-
Notifications
You must be signed in to change notification settings - Fork 0
/
search.xml
337 lines (278 loc) · 63 KB
/
search.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
<?xml version="1.0" encoding="utf-8"?>
<search>
<entry>
<title>安装Kali WSL</title>
<url>/2023/11/30/How-to-install-Kali-WSL/</url>
<content><![CDATA[<h2 id="引言"><a href="#引言" class="headerlink" title="引言"></a>引言</h2><p>Kali WSL(Windows Subsystem for Linux)是在 Windows 环境下运行 Kali Linux 的一种方式,同时,WSL相比于Linux虚拟机能和Windows较好的进行文件系统的互通,非常适合用于学习。</p>
<h2 id="步骤"><a href="#步骤" class="headerlink" title="步骤"></a>步骤</h2><h3 id="1-开启-WSL-功能"><a href="#1-开启-WSL-功能" class="headerlink" title="1. 开启 WSL 功能"></a>1. 开启 WSL 功能</h3><p>确保系统为 Windows 10 专业版及以上,然后按照以下步骤开启 WSL 功能:</p>
<ul>
<li><p>打开控制面板</p>
</li>
<li><p>进入程序 -> 启用或关闭 Windows 功能</p>
</li>
<li><p>勾选”适用于 Linux 的 Windows 子系统”</p>
</li>
<li><p>系统更新并重启生效</p>
</li>
</ul>
<h3 id="2-安装-Kali-WSL"><a href="#2-安装-Kali-WSL" class="headerlink" title="2. 安装 Kali WSL"></a>2. 安装 Kali WSL</h3><p>在 Windows 应用商店中搜索并下载适用于 Linux 的 Windows 子系统,选择 Kali 作为 Linux 发行版进行安装。</p>
<h3 id="3-升级到-WSL2"><a href="#3-升级到-WSL2" class="headerlink" title="3. 升级到 WSL2"></a>3. 升级到 WSL2</h3><p>由于版本问题,确保升级到 WSL2,执行以下命令:</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart wsl --set-version kali-linux 2</span><br></pre></td></tr></table></figure></div>
<h3 id="4-安装完整版-Kali"><a href="#4-安装完整版-Kali" class="headerlink" title="4. 安装完整版 Kali"></a>4. 安装完整版 Kali</h3><p>安装完成后,打开 Kali Linux ,根据设置用户名及密码。</p>
<p>重新启动 Kali Linux ,这时我们发现我们的 Kali Linux 还有很多工具没用安装。</p>
<p>执行以下命令安装 Kali 的完整版:</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">sudo apt update</span><br><span class="line">sudo apt install -y kali-linux-large</span><br></pre></td></tr></table></figure></div>
<h3 id="6-配置图形化桌面并连接(可选)"><a href="#6-配置图形化桌面并连接(可选)" class="headerlink" title="6. 配置图形化桌面并连接(可选)"></a>6. 配置图形化桌面并连接(可选)</h3><p>如果想要体验图形化界面,可以选择安装 Win-KeX</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">sudo apt install -y kali-win-kex</span><br></pre></td></tr></table></figure></div>
<p>打开 Window Mode (窗口模式)</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">kex --win</span><br></pre></td></tr></table></figure></div>
<p>如果你想要体验 Seamless Mode (无缝模式),还需要额外安装 <a class="link" href="https://x410.dev/" >X410 <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a></p>
<p>安装完成后打开并勾选<code>ACCESS CONTROL</code>下的<code>WSL2</code>选项。</p>
<p><img
lazyload
src="/images/loading.svg"
data-src="/../images/How-to-install-Kali-WSL/X410-Settings.png"
alt="X410-Settings"
></p>
<p>打开 Seamless Mode (窗口模式)</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">kex --sl</span><br></pre></td></tr></table></figure></div>
<p>详细教程:<a class="link" href="https://x410.dev/cookbook/wsl/protecting-x410-public-access-for-wsl2-via-windows-defender-firewall/" >Protecting X410 Public Access for WSL2 via Windows Defender Firewall - X410.dev <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a></p>
<h3 id="7-额外配置(可选)"><a href="#7-额外配置(可选)" class="headerlink" title="7. 额外配置(可选)"></a>7. 额外配置(可选)</h3><p>根据需求,可以配置 Windows Terminal,将 Kali 和 Win-KeX 整合进 Terminal。</p>
<p>以下是我的配置文件(仅留下 Kali WSL 相关配置)</p>
<div class="highlight-container" data-rel="Json"><figure class="iseeu highlight json"><table><tr><td class="code"><pre><span class="line"><span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"profiles"</span><span class="punctuation">:</span></span><br><span class="line"> <span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"list"</span><span class="punctuation">:</span></span><br><span class="line"> <span class="punctuation">[</span></span><br><span class="line"> <span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"guid"</span><span class="punctuation">:</span> <span class="string">"{46ca431a-3a87-5fb3-83cd-11ececc031d2}"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"hidden"</span><span class="punctuation">:</span> <span class="literal"><span class="keyword">false</span></span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"name"</span><span class="punctuation">:</span> <span class="string">"Kali Linux"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"icon"</span><span class="punctuation">:</span> <span class="string">"file:///c:/users/<windows user>/pictures/icons/kali-menu.png"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"source"</span><span class="punctuation">:</span> <span class="string">"Windows.Terminal.Wsl"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"startingDirectory"</span> <span class="punctuation">:</span> <span class="string">"//wsl$/kali-linux/home/<kali user>"</span></span><br><span class="line"> <span class="punctuation">}</span><span class="punctuation">,</span></span><br><span class="line"> <span class="punctuation">{</span></span><br><span class="line"> <span class="comment">// "guid": "{55ca431a-3a87-5fb3-83cd-11ececc031d2}",</span></span><br><span class="line"> <span class="attr">"hidden"</span><span class="punctuation">:</span> <span class="literal"><span class="keyword">false</span></span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"icon"</span><span class="punctuation">:</span> <span class="string">"file:///c:/users/<windows user>/pictures/icons/kali-menu.png"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"name"</span><span class="punctuation">:</span> <span class="string">"Win-KeX Window Mode"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"commandline"</span><span class="punctuation">:</span> <span class="string">"wsl -d kali-linux kex --wtstart -s"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"startingDirectory"</span> <span class="punctuation">:</span> <span class="string">"//wsl$/kali-linux/home/<kali user>"</span></span><br><span class="line"> <span class="punctuation">}</span><span class="punctuation">,</span></span><br><span class="line"> <span class="punctuation">{</span></span><br><span class="line"> <span class="comment">// "guid": "{55ca431a-3a87-5fb3-83cd-11ececc031d2}",</span></span><br><span class="line"> <span class="attr">"hidden"</span><span class="punctuation">:</span> <span class="literal"><span class="keyword">false</span></span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"icon"</span><span class="punctuation">:</span> <span class="string">"file:///c:/users/<windows user>/pictures/icons/kali-menu.png"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"name"</span><span class="punctuation">:</span> <span class="string">"Win-KeX Seamless Mode"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"commandline"</span><span class="punctuation">:</span> <span class="string">"wsl -d kali-linux kex --sl --wtstart -s"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"startingDirectory"</span> <span class="punctuation">:</span> <span class="string">"//wsl$/kali-linux/home/<kali user>"</span></span><br><span class="line"> <span class="punctuation">}</span><span class="punctuation">,</span></span><br><span class="line"> <span class="punctuation">]</span></span><br><span class="line"> <span class="punctuation">}</span></span><br><span class="line"><span class="punctuation">}</span></span><br></pre></td></tr></table></figure></div>
