px, 0px, 0px); transition-duration: 0ms;"><a class="blog-slider__img" href="2023/08/07/vulnhub靶机/DC2/" title="vulnhub靶机 DC-2"><img width="48" height="48" src= "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" onerror="this.onerror=null,this.src="/img/404.jpg"" data-lazy-src="https://gitee.com/jianhao_com/picture/raw/master/202309170441238.png?_r_=536a477f-a3fe-785c-d401-d45bcca2d99e" alt="图片" onerror="this.src=undefined; this.onerror = null;"></a><div class="blog-slider__content"><span class="blog-slider__code">2023-08-07</span><a class="blog-slider__title" href="2023/08/07/vulnhub靶机/DC2/" alt="vulnhub靶机 DC-2">vulnhub靶机 DC-2</a><div class="blog-slider__text">靶机介绍靶机介绍:https : &#x2F;&#x2F;download.vulnhub.com&#x2F;dc&#x2F;DC-2.zip
信息搜集
获取IP地址
1234扫描靶机的IP的方法1. nmap -sP 192.168.142.0/24 #nmap进行ping扫描发现存活主机2. arp-scan -l #基于ARP发现内网存活主机3. netdiscover -r 192.168.142.0/24 -i eth0
12345参考文章:nmap思维导图:https://mp.weixin.qq.com/s/42dNv-q7K_XcJ7cv23LNSAarp-scan:https://blog.csdn.net/qq_41453285/article/details/100942591 https://www.kali.org/tools/arp-scan/netdiscover:https://blog.csdn.net/u010698107/article/details/115288643
扫描靶机开放端口
12使用nmap扫 ...</div><a class="blog-slider__button" href="2023/08/07/vulnhub靶机/DC2/" alt="vulnhub靶机 DC-2">详情 </a></div></div><div class="blog-slider__item swiper-slide" style="width: 750px; opacity: 1; transform: translate3d(0px, 0px, 0px); transition-duration: 0ms;"><a class="blog-slider__img" href="2023/09/16/漏洞复现/VSFTPD 2.3.4 笑脸漏洞/" title="VSFTPD 2.3.4 笑脸漏洞"><img width="48" height="48" src= "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" onerror="this.onerror=null,this.src="/img/404.jpg"" data-lazy-src="https://gitee.com/jianhao_com/picture/raw/master/202309170441250.png?_r_=1b4cc883-8c2d-fbb5-e1b9-040ff163962f" alt="图片" onerror="this.src=undefined; this.onerror = null;"></a><div class="blog-slider__content"><span class="blog-slider__code">2023-09-16</span><a class="blog-slider__title" href="2023/09/16/漏洞复现/VSFTPD 2.3.4 笑脸漏洞/" alt="VSFTPD 2.3.4 笑脸漏洞">VSFTPD 2.3.4 笑脸漏洞</a><div class="blog-slider__text">环境搭建压缩包需要下载特定版本,官方提供的安装包没有这个漏洞
1.靶机环境是centos7 ,首先解压缩包,并上传到靶机目录
tar -zxvf 压缩包名称
2.进入vsftpd目录,赋予文件权限,之后进行make &amp;&amp;make install
cd &#x2F;vsftpd-2.3.4
chmod 777 *
make &amp;&amp;make install
漏洞利用code:1使用msf利用
123use exploit/unix/ftp/vsftpd_234_backdoor set RhoSTS 192.168.142.145exploit
code:2手动利用
打开命令行登录ftp服务器,在用户名处输入root:)然后随意输入一个密码回车等待,
输入nc 目标ip 6200 即可连接
</div><a class="blog-slider__button" href="2023/09/16/漏洞复现/VSFTPD 2.3.4 笑脸漏洞/" alt="VSFTPD 2.3.4 笑脸漏洞">详情 </a></div></div></div><div class="blog-slider__pagination swiper-pagination-clickable swiper-pagination-bullets"></div></div><div id="topPostGroup"><div class="top-group-list-item"><div class="post_cover left_radius"><a href="2022/12/27/hello-world/" title="博客自述"><span class="top-group-text">荐</span><img class="post_bg" alt="博客自述" src= "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" onerror="this.onerror=null,this.src="/img/404.jpg"" data-lazy-src="https://gitee.com/jianhao_com/picture/raw/master/202309170441234.png?_r_=65fa27f5-274e-e1cb-f2b8-49e4b2eae304" onerror="this.src=undefined; this.onerror = null;"></a></div><div class="top-group-info"><a class="article-title" href="2022/12/27/hello-world/" title="博客自述">博客自述</a></div></div><div class="top-group-list-item"><div class="post_cover left_radius"><a href="2023/05/12/CTF/青少年CTF-B2-PHP特性练习/" title="青少年CTF-B2-PHP特性练习01-04"><span class="top-group-text">荐</span><img class="post_bg" alt="青少年CTF-B2-PHP特性练习01-04" src= "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" onerror="this.onerror=null,this.src="/img/404.jpg"" data-lazy-src="https://gitee.com/jianhao_com/picture/raw/master/202309170441198.png?_r_=8406ef1f-46dc-4ee9-1c75-d33f6052e178" onerror="this.src=undefined; this.onerror = null;"></a></div><div class="top-group-info"><a class="article-title" href="2023/05/12/CTF/青少年CTF-B2-PHP特性练习/" title="青少年CTF-B2-PHP特性练习01-04">青少年CTF-B2-PHP特性练习01-04</a></div></div><div class="top-group-list-item"><div class="post_cover left_radius"><a href="2023/08/07/vulnhub靶机/DC2/" title="vulnhub靶机 DC-2"><span class="top-group-text">荐</span><img class="post_bg" alt="vulnhub靶机 DC-2" src= "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" onerror="this.onerror=null,this.src="/img/404.jpg"" data-lazy-src="https://gitee.com/jianhao_com/picture/raw/master/202309170441238.png?_r_=536a477f-a3fe-785c-d401-d45bcca2d99e" onerror="this.src=undefined; this.onerror = null;"></a></div><div class="top-group-info"><a class="article-title" href="2023/08/07/vulnhub靶机/DC2/" title="vulnhub靶机 DC-2">vulnhub靶机 DC-2</a></div></div><div class="top-group-list-item"><div class="post_cover left_radius"><a href="2023/09/16/漏洞复现/VSFTPD 2.3.4 笑脸漏洞/" title="VSFTPD 2.3.4 笑脸漏洞"><span class="top-group-text">荐</span><img class="post_bg" alt="VSFTPD 2.3.4 笑脸漏洞" src= "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" onerror="this.onerror=null,this.src="/img/404.jpg"" data-lazy-src="https://gitee.com/jianhao_com/picture/raw/master/202309170441250.png?_r_=1b4cc883-8c2d-fbb5-e1b9-040ff163962f" onerror="this.src=undefined; this.onerror = null;"></a></div><div class="top-group-info"><a class="article-title" href="2023/09/16/漏洞复现/VSFTPD 2.3.4 笑脸漏洞/" title="VSFTPD 2.3.4 笑脸漏洞">VSFTPD 2.3.4 笑脸漏洞</a></div></div><div class="top-group-list-none"></div><div class="top-group-list-none"></div><div class="top-group-list-none"></div></div></div></div></div><script src="https://npm.elemecdn.com/[email protected]/swiper/swiper.min.js"></script><script>function initBlogSlider() {
var swiper = new Swiper(".blog-slider", {
passiveListeners: true,
spaceBetween: 30,
effect: "fade",
loop: true,
autoplay: {
disableOnInteraction: true,
delay: 3000,
},
mousewheel: {
passive: true, // 将 mousewheel 事件处理程序标记为被动的
},
// autoHeight: true,
pagination: {
el: ".blog-slider__pagination",
clickable: true,
},
});
var comtainer = document.getElementById("swiper_container");
if (comtainer !== null) {
comtainer.onmouseenter = function () {
swiper.autoplay.stop();
};
comtainer.onmouseleave = function () {
swiper.autoplay.start();
};
}
}
setTimeout(()=>{
initBlogSlider()
}, 100)</script><div class="layout" id="content-inner"><div class="recent-posts" id="recent-posts"><div id="categoryBar"><div class="category-bar" id="category-bar"><div id="catalog-bar"><div id="catalog-list"><div class="catalog-list-item" id="首页"><a href="/">首页</a></div>
<div class="catalog-list-item" id="/categories/博客自述/">
<a href="/categories/博客自述/">
博客自述
</a>
</div>
<div class="catalog-list-item" id="/categories/CTF/">
<a href="/categories/CTF/">
CTF
</a>
</div>
<div class="catalog-list-item" id="/categories/vulnhub靶机/">
