-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.html
332 lines (281 loc) · 44.2 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
<!DOCTYPE html><html lang="zh-CN" data-theme="light"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"><title>TYsec - 商丘师范学院天乙信息安全实验室</title><meta name="author" content="TYsec"><meta name="copyright" content="TYsec"><meta name="format-detection" content="telephone=no"><meta name="theme-color" content="ffffff"><meta property="og:type" content="website">
<meta property="og:title" content="TYsec">
<meta property="og:url" content="http://example.com/index.html">
<meta property="og:site_name" content="TYsec">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="https://q1.qlogo.cn/g?b=qq&nk=2142516016&s=640">
<meta property="article:author" content="TYsec">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://q1.qlogo.cn/g?b=qq&nk=2142516016&s=640"><link rel="shortcut icon" href="https://q1.qlogo.cn/g?b=qq&nk=2142516016&s=640"><link rel="canonical" href="http://example.com/"><link rel="preconnect" href="//cdn.jsdelivr.net"/><link rel="preconnect" href="//busuanzi.ibruce.info"/><link rel="stylesheet" href="/css/index.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free/css/all.min.css" media="print" onload="this.media='all'"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.min.css" media="print" onload="this.media='all'"><script>const GLOBAL_CONFIG = {
root: '/',
algolia: undefined,
localSearch: {"path":"/search.xml","preload":false,"languages":{"hits_empty":"找不到您查询的内容:${query}"}},
translate: {"defaultEncoding":2,"translateDelay":1,"msgToTraditionalChinese":"繁","msgToSimplifiedChinese":"簡"},
noticeOutdate: undefined,
highlight: {"plugin":"highlighjs","highlightCopy":true,"highlightLang":true,"highlightHeightLimit":false},
copy: {
success: '复制成功',
error: '复制错误',
noSupport: '浏览器不支持'
},
relativeDate: {
homepage: false,
post: false
},
runtime: '天',
date_suffix: {
just: '刚刚',
min: '分钟前',
hour: '小时前',
day: '天前',
month: '个月前'
},
copyright: {"limitCount":50,"languages":{"author":"作者: TYsec","link":"链接: ","source":"来源: TYsec","info":"著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。"}},
lightbox: 'fancybox',
Snackbar: undefined,
source: {
justifiedGallery: {
js: 'https://cdn.jsdelivr.net/npm/flickr-justified-gallery/dist/fjGallery.min.js',
css: 'https://cdn.jsdelivr.net/npm/flickr-justified-gallery/dist/fjGallery.min.css'
}
},
isPhotoFigcaption: false,
islazyload: false,
isAnchor: false
}</script><script id="config-diff">var GLOBAL_CONFIG_SITE = {
title: 'TYsec',
isPost: false,
isHome: true,
isHighlightShrink: false,
isToc: false,
postUpdate: '2023-12-20 21:53:15'
}</script><noscript><style type="text/css">
#nav {
opacity: 1
}
.justified-gallery img {
opacity: 1
}
#recent-posts time,
#post-meta time {
display: inline !important
}
</style></noscript><script>(win=>{
win.saveToLocal = {
set: function setWithExpiry(key, value, ttl) {
if (ttl === 0) return
const now = new Date()
const expiryDay = ttl * 86400000
const item = {
value: value,
expiry: now.getTime() + expiryDay,
}
localStorage.setItem(key, JSON.stringify(item))
},
get: function getWithExpiry(key) {
const itemStr = localStorage.getItem(key)
if (!itemStr) {
return undefined
}
const item = JSON.parse(itemStr)
const now = new Date()
if (now.getTime() > item.expiry) {
localStorage.removeItem(key)
return undefined
}
return item.value
}
}
win.getScript = url => new Promise((resolve, reject) => {
const script = document.createElement('script')
script.src = url
script.async = true
script.onerror = reject
script.onload = script.onreadystatechange = function() {
const loadState = this.readyState
if (loadState && loadState !== 'loaded' && loadState !== 'complete') return
script.onload = script.onreadystatechange = null
resolve()
}
document.head.appendChild(script)
})
win.activateDarkMode = function () {
document.documentElement.setAttribute('data-theme', 'dark')
if (document.querySelector('meta[name="theme-color"]') !== null) {
document.querySelector('meta[name="theme-color"]').setAttribute('content', '#0d0d0d')
}
}
win.activateLightMode = function () {