]]></content>
<categories>
<category>CTF</category>
</categories>
<tags>
<tag>随笔</tag>
</tags>
</entry>
<entry>
<title>如何使用Navicat连接WSL里的MySQL服务</title>
<url>/2023/08/02/How-to-use-Navicat-to-connect-to-MySQL-services-in-WSL/</url>
<content><![CDATA[<h3 id="0-前言"><a href="#0-前言" class="headerlink" title="0 前言"></a>0 前言</h3><p>真的有人会干这么套娃的事情吗?</p>
<p><del>原来是我啊,那没事了</del></p>
<p>究其原因,还是由于之前技术不精,在Windows系统上安装MySQL,结果MySQL炸了,而且还没办法卸载干净,这次想着既然VSCode可以与WSL连接,为何Navicat不能与WSL里的MySQL连接呢?</p>
<p>而且照<a class="link" href="https://github.com/XCloudFance" >XCloudFance <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a>学长的说法:“你可以把WSL想象是里面的一台电脑,你的Windows也是一台独立的电脑”,那么navicat理论上应该可以与WSL中的MySQL连接。</p>
<p>于是,痛苦的两个小时配置之旅就开始了(中途还重装了一次WSL qwq)</p>
<h3 id="1-前期准备"><a href="#1-前期准备" class="headerlink" title="1 前期准备"></a>1 前期准备</h3><h4 id="1-1-安装Navicat"><a href="#1-1-安装Navicat" class="headerlink" title="1.1 安装Navicat"></a>1.1 安装Navicat</h4><p>自行Baidu/Google/Bing下载安装包</p>
<p>安装包打开后一路next即可</p>
<h4 id="1-2-安装WSL"><a href="#1-2-安装WSL" class="headerlink" title="1.2 安装WSL"></a>1.2 安装WSL</h4><p>Baidu/Google/Bing</p>
<p>**注意:**记得将WSL版本设置为WSL2,本人使用的系统是Ubuntu22.04</p>
<h4 id="1-3-在WSL中安装MySQL"><a href="#1-3-在WSL中安装MySQL" class="headerlink" title="1.3 在WSL中安装MySQL"></a>1.3 在WSL中安装MySQL</h4><p>在WSL终端中输入</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">sudo apt install mysql-server</span><br></pre></td></tr></table></figure></div>
<p>即可,<code>root</code>及其余账户密码配置请自行百度</p>
<h3 id="2-正式开始吧!"><a href="#2-正式开始吧!" class="headerlink" title="2 正式开始吧!"></a>2 正式开始吧!</h3><h4 id="2-1-找到WSL的IP地址"><a href="#2-1-找到WSL的IP地址" class="headerlink" title="2.1 找到WSL的IP地址"></a>2.1 找到WSL的IP地址</h4><p>首先,我们应该让Windows主机能够访问WSL,那么我们就应该先知道WSL的本地IP访问地址。</p>
<p>在Windows下打开终端(Power Shell),使用如下命令查询:</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">ipconfig</span><br></pre></td></tr></table></figure></div>
<p>可以看到这样一行提示:</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">以太网适配器 vEthernet (WSL):</span><br><span class="line"></span><br><span class="line"> 连接特定的 DNS 后缀 . . . . . . . :</span><br><span class="line"> 本地链接 IPv6 地址. . . . . . . . : fe80::85d4:3cdb:df1f:f6e1%42</span><br><span class="line"> IPv4 地址 . . . . . . . . . . . . : 172.30.224.1</span><br><span class="line"> 子网掩码 . . . . . . . . . . . . : 255.255.240.0</span><br><span class="line"> 默认网关. . . . . . . . . . . . . :</span><br></pre></td></tr></table></figure></div>
<p>说明主机其实是能够访问到WSL的。</p>
<p>在WSL的终端中,使用<code>ifconfig</code>查询本地IP地址</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">ifconfig</span><br></pre></td></tr></table></figure></div>
<p>有可能需要使用如下指令安装<code>net-tools</code>:</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">sudo apt install net-tools</span><br></pre></td></tr></table></figure></div>
<p>安装成功后,运行<code>ifconfig</code>会输出类似下面的结果:</p>
<div class="highlight-container" data-rel="Shell"><figure class="iseeu highlight shell"><table><tr><td class="code"><pre><span class="line">eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500</span><br><span class="line"> inet 172.30.224.99 netmask 255.255.240.0 broadcast 172.30.239.255</span><br><span class="line"> inet6 fe80::215:5dff:fe99:f76a prefixlen 64 scopeid 0x20<link></span><br><span class="line"> ether 00:15:5d:99:f7:6a txqueuelen 1000 (Ethernet)</span><br><span class="line"> RX packets 104254 bytes 266388818 (266.3 MB)</span><br><span class="line"> RX errors 0 dropped 0 overruns 0 frame 0</span><br><span class="line"> TX packets 69925 bytes 5218621 (5.2 MB)</span><br><span class="line"> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0</span><br><span class="line"></span><br><span class="line">lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536</span><br><span class="line"> inet 127.0.0.1 netmask 255.0.0.0</span><br><span class="line"> inet6 ::1 prefixlen 128 scopeid 0x10<host></span><br><span class="line"> loop txqueuelen 1000 (Local Loopback)</span><br><span class="line"> RX packets 5644 bytes 29799099 (29.7 MB)</span><br><span class="line"> RX errors 0 dropped 0 overruns 0 frame 0</span><br><span class="line"> TX packets 5644 bytes 29799099 (29.7 MB)</span><br><span class="line"> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0</span><br></pre></td></tr></table></figure></div>
<p>第二行的<code>172.30.224.99</code>便是你的WSL的本地IP地址。</p>
<h3 id="2-2-设置MySQL被局域网访问"><a href="#2-2-设置MySQL被局域网访问" class="headerlink" title="2.2 设置MySQL被局域网访问"></a>2.2 设置MySQL被局域网访问</h3><p>这时我们可以试着用Navicat连接一下刚才获得IP地址的WSL的MySQL服务,发现Navicat显示连接失败,这是因为我们未设置MySQL能被局域网访问。</p>
<p>进入MySQL中,修改账户的访问权限:</p>
<div class="highlight-container" data-rel="Plaintext"><figure class="iseeu highlight plaintext"><table><tr><td class="code"><pre><span class="line">mysql -u root -p <password></span><br><span class="line">mysql->use mysql</span><br><span class="line">mysql->update user set host = '%' where user ='root';</span><br><span class="line">mysql->grant all privileges on *.* to 'root'@'%' with grant option;</span><br><span class="line">mysql->flush privileges;</span><br><span class="line">mysql->exit;</span><br></pre></td></tr></table></figure></div>
<p>找到MySQL的配置文件进行修改:</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">sudo vim /etc/mysql/mysql.conf.d/mysqld.cnf</span><br></pre></td></tr></table></figure></div>
<p>在<code>mysqld.cnf</code>中,找到这样一行配置:</p>
<div class="highlight-container" data-rel="Plaintext"><figure class="iseeu highlight plaintext"><table><tr><td class="code"><pre><span class="line">bind-address = 127.0.0.1</span><br></pre></td></tr></table></figure></div>
<p>修改为:</p>
<div class="highlight-container" data-rel="Plaintext"><figure class="iseeu highlight plaintext"><table><tr><td class="code"><pre><span class="line">bind-address = 0.0.0.0</span><br></pre></td></tr></table></figure></div>
<p>保存后重启MySQL:</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">sudo /etc/init.d/mysql restart</span><br></pre></td></tr></table></figure></div>