<a href="/categories/vulnhub靶机/">
vulnhub靶机
</a>
</div>
<div class="catalog-list-item" id="/categories/漏洞复现/">
<a href="/categories/漏洞复现/">
漏洞复现
</a>
</div>
<div class="catalog-list-item" id="/categories/疑难杂症/">
<a href="/categories/疑难杂症/">
疑难杂症
</a>
</div>
</div><div class="category-bar-next" id="category-bar-next" onclick="anzhiyu.scrollCategoryBarToRight()"><i class="anzhiyufont anzhiyu-icon-angle-double-right"></i></div><a class="catalog-more" href="/categories/">更多</a></div></div></div><div class="recent-post-item lastestpost-item" onclick="pjax.loadUrl('/2023/09/21/%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/phpstudy_2016-2018_rce%20%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/')"><div class="post_cover left"><a href="/2023/09/21/%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/phpstudy_2016-2018_rce%20%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/" title="phpstudy_2016-2018_rce 漏洞复现" style="display: flex;height: 100%;"><img class="post_bg" src= "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" onerror="this.onerror=null,this.src="/img/404.jpg"" data-lazy-src="https://gitee.com/jianhao_com/picture/raw/master/202309170441252.png?_r_=3e1a4351-e491-354e-b74b-4df39ebb4542" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="phpstudy_2016-2018_rce 漏洞复现" style="pointer-events: none"></a></div><div class="recent-post-info"><div class="recent-post-info-top"><div class="recent-post-info-top-tips"><div class="article-categories-original">漏洞复现</div><span class="newPost">最新</span><a class="unvisited-post" href="/2023/09/21/%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/phpstudy_2016-2018_rce%20%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/" title="phpstudy_2016-2018_rce 漏洞复现">未读</a></div><a class="article-title" href="/2023/09/21/%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/phpstudy_2016-2018_rce%20%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/" title="phpstudy_2016-2018_rce 漏洞复现">phpstudy_2016-2018_rce 漏洞复现</a></div><div class="article-meta-wrap"><span class="post-meta-date"><i class="anzhiyufont anzhiyu-icon-calendar-alt"></i><span class="article-meta-label">发表于</span><time class="post-meta-date-created" datetime="2023-09-21T12:52:01.000Z" title="发表于 2023-09-21 20:52:01">2023-09-21</time><span class="article-meta-separator"></span><i class="anzhiyufont anzhiyu-icon-history" style="font-size: 15px; "></i><span class="article-meta-label">更新于</span><time class="post-meta-date-updated" datetime="2023-09-21T12:56:22.053Z" title="更新于 2023-09-21 20:56:22">2023-09-21</time></span></div><div class="content">漏洞描述攻击者可以利用该漏洞执行PHP 命令,也可以称作 phpStudy 后门 。RCE(Remote Command|Code Execute)
Phpstudy软件是国内的一款免费的PHP调试环境的程序集成包,通过集成Apache、PHP、MySQL、phpMyAdmin等多款软件一次性安装,无需配置即可直接安装使用,一键搭建。 其中2016、2018版本的phpstudy存在被黑客恶意篡改后形成的RCE漏洞。该漏洞可以直接远程执行系统命令。
影响版本 phpStudy 2016和2018两个版本
后门代码存在于\ext\php_xmlrpc.dll模块中
phpStudy2016 查看
\phpStudy\php\php-5.2.17\ext\php_xmlrpc.dll
\phpStudy\php\php-5.4.45\ext\php_xmlrpc.dll
phpStudy2018查看
\phpStudy\PHPTutorial\php\php-5.4.45\ext\php_xmlrpc.dll
\phpStudy\PHPTutorial\PHP\PHP-5.2.1 ...</div></div></div><div class="recent-post-item" onclick="pjax.loadUrl('/2023/09/16/%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/VSFTPD%202.3.4%20%E7%AC%91%E8%84%B8%E6%BC%8F%E6%B4%9E/')"><div class="post_cover left"><a href="/2023/09/16/%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/VSFTPD%202.3.4%20%E7%AC%91%E8%84%B8%E6%BC%8F%E6%B4%9E/" title="VSFTPD 2.3.4 笑脸漏洞" style="display: flex;height: 100%;"><img class="post_bg" src= "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" onerror="this.onerror=null,this.src="/img/404.jpg"" data-lazy-src="https://gitee.com/jianhao_com/picture/raw/master/202309170441250.png?_r_=1b4cc883-8c2d-fbb5-e1b9-040ff163962f" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="VSFTPD 2.3.4 笑脸漏洞" style="pointer-events: none"></a></div><div class="recent-post-info"><div class="recent-post-info-top"><div class="recent-post-info-top-tips"><div class="article-categories-original">漏洞复现</div><a class="unvisited-post" href="/2023/09/16/%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/VSFTPD%202.3.4%20%E7%AC%91%E8%84%B8%E6%BC%8F%E6%B4%9E/" title="VSFTPD 2.3.4 笑脸漏洞">未读</a></div><a class="article-title" href="/2023/09/16/%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/VSFTPD%202.3.4%20%E7%AC%91%E8%84%B8%E6%BC%8F%E6%B4%9E/" title="VSFTPD 2.3.4 笑脸漏洞">VSFTPD 2.3.4 笑脸漏洞</a></div><div class="article-meta-wrap"><span class="post-meta-date"><i class="anzhiyufont anzhiyu-icon-calendar-alt"></i><span class="article-meta-label">发表于</span><time class="post-meta-date-created" datetime="2023-09-16T01:51:46.000Z" title="发表于 2023-09-16 09:51:46">2023-09-16</time><span class="article-meta-separator"></span><i class="anzhiyufont anzhiyu-icon-history" style="font-size: 15px; "></i><span class="article-meta-label">更新于</span><time class="post-meta-date-updated" datetime="2023-09-17T15:14:40.000Z" title="更新于 2023-09-17 23:14:40">2023-09-17</time></span></div><div class="content">环境搭建压缩包需要下载特定版本,官方提供的安装包没有这个漏洞
1.靶机环境是centos7 ,首先解压缩包,并上传到靶机目录
tar -zxvf 压缩包名称
2.进入vsftpd目录,赋予文件权限,之后进行make &&make install
cd /vsftpd-2.3.4
chmod 777 *
make &&make install
漏洞利用code:1使用msf利用
123use exploit/unix/ftp/vsftpd_234_backdoor set RhoSTS 192.168.142.145exploit
code:2手动利用
打开命令行登录ftp服务器,在用户名处输入root:)然后随意输入一个密码回车等待,
输入nc 目标ip 6200 即可连接
</div></div></div><div class="recent-post-item" onclick="pjax.loadUrl('/2023/08/16/%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/%E9%80%9A%E8%BE%BEOA%E5%89%8D%E5%8F%B0%E4%BB%BB%E6%84%8F%E7%94%A8%E6%88%B7%E7%99%BB%E5%BD%95%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/')"><div class="post_cover left"><a href="/2023/08/16/%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/%E9%80%9A%E8%BE%BEOA%E5%89%8D%E5%8F%B0%E4%BB%BB%E6%84%8F%E7%94%A8%E6%88%B7%E7%99%BB%E5%BD%95%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/" title="通达OA前台任意用户登录漏洞复现" style="display: flex;height: 100%;"><img class="post_bg" src= "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" onerror="this.onerror=null,this.src="/img/404.jpg"" data-lazy-src="https://gitee.com/jianhao_com/picture/raw/master/202309170441247.png?