document.documentElement.setAttribute('data-theme', 'light')
if (document.querySelector('meta[name="theme-color"]') !== null) {
document.querySelector('meta[name="theme-color"]').setAttribute('content', 'ffffff')
}
}
const t = saveToLocal.get('theme')
if (t === 'dark') activateDarkMode()
else if (t === 'light') activateLightMode()
const asideStatus = saveToLocal.get('aside-status')
if (asideStatus !== undefined) {
if (asideStatus === 'hide') {
document.documentElement.classList.add('hide-aside')
} else {
document.documentElement.classList.remove('hide-aside')
}
}
const detectApple = () => {
if(/iPad|iPhone|iPod|Macintosh/.test(navigator.userAgent)){
document.documentElement.classList.add('apple')
}
}
detectApple()
})(window)</script><meta name="generator" content="Hexo 5.4.2"></head><body><div id="loading-box"><div class="loading-left-bg"></div><div class="loading-right-bg"></div><div class="spinner-box"><div class="configure-border-1"><div class="configure-core"></div></div><div class="configure-border-2"><div class="configure-core"></div></div><div class="loading-word">加载中...</div></div></div><script>const preloader = {
endLoading: () => {
document.body.style.overflow = 'auto';
document.getElementById('loading-box').classList.add("loaded")
},
initLoading: () => {
document.body.style.overflow = '';
document.getElementById('loading-box').classList.remove("loaded")
}
}
window.addEventListener('load',()=> { preloader.endLoading() })
if (false) {
document.addEventListener('pjax:send', () => { preloader.initLoading() })
document.addEventListener('pjax:complete', () => { preloader.endLoading() })
}</script><div id="web_bg"></div><div id="sidebar"><div id="menu-mask"></div><div id="sidebar-menus"><div class="avatar-img is-center"><img src="https://q1.qlogo.cn/g?b=qq&nk=2142516016&s=640" onerror="onerror=null;src='/img/friend_404.gif'" alt="avatar"/></div><div class="sidebar-site-data site-data is-center"><a href="/archives/"><div class="headline">文章</div><div class="length-num">13</div></a><a href="/tags/"><div class="headline">标签</div><div class="length-num">8</div></a><a href="/categories/"><div class="headline">分类</div><div class="length-num">13</div></a></div><hr/><div class="menus_items"><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw fas fa-home"></i><span> 首页</span></a></div><div class="menus_item"><a class="site-page" href="/archives/"><i class="fa-fw fas fa-archive"></i><span> 归档</span></a></div><div class="menus_item"><a class="site-page" href="/tags/"><i class="fa-fw fas fa-tags"></i><span> 标签</span></a></div><div class="menus_item"><a class="site-page" href="/categories/"><i class="fa-fw fas fa-folder-open"></i><span> 分类</span></a></div><div class="menus_item"><a class="site-page" href="/link/"><i class="fa-fw fas fa-link"></i><span> 链接</span></a></div><div class="menus_item"><a class="site-page" href="/about/"><i class="fa-fw fas fa-heart"></i><span> 关于</span></a></div></div></div></div><div class="page" id="body-wrap"><header class="full_page" id="page-header" style="background: linear-gradient(20deg, #0062be, #925696, #cc426e, #fb0347)"><nav id="nav"><span id="blog_name"><a id="site-name" href="/">TYsec</a></span><div id="menus"><div id="search-button"><a class="site-page social-icon search"><i class="fas fa-search fa-fw"></i><span> 搜索</span></a></div><div class="menus_items"><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw fas fa-home"></i><span> 首页</span></a></div><div class="menus_item"><a class="site-page" href="/archives/"><i class="fa-fw fas fa-archive"></i><span> 归档</span></a></div><div class="menus_item"><a class="site-page" href="/tags/"><i class="fa-fw fas fa-tags"></i><span> 标签</span></a></div><div class="menus_item"><a class="site-page" href="/categories/"><i class="fa-fw fas fa-folder-open"></i><span> 分类</span></a></div><div class="menus_item"><a class="site-page" href="/link/"><i class="fa-fw fas fa-link"></i><span> 链接</span></a></div><div class="menus_item"><a class="site-page" href="/about/"><i class="fa-fw fas fa-heart"></i><span> 关于</span></a></div></div><div id="toggle-menu"><a