<p>可以通过<code>netstat -aptn</code>检查MySQL的状态</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">(Not all processes could be identified, non-owned process info</span><br><span class="line"> will not be shown, you would have to be root to see it all.)</span><br><span class="line">Active Internet connections (servers and established)</span><br><span class="line">Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name</span><br><span class="line">tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -</span><br></pre></td></tr></table></figure></div>
<h3 id="2-3-设置Ubuntu防火墙"><a href="#2-3-设置Ubuntu防火墙" class="headerlink" title="2.3 设置Ubuntu防火墙"></a>2.3 设置Ubuntu防火墙</h3><p>此时我们还是无法连接,还需关闭Ubuntu的防火墙</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">sudo ufw <span class="built_in">enable</span> <span class="comment">#开启</span></span><br></pre></td></tr></table></figure></div>
<p>在WSL环境下,可能会得到如下提示:</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">Traceback (most recent call last):</span><br><span class="line"> File <span class="string">"/usr/lib/python3/dist-packages/ufw/util.py"</span>, line 427, <span class="keyword">in</span> under_ssh</span><br><span class="line"> ppid = get_ppid(pid)</span><br><span class="line"> File <span class="string">"/usr/lib/python3/dist-packages/ufw/util.py"</span>, line 421, <span class="keyword">in</span> get_ppid</span><br><span class="line"> <span class="built_in">return</span> int(ppid)</span><br><span class="line">ValueError: invalid literal <span class="keyword">for</span> int() with base 10: <span class="string">'S'</span></span><br><span class="line"></span><br><span class="line">During handling of the above exception, another exception occurred:</span><br><span class="line"></span><br><span class="line">Traceback (most recent call last):</span><br><span class="line"> File <span class="string">"/usr/sbin/ufw"</span>, line 138, <span class="keyword">in</span> <module></span><br><span class="line"> not ui.continue_under_ssh():</span><br><span class="line"> File <span class="string">"/usr/lib/python3/dist-packages/ufw/frontend.py"</span>, line 901, <span class="keyword">in</span> continue_under_ssh</span><br><span class="line"> <span class="keyword">if</span> self.backend.do_checks and ufw.util.under_ssh(): <span class="comment"># pragma: no cover</span></span><br><span class="line"> File <span class="string">"/usr/lib/python3/dist-packages/ufw/util.py"</span>, line 457, <span class="keyword">in</span> under_ssh</span><br><span class="line"> <span class="built_in">return</span> under_ssh(ppid)</span><br><span class="line"> File <span class="string">"/usr/lib/python3/dist-packages/ufw/util.py"</span>, line 457, <span class="keyword">in</span> under_ssh</span><br><span class="line"> <span class="built_in">return</span> under_ssh(ppid)</span><br><span class="line"> File <span class="string">"/usr/lib/python3/dist-packages/ufw/util.py"</span>, line 457, <span class="keyword">in</span> under_ssh</span><br><span class="line"> <span class="built_in">return</span> under_ssh(ppid)</span><br><span class="line"> [Previous line repeated 1 more time]</span><br><span class="line"> File <span class="string">"/usr/lib/python3/dist-packages/ufw/util.py"</span>, line 434, <span class="keyword">in</span> under_ssh</span><br><span class="line"> raise ValueError(err_msg)</span><br><span class="line">ValueError: Couldn<span class="string">'t find parent pid for '</span>3129<span class="string">'</span></span><br></pre></td></tr></table></figure></div>
<p>这是因为<code>/usr/lib/python3/dist-packages/ufw/util.py</code>中有一行Python出现错误</p>
<p>更正方法是进入中:</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">sudo vim /usr/lib/python3/dist-packages/ufw/util.py</span><br></pre></td></tr></table></figure></div>
<p>将</p>
<div class="highlight-container" data-rel="Python"><figure class="iseeu highlight python"><table><tr><td class="code"><pre><span class="line">ppid = <span class="built_in">open</span>(name).readlines()[<span class="number">0</span>].split(<span class="string">')'</span>)[<span class="number">1</span>].split()[<span class="number">1</span>]</span><br></pre></td></tr></table></figure></div>
<p>改为</p>
<div class="highlight-container" data-rel="Python"><figure class="iseeu highlight python"><table><tr><td class="code"><pre><span class="line">ppid = <span class="built_in">open</span>(name).readlines()[<span class="number">0</span>].rsplit(<span class="string">')'</span>,<span class="number">1</span>)[<span class="number">1</span>].split()[<span class="number">1</span>]</span><br></pre></td></tr></table></figure></div>
<p>即可</p>
<p>之后添加允许访问的端口<code>3306</code>并重载生效即可</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">sudo ufw allow 3306</span><br><span class="line">sudo ufw reload</span><br></pre></td></tr></table></figure></div>
<p>完成后查看</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">sudo ufw status</span><br></pre></td></tr></table></figure></div>
<p>得到如下结果即为成功</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">Status: active</span><br><span class="line"></span><br><span class="line">To Action From</span><br><span class="line">-- ------ ----</span><br><span class="line">3306 ALLOW Anywhere</span><br><span class="line">3306 (v6) ALLOW Anywhere (v6)</span><br></pre></td></tr></table></figure></div>
<p>这时再使用Navicat访问,即可连接上WSL的MySQL服务。</p>
]]></content>
<categories>
<category>环境配置</category>
</categories>
<tags>
<tag>随笔</tag>
</tags>
</entry>
<entry>
<title>博客搭建教程</title>
<url>/2020/08/13/Build-Your-Blog/</url>
<content><![CDATA[<h3 id="0-前言"><a href="#0-前言" class="headerlink" title="0 前言"></a>0 前言</h3><p>建这个博客踩了好多坑QWQ</p>
<h3 id="1-安装"><a href="#1-安装" class="headerlink" title="1 安装"></a>1 安装</h3><h4 id="1-1-安装Git和Node-js"><a href="#1-1-安装Git和Node-js" class="headerlink" title="1.1 安装Git和Node.js"></a>1.1 安装Git和Node.js</h4><p>这没什么好说的吧…</p>
<p>安装完成后打开cmd通过以下两行命令检测是否安装成功</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">git --version</span><br><span class="line">npm --version</span><br></pre></td></tr></table></figure></div>
<h4 id="1-2-更换国内镜像源"><a href="#1-2-更换国内镜像源" class="headerlink" title="1.2 更换国内镜像源"></a>1.2 更换国内镜像源</h4><p><del>如果您觉得网速够快可以选择跳过此步</del></p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">npm config <span class="built_in">set</span> registry https://registry.npm.taobao.org</span><br></pre></td></tr></table></figure></div>
<h4 id="1-3-安装Hexo"><a href="#1-3-安装Hexo" class="headerlink" title="1.3 安装Hexo"></a>1.3 安装Hexo</h4><p>上一步不做的话这一步会慢得让你怀疑人生</p>
<div class="highlight-container" data-rel="Plaintext"><figure class="iseeu highlight plaintext"><table><tr><td class="code"><pre><span class="line">npm install -g hexo-cli </span><br></pre></td></tr></table></figure></div>