_r_=94e592c4-fb75-51f8-8619-861cc7402c46" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="通达OA前台任意用户登录漏洞复现" style="pointer-events: none"></a></div><div class="recent-post-info"><div class="recent-post-info-top"><div class="recent-post-info-top-tips"><div class="article-categories-original">漏洞复现</div><a class="unvisited-post" href="/2023/08/16/%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/%E9%80%9A%E8%BE%BEOA%E5%89%8D%E5%8F%B0%E4%BB%BB%E6%84%8F%E7%94%A8%E6%88%B7%E7%99%BB%E5%BD%95%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/" title="通达OA前台任意用户登录漏洞复现">未读</a></div><a class="article-title" href="/2023/08/16/%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/%E9%80%9A%E8%BE%BEOA%E5%89%8D%E5%8F%B0%E4%BB%BB%E6%84%8F%E7%94%A8%E6%88%B7%E7%99%BB%E5%BD%95%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/" title="通达OA前台任意用户登录漏洞复现">通达OA前台任意用户登录漏洞复现</a></div><div class="article-meta-wrap"><span class="post-meta-date"><i class="anzhiyufont anzhiyu-icon-calendar-alt"></i><span class="article-meta-label">发表于</span><time class="post-meta-date-created" datetime="2023-08-16T13:11:15.000Z" title="发表于 2023-08-16 21:11:15">2023-08-16</time><span class="article-meta-separator"></span><i class="anzhiyufont anzhiyu-icon-history" style="font-size: 15px; "></i><span class="article-meta-label">更新于</span><time class="post-meta-date-updated" datetime="2023-08-16T15:14:40.000Z" title="更新于 2023-08-16 23:14:40">2023-08-16</time></span></div><div class="content">漏洞描述通达OA是一套使用比较广泛的办公系统。该漏洞因为使用uid作为身份标识,攻击者在远程且未经授权的情况下,通过利用此漏洞,可以直接绕过登录验证逻辑,伪装为系统管理员身份登录OA系统。通达OA官方于2020年4月17日发布安全更新。
漏洞影响版本通达OA < 11.5通达OA 2017版本
漏洞原理本次复现为2017版本,则重点分析该版本,但原理都是基本相同的,只不过文件路径不同而已。根据POC的代码分析如下,该漏洞涉及的文件包含以下四个:
1234/ispirit/login_code.php/general/login_code_scan.php/ispirit/login_code_check.php/general/index.php
通达OA源码使用zend5加密 ,分析源码需要先进行解密
本事使用的解密工具是:SeayDzend,工具使用很简单
/ispirit/login_code.php:
该文件用来获取codeuid参数,如果不存在,则会自动生成一个codeuid,并且将其写入CODE_LOGIN_PC缓存中(通达OA使用了缓存系统 ...</div></div></div><div class="recent-post-item" onclick="pjax.loadUrl('/2023/08/07/vulnhub%E9%9D%B6%E6%9C%BA/DC2/')"><div class="post_cover left"><a href="/2023/08/07/vulnhub%E9%9D%B6%E6%9C%BA/DC2/" title="vulnhub靶机 DC-2" style="display: flex;height: 100%;"><img class="post_bg" src= "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" onerror="this.onerror=null,this.src="/img/404.jpg"" data-lazy-src="https://gitee.com/jianhao_com/picture/raw/master/202309170441238.png?_r_=536a477f-a3fe-785c-d401-d45bcca2d99e" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="vulnhub靶机 DC-2" style="pointer-events: none"></a></div><div class="recent-post-info"><div class="recent-post-info-top"><div class="recent-post-info-top-tips"><div class="article-categories-original">vulnhub靶机</div><a class="unvisited-post" href="/2023/08/07/vulnhub%E9%9D%B6%E6%9C%BA/DC2/" title="vulnhub靶机 DC-2">未读</a></div><a class="article-title" href="/2023/08/07/vulnhub%E9%9D%B6%E6%9C%BA/DC2/" title="vulnhub靶机 DC-2">vulnhub靶机 DC-2</a></div><div class="article-meta-wrap"><span class="post-meta-date"><i class="anzhiyufont anzhiyu-icon-calendar-alt"></i><span class="article-meta-label">发表于</span><time class="post-meta-date-created" datetime="2023-08-07T12:51:40.000Z" title="发表于 2023-08-07 20:51:40">2023-08-07</time><span class="article-meta-separator"></span><i class="anzhiyufont anzhiyu-icon-history" style="font-size: 15px; "></i><span class="article-meta-label">更新于</span><time class="post-meta-date-updated" datetime="2023-08-07T15:14:40.000Z" title="更新于 2023-08-07 23:14:40">2023-08-07</time></span></div><div class="content">靶机介绍靶机介绍:https : //download.vulnhub.com/dc/DC-2.zip
信息搜集
获取IP地址
1234扫描靶机的IP的方法1. nmap -sP 192.168.142.0/24 #nmap进行ping扫描发现存活主机2. arp-scan -l #基于ARP发现内网存活主机3. netdiscover -r 192.168.142.0/24 -i eth0
12345参考文章:nmap思维导图:https://mp.weixin.qq.com/s/42dNv-q7K_XcJ7cv23LNSAarp-scan:https://blog.csdn.net/qq_41453285/article/details/100942591 https://www.kali.org/tools/arp-scan/netdiscover:https://blog.csdn.net/u010698107/article/details/115288643
扫描靶机开放端口
12使用nmap扫 ...</div></div></div><div class="recent-post-item" onclick="pjax.loadUrl('/2023/08/01/vulnhub%E9%9D%B6%E6%9C%BA/HACKADEMIC%EF%BC%9ARTB1/')"><div class="post_cover left"><a href="/2023/08/01/vulnhub%E9%9D%B6%E6%9C%BA/HACKADEMIC%EF%BC%9ARTB1/" title="vulnhub靶机 HACKADEMIC:RTB1" style="display: flex;height: 100%;"><img class="post_bg" src= "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" onerror="this.onerror=null,this.src="/img/404.jpg"" data-lazy-src="https://gitee.com/jianhao_com/picture/raw/master/202309170441233.png?_r_=db3c649f-82f9-137a-f34f-e909cdd66e56" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="vulnhub靶机 HACKADEMIC:RTB1" style="pointer-events: none"></a></div><div class="recent-post-info"><div class="recent-post-info-top"><div class="recent-post-info-top-tips"><div class="article-categories-original">vulnhub靶机</div><a class="unvisited-post" href="/2023/08/01/vulnhub%E9%9D%B6%E6%9C%BA/HACKADEMIC%EF%BC%9ARTB1/" title="vulnhub靶机 HACKADEMIC:RTB1">未读</a></div><a class="article-title" href="/2023/08/01/vulnhub%E9%9D%B6%E6%9C%BA/HACKADEMIC%EF%BC%9ARTB1/" title="vulnhub靶机 HACKADEMIC:RTB1">vulnhub靶机 HACKADEMIC:RTB1</a></div><div class="article-meta-wrap"><span class="post-meta-date"><i class="anzhiyufont anzhiyu-icon-calendar-alt"></i><span class="article-meta-label">发表于</span><time class="post-meta-date-created" datetime="2023-08-01T02:55:37.000Z" title="发表于 2023-08-01 10:55:37">2023-08-01</time><span class="article-meta-separator"></span><i class="anzhiyufont anzhiyu-icon-history" style="font-size: 15px; "></i><span class="article-meta-label">更新于</span><time class="post-meta-date-updated" datetime="2023-08-01T15:14:40.000Z" title="更新于 2023-08-01 23:14:40">2023-08-01</time></span></div><div class="content">靶机介绍官方下载地址:https://www.vulnhub.com/entry/hackademic-rtb1,17/需要读取靶机的root目录下key.txt运行环境:虚拟机网络设置的是NAT模式靶机:IP地址:192.168.233.131攻击机:kali linux,IP地址:192.168.233.129
信息收集获取靶机IP地址
进入靶机
用wappalyzer查看用到技术
查看开放的端口
扫敏感目录
123nikto -h http://192.168.233.131dirb http://192.168.233.131/Hackademic_RTB1/gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-medium.txt -x html -u http://192.168.233.131
漏洞利用web端寻找漏洞,php页面,f12代码注入,sql注入
sqlmap注入