class="site-page"><i class="fas fa-bars fa-fw"></i></a></div></div></nav><div id="site-info"><h1 id="site-title">TYsec</h1><div id="site-subtitle"><span id="subtitle"></span></div><div id="site_social_icons"><a class="social-icon" href="https://github.com/Abyssun" target="_blank" title="Github"><i class="fab fa-github"></i></a><a class="social-icon" href="mailto:[email protected]" target="_blank" title="Email"><i class="fas fa-envelope"></i></a></div></div><div id="scroll-down"><i class="fas fa-angle-down scroll-down-effects"></i></div></header><main class="layout" id="content-inner"><div class="recent-posts" id="recent-posts"><div class="recent-post-item"><div class="post_cover left"><a href="/posts/80cfcc7b.html/" title="退役考研选手在线学pwn_1"><img class="post_bg" src="https://s2.loli.net/2023/02/24/qyE2b1PNZzGrnSM.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="退役考研选手在线学pwn_1"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/80cfcc7b.html/" title="退役考研选手在线学pwn_1">退役考研选手在线学pwn_1</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-12-20T13:51:16.000Z" title="发表于 2023-12-20 21:51:16">2023-12-20</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/PWN/">PWN</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/PWN/%E8%AE%A1%E7%AE%97%E6%9C%BA%E7%BB%84%E6%88%90%E5%8E%9F%E7%90%86/">计算机组成原理</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/PWN/%E8%AE%A1%E7%AE%97%E6%9C%BA%E7%BB%84%E6%88%90%E5%8E%9F%E7%90%86/%E6%95%B0%E6%8D%AE%E7%BB%93%E6%9E%84/">数据结构</a></span></div><div class="content">
主要尝试通过pwn方向将计算机组成原理和数据结构相关的知识串一下,达到快速学习的目的。本人非科班,跨考计算机(悲
本篇的话主要借鉴了探姬师傅的hello-ctf的pwn入门教程0.汇编语言(x86)(个人觉得是很好的入门教程)可能一些解读和学习有很多不当之处,欢迎各位大佬鞭策
汇编语言在开始正式学习二进制安全之前,需要先进行汇编语言的学习,这里我就根据教程的指引来对汇编语言展开相关性学习。
Start!从一个最简单的例子开始:很多同学入门pwn的时候都是从栈溢出来开始的,而想要理解栈溢出的基本原理,通过汇编语言是必要的。这里的话我们通过几个简单的程序来介绍汇编语言和栈,这里我使用的环境是Ubuntu20,程序一般情况下是64位。(如果有特殊情况的话会提前说明)
各位小伙伴自行装好相关的虚拟机和工具,或者不知道什么时候会更一期工具教学捏^^
Hello World我们先给出一个程序源代码
1234567//main.c# include<stdio.h>int main(){ printf("hello world"); re ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/posts/ff7f37e6.html/" title="联合注入"><img class="post_bg" src="https://s2.loli.net/2023/06/14/uRCcDTJPghl3tW6.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="联合注入"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/ff7f37e6.html/" title="联合注入">联合注入</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-06-16T01:24:02.000Z" title="发表于 2023-06-16 09:24:02">2023-06-16</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/WEB/">WEB</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/WEB/SQL%E6%B3%A8%E5%85%A5/">SQL注入</a></span></div><div class="content"> union注入流程比较固话的套路依次判型,字段数,回显点,依次爆库名,表名,字段名,数据。
1.判断注入点
我们拿buu上的[极客大挑战 2019]LoveSQL举个例子
通常 Sql 注入漏洞分为 2 种类型:
数字型字符型
我们在登录框中输入1,1。然后登录试试
好,报错了。可以看到是get方式传参。这个时候,后台拼接的sql语句为:select * from <表名> where username='1'&password='1'。语法不存在错误,说明我们的sql语句被执行了。
然后我们在1后面加上'试试
好,报错了,但是和上次不一样。最为经典的单引号判断法: 在参数后面加上单引号,比如:
1http://xxx/abc.php?id=1'
这个时候的sql语句为:select * from <表名> where username=’1’’&password=’1’
很明显是错误的,因为多了一个'但是如果在后面加上一个注释符#的话,sql语句就为:selec ...</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/posts/f19d15b1.html/" title="sqlmap的简单使用"><img class="post_bg" src="https://s2.loli.net/2023/06/15/gMqywsQlIK3OCmu.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="sqlmap的简单使用"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/f19d15b1.html/" title="sqlmap的简单使用">sqlmap的简单使用</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-06-16T01:16:16.000Z" title="发表于 2023-06-16 09:16:16">2023-06-16</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/WEB/">WEB</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/WEB/SQL%E6%B3%A8%E5%85%A5/">SQL注入</a></span></div><div class="content">SqlMap一款自动化的SQL注入工具,其主要功能是扫描,发现并利用给定的URL的SQL注入漏洞,目前支持的数据库是MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase和SAP MaxDB。采用五种独特的SQL注入技术,分别是:
1、基于布尔的盲注,即可以根据返回页面判断条件真假的注入。2、基于时间的盲注,即不能根据页面返回内容判断任何信息,用条件语句查看时间延迟语句是否执行(即页面返回时间是否增加)来判断。3、基于报错注入,即页面会返回错误信息,或者把注入的语句的结果直接返回在页面中。4、联合查询注入,可以使用union的情况下的注入。5、堆查询注入,可以同时执行多条语句的执行时的注入。
探测目标网站是否存在注入sqlmap -u “http://wz/sqli/Less-1/?id=1" #探测该url是否存在漏洞