<h3 id="2-创建"><a href="#2-创建" class="headerlink" title="2 创建"></a>2 创建</h3><h4 id="2-1-创建本地Blog"><a href="#2-1-创建本地Blog" class="headerlink" title="2.1 创建本地Blog"></a>2.1 创建本地Blog</h4><p>新建一个空文件夹并进入</p>
<p>右键 -> “Git Bash Here”</p>
<p>输入以下命令</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">hexo init</span><br></pre></td></tr></table></figure></div>
<h4 id="2-2-进行本地预览"><a href="#2-2-进行本地预览" class="headerlink" title="2.2 进行本地预览"></a>2.2 进行本地预览</h4><p>继续在命令行中输入下列代码</p>
<div class="highlight-container" data-rel="Plaintext"><figure class="iseeu highlight plaintext"><table><tr><td class="code"><pre><span class="line">hexo g</span><br><span class="line">hexo s</span><br></pre></td></tr></table></figure></div>
<p>之后进入打开浏览器<a class="link" href="http://localhost:4000/" >http://localhost:4000 <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a>就可以查看自己的Blog了</p>
<h3 id="3-美化"><a href="#3-美化" class="headerlink" title="3 美化"></a>3 美化</h3><h4 id="3-1-下载主题"><a href="#3-1-下载主题" class="headerlink" title="3.1 下载主题"></a>3.1 下载主题</h4><p>在<a class="link" href="https://github.com/" >GitHub <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a>中查找<a class="link" href="https://github.com/search?q=hexo-theme&type=" >hexo-theme <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a></p>
<p>选择一个自己喜欢的主题并clone或下载zip包解压到<strong>主目录/themes</strong>中</p>
<h5 id="3-1-1-yilia"><a href="#3-1-1-yilia" class="headerlink" title="3.1.1 yilia"></a>3.1.1 yilia</h5><p>这里以<a class="link" href="https://github.com/litten/hexo-theme-yilia" >yilia <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a>为例</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">git <span class="built_in">clone</span> https://github.com/litten/hexo-theme-yilia.git themes/yilia</span><br></pre></td></tr></table></figure></div>
<h5 id="3-1-2-Material"><a href="#3-1-2-Material" class="headerlink" title="3.1.2 Material"></a>3.1.2 Material</h5><blockquote>
<p>注意:使用Material主题最好用1.5.2版,最新版会一直报错</p>
</blockquote>
<p>这里以<a class="link" href="https://github.com/bolnh/hexo-theme-material" >Material <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a>为例</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">cd</span> themes</span><br><span class="line">git <span class="built_in">clone</span> https://github.com/viosey/hexo-theme-material.git material</span><br></pre></td></tr></table></figure></div>
<h5 id="3-1-3-Fluid"><a href="#3-1-3-Fluid" class="headerlink" title="3.1.3 Fluid"></a>3.1.3 Fluid</h5><blockquote>
<p>以下引用自<a class="link" href="https://github.com/fluid-dev/hexo-theme-fluid" >Fluid官方文档 <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a></p>
</blockquote>
<p>Hexo 5.0.0 版本以上,推荐通过 npm 直接安装</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">npm install --save hexo-theme-fluid</span><br></pre></td></tr></table></figure></div>
<h4 id="3-2-使用主题"><a href="#3-2-使用主题" class="headerlink" title="3.2 使用主题"></a>3.2 使用主题</h4><h5 id="3-2-1-yilia"><a href="#3-2-1-yilia" class="headerlink" title="3.2.1 yilia"></a>3.2.1 yilia</h5><p>修改<strong>主目录</strong>下的 <code>_config.yml</code> 文件的 <code>theme</code>值为<code>yilia</code>。</p>
<div class="highlight-container" data-rel="Yml"><figure class="iseeu highlight yml"><table><tr><td class="code"><pre><span class="line"><span class="attr">theme:</span> <span class="string">yilia</span></span><br></pre></td></tr></table></figure></div>
<p>复制 <strong>themes/yilia</strong> 目录下<code>_config.template.yml</code> 为 <code>_config.yml</code></p>
<h5 id="3-2-2-Material"><a href="#3-2-2-Material" class="headerlink" title="3.2.2 Material"></a>3.2.2 Material</h5><p>修改<strong>主目录</strong>下的 <code>_config.yml</code> 文件的 <code>theme</code>值为<code>material</code>。</p>
<div class="highlight-container" data-rel="Yml"><figure class="iseeu highlight yml"><table><tr><td class="code"><pre><span class="line"><span class="attr">theme:</span> <span class="string">material</span></span><br></pre></td></tr></table></figure></div>
<p>复制 <strong>themes/material</strong> 目录下<code>_config.template.yml</code> 为 <code>_config.yml</code></p>
<h5 id="3-2-3-Fluid"><a href="#3-2-3-Fluid" class="headerlink" title="3.2.3 Fluid"></a>3.2.3 Fluid</h5><p>修改<strong>主目录</strong>下的 <code>_config.yml</code> 文件的 <code>theme</code>值为<code>fluid</code>。</p>
<div class="highlight-container" data-rel="Yml"><figure class="iseeu highlight yml"><table><tr><td class="code"><pre><span class="line"><span class="attr">theme:</span> <span class="string">fluid</span></span><br></pre></td></tr></table></figure></div>
<p>然后在博客目录下创建 _config.fluid.yml,将主题的 _config.yml 内容复制进去。</p>
<h4 id="3-3-更改语言"><a href="#3-3-更改语言" class="headerlink" title="3.3 更改语言"></a>3.3 更改语言</h4><p>修改<strong>主目录</strong>下的 <code>_config.yml</code> 文件的 <code>language</code>值为<code>zh-CN</code>。</p>
<div class="highlight-container" data-rel="Yml"><figure class="iseeu highlight yml"><table><tr><td class="code"><pre><span class="line"><span class="attr">language:</span> <span class="string">zh-CN</span></span><br></pre></td></tr></table></figure></div>
<h4 id="3-4-站内搜索"><a href="#3-4-站内搜索" class="headerlink" title="3.4 站内搜索"></a>3.4 站内搜索</h4><h5 id="3-4-1-yilia-Material"><a href="#3-4-1-yilia-Material" class="headerlink" title="3.4.1 yilia / Material"></a>3.4.1 yilia / Material</h5><p>安装 <a class="link" href="https://link.jianshu.com/?t=https://github.com/PaicHyperionDev/hexo-generator-search" >hexo-generator-search <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a> 插件。</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">npm install hexo-generator-searchdb --save</span><br></pre></td></tr></table></figure></div>
<p>修改<strong>theme/主题名</strong> 目录 <code>_config.yml</code> 中的 search值</p>
<div class="highlight-container" data-rel="Yml"><figure class="iseeu highlight yml"><table><tr><td class="code"><pre><span class="line"><span class="attr">search:</span></span><br><span class="line"> <span class="attr">use:</span> <span class="string">local</span></span><br><span class="line"> <span class="attr">swiftype_key:</span> </span><br></pre></td></tr></table></figure></div>
<p>然后在<strong>主目录</strong>的<code>_config.yml</code>文件中添加</p>
<div class="highlight-container" data-rel="Yml"><figure class="iseeu highlight yml"><table><tr><td class="code"><pre><span class="line"><span class="attr">search:</span></span><br><span class="line"> <span class="attr">path:</span> <span class="string">search.xml</span></span><br><span class="line"> <span class="attr">field:</span> <span class="string">all</span></span><br></pre></td></tr></table></figure></div>