1sqlmap -u http://192.168.243.128/Hackadem ...</div></div></div><div class="recent-post-item" onclick="pjax.loadUrl('/2023/07/15/%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/nginx-0.7.65_%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/')"><div class="post_cover left"><a href="/2023/07/15/%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/nginx-0.7.65_%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/" title="nginx-0.7.65 解析漏洞" style="display: flex;height: 100%;"><img class="post_bg" src= "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" onerror="this.onerror=null,this.src="/img/404.jpg"" data-lazy-src="https://gitee.com/jianhao_com/picture/raw/master/202309170441230.png?_r_=41297492-dd0e-6010-2eae-854a856d1b4a" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="nginx-0.7.65 解析漏洞" style="pointer-events: none"></a></div><div class="recent-post-info"><div class="recent-post-info-top"><div class="recent-post-info-top-tips"><div class="article-categories-original">漏洞复现</div><a class="unvisited-post" href="/2023/07/15/%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/nginx-0.7.65_%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/" title="nginx-0.7.65 解析漏洞">未读</a></div><a class="article-title" href="/2023/07/15/%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/nginx-0.7.65_%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/" title="nginx-0.7.65 解析漏洞">nginx-0.7.65 解析漏洞</a></div><div class="article-meta-wrap"><span class="post-meta-date"><i class="anzhiyufont anzhiyu-icon-calendar-alt"></i><span class="article-meta-label">发表于</span><time class="post-meta-date-created" datetime="2023-07-15T14:08:37.000Z" title="发表于 2023-07-15 22:08:37">2023-07-15</time><span class="article-meta-separator"></span><i class="anzhiyufont anzhiyu-icon-history" style="font-size: 15px; "></i><span class="article-meta-label">更新于</span><time class="post-meta-date-updated" datetime="2023-07-15T15:14:40.000Z" title="更新于 2023-07-15 23:14:40">2023-07-15</time></span></div><div class="content">启动环境1startup.bat
2. 访问抓包修改文件后缀
可以显示phpinfo
Nginx 解析漏洞复现1.开启环境
2.抓包修改文件后缀,类型以及内容头
上传成功
使用蚁剑连接
</div></div></div><div class="recent-post-item" onclick="pjax.loadUrl('/2023/05/12/CTF/%E9%9D%92%E5%B0%91%E5%B9%B4CTF-B2-PHP%E7%89%B9%E6%80%A7%E7%BB%83%E4%B9%A0/')"><div class="post_cover left"><a href="/2023/05/12/CTF/%E9%9D%92%E5%B0%91%E5%B9%B4CTF-B2-PHP%E7%89%B9%E6%80%A7%E7%BB%83%E4%B9%A0/" title="青少年CTF-B2-PHP特性练习01-04" style="display: flex;height: 100%;"><img class="post_bg" src= "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" onerror="this.onerror=null,this.src="/img/404.jpg"" data-lazy-src="https://gitee.com/jianhao_com/picture/raw/master/202309170441198.png?_r_=8406ef1f-46dc-4ee9-1c75-d33f6052e178" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="青少年CTF-B2-PHP特性练习01-04" style="pointer-events: none"></a></div><div class="recent-post-info"><div class="recent-post-info-top"><div class="recent-post-info-top-tips"><div class="article-categories-original">CTF</div><a class="unvisited-post" href="/2023/05/12/CTF/%E9%9D%92%E5%B0%91%E5%B9%B4CTF-B2-PHP%E7%89%B9%E6%80%A7%E7%BB%83%E4%B9%A0/" title="青少年CTF-B2-PHP特性练习01-04">未读</a></div><a class="article-title" href="/2023/05/12/CTF/%E9%9D%92%E5%B0%91%E5%B9%B4CTF-B2-PHP%E7%89%B9%E6%80%A7%E7%BB%83%E4%B9%A0/" title="青少年CTF-B2-PHP特性练习01-04">青少年CTF-B2-PHP特性练习01-04</a></div><div class="article-meta-wrap"><span class="post-meta-date"><i class="anzhiyufont anzhiyu-icon-calendar-alt"></i><span class="article-meta-label">发表于</span><time class="post-meta-date-created" datetime="2023-05-12T06:08:33.000Z" title="发表于 2023-05-12 14:08:33">2023-05-12</time><span class="article-meta-separator"></span><i class="anzhiyufont anzhiyu-icon-history" style="font-size: 15px; "></i><span class="article-meta-label">更新于</span><time class="post-meta-date-updated" datetime="2023-05-15T09:14:40.000Z" title="更新于 2023-05-15 17:14:40">2023-05-15</time></span><span class="article-meta tags"><a class="article-meta__tags" href="/tags/qsnctf/" tabindex="-1"><span> <i class="anzhiyufont anzhiyu-icon-hashtag"></i>qsnctf</span></a><a class="article-meta__tags" href="/tags/web/" tabindex="-1"><span> <i class="anzhiyufont anzhiyu-icon-hashtag"></i>web</span></a></span></div><div class="content">PHP特性01payload:
1?username[]=admi&password[]=admin
qsnctf{ca5f80d8-085c-4a8d-b474-a74bd1a4aada}
PHP特性02payload:
1?value=%0c1
qsnctf{c6c71221-f298-41ad-9da8-ca53b4a8b144}
12345//在php中:<?phpnum = %0c36;var_dump($num!=='36' and $num=='36');// ---> True?>
对于比较运算符号:如果两个操作数都是 数字字符串,或者一个操作数是数字而另一个是 数字字符串,则比较以数字方式进行。当比较是===或!==因为这涉及比较类型和值时,不会发生类型转换 ,因此此时类型和数值都要比对
所以:**==比较的是类型转换之后的数值 而 !==不仅要比较数值还要比较类型**
payload构造的时候只要 ...</div></div></div><div class="recent-post-item" onclick="pjax.loadUrl('/2023/03/18/%E7%96%91%E9%9A%BE%E6%9D%82%E7%97%87/VMware%E6%89%93%E5%BC%80%E9%9D%B6%E6%9C%BA%E6%97%A0%E6%B3%95%E8%BF%9E%E6%8E%A5%E7%BD%91%E7%BB%9C/')"><div class="post_cover left"><a href="/2023/03/18/%E7%96%91%E9%9A%BE%E6%9D%82%E7%97%87/VMware%E6%89%93%E5%BC%80%E9%9D%B6%E6%9C%BA%E6%97%A0%E6%B3%95%E8%BF%9E%E6%8E%A5%E7%BD%91%E7%BB%9C/" title="解决VMware导入vulnhub靶机无法获取IP地址" style="display: flex;height: 100%;"><img class="post_bg" src= "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" onerror="this.onerror=null,this.src="/img/404.jpg"" data-lazy-src="https://gitee.com/jianhao_com/picture/raw/master/202309170441239.png?_r_=5a934e8f-8b73-9dfe-f1f8-1e86fa0681f0" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="解决VMware导入vulnhub靶机无法获取IP地址" style="pointer-events: none"></a></div><div class="recent-post-info"><div class="recent-post-info-top"><div class="recent-post-info-top-tips"><div class="article-categories-original">疑难杂症</div><a class="unvisited-post" href="/2023/03/18/%E7%96%91%E9%9A%BE%E6%9D%82%E7%97%87/VMware%E6%89%93%E5%BC%80%E9%9D%B6%E6%9C%BA%E6%97%A0%E6%B3%95%E8%BF%9E%E6%8E%A5%E7%BD%91%E7%BB%9C/" title="解决VMware导入vulnhub靶机无法获取IP地址">未读</a></div><a class="article-title" href="/2023/03/18/%E7%96%91%E9%9A%BE%E6%9D%82%E7%97%87/VMware%E6%89%93%E5%BC%80%E9%9D%B6%E6%9C%BA%E6%97%A0%E6%B3%95%E8%BF%9E%E6%8E%A5%E7%BD%91%E7%BB%9C/" title="解决VMware导入vulnhub靶机无法获取IP地址">解决VMware导入vulnhub靶机无法获取IP地址</a></div><div class="article-meta-wrap"><span class="post-meta-date"><i class="anzhiyufont anzhiyu-icon-calendar-alt"></i><span class="article-meta-label">发表于</span><time class="post-meta-date-created" datetime="2023-03-18T07:17:22.000Z" title="发表于 2023-03-18 15:17:22">2023-03-18</time><span class="article-meta-separator"></span><i class="anzhiyufont anzhiyu-icon-history" style="font-size: 15px; "></i><span class="article-meta-label">更新于</span><time class="post-meta-date-updated" datetime="2023-03-27T15:14:40.000Z" title="更新于 2023-03-27 23:14:40">2023-03-27</time></span></div><div class="content">vulnhub靶机导入之后kali扫描不到IP
这种情况一般是靶机没有自动获取IP地址,网卡名称和网卡配置文件里面的名称不一致
问题产生在vulnhub下载靶机,将网段调整为了NAT模式,在kali进行扫描时获取不到靶机IP
解决方案关闭靶机,然后再启动靶机,启动时按shift进入如下页面
然后按e进行编辑
摁↓找到ro,将ro改为 rw single init=/bin/bash
然后按ctrl+x,就可以输入命令了
ip a查看以下实际用的是哪一个网卡
查看网络配置文件/etc/network/interfaces内容,将enp0s3全部改为ens33 保存退出
新版Ubuntu网卡配置文件在 /etc/netplan/XX-installer-config.yaml
然后重启网络即可
这样kali那边使用arp-scan进行扫描就可以获得靶机IP了
最后需要重新启动靶机