也是给了好几种注入方法。
查询数据库users
sqlmap -u “http://wz/sqli/Less ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/posts/97d07a5c.html/" title="缓冲区与setvbuf函数"><img class="post_bg" src="https://cdn.staticaly.com/gh/Abyssun/picx-images-hosting@master/20230409/v2-42a751c6dde2a0b47939369b6cf6264c_1440w.2ku6hllf9960.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="缓冲区与setvbuf函数"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/97d07a5c.html/" title="缓冲区与setvbuf函数">缓冲区与setvbuf函数</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-04-09T02:48:20.000Z" title="发表于 2023-04-09 10:48:20">2023-04-09</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/PWN/">PWN</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/PWN/%E7%90%86%E8%AE%BA%E7%9F%A5%E8%AF%86/">理论知识</a></span></div><div class="content">缓冲区
该笔记适用于Ubuntu,在Windows或其他平台上可能会存在不同。
什么是缓冲缓冲区又称为缓存,它是内存空间的一部分,用来缓冲输入或输出的数据。
为什么要引入缓冲区呢?比如我们从磁盘里取信息,我们先把读出的数据放在缓冲区,计算机再直接从缓冲区缓冲区中取数据,等缓冲区的数据取完后再去磁盘中读取,这样就可以减少磁盘的读写次数,再加上计算机对缓冲区的操作远快于对磁盘的操作,故应用缓冲区可大大提高计算机的运行速度。
缓冲区就是一块内存区,它用在输入输出设备和CPU之间,用来缓存数据。它使得低速的输入输出设备和高速的CPU能够协调工作,避免低速的输入输出设备占用CPU,解放出CPU,使其能够高效率工作。
缓冲区的类型缓冲区分为三种类型:全缓冲、行缓冲和不缓冲。
1、全缓冲
在这种情况下,当填满标准I/O缓存后才进行实际的I/O操作。全缓冲的典型代表是对磁盘文件的改写。
2、行输出
在这种情况下,当在输入和输出中遇到换行符时,执行真正的I/O操作。这时,我们输入的字符先存放在缓冲区,等按下回车键换行时才进行实际的I/O操作。典型的代表是键盘输入数据。
3、不缓冲
也就是不进行缓冲,标 ...</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/posts/9e12257e.html/" title="ctfshow-愚人杯赛题复现"><img class="post_bg" src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="ctfshow-愚人杯赛题复现"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/9e12257e.html/" title="ctfshow-愚人杯赛题复现">ctfshow-愚人杯赛题复现</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-04-07T08:09:23.000Z" title="发表于 2023-04-07 16:09:23">2023-04-07</time></span></div><div class="content"></div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/posts/d5e8fca.html/" title="pwn入门刷题记录(一)"><img class="post_bg" src="https://cdn.staticaly.com/gh/Abyssun/picx-images-hosting@master/20230402/1.6xawu1bglk80.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="pwn入门刷题记录(一)"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/d5e8fca.html/" title="pwn入门刷题记录(一)">pwn入门刷题记录(一)</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-04-02T15:09:40.000Z" title="发表于 2023-04-02 23:09:40">2023-04-02</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/PWN/">PWN</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/PWN/%E6%96%B0%E6%89%8B%E5%85%A5%E9%97%A8/">新手入门</a></span></div><div class="content">ctfshow-pwn01直接nc连接后即可获得flag(好吧,我也不知道为什么会如此……)
ctfshow-pwn02
将stack文件下载后拖入pwn机
file命令查看stack是32位的文件
checksec命令执行查看保护机制:栈不可执行(canary)
然后将文件,拖入IDA进行静态分析,按F5进入主函数
setvbuf(貌似是定义输入输出流?好像不用管它)其他函数都很好懂 进入pwnme函数看一下
(1)ESP:栈指针寄存器(extended stack pointer),其内存放着一个指针,该指针永远指向系统栈最上面一个栈帧的栈顶。(2)EBP:基址指针寄存器(extended base pointer),其内存放着一个指针,该指针永远指向系统栈最上面一个栈帧的底部。ebp决定他有9个字节,但其实可以输入更多的字节,那就造成了栈溢出,想到ret2text
接下来要计算填充数据
IDA观察可得s有9个字节
接下来我们来找找system的地址
shift+F12看返回地址
找到/bin/sh
双击进入
CTRL+X交叉引用(这里应该会有弹窗,直接选择OK就行 ...</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/posts/9b311c28.html/" title="【SQL注入】SQL注入这一篇就够了"><img class="post_bg" src="https://cdn.staticaly.com/gh/Abyssun/picx-images-hosting@master/20200917143714.3oip218ppug0.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="【SQL注入】SQL注入这一篇就够了"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/9b311c28.html/" title="【SQL注入】SQL注入这一篇就够了">【SQL注入】SQL注入这一篇就够了</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-02-25T00:37:53.000Z" title="发表于 2023-02-25 08:37:53">2023-02-25</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/WEB/">WEB</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/WEB/SQL%E6%B3%A8%E5%85%A5/">SQL注入</a></span></div><div class="content">SQL注入概念数据库基本概念
相关术语数据数据是指对客观事件进行记录并可以鉴别的符号,是对客观事物的性质、状态以及相互关系等进行记载的物理符号或这些物理符号的组合。它是可识别的、抽象的符号。
具体见百度百科
数据库数据库是“按照数据结构来组织、存储和管理数据的仓库”。是一个长期存储在计算机内的、有组织的、可共享的、统一管理的大量数据的集合。
常见的数据库有:Access、MSSQL、Oracle、 SQLITE、 MySQL等
具体见百度百科