<h5 id="3-4-2-Fluid"><a href="#3-4-2-Fluid" class="headerlink" title="3.4.2 Fluid"></a>3.4.2 Fluid</h5><p>修改<strong>主目录</strong>的 <code>_config.fluid.yml</code> 中的 search值</p>
<div class="highlight-container" data-rel="Yml"><figure class="iseeu highlight yml"><table><tr><td class="code"><pre><span class="line"><span class="comment"># 搜索功能,基于 hexo-generator-search 插件,若已安装其他搜索插件请关闭此功能,以避免生成多余的索引文件</span></span><br><span class="line"><span class="comment"># Search feature, based on hexo-generator-search. If you have installed other search plugins, please disable this feature to avoid generating redundant index files</span></span><br><span class="line"><span class="attr">search:</span></span><br><span class="line"> <span class="attr">enable:</span> <span class="literal">true</span></span><br><span class="line"></span><br><span class="line"> <span class="comment"># 搜索索引文件的路径,可以是相对路径或外站的绝对路径</span></span><br><span class="line"> <span class="comment"># Path for search index file, it can be a relative path or an absolute path</span></span><br><span class="line"> <span class="attr">path:</span> <span class="string">/local-search.xml</span></span><br><span class="line"></span><br><span class="line"> <span class="comment"># 文件生成在本地的位置,必须是相对路径</span></span><br><span class="line"> <span class="comment"># The location where the index file is generated locally, it must be a relative location</span></span><br><span class="line"> <span class="attr">generate_path:</span> <span class="string">/local-search.xml</span></span><br><span class="line"></span><br><span class="line"> <span class="comment"># 搜索的范围</span></span><br><span class="line"> <span class="comment"># Search field</span></span><br><span class="line"> <span class="comment"># Options: post | page | all</span></span><br><span class="line"> <span class="attr">field:</span> <span class="string">post</span></span><br><span class="line"></span><br><span class="line"> <span class="comment"># 搜索是否扫描正文</span></span><br><span class="line"> <span class="comment"># If true, search will scan the post content</span></span><br><span class="line"> <span class="attr">content:</span> <span class="literal">true</span></span><br></pre></td></tr></table></figure></div>
<h3 id="4-部署"><a href="#4-部署" class="headerlink" title="4 部署"></a>4 部署</h3><p>到前一步本地的博客基本上就建好了,接下来就是将其部署在服务器上</p>
<h4 id="4-1-连接Git仓库"><a href="#4-1-连接Git仓库" class="headerlink" title="4.1 连接Git仓库"></a>4.1 连接Git仓库</h4><p>首先在<a class="link" href="https://github.com/" >GitHub <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a>注册一个账号,建立<code>用户名.github.io</code>的项目</p>
<p>接着打开Git Bash,输入下列命令</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">git config --global user.name <span class="string">"用户名"</span></span><br><span class="line">git config --global user.email <span class="string">"注册邮箱"</span></span><br></pre></td></tr></table></figure></div>
<h4 id="4-2-添加密钥"><a href="#4-2-添加密钥" class="headerlink" title="4.2 添加密钥"></a>4.2 添加密钥</h4><p>在Git Bash中继续输入下列命令生成SSH密钥</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">ssh-keygen -t rsa -C <span class="string">"注册邮箱"</span></span><br></pre></td></tr></table></figure></div>
<p>查看密钥</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">cat</span> ~/.ssh/id_rsa.pub</span><br></pre></td></tr></table></figure></div>
<p>将输出的内容复制到<a class="link" href="https://github.com/settings/keys" >SSH and GPG keys <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a>里</p>
<h4 id="4-3-提交部署"><a href="#4-3-提交部署" class="headerlink" title="4.3 提交部署"></a>4.3 提交部署</h4><p>安装<code>hexo-deployer-git</code></p>
<div class="highlight-container" data-rel="Plaintext"><figure class="iseeu highlight plaintext"><table><tr><td class="code"><pre><span class="line">npm install hexo-deployer-git --save</span><br></pre></td></tr></table></figure></div>
<p>配置<strong>主目录</strong>的<code>_config.yml</code>文件</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">deploy:</span><br><span class="line"> <span class="built_in">type</span>: git</span><br><span class="line"> repo: 仓库地址</span><br><span class="line"> branch: master</span><br></pre></td></tr></table></figure></div>
<p>部署到<a class="link" href="https://github.com/" >GitHub <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a></p>
<div class="highlight-container" data-rel="Plaintext"><figure class="iseeu highlight plaintext"><table><tr><td class="code"><pre><span class="line">hexo d</span><br></pre></td></tr></table></figure></div>
<p>访问<a class="link" href="https://用户名.github.io/" >https://用户名.github.io/ <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a></p>
]]></content>
<categories>
<category>博客搭建</category>
</categories>
<tags>
<tag>随笔</tag>
</tags>
</entry>
<entry>
<title>Go语言获得Cravatar头像服务网址</title>
<url>/2023/09/30/Go-use-cravatar/</url>
<content><![CDATA[<p><del>Cravatar真是个好东西</del></p>
<p>这是Cravatar图像请求的Go语言实现,具体的加密方式请查阅<a class="link" href="https://cravatar.com/developer/api" >这里 <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a></p>
<div class="highlight-container" data-rel="Go"><figure class="iseeu highlight go"><table><tr><td class="code"><pre><span class="line"><span class="keyword">package</span> main</span><br><span class="line"></span><br><span class="line"><span class="keyword">import</span> (</span><br><span class="line"> <span class="string">"crypto/md5"</span></span><br><span class="line"> <span class="string">"fmt"</span></span><br><span class="line"> <span class="string">"strings"</span></span><br><span class="line">)</span><br><span class="line"><span class="comment">// Hash值获取方式 先删除前导和尾随的空格,再将所有字符置为小写,最后进行MD5加密</span></span><br><span class="line"><span class="function"><span class="keyword">func</span> <span class="title">Hash</span><span class="params">(email <span class="type">string</span>)</span></span> [<span class="number">16</span>]<span class="type">byte</span> {</span><br><span class="line"> <span class="keyword">return</span> md5.Sum([]<span class="type">byte</span>(strings.ToLower(strings.TrimFunc(email, <span class="function"><span class="keyword">func</span><span class="params">(r <span class="type">rune</span>)</span></span> <span class="type">bool</span> {</span><br><span class="line"> <span class="keyword">return</span> r == <span class="string">' '</span></span><br><span class="line"> }))))</span><br><span class="line">}</span><br><span class="line"><span class="comment">// 头像获取地址为 https://cravatar.cn/avatar/{HASH}</span></span><br><span class="line"><span class="function"><span class="keyword">func</span> <span class="title">EmailToCravatarURL</span><span class="params">(email <span class="type">string</span>)</span></span> <span class="type">string</span> {</span><br><span class="line"> <span class="keyword">return</span> fmt.Sprintf(<span class="string">"https://cravatar.cn/avatar/%x"</span>, Hash(email))</span><br><span class="line">}</span><br><span class="line"><span class="comment">// 试试效果!</span></span><br><span class="line"><span class="function"><span class="keyword">func</span> <span class="title">main</span><span class="params">()</span></span> {</span><br><span class="line"> fmt.Print(EmailToCravatarURL({Your email here}))</span><br><span class="line">}</span><br></pre></td></tr></table></figure></div>]]></content>