Linux重启网卡的三种方法:12345678910111213141516171819202122232425262728一、network利用root帐户# service netwo ...</div></div></div><div class="recent-post-item" onclick="pjax.loadUrl('/2022/12/27/hello-world/')"><div class="post_cover left"><a href="/2022/12/27/hello-world/" title="博客自述" style="display: flex;height: 100%;"><img class="post_bg" src= "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" onerror="this.onerror=null,this.src="/img/404.jpg"" data-lazy-src="https://gitee.com/jianhao_com/picture/raw/master/202309170441234.png?_r_=65fa27f5-274e-e1cb-f2b8-49e4b2eae304" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="博客自述" style="pointer-events: none"></a></div><div class="recent-post-info"><div class="recent-post-info-top"><div class="recent-post-info-top-tips"><div class="article-categories-original">博客自述</div><a class="unvisited-post" href="/2022/12/27/hello-world/" title="博客自述">未读</a></div><a class="article-title" href="/2022/12/27/hello-world/" title="博客自述">博客自述</a></div><div class="article-meta-wrap"><span class="post-meta-date"><i class="anzhiyufont anzhiyu-icon-calendar-alt"></i><span class="article-meta-label">发表于</span><time class="post-meta-date-created" datetime="2022-12-27T14:08:37.000Z" title="发表于 2022-12-27 22:08:37">2022-12-27</time><span class="article-meta-separator"></span><i class="anzhiyufont anzhiyu-icon-history" style="font-size: 15px; "></i><span class="article-meta-label">更新于</span><time class="post-meta-date-updated" datetime="2022-12-27T15:14:40.000Z" title="更新于 2022-12-27 23:14:40">2022-12-27</time></span></div><div class="content">由于博主很穷,兜比脸干净,所以主打的就是一个白嫖
博客是用GitHub+hexo搭建,图传用的是PicGo+Github+Gitee
hexo主题用的是安知鱼
hexo地址:https://hexo.io/zh-cn/
安知鱼下载地址:anzhiyu-c/hexo-theme-anzhiyu: 这是一个简洁美丽的hexo主题。 (github.com)
安知鱼使用文档:安知鱼主题官方文档 | 一个简洁、美丽的静态hexo主题 (anheyu.com)
由于各种白嫖,所以访问速度很慢,图片经常出现加载不出来的情况,各位大佬见谅,如遇到图片没有加载请多刷新几次页面!
</div></div></div><nav id="pagination"><div class="pagination"><span class="page-number current">1</span><div class="toPageGroup"><input id="toPageText" oninput="value=value.replace(/[^0-9]/g,'')" maxlength="3" onkeyup="this.value=this.value.replace(/[^u4e00-u9fa5w]/g,'')" aria-label="toPage"><a id="toPageButton" onclick="anzhiyu.toPage()"><i class="anzhiyufont anzhiyu-icon-angles-right" style="font-weight: inherit; font-size: 1rem;"></i></a></div></div></nav></div><div class="aside-content" id="aside-content"><div class="card-widget card-info"><div class="card-content"><div class="author-info__sayhi" id="author-info__sayhi" onclick="anzhiyu.changeSayHelloText()"></div><div class="author-info-avatar"><img class="avatar-img" src= "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" onerror="this.onerror=null,this.src="/img/404.jpg"" data-lazy-src="https://gitee.com/jianhao_com/picture/raw/master/202309171732810.jpg" onerror="this.onerror=null;this.src='/img/friend_404.gif'" alt="avatar"/></div><div class="author-info__description">本人很穷,兜比脸干净,图床是介于gitee和github搭建的所以访问较慢,请各位大佬见谅!如文章内没有图片请多刷新几次!</div><div class="author-info__bottom-group"><a class="author-info__bottom-group-left" href="/about"><h1 class="author-info__name">Sword</h1><div class="author-info__desc">本人很菜,希望各位师傅多多指教!</div></a><div class="card-info-social-icons is-center"><a class="social-icon faa-parent animated-hover" href="https://github.com/Sword-safe" target="_blank" title="Github"><i class="anzhiyufont anzhiyu-icon-github"></i></a></div></div></div></div><div class="card-widget card-announcement"><div class="item-headline"><i class="anzhiyufont anzhiyu-icon-bullhorn anzhiyu-shake"></i><span>公告</span></div><div class="announcement_content">欢迎来看我的博客鸭~</div></div><div class="sticky_layout"><div class="card-widget"><div class="card-tags"><div class="item-headline"></div><div class="card-tag-cloud"><a href="/tags/qsnctf/" style="font-size: 1.05rem;">qsnctf<sup>1</sup></a><a href="/tags/web/" style="font-size: 1.05rem;">web<sup>1</sup></a></div></div><hr/><div class="card-archives"><div class="item-headline"><i class="anzhiyufont anzhiyu-icon-archive"></i><span>归档</span></div><ul class="card-archive-list"><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/09/"><span class="card-archive-list-date">九月 2023</span><div class="card-archive-list-count-group"><span class="card-archive-list-count">2</span><span>篇</span></div></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/08/"><span class="card-archive-list-date">八月 2023</span><div class="card-archive-list-count-group"><span class="card-archive-list-count">3</span><span>篇</span></div></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/07/"><span class="card-archive-list-date">七月 2023</span><div class="card-archive-list-count-group"><span class="card-archive-list-count">1</span><span>篇</span></div></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/05/"><span class="card-archive-list-date">五月 2023</span><div class="card-archive-list-count-group"><span class="card-archive-list-count">1</span><span>篇</span></div></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/03/"><span class="card-archive-list-date">三月 2023</span><div class="card-archive-list-count-group"><span class="card-archive-list-count">1</span><span>篇</span></div></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2022/12/"><span class="card-archive-list-date">十二月 2022</span><div class="card-archive-list-count-group"><span class="card-archive-list-count">1</span><span>篇</span></div></a></li></ul></div><hr/><div class="card-webinfo"><div class="item-headline"><i class="anzhiyufont anzhiyu-icon-chart-line"></i><span>网站资讯</span></div><div class="webinfo"><div class="webinfo-item"><div class="webinfo-item-title"><i class="anzhiyufont anzhiyu-icon-file-lines"></i><div class="item-name">文章总数 :</div></div><div class="item-count">9</div></div><div class="webinfo-item"><div class="webinfo-item-title"><i class="anzhiyufont anzhiyu-icon-stopwatch"></i><div class="item-name">建站天数 :</div></div><div class="item-count" id="runtimeshow" data-publishDate="2022-12-26T16:00:00.000Z"><i class="anzhiyufont anzhiyu-icon-spinner anzhiyu-spin"></i></div></div><div class="webinfo-item"><div class="webinfo-item-title"><i class="anzhiyufont anzhiyu-icon-font"></i><div class="item-name">全站字数 :</div></div><div class="item-count">4.1k</div></div><div class="webinfo-item"><div class="webinfo-item-title"><i class="anzhiyufont anzhiyu-icon-universal-access"></i><div class="item-name">总访客数 :</div></div><div class="item-count" id="busuanzi_value_site_uv"><i class="anzhiyufont anzhiyu-icon-spinner anzhiyu-spin"></i></div></div><div class="webinfo-item"><div class="webinfo-item-title"><i class="anzhiyufont anzhiyu-icon-square-poll-vertical"></i><div class="item-name">总访问量 :</div></div><div class="item-count" id="busuanzi_value_site_pv"><i class="anzhiyufont anzhiyu-icon-spinner anzhiyu-spin"></i></div></div></div></div></div></div></div></div></main><footer id="footer"><div id="footer-wrap"><div class="copyright">©2022 - 2023 By Sword</div></div></footer></div><div id="sidebar"><div