数据库管理系统数据库管理系统(Database Management System)是一种操纵和管理数据库的大型软件,用于建立、使用和维护数据库,简称DBMS。它对数据库进行统一的管理和控制,以保证数据库的安全性和完整性。用户通过DBMS访问数据库中的数据,数据库管理员也通过DBMS进行数据库的维护工作。它可以支持多个应用程序和用户用不同的方法在同时或不同时刻去建立,修改和询问数据库。大部分DBMS提供数据定义语言DDL(Data Definition Language)和数据操作语言DML(Data Manipulation Languag ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/posts/b0baaa51.html/" title="基于Ubuntu16.04同时部署多道pwn题目"><img class="post_bg" src="https://s2.loli.net/2023/02/24/qyE2b1PNZzGrnSM.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="基于Ubuntu16.04同时部署多道pwn题目"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/b0baaa51.html/" title="基于Ubuntu16.04同时部署多道pwn题目">基于Ubuntu16.04同时部署多道pwn题目</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-02-24T12:19:24.000Z" title="发表于 2023-02-24 20:19:24">2023-02-24</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/PWN/">PWN</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/PWN/%E9%83%A8%E7%BD%B2%E9%85%8D%E7%BD%AE/">部署配置</a></span></div><div class="content">该方法仅适用于ubuntu16.04系统,之后想要适配18 20 22 那些,还要继续学习
一、首先是安装环境 ubuntu16
这个较为简单,如果是租用服务器的话,直接就有配置选择(这里以阿里云为例)
还有就是连接问题 在csdn 搜索xshell登录阿里云服务器即可 (主要是现在要上课没时间了)
如果是在用虚拟机进行搭建,也可以去搜索镜像文件,然后进行下载安装
阿里云镜像开源网站
优点:这个有图文操作界面,在之后的配置时会简单点,
缺点:主机就不能关机了,不能携带,而且占用主机的内存会高,导致主机卡顿或者在一段时间内不能使用
两种方法都要用到的换源 (加快下载速度)
在Linux系统里面,源文件保存在 | /etc/apt/sources.list |
也就是,只要找到国内源,再把这里面的国外源换掉即可
但是为了保证安全,首先要对文件进行保存 使用
sudo cp /etc/apt/sources.list sources_backup.list 建立一个备份文件 sources_backup.list
然后使用命令 > sudo vim /etc/a ...</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/posts/fff87d43.html/" title="Linux实用运维脚本"><img class="post_bg" src="https://s2.loli.net/2023/01/15/5KLlANftgSvFBz2.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Linux实用运维脚本"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/fff87d43.html/" title="Linux实用运维脚本">Linux实用运维脚本</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-02-07T06:53:29.000Z" title="发表于 2023-02-07 14:53:29">2023-02-07</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E5%AE%9E%E7%94%A8%E8%84%9A%E6%9C%AC/">实用脚本</a></span></div><div class="content">常用命令1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253#查看僵尸进程ps -al | gawk '{print $2,$4}' | grep Z# 匹配电子邮件的地址cat index.html | egrep -o "[A-Za-z0-9._]+@[A-Za-z0-9.]+\.[a-zA-Z]{2,4}" > ans.txt#匹配http URLcat index.html | egrep -o "http://[A-Za-z0-9.]+\.[a-zA-Z]{2,3}" > ans.txt #纯文本形式下载网页lynx -dump www.baidu.com > plain.txt#只打印HTTP头部信息,无须远程下载文件curl --head www.baidu.com#使用POST提交数据curl ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/posts/d5b32943.html/" title="信息收集工具recon-ng超详细使用教程"><img class="post_bg" src="https://s2.loli.net/2023/02/07/gwZAW5vpQjx4Piz.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="信息收集工具recon-ng超详细使用教程"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/d5b32943.html/" title="信息收集工具recon-ng超详细使用教程">信息收集工具recon-ng超详细使用教程</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-02-07T05:50:20.000Z" title="发表于 2023-02-07 13:50:20">2023-02-07</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E5%B7%A5%E5%85%B7/">工具</a></span></div><div class="content">前言:最近在找Recon-ng详细一点的教程,可是Google才发现资料都很零散而且不详细,所以我打算具体写一下。
Recon-ng在渗透过程中主要扮演信息收集工作的角色,同时也可以当作渗透工具,不过相关的攻击模块很少,只有自己扩展。
其实Recon-ng最大的优点就是模块化,功能可以自己任意扩展。只要想象力够丰富,这个就可以成为神器,下面为详细教程。
0×01 安装1. 安装recon-ng及依赖文件:12git clone https://bitbucket.org/LaNMaSteR53/recon-ng.git #然后把其中的文件移动到你希望的目录即可,并加入path即可
到其目录下运行recon-ng文件即可
1./recon-ng
第一次启动时你可能会被告知有什么依赖没有安装,根据提示把依赖安装即可
1pip install xlsxwriter #ie
#然后根据提示安装完即可
0×02 模块使用1. 启动部分1recon-ng -h
可以看到上面的具体参数,常用的就‘-w’参数,我们这里新开一个工作区ptest
1Recon-ng -w ptes ...</div></div></div><nav id="pagination"><div class="pagination"><span class="page-number current">1</span><a class="page-number" href="/page/2/#content-inner">2</a><a class="extend next" rel="next" href="/page/2/#content-inner"><i class="fas fa-chevron-right fa-fw"></i></a></div></nav></div><div class="aside-content" id="aside-content"><div class="card-widget card-info"><div class="is-center"><div class="avatar-img"><img src="https://q1.qlogo.cn/g?b=qq&nk=2142516016&s=640" onerror="this.onerror=null;this.src='/img/friend_404.gif'" alt="avatar"/></div><div class="author-info__name">TYsec</div><div class="author-info__description"></div></div><div class="card-info-data site-data is-center"><a href="/archives/"><div