<categories>
<category>后端</category>
</categories>
<tags>
<tag>Go</tag>
<tag>头像服务</tag>
</tags>
</entry>
<entry>
<title>0329 CTF通识课测试1 WriteUp</title>
<url>/2024/04/07/Test-0329-WriteUp/</url>
<content><![CDATA[<h2 id="1-tail"><a href="#1-tail" class="headerlink" title="1-tail"></a>1-tail</h2><p>hint其实就在题目里…</p>
<p>用 010Editor 打开图片,flag 就在文件尾</p>
<h2 id="2-goose"><a href="#2-goose" class="headerlink" title="2-goose"></a>2-goose</h2><p>考点: Exif 隐写</p>
<p><code>右键 >> 属性 >> 详细信息</code> 可以看到 flag 在 <code>来源 > 作者</code> 栏</p>
<h2 id="3-lsb"><a href="#3-lsb" class="headerlink" title="3-lsb"></a>3-lsb</h2><p>考点: lsb 隐写</p>
<p>使用工具: StegSolve.jar</p>
<div class="highlight-container" data-rel="Shell"><figure class="iseeu highlight shell"><table><tr><td class="code"><pre><span class="line">java -jar Stegsolve.jar</span><br></pre></td></tr></table></figure></div>
<p>使用StegSolve打开 <code>1_lsb.png</code> 文件, <code>Analyse > Data Extract</code> ,勾选 <code>Red 0</code> , <code>Green 0</code> , <code>Blue 0</code> , <code>LSB First</code> 点击 <code>Preview</code> 获得 flag</p>
<h2 id="4-polar-light"><a href="#4-polar-light" class="headerlink" title="4-polar-light"></a>4-polar-light</h2><p>考点: png 长宽爆破</p>
<p>使用 010Editor 获得 png 文件的 CRC 校验码</p>
<p>使用如下脚本爆破 png 文件的真实长宽</p>
<div class="highlight-container" data-rel="Python"><figure class="iseeu highlight python"><table><tr><td class="code"><pre><span class="line"><span class="keyword">import</span> os</span><br><span class="line"><span class="keyword">import</span> binascii</span><br><span class="line"><span class="keyword">import</span> struct</span><br><span class="line"></span><br><span class="line"><span class="comment">#文件名</span></span><br><span class="line">filename = <span class="string">"4.png"</span></span><br><span class="line"><span class="comment">#图片当前CRC(29-32位)</span></span><br><span class="line">CRC = <span class="number">0x2EE0E28E</span></span><br><span class="line"></span><br><span class="line">crcbp = <span class="built_in">open</span>(filename, <span class="string">"rb"</span>).read()</span><br><span class="line"><span class="keyword">for</span> i <span class="keyword">in</span> <span class="built_in">range</span>(<span class="number">2000</span>):</span><br><span class="line"> <span class="keyword">for</span> j <span class="keyword">in</span> <span class="built_in">range</span>(<span class="number">2000</span>):</span><br><span class="line"> data = crcbp[<span class="number">12</span>:<span class="number">16</span>] + \</span><br><span class="line"> struct.pack(<span class="string">'>i'</span>, i)+struct.pack(<span class="string">'>i'</span>, j)+crcbp[<span class="number">24</span>:<span class="number">29</span>]</span><br><span class="line"> crc32 = binascii.crc32(data) & <span class="number">0xffffffff</span></span><br><span class="line"> <span class="keyword">if</span> (crc32 == CRC):</span><br><span class="line"> <span class="built_in">print</span>(i, j)</span><br><span class="line"> <span class="built_in">print</span>(<span class="string">'hex:'</span>, <span class="built_in">hex</span>(i), <span class="built_in">hex</span>(j))</span><br></pre></td></tr></table></figure></div>
<p>得到png的真实尺寸</p>
<div class="highlight-container" data-rel="Shell"><figure class="iseeu highlight shell"><table><tr><td class="code"><pre><span class="line">┌──(hervey㉿Hervey)-[/mnt/c/Users/hervey/Downloads]</span><br><span class="line">└─$ python3 ./calc_pic_size.py</span><br><span class="line">952 490</span><br><span class="line">hex: 0x3b8 0x1ea</span><br></pre></td></tr></table></figure></div>
<p>替换掉原来的长宽值后打开图片即可获得 flag</p>
<h2 id="5-spring"><a href="#5-spring" class="headerlink" title="5-spring"></a>5-spring</h2><p>使用 010Editor 打开文件,观察后发现文件倒置了</p>
<p>使用如下脚本还原 png 文件</p>
<div class="highlight-container" data-rel="Python"><figure class="iseeu highlight python"><table><tr><td class="code"><pre><span class="line"><span class="keyword">with</span> <span class="built_in">open</span>(<span class="string">'5.png'</span>, <span class="string">'rb'</span>) <span class="keyword">as</span> f:</span><br><span class="line"> <span class="keyword">with</span> <span class="built_in">open</span>(<span class="string">'real.png'</span>, <span class="string">'wb'</span>) <span class="keyword">as</span> g:</span><br><span class="line"> g.write(f.read()[::-<span class="number">1</span>])</span><br></pre></td></tr></table></figure></div>
<p>打开还原后的图片即可获得 flag</p>
<h2 id="6-bridge"><a href="#6-bridge" class="headerlink" title="6-bridge"></a>6-bridge</h2><p>使用 010 Editor 打开 <code>6.png</code> 发现后面有一段”冗余”内容</p>
<p>binwalk 一下看看</p>
<div class="highlight-container" data-rel="Shell"><figure class="iseeu highlight shell"><table><tr><td class="code"><pre><span class="line">┌──(hervey㉿Hervey)-[/mnt/c/Users/hervey/Downloads/6]</span><br><span class="line">└─$ binwalk ./6.jpg</span><br><span class="line"></span><br><span class="line">DECIMAL HEXADECIMAL DESCRIPTION</span><br><span class="line">--------------------------------------------------------------------------------</span><br><span class="line">0 0x0 JPEG image data, JFIF standard 1.02</span><br><span class="line">30 0x1E TIFF image data, big-endian, offset of first image directory: 8</span><br><span class="line">332 0x14C JPEG image data, JFIF standard 1.02</span><br><span class="line">9499 0x251B JPEG image data, JFIF standard 1.02</span><br><span class="line">21682 0x54B2 Copyright string: "Copyright (c) 1998 Hewlett-Packard Company"</span><br><span class="line">809662 0xC5ABE JPEG image data, JFIF standard 1.02</span><br><span class="line">809692 0xC5ADC TIFF image data, big-endian, offset of first image directory: 8</span><br><span class="line">809994 0xC5C0A JPEG image data, JFIF standard 1.02</span><br><span class="line">817885 0xC7ADD JPEG image data, JFIF standard 1.02</span><br><span class="line">828791 0xCA577 Copyright string: "Copyright (c) 1998 Hewlett-Packard Company"</span><br></pre></td></tr></table></figure></div>
<p>可以发现在 jpg 文件后还藏了一个 jpg 文件</p>
<p>使用 foremost 命令分离文件</p>