id="menu-mask"></div><div id="sidebar-menus"><div class="sidebar-site-data site-data is-center"><a href="/archives/" title="archive"><div class="headline">文章</div><div class="length-num">9</div></a><a href="/tags/" title="tag"><div class="headline">标签</div><div class="length-num">2</div></a><a href="/categories/" title="category"><div class="headline">分类</div><div class="length-num">5</div></a></div><span class="sidebar-menu-item-title">功能</span><div class="sidebar-menu-item"><a class="darkmode_switchbutton menu-child" href="javascript:void(0);" title="显示模式"><i class="anzhiyufont anzhiyu-icon-circle-half-stroke"></i><span>显示模式</span></a></div><div class="back-menu-list-groups"><div class="back-menu-list-group"><div class="back-menu-list-title"></div><div class="back-menu-list"><a class="back-menu-item" href="/null"><img class="back-menu-item-icon"/><span class="back-menu-item-text"></span></a></div></div><div class="back-menu-list-group"><div class="back-menu-list-title"></div><div class="back-menu-list"><a class="back-menu-item" href="/null"><img class="back-menu-item-icon"/><span class="back-menu-item-text"></span></a></div></div></div><div class="menus_items"><div class="menus_item"><a class="site-page faa-parent animated-hover" href="/archives/"><span> 隧道</span></a></div><div class="menus_item"><a class="site-page faa-parent animated-hover" href="/categories/"><span> 分类</span></a></div><div class="menus_item"><a class="site-page faa-parent animated-hover" href="/tags/"><span> 标签</span></a></div><div class="menus_item"><a class="site-page faa-parent animated-hover" href="/comments/"><span> 留言板</span></a></div><div class="menus_item"><a class="site-page faa-parent animated-hover" href="/music/"><span> 音乐馆</span></a></div><div class="menus_item"><a class="site-page faa-parent animated-hover" href="/about/"><span> 关于本人</span></a></div><div class="menus_item"><a class="site-page faa-parent animated-hover" href="javascript:toRandomPost()"><span> 随便逛逛</span></a></div></div><span class="sidebar-menu-item-title">标签</span><div class="card-tags"><div class="item-headline"></div><div class="card-tag-cloud"><a href="/tags/qsnctf/" style="font-size: 0.88rem;">qsnctf<sup>1</sup></a><a href="/tags/web/" style="font-size: 0.88rem;">web<sup>1</sup></a></div></div><hr/></div></div><div id="keyboard-tips"><div class="keyboardTitle">博客快捷键</div><div class="keybordList"><div class="keybordItem"><div class="keyGroup"><div class="key">shift K</div></div><div class="keyContent"><div class="content">关闭快捷键功能</div></div></div><div class="keybordItem"><div class="keyGroup"><div class="key">shift A</div></div><div class="keyContent"><div class="content">打开/关闭中控台</div></div></div><div class="keybordItem"><div class="keyGroup"><div class="key">shift M</div></div><div class="keyContent"><div class="content">播放/暂停音乐</div></div></div><div class="keybordItem"><div class="keyGroup"><div class="key">shift D</div></div><div class="keyContent"><div class="content">深色/浅色显示模式</div></div></div><div class="keybordItem"><div class="keyGroup"><div class="key">shift S</div></div><div class="keyContent"><div class="content">站内搜索</div></div></div><div class="keybordItem"><div class="keyGroup"><div class="key">shift R</div></div><div class="keyContent"><div class="content">随机访问</div></div></div><div class="keybordItem"><div class="keyGroup"><div class="key">shift H</div></div><div class="keyContent"><div class="content">返回首页</div></div></div><div class="keybordItem"><div class="keyGroup"><div class="key">shift F</div></div><div class="keyContent"><div class="content">友链鱼塘</div></div></div><div class="keybordItem"><div class="keyGroup"><div class="key">shift L</div></div><div class="keyContent"><div class="content">友链页面</div></div></div><div class="keybordItem"><div class="keyGroup"><div class="key">shift P</div></div><div class="keyContent"><div class="content">关于本站</div></div></div><div class="keybordItem"><div class="keyGroup"><div class="key">shift I</div></div><div class="keyContent"><div class="content">原版/本站右键菜单</div></div></div></div></div><div id="rightside"><div id="rightside-config-hide"><button id="translateLink" type="button" title="简繁转换">繁</button><button id="darkmode" type="button" title="浅色和深色模式转换"><i class="anzhiyufont anzhiyu-icon-circle-half-stroke"></i></button><button id="hide-aside-btn" type="button" title="单栏和双栏切换"><i class="anzhiyufont anzhiyu-icon-arrows-left-right"></i></button></div><div id="rightside-config-show"><button id="rightside-config" type="button" title="设置"><i class="anzhiyufont anzhiyu-icon-gear"></i></button><button id="go-up" type="button" title="回到顶部"><i class="anzhiyufont anzhiyu-icon-arrow-up"></i></button></div></div><div id="nav-music"><a id="nav-music-hoverTips" onclick="anzhiyu.musicToggle()" accesskey="m">播放音乐</a><div id="console-music-bg"></div><meting-js id="8152976493" server="netease" type="playlist" mutex="true" preload="none" theme="var(--anzhiyu-main)" data-lrctype="0" order="random"></meting-js></div><div id="local-search"><div class="search-dialog"><nav class="search-nav"><span class="search-dialog-title">搜索</span><span id="loading-status"></span><button class="search-close-button"><i class="anzhiyufont anzhiyu-icon-xmark"></i></button></nav><div class="is-center" id="loading-database"><i class="anzhiyufont anzhiyu-icon-spinner anzhiyu-pulse-icon"></i><span> 数据库加载中</span></div><div class="search-wrap"><div id="local-search-input"><div class="local-search-box"><input class="local-search-box--input" placeholder="搜索文章" type="text"/></div></div><hr/><div id="local-search-results"></div></div></div><div id="search-mask"></div></div><div id="rightMenu"><div class="rightMenu-group rightMenu-small"><div class="rightMenu-item" id="menu-backward"><i class="anzhiyufont anzhiyu-icon-arrow-left"></i></div><div class="rightMenu-item" id="menu-forward"><i class="anzhiyufont anzhiyu-icon-arrow-right"></i></div><div class="rightMenu-item" id="menu-refresh"><i class="anzhiyufont anzhiyu-icon-arrow-rotate-right" style="font-size: 1rem;"></i></div><div class="rightMenu-item" id="menu-top"><i class="anzhiyufont anzhiyu-icon-arrow-up"></i></div></div><div class="rightMenu-group rightMenu-line rightMenuPlugin"><div class="rightMenu-item" id="menu-copytext"><i class="anzhiyufont anzhiyu-icon-copy"></i><span>复制选中文本</span></div><div class="rightMenu-item" id="menu-pastetext"><i class="anzhiyufont anzhiyu-icon-paste"></i><span>粘贴文本</span></div><a class="rightMenu-item" id="menu-commenttext"><i class="anzhiyufont anzhiyu-icon-comment-medical"></i><span>引用到评论</span></a><div class="rightMenu-item" id="menu-newwindow"><i class="anzhiyufont