class="headline">文章</div><div class="length-num">13</div></a><a href="/tags/"><div class="headline">标签</div><div class="length-num">8</div></a><a href="/categories/"><div class="headline">分类</div><div class="length-num">13</div></a></div><a id="card-info-btn" target="_blank" rel="noopener" href="https://github.com/Abyssun"><i class="fab fa-github"></i><span>Follow Me</span></a><div class="card-info-social-icons is-center"><a class="social-icon" href="https://github.com/Abyssun" target="_blank" title="Github"><i class="fab fa-github"></i></a><a class="social-icon" href="mailto:[email protected]" target="_blank" title="Email"><i class="fas fa-envelope"></i></a></div></div><div class="card-widget card-announcement"><div class="item-headline"><i class="fas fa-bullhorn fa-shake"></i><span>公告</span></div><div class="announcement_content">TYsec:来自商丘师范学院的网络安全团队</div></div><div class="sticky_layout"><div class="card-widget card-recent-post"><div class="item-headline"><i class="fas fa-history"></i><span>最新文章</span></div><div class="aside-list"><div class="aside-list-item"><a class="thumbnail" href="/posts/80cfcc7b.html/" title="退役考研选手在线学pwn_1"><img src="https://s2.loli.net/2023/02/24/qyE2b1PNZzGrnSM.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="退役考研选手在线学pwn_1"/></a><div class="content"><a class="title" href="/posts/80cfcc7b.html/" title="退役考研选手在线学pwn_1">退役考研选手在线学pwn_1</a><time datetime="2023-12-20T13:51:16.000Z" title="发表于 2023-12-20 21:51:16">2023-12-20</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/posts/ff7f37e6.html/" title="联合注入"><img src="https://s2.loli.net/2023/06/14/uRCcDTJPghl3tW6.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="联合注入"/></a><div class="content"><a class="title" href="/posts/ff7f37e6.html/" title="联合注入">联合注入</a><time datetime="2023-06-16T01:24:02.000Z" title="发表于 2023-06-16 09:24:02">2023-06-16</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/posts/f19d15b1.html/" title="sqlmap的简单使用"><img src="https://s2.loli.net/2023/06/15/gMqywsQlIK3OCmu.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="sqlmap的简单使用"/></a><div class="content"><a class="title" href="/posts/f19d15b1.html/" title="sqlmap的简单使用">sqlmap的简单使用</a><time datetime="2023-06-16T01:16:16.000Z" title="发表于 2023-06-16 09:16:16">2023-06-16</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/posts/97d07a5c.html/" title="缓冲区与setvbuf函数"><img src="https://cdn.staticaly.com/gh/Abyssun/picx-images-hosting@master/20230409/v2-42a751c6dde2a0b47939369b6cf6264c_1440w.2ku6hllf9960.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="缓冲区与setvbuf函数"/></a><div class="content"><a class="title" href="/posts/97d07a5c.html/" title="缓冲区与setvbuf函数">缓冲区与setvbuf函数</a><time datetime="2023-04-09T02:48:20.000Z" title="发表于 2023-04-09 10:48:20">2023-04-09</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/posts/9e12257e.html/" title="ctfshow-愚人杯赛题复现"><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="ctfshow-愚人杯赛题复现"/></a><div class="content"><a class="title" href="/posts/9e12257e.html/" title="ctfshow-愚人杯赛题复现">ctfshow-愚人杯赛题复现</a><time datetime="2023-04-07T08:09:23.000Z" title="发表于 2023-04-07 16:09:23">2023-04-07</time></div></div></div></div><div class="card-widget card-categories"><div class="item-headline">
<i class="fas fa-folder-open"></i>
<span>分类</span>
<a class="card-more-btn" href="/categories/" title="查看更多">
<i class="fas fa-angle-right"></i></a>
</div>
<ul class="card-category-list" id="aside-cat-list">
<li class="card-category-list-item "><a class="card-category-list-link" href="/categories/MISC/"><span class="card-category-list-name">MISC</span><span class="card-category-list-count">1</span></a><ul class="card-category-list child"><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/MISC/%E5%B7%A5%E5%85%B7/"><span class="card-category-list-name">工具</span><span class="card-category-list-count">1</span></a></li></ul></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/PWN/"><span class="card-category-list-name">PWN</span><span class="card-category-list-count">4</span></a><ul class="card-category-list