<div class="highlight-container" data-rel="Shell"><figure class="iseeu highlight shell"><table><tr><td class="code"><pre><span class="line">┌──(hervey㉿Hervey)-[/mnt/c/Users/hervey/Downloads/6]</span><br><span class="line">└─$ foremost ./6.jpg</span><br><span class="line">Processing: ./6.jpg</span><br><span class="line">|*|</span><br></pre></td></tr></table></figure></div>
<p>从分离出的图片中可获得 flag</p>
<h2 id="7-nopassword"><a href="#7-nopassword" class="headerlink" title="7-nopassword"></a>7-nopassword</h2><p>考察内容: zip伪加密</p>
<p>使用工具<del>偷懒工具</del>: 7zip</p>
<p><del>直接用 7zip 解压即可</del></p>
<p>修改 5D 位的 <code>09</code> 为 <code>00</code> 即可无密码进行解压得到 <code>flag.txt</code> ,进而获得 flag</p>
<h2 id="8-birthday"><a href="#8-birthday" class="headerlink" title="8-birthday"></a>8-birthday</h2><p>考察内容: zip密码爆破</p>
<p>根据题目提示可猜测密码是数字(但是不确定几位),使用 John 进行爆破</p>
<div class="highlight-container" data-rel="Shell"><figure class="iseeu highlight shell"><table><tr><td class="code"><pre><span class="line">┌──(hervey㉿Hervey)-[/mnt/c/Users/hervey/Downloads]</span><br><span class="line">└─$ zip2john 8.zip > 8.hash</span><br><span class="line"></span><br><span class="line">┌──(hervey㉿Hervey)-[/mnt/c/Users/hervey/Downloads]</span><br><span class="line">└─$ john 8.hash</span><br><span class="line">Using default input encoding: UTF-8</span><br><span class="line">Loaded 1 password hash (ZIP, WinZip [PBKDF2-SHA1 512/512 AVX512BW 16x])</span><br><span class="line">Cost 1 (HMAC size) is 47 for all loaded hashes</span><br><span class="line">Will run 16 OpenMP threads</span><br><span class="line">Proceeding with single, rules:Single</span><br><span class="line">Press 'q' or Ctrl-C to abort, almost any other key for status</span><br><span class="line">Almost done: Processing the remaining buffered candidate passwords, if any.</span><br><span class="line">Proceeding with wordlist:/usr/share/john/password.lst</span><br><span class="line">Proceeding with incremental:ASCII</span><br><span class="line">040508 (8.zip/flag.txt)</span><br><span class="line">1g 0:00:00:01 DONE 3/3 (2024-04-07 00:02) 0.8333g/s 314803p/s 314803c/s 314803C/s batow1..mcfars</span><br><span class="line">Use the "--show" option to display all of the cracked passwords reliably</span><br><span class="line">Session completed.</span><br></pre></td></tr></table></figure></div>
<p>得到密码为 <code>040508</code></p>
<p>解压后打开 <code>flag.txt</code> 即可获得 flag</p>
<h2 id="9-manyzip"><a href="#9-manyzip" class="headerlink" title="9-manyzip"></a>9-manyzip</h2><p>解压文件后可以发现有很多 zip 文件,每个文件里都有一个 txt 文件,尝试使用如下脚本解压文件</p>
<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="keyword">for</span> file <span class="keyword">in</span> *.zip; <span class="keyword">do</span></span><br><span class="line"> unzip <span class="string">"<span class="variable">$file</span>"</span> -d .</span><br><span class="line"><span class="keyword">done</span></span><br></pre></td></tr></table></figure></div>
<p>然后使用 <code>strings</code> 命令寻找 flag</p>
<div class="highlight-container" data-rel="Shell"><figure class="iseeu highlight shell"><table><tr><td class="code"><pre><span class="line">┌──(hervey㉿Hervey)-[/mnt/c/Users/hervey/Downloads/manyzip]</span><br><span class="line">└─$ strings *.txt | grep Stinger</span><br><span class="line">Stinger{dfc2e6b5-9f14-4321-a961-2ef0e756d3b7}</span><br></pre></td></tr></table></figure></div>
<h2 id="10-baseXX"><a href="#10-baseXX" class="headerlink" title="10-baseXX"></a>10-baseXX</h2><p>打开 txt 文件,发现这样一段文字</p>
<div class="highlight-container" data-rel="Plaintext"><figure class="iseeu highlight plaintext"><table><tr><td class="code"><pre><span class="line">;fl_kB4Z+11G^q!2Ig;Q/Mpur1bCO=2E!-I@Q-+q2.L&P2`<L&0k<$qI/</span><br></pre></td></tr></table></figure></div>
<p>使用 Base85 解码获得 flag</p>
<h2 id="11-baseN顾"><a href="#11-baseN顾" class="headerlink" title="11-baseN顾"></a>11-baseN顾</h2><p>打开 txt 文件,发现这样一段文字</p>
<div class="highlight-container" data-rel="Plaintext"><figure class="iseeu highlight plaintext"><table><tr><td class="code"><pre><span class="line">Vm0xNFUxUXhWWGxVYTJoVVlteEthRlZxVG05alZteDBUbFU1VDFKc1NucFdWM014WVRBeFdHVklhRnBXUlRVelZqSjRWMDVzU25WUmJHaFlVMFZLYUZaR1VrTk9SbHBYVm01U2ExSXdXbGhWYkdRelpERlplRmt6YUZSaGVsWlhWRlpvUTFSc1dYcFJhemxoVmpOb00xa3dXbE5YUlRGWFkwVTFWMVpGV2pSV2JYaFRVakZSZUZOclpGaFdSbFU1</span><br></pre></td></tr></table></figure></div>
<p>使用 Base64 连续解码 6 次获得 flag</p>
<h2 id="12-流量"><a href="#12-流量" class="headerlink" title="12-流量"></a>12-流量</h2><p>考察内容: 流量分析</p>
<p>使用工具: Wireshark</p>
<p>使用 Wireshark 打开 <code>ftp.pcapng</code>, <code>Ctrl + F</code> ,选择 <code>分组字节流</code> 、 <code>字符串</code> 查找 <code>Stinger</code> 即可获得 flag</p>
<h2 id="13-流量2"><a href="#13-流量2" class="headerlink" title="13-流量2"></a>13-流量2</h2><p>考察内容: 流量分析</p>
<p>使用工具: Wireshark</p>
<p>使用 Wireshark 打开 <code>13.pcapng</code>, 这类问题有个技巧,一般情况下 flag 都藏在 HTTP/OK 附近,这里也不例外,发现上传了一张 jpg 文件,找到那一段 jpg 文件 <code>右键 >> 显示分组字节...</code> 即可获得 flag</p>
<h2 id="14-word-frequency"><a href="#14-word-frequency" class="headerlink" title="14-word-frequency"></a>14-word-frequency</h2><p>考察内容: 词频统计</p>
<p>使用工具: <a class="link" href="https://quipqiup.com/" >quipqiup <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a></p>
<p>把文本内容扔进去分析一下,flag 在最后</p>
<div class="highlight-container" data-rel="Plaintext"><figure class="iseeu highlight plaintext"><table><tr><td class="code"><pre><span class="line">0 -1.380</span><br><span class="line">Zhejiang University of technology is the first crovincial and ministerial jointly built university in the eastern coastal region, the first leading university of the national Higher education innovation ability enhancement clan (2011 clan) Collaborative innovation Center, and the first key construction university in Zhejiang crovince. it is located in Hangzhou, a famous historical and cultural city in China and a scenic tourist destination. the school was founded in 1953, and its credecessor can be traced back to the Zhejiang Middle industrial school founded in 1910. it has gone through various stages of develocment, including Hangzhou Chemical school, Zhejiang Chemical Vocational school, Zhejiang institute of Chemical technology, and Zhejiang institute of technology. in 1993, it was renamed Zhejiang University of technology. the school has three camcuses, namely Chaohui, cingfeng, and Moganshan, covering an area of 3333 acres. it has 26 secondary colleges and 1 decartment, as well as an indecendent college - Zhijiang College. there are currently 20536 full-time undergraduate students, 14561 graduate students of various tyces, and 1037 international students on camcus. there are 3392 faculty members