anzhiyu-icon-window-restore"></i><span>新窗口打开</span></div><div class="rightMenu-item" id="menu-copylink"><i class="anzhiyufont anzhiyu-icon-link"></i><span>复制链接地址</span></div><div class="rightMenu-item" id="menu-copyimg"><i class="anzhiyufont anzhiyu-icon-images"></i><span>复制此图片</span></div><div class="rightMenu-item" id="menu-downloadimg"><i class="anzhiyufont anzhiyu-icon-download"></i><span>下载此图片</span></div><div class="rightMenu-item" id="menu-newwindowimg"><i class="anzhiyufont anzhiyu-icon-window-restore"></i><span>新窗口打开图片</span></div><div class="rightMenu-item" id="menu-search"><i class="anzhiyufont anzhiyu-icon-magnifying-glass"></i><span>站内搜索</span></div><div class="rightMenu-item" id="menu-searchBaidu"><i class="anzhiyufont anzhiyu-icon-magnifying-glass"></i><span>百度搜索</span></div><div class="rightMenu-item" id="menu-music-toggle"><i class="anzhiyufont anzhiyu-icon-play"></i><span>播放音乐</span></div><div class="rightMenu-item" id="menu-music-back"><i class="anzhiyufont anzhiyu-icon-backward"></i><span>切换到上一首</span></div><div class="rightMenu-item" id="menu-music-forward"><i class="anzhiyufont anzhiyu-icon-forward"></i><span>切换到下一首</span></div><div class="rightMenu-item" id="menu-music-playlist" onclick="window.open("https://y.qq.com/n/ryqq/playlist/8802438608", "_blank");" style="display: none;"><i class="anzhiyufont anzhiyu-icon-radio"></i><span>查看所有歌曲</span></div><div class="rightMenu-item" id="menu-music-copyMusicName"><i class="anzhiyufont anzhiyu-icon-copy"></i><span>复制歌名</span></div></div><div class="rightMenu-group rightMenu-line rightMenuOther"><a class="rightMenu-item menu-link" id="menu-randomPost"><i class="anzhiyufont anzhiyu-icon-shuffle"></i><span>随便逛逛</span></a><a class="rightMenu-item menu-link" href="/categories/"><i class="anzhiyufont anzhiyu-icon-cube"></i><span>博客分类</span></a><a class="rightMenu-item menu-link" href="/tags/"><i class="anzhiyufont anzhiyu-icon-tags"></i><span>文章标签</span></a></div><div class="rightMenu-group rightMenu-line rightMenuOther"><a class="rightMenu-item" id="menu-copy" href="javascript:void(0);"><i class="anzhiyufont anzhiyu-icon-copy"></i><span>复制地址</span></a><a class="rightMenu-item" id="menu-commentBarrage" href="javascript:void(0);"><i class="anzhiyufont anzhiyu-icon-message"></i><span class="menu-commentBarrage-text">关闭热评</span></a><a class="rightMenu-item" id="menu-darkmode" href="javascript:void(0);"><i class="anzhiyufont anzhiyu-icon-circle-half-stroke"></i><span class="menu-darkmode-text">深色模式</span></a><a class="rightMenu-item" id="menu-translate" href="javascript:void(0);"><i class="anzhiyufont anzhiyu-icon-language"></i><span>轉為繁體</span></a></div></div><div id="rightmenu-mask"></div><div id="he-plugin-simple"></div><script>var WIDGET = {
"CONFIG": {
"modules": "0124",
"background": "2",
"tmpColor": "FFFFFF",
"tmpSize": "16",
"cityColor": "FFFFFF",
"citySize": "16",
"aqiColor": "E8D87B",
"aqiSize": "16",
"weatherIconSize": "24",
"alertIconSize": "18",
"padding": "10px 10px 10px 10px",
"shadow": "0",
"language": "auto",
"borderRadius": "20",
"fixed": "true",
"vertical": "top",
"horizontal": "left",
"left": "20",
"top": "7.1",
"key": "df245676fb434a0691ead1c63341cd94"
}
}
</script><link rel="stylesheet" href="https://widget.qweather.net/simple/static/css/he-simple.css?v=1.4.0"/><script src="https://widget.qweather.net/simple/static/js/he-simple.js?v=1.4.0"></script><div><script src="/js/utils.js"></script><script src="/js/main.js"></script><script src="/js/tw_cn.js"></script><script src="https://cdn.cbd.int/@fancyapps/[email protected]/dist/fancybox/fancybox.umd.js"></script><script src="https://cdn.cbd.int/[email protected]/instantpage.js" type="module"></script><script src="https://cdn.cbd.int/[email protected]/dist/lazyload.iife.min.js"></script><script src="https://cdn.cbd.int/[email protected]/dist/snackbar.min.js"></script><canvas id="universe"></canvas><script async src="https://npm.elemecdn.com/[email protected]/dark/dark.js"></script><script>// 消除控制台打印
var HoldLog = console.log;
console.log = function () {};
let now1 = new Date();
queueMicrotask(() => {
const Log = function () {
HoldLog.apply(console, arguments);
}; //在恢复前输出日志
const grt = new Date("12/27/2022 00:00:00"); //此处修改你的建站时间或者网站上线时间
now1.setTime(now1.getTime() + 250);
const days = (now1 - grt) / 1000 / 60 / 60 / 24;
const dnum = Math.floor(days);
const ascll = [
`欢迎使用安知鱼!`,
`生活明朗, 万物可爱`,
`
█████╗ ███╗ ██╗███████╗██╗ ██╗██╗██╗ ██╗██╗ ██╗
██╔══██╗████╗ ██║╚══███╔╝██║ ██║██║╚██╗ ██╔╝██║ ██║
███████║██╔██╗ ██║ ███╔╝ ███████║██║ ╚████╔╝ ██║ ██║
██╔══██║██║╚██╗██║ ███╔╝ ██╔══██║██║ ╚██╔╝ ██║ ██║
██║ ██║██║ ╚████║███████╗██║ ██║██║ ██║ ╚██████╔╝
╚═╝ ╚═╝╚═╝ ╚═══╝╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝ ╚═════╝
`,
"已上线",
dnum,
"天",
"©2022 By 安知鱼 V1.6.6",
];
const ascll2 = [`NCC2-036`, `调用前置摄像头拍照成功,识别为【小笨蛋】.`, `Photo captured: `, `🤪`];
setTimeout(
Log.bind(
console,
`\n%c${ascll[0]} %c ${ascll[1]} %c ${ascll[2]} %c${ascll[3]}%c ${ascll[4]}%c ${ascll[5]}\n\n%c ${ascll[6]}\n`,
"color:#425AEF",
"",
"color:#425AEF",
"color:#425AEF",
"",
"color:#425AEF",
""
)
);
setTimeout(
Log.bind(
console,
`%c ${ascll2[0]} %c ${ascll2[1]} %c \n${ascll2[2]} %c\n${ascll2[3]}\n`,
"color:white; background-color:#4fd953",
"",
"",
'background:url("https://npm.elemecdn.com/[email protected]/img/post/common/tinggge.gif") no-repeat;font-size:450%'
)
);
setTimeout(Log.bind(console, "%c WELCOME %c 你好,小笨蛋.", "color:white; background-color:#4f90d9", ""));
setTimeout(
console.warn.bind(
console,
"%c ⚡ Powered by 安知鱼 %c 你正在访问 Sword 的博客.",
"color:white; background-color:#f0ad4e",
""
)
);
setTimeout(Log.bind(console, "%c W23-12 %c 你已打开控制台.", "color:white; background-color:#4f90d9", ""));
setTimeout(
console.warn.bind(console, "%c S013-782 %c 你现在正处于监控中.", "color:white; background-color:#d9534f", "")
);
});</script><script async src="/anzhiyu/random.js"></script><script src="/js/search/local-search.js"></script><script>if (typeof gsap === "object") {
getScript("/js/anzhiyu/people.js", {defer:true})
} else {
getScript("/js/anzhiyu/people.js", {defer:true})
});
}
</script><div class="js-pjax"><input type="hidden" name="page-type" id="page-type" value="anzhiyu"></div><script>window.addEventListener('load', () => {
const changeContent = content => {
if (content === '') return content
content = content.replace(/<img.*?src="(.*?)"?[^\>]+>/ig, '[图片]') // replace image link
content = content.replace(/<a[^>]+?href=["']?([^"']+)["']?[^>]*>([^<]+)<\/a>/gi, '[链接]') // replace url
content = content.replace(/<pre><code>.*?<\/pre>/gi, '[代码]') // replace code
content = content.replace(/<[^>]+>/g,"") // remove html tag
if (content.length > 150) {
content = content.substring(0,150) + '...'