child"><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/PWN/%E6%96%B0%E6%89%8B%E5%85%A5%E9%97%A8/"><span class="card-category-list-name">新手入门</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/PWN/%E7%90%86%E8%AE%BA%E7%9F%A5%E8%AF%86/"><span class="card-category-list-name">理论知识</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/PWN/%E8%AE%A1%E7%AE%97%E6%9C%BA%E7%BB%84%E6%88%90%E5%8E%9F%E7%90%86/"><span class="card-category-list-name">计算机组成原理</span><span class="card-category-list-count">1</span></a><ul class="card-category-list child"><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/PWN/%E8%AE%A1%E7%AE%97%E6%9C%BA%E7%BB%84%E6%88%90%E5%8E%9F%E7%90%86/%E6%95%B0%E6%8D%AE%E7%BB%93%E6%9E%84/"><span class="card-category-list-name">数据结构</span><span class="card-category-list-count">1</span></a></li></ul></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/PWN/%E9%83%A8%E7%BD%B2%E9%85%8D%E7%BD%AE/"><span class="card-category-list-name">部署配置</span><span class="card-category-list-count">1</span></a></li></ul></li>
</ul></div><div class="card-widget card-tags"><div class="item-headline"><i class="fas fa-tags"></i><span>标签</span></div><div class="card-tag-cloud"><a href="/tags/TYCTF/" style="font-size: 1.15em; color: rgb(179, 181, 81)">TYCTF</a><a href="/tags/MISC/" style="font-size: 1.15em; color: rgb(66, 78, 126)">MISC</a><a href="/tags/Linux%E8%BF%90%E7%BB%B4/" style="font-size: 1.15em; color: rgb(20, 17, 27)">Linux运维</a><a href="/tags/PWN/" style="font-size: 1.45em; color: rgb(117, 120, 111)">PWN</a><a href="/tags/WEB-%E4%BF%A1%E6%81%AF%E6%94%B6%E9%9B%86/" style="font-size: 1.15em; color: rgb(0, 30, 168)">WEB|信息收集</a><a href="/tags/SQL%E6%B3%A8%E5%85%A5/" style="font-size: 1.45em; color: rgb(182, 59, 9)">SQL注入</a><a href="/tags/%E6%96%B0%E6%89%8B%E5%85%A5%E9%97%A8/" style="font-size: 1.15em; color: rgb(90, 96, 51)">新手入门</a><a href="/tags/%E5%B7%A5%E5%85%B7/" style="font-size: 1.15em; color: rgb(118, 181, 124)">工具</a></div></div><div class="card-widget card-archives"><div class="item-headline"><i class="fas fa-archive"></i><span>归档</span></div><ul class="card-archive-list"><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/12/"><span class="card-archive-list-date">十二月 2023</span><span class="card-archive-list-count">1</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/06/"><span class="card-archive-list-date">六月 2023</span><span class="card-archive-list-count">2</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/04/"><span class="card-archive-list-date">四月 2023</span><span class="card-archive-list-count">3</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/02/"><span class="card-archive-list-date">二月 2023</span><span class="card-archive-list-count">4</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/01/"><span class="card-archive-list-date">一月 2023</span><span class="card-archive-list-count">3</span></a></li></ul></div><div class="card-widget card-webinfo"><div class="item-headline"><i class="fas fa-chart-line"></i><span>网站资讯</span></div><div class="webinfo"><div class="webinfo-item"><div class="item-name">文章数目 :</div><div class="item-count">13</div></div><div class="webinfo-item"><div class="item-name">已运行时间 :</div><div class="item-count" id="runtimeshow" data-publishDate="2023-01-08T16:00:00.000Z"><i class="fa-solid fa-spinner fa-spin"></i></div></div><div class="webinfo-item"><div class="item-name">本站总字数 :</div><div class="item-count">33.1k</div></div><div class="webinfo-item"><div class="item-name">本站访客数 :</div><div class="item-count" id="busuanzi_value_site_uv"><i class="fa-solid fa-spinner fa-spin"></i></div></div><div class="webinfo-item"><div class="item-name">本站总访问量 :</div><div class="item-count" id="busuanzi_value_site_pv"><i class="fa-solid fa-spinner fa-spin"></i></div></div><div class="webinfo-item"><div class="item-name">最后更新时间 :</div><div class="item-count" id="last-push-date" data-lastPushDate="2023-12-20T13:53:14.942Z"><i class="fa-solid fa-spinner fa-spin"></i></div></div></div></div></div></div></main><footer id="footer" style="background: linear-gradient(20deg, #0062be, #925696, #cc426e, #fb0347)"><div id="footer-wrap"><div class="copyright">©2020 - 2023 By TYsec</div><div class="framework-info"><span>框架 </span><a target="_blank" rel="noopener" href="https://hexo.io">Hexo</a><span class="footer-separator">|</span><span>主题 </span><a target="_blank" rel="noopener" href="https://github.com/jerryc127/hexo-theme-butterfly">Butterfly</a></div><div class="footer_custom_text">Hi, welcome to my <a target="_blank" rel="noopener" href="https://tysec.easyctf.cn/">blog</a>!