in school, including 2486 full-time teachers, including 5 academicians of the Cae Member, 1 academician of the Cas Member, 11 scecial excerts of Zhejiang crovince, 4 distinguished crofessors of Changjiang scholars of the Ministry of education, 7 winners of the national science fund for distinguished Young scholars, 13 leading talents of the national "ten thousand talents crogram", 3 national famous teachers, 6 young Changjiang scholars of the Ministry of education, 14 winners of the national science fund for distinguished Young scholars, 3 young toc talents of the national "ten thousand talents crogram", 10 young and middle-aged excerts with outstanding contributions at the national level, and 11 candidates of the "ten Million talents crogram" of the Ministry of Human Resources and social security. the school adheres to the fundamental task of cultivating virtue and talents, with toc-notch innovative talents as the guide, advanced acclied talents as the main body, and comcound talents as the characteristics, vigorously cultivating industry elites and leading talents with comcrehensive develocment in morality, intelligence, chysical fitness, aesthetics, and labor, rich catriotism, international cerscective, innovative scirit, and cractical ability. since its establishment, the school has trained and delivered over 300000 outstanding talents of various tyces to the country. there are currently 63 undergraduate enrollment majors, covering 12 categories including chilosochy, economics, law, education, literature, science, engineering, agriculture, medicine, management, art, and interdisciclinary studies. there are 13 doctoral degree authorization coints in first level disciclines, 2 doctoral crofessional degree authorization categories, 30 master's degree authorization coints in first level disciclines, 3 master's degree authorization coints in second level disciclines that are not covered by first level disciclines, 22 master's crofessional degree authorization categories, and 13 costdoctoral mobile stations established. nine disciclines, including chemistry, engineering, materials science, environmental science and ecology, agricultural science, biology and biochemistry, comcuter science, charmacology and toxicology, and general social science, have entered the toc 1% of the global esi. among them, two disciclines, including chemistry and engineering, have entered the toc 1 ‰ of the global esi. the school adheres to serving the major needs of national and regional develocment as its own resconsibility, and focuses on strengthening the strategic layout of the cooceration network between government, industry, academia, research and acclication. there are currently 10 national level research clatforms and 69 crovincial and ministerial level research clatforms. the school has won more than 800 national and crovincial-level scientific research awards, including 24 national science and technology awards, ranking among the toc 40 universities in China in terms of the number of awards; 11 awards for outstanding achievements in humanities and social sciences from the Ministry of education. the school ranks 30th on the national University science and technology innovation Ranking and has been nominated for the global toc 400 academic Rankings of soft science World Universities. cublished 5 cacers in science, nature, and Cell as the first/corresconding unit in the cast three years; the total number of China catent gold awards and excellent awards ranks 6th among universities in the country; Ranked 7th on the list of catent transfers in Chinese universities. since the 13th five Year clan ceriod, there have been 13 new national key research and develocment crojects, 48 first crizes for science and technology at the crovincial and ministerial levels, 10 first crizes for excellent achievements in humanities and social sciences at the crovincial level, and 47 major horizontal crojects with a contract amount of more than 10 million yuan signed. in 2022, the school's research funding received 1.107 billion yuan. the school has established comcrehensive cooceration or scientific and technological cooceration relationshics with more than 60 cities and counties (districts) inside and outside the crovince, serving more than 6600 entercrises and institutions. the flag is {flag在这个位置}</span><br></pre></td></tr></table></figure></div>
<h2 id="zipinzip"><a href="#zipinzip" class="headerlink" title="zipinzip"></a>zipinzip</h2><p>试着解压这个文件,发现这是个套娃压缩包,根据提示,使用如下 python 脚本进行解压</p>
<div class="highlight-container" data-rel="Python"><figure class="iseeu highlight python"><table><tr><td class="code"><pre><span class="line"><span class="keyword">import</span> zipfile</span><br><span class="line"></span><br><span class="line"><span class="keyword">def</span> <span class="title function_">extract_nested_zip</span>(<span class="params">zip_file_path, extract_path</span>):</span><br><span class="line"> <span class="keyword">with</span> zipfile.ZipFile(zip_file_path, <span class="string">'r'</span>) <span class="keyword">as</span> zip_ref:</span><br><span class="line"> <span class="keyword">for</span> file_name <span class="keyword">in</span> zip_ref.namelist():</span><br><span class="line"> <span class="keyword">if</span> file_name.endswith(<span class="string">'.zip'</span>):</span><br><span class="line"> nested_zip_file = zip_ref.<span class="built_in">open</span>(file_name)</span><br><span class="line"> nested_zip_file_path = extract_path + <span class="string">'/'</span> + file_name</span><br><span class="line"> <span class="keyword">with</span> <span class="built_in">open</span>(nested_zip_file_path, <span class="string">'wb'</span>) <span class="keyword">as</span> output_file:</span><br><span class="line"> output_file.write(nested_zip_file.read())</span><br><span class="line"> extract_nested_zip(nested_zip_file_path, extract_path)</span><br><span class="line"> <span class="keyword">else</span>:</span><br><span class="line"> zip_ref.extract(file_name, extract_path)</span><br><span class="line"></span><br><span class="line"><span class="comment"># 示例用法</span></span><br><span class="line">nested_zip_file_path = <span class="string">'11.zip'</span></span><br><span class="line">extract_path = <span class="string">'.'</span></span><br><span class="line"></span><br><span class="line">extract_nested_zip(nested_zip_file_path, extract_path)</span><br></pre></td></tr></table></figure></div>
<p>打开 flag.txt 即可获得 flag</p>
]]></content>
<categories>
<category>CTF</category>
</categories>
<tags>
<tag>WriteUp</tag>
<tag>Misc</tag>
</tags>
</entry>
</search>