}
return content
}
const generateHtml = array => {
let result = ''
if (array.length) {
for (let i = 0; i < array.length; i++) {
result += '<div class=\'aside-list-item\'>'
if (true) {
const name = 'data-lazy-src'
result += `<a href='${array[i].url}' class='thumbnail'><img ${name}='${array[i].avatar}' alt='${array[i].nick}'></a>`
}
result += `<div class='content'>
<a class='comment' href='${array[i].url}' title='${array[i].content}'>${array[i].content}</a>
<div class='name'><span>${array[i].nick} / </span><time datetime="${array[i].date}">${anzhiyu.diffDate(array[i].date, true)}</time></div>
</div></div>`
}
} else {
result += '没有评论'
}
let $dom = document.querySelector('#card-newest-comments .aside-list')
$dom.innerHTML= result
window.lazyLoadInstance && window.lazyLoadInstance.update()
window.pjax && window.pjax.refresh($dom)
}
const getComment = async () => {
try {
const res = await fetch('https://vercel-lean-cloud-7won5k6l7-sword-safe.vercel.app/api/comment?type=recent&count=6', { method: 'GET' })
const result = await res.json()
const walineArray = result.data.map(e => {
return {
'content': changeContent(e.comment),
'avatar': e.avatar,
'nick': e.nick,
'url': e.url + '#' + e.objectId,
'date': e.time || e.insertedAt
}
})
saveToLocal.set('waline-newest-comments', JSON.stringify(walineArray), 10/(60*24))
generateHtml(walineArray)
} catch (err) {
console.error(err)
const $dom = document.querySelector('#card-newest-comments .aside-list')
$dom.textContent= "无法获取评论,请确认相关配置是否正确"
}
}
const newestCommentInit = () => {
if (document.querySelector('#card-newest-comments .aside-list')) {
const data = saveToLocal.get('waline-newest-comments')
if (data) {
generateHtml(JSON.parse(data))
} else {
getComment()
}
}
}
newestCommentInit()
document.addEventListener('pjax:complete', newestCommentInit)
})</script><script async data-pjax src="https://npm.elemecdn.com/[email protected]/bubble/bubble.js"></script><script>var visitorMail = "[email protected]";
</script><script async data-pjax src="https://cdn.cbd.int/[email protected]/waterfall/waterfall.js"></script><script src="https://lf3-cdn-tos.bytecdntp.com/cdn/expire-1-M/qrcodejs/1.0.0/qrcode.min.js"></script><script src="/js/anzhiyu/right_click_menu.js"></script><link rel="stylesheet" href="https://cdn.cbd.int/[email protected]/icon/ali_iconfont_css.css"><canvas class="fireworks" mobile="false"></canvas><script src="https://cdn.cbd.int/[email protected]/dist/fireworks.min.js"></script><script defer="defer" id="ribbon" src="https://cdn.cbd.int/[email protected]/dist/canvas-ribbon.min.js" size="150" alpha="0.6" zIndex="-1" mobile="true" data-click="true"></script><script defer="defer" id="fluttering_ribbon" mobile="true" src="https://cdn.cbd.int/[email protected]/dist/canvas-fluttering-ribbon.min.js"></script><script id="canvas_nest" defer="defer" color="0,0,255" opacity="1" zIndex="-1" count="500" mobile="false" src="https://cdn.cbd.int/[email protected]/dist/canvas-nest.min.js"></script><script src="https://cdn.cbd.int/[email protected]/dist/activate-power-mode.min.js"></script><script>POWERMODE.colorful = true;
POWERMODE.shake = true;
POWERMODE.mobile = true;
document.body.addEventListener('input', POWERMODE);
</script><link rel="stylesheet" href="https://cdn.cbd.int/[email protected]/aplayer/APlayer.min.css" media="print" onload="this.media='all'"><script src="https://cdn.cbd.int/[email protected]/js/APlayer.min.js"></script><script src="https://cdn.cbd.int/[email protected]/assets/js/Meting2.min.js"></script><script src="https://cdn.cbd.int/[email protected]/pjax.min.js"></script><script>let pjaxSelectors = ["head > title","#config-diff","#body-wrap","#rightside-config-hide","#rightside-config-show",".js-pjax"]
var pjax = new Pjax({
elements: 'a:not([target="_blank"])',
selectors: pjaxSelectors,
cacheBust: false,
analytics: true,
scrollRestoration: false
})
document.addEventListener('pjax:send', function () {
// removeEventListener scroll
anzhiyu.removeGlobalFnEvent('pjax')
anzhiyu.removeGlobalFnEvent('themeChange')
document.getElementById('rightside').classList.remove('rightside-show')
if (window.aplayers) {
for (let i = 0; i < window.aplayers.length; i++) {
if (!window.aplayers[i].options.fixed) {
window.aplayers[i].destroy()
}
}
}
typeof typed === 'object' && typed.destroy()
//reset readmode
const $bodyClassList = document.body.classList
$bodyClassList.contains('read-mode') && $bodyClassList.remove('read-mode')
})
document.addEventListener('pjax:complete', function () {
window.refreshFn()
document.querySelectorAll('script[data-pjax]').forEach(item => {
const newScript = document.createElement('script')
const content = item.text || item.textContent || item.innerHTML || ""
Array.from(item.attributes).forEach(attr => newScript.setAttribute(attr.name, attr.value))
newScript.appendChild(document.createTextNode(content))
item.parentNode.replaceChild(newScript, item)
})
GLOBAL_CONFIG.islazyload && window.lazyLoadInstance.update()
typeof chatBtnFn === 'function' && chatBtnFn()
typeof panguInit === 'function' && panguInit()
// google analytics
typeof gtag === 'function' && gtag('config', 'G-HNTE78TTVF', {'page_path': window.location.pathname});
// baidu analytics
typeof _hmt === 'object' && _hmt.push(['_trackPageview',window.location.pathname]);
typeof loadMeting === 'function' && document.getElementsByClassName('aplayer').length && loadMeting()
// prismjs
typeof Prism === 'object' && Prism.highlightAll()
})
document.addEventListener('pjax:error', e => {
if (e.request.status === 404) {
pjax.loadUrl('/404.html')
}
})</script><script async data-pjax src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script><script charset="UTF-8" src="https://cdn.cbd.int/[email protected]/accesskey/accesskey.js"></script><div id="greetingBox"></div></div><div id="popup-window"><div class="popup-window-title">通知</div><div class="popup-window-divider"></div><div class="popup-window-content"><div class="popup-tip">你好呀</div><div class="popup-link"><i class="anzhiyufont anzhiyu-icon-arrow-circle-right"></i></div></div></div></body></html>