</div></div></footer></div><div id="rightside"><div id="rightside-config-hide"><button id="translateLink" type="button" title="简繁转换">繁</button><button id="darkmode" type="button" title="浅色和深色模式转换"><i class="fas fa-adjust"></i></button><button id="hide-aside-btn" type="button" title="单栏和双栏切换"><i class="fas fa-arrows-alt-h"></i></button></div><div id="rightside-config-show"><button id="rightside_config" type="button" title="设置"><i class="fas fa-cog fa-spin"></i></button><button id="go-up" type="button" title="回到顶部"><i class="fas fa-arrow-up"></i></button></div></div><div id="local-search"><div class="search-dialog"><nav class="search-nav"><span class="search-dialog-title">搜索</span><span id="loading-status"></span><button class="search-close-button"><i class="fas fa-times"></i></button></nav><div class="is-center" id="loading-database"><i class="fas fa-spinner fa-pulse"></i><span> 数据库加载中</span></div><div class="search-wrap"><div id="local-search-input"><div class="local-search-box"><input class="local-search-box--input" placeholder="搜索文章" type="text"/></div></div><hr/><div id="local-search-results"></div></div></div><div id="search-mask"></div></div><div><script src="/js/utils.js"></script><script src="/js/main.js"></script><script src="/js/tw_cn.js"></script><script src="https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.umd.min.js"></script><script src="/js/search/local-search.js"></script><div class="js-pjax"><script>function subtitleType () {
getScript('https://sdk.jinrishici.com/v2/browser/jinrishici.js').then(() => {
jinrishici.load(result =>{
if (true) {
const sub = []
const content = result.data.content
sub.unshift(content)
window.typed = new Typed('#subtitle', {
strings: sub,
startDelay: 300,
typeSpeed: 150,
loop: true,
backSpeed: 50,
})
} else {
document.getElementById('subtitle').innerHTML = result.data.content
}
})
})
}
if (true) {
if (typeof Typed === 'function') {
subtitleType()
} else {
getScript('https://cdn.jsdelivr.net/npm/typed.js/lib/typed.min.js').then(subtitleType)
}
} else {
subtitleType()
}
</script><script>(() => {
const $mermaidWrap = document.querySelectorAll('#article-container .mermaid-wrap')
if ($mermaidWrap.length) {
window.runMermaid = () => {
window.loadMermaid = true
const theme = document.documentElement.getAttribute('data-theme') === 'dark' ? 'dark' : 'default'
Array.from($mermaidWrap).forEach((item, index) => {
const mermaidSrc = item.firstElementChild
const mermaidThemeConfig = '%%{init:{ \'theme\':\'' + theme + '\'}}%%\n'
const mermaidID = 'mermaid-' + index
const mermaidDefinition = mermaidThemeConfig + mermaidSrc.textContent
mermaid.mermaidAPI.render(mermaidID, mermaidDefinition, (svgCode) => {
mermaidSrc.insertAdjacentHTML('afterend', svgCode)
})
})
}
const loadMermaid = () => {
window.loadMermaid ? runMermaid() : getScript('https://cdn.jsdelivr.net/npm/mermaid/dist/mermaid.min.js').then(runMermaid)
}
window.pjax ? loadMermaid() : document.addEventListener('DOMContentLoaded', loadMermaid)
}
})()</script></div><canvas class="fireworks" mobile="false"></canvas><script src="https://cdn.jsdelivr.net/npm/butterfly-extsrc/dist/fireworks.min.js"></script><script defer="defer" id="ribbon" src="https://cdn.jsdelivr.net/npm/butterfly-extsrc/dist/canvas-ribbon.min.js" size="150" alpha="0.6" zIndex="-1" mobile="true" data-click="true"></script><script id="canvas_nest" defer="defer" color="0,0,255" opacity="0.7" zIndex="-1" count="99" mobile="false" src="https://cdn.jsdelivr.net/npm/butterfly-extsrc/dist/canvas-nest.min.js"></script><script async data-pjax src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script></div></body></html>