cc基础学习
0x00 目标
希望在半年内学一下java的web应用,之前在ctf中多接触的是python和php的web应用,作为一条web🐶表示要上进!23333
收入方面希望再上一层楼,过去一年实现了质的突破,通过比赛奖金,漏洞挖掘还有股票赚到了生命中第一个十万,希望接下来再接再厉。
java的话学会jsp那些吧?还有能用spring boot那些开发点小东西就不错了,股票技能方面的话之前学会了技术分析,这一年可以学下量化之类的,毕竟自己看图还是太累了。
在行业内,啊这,我想成为量化交易员。。。行业内比较厉害的就是李佛摩尔了吧,羡慕他。。。。羡慕他啥都没学都能征服华尔街。。。不过我相信我能做的更好,因为我有黑客的思维,我觉得能把网络战和金融战结合起来打超限战
0x01 Linux运维
#卸载安装
Sudo yum install nginx
sudo yum remove
#查看cpu
>cat /proc/cpuinfo
processor : 0
model name : Phytium,FT-2000+/64
BogoMIPS : 100.00
Features : fp asimd evtstrm crc32 cpuid
CPU implementer : 0x70
CPU architecture: 8
CPU variant : 0x1
CPU part : 0x662
CPU revision : 2
processor : 1
model name : Phytium,FT-2000+/64
BogoMIPS : 100.00
Features : fp asimd evtstrm crc32 cpuid
CPU implementer : 0x70
CPU architecture: 8
CPU variant : 0x1
CPU part : 0x662
CPU revision : 2
processor : 2
model name : Phytium,FT-2000+/64
BogoMIPS : 100.00
Features : fp asimd evtstrm crc32 cpuid
CPU implementer : 0x70
CPU architecture: 8
CPU variant : 0x1
CPU part : 0x662
CPU revision : 2
processor : 3
model name : Phytium,FT-2000+/64
BogoMIPS : 100.00
Features : fp asimd evtstrm crc32 cpuid
CPU implementer : 0x70
CPU architecture: 8
CPU variant : 0x1
CPU part : 0x662
CPU revision : 2
可以看到是4核
#查看cpu利用率
>top
top - 19:41:08 up 2:08, 4 users, load average: 0.59, 0.22, 0.07
Tasks: 203 total, 1 running, 201 sleeping, 0 stopped, 1 zombie
%Cpu(s): 2.7 us, 7.4 sy, 0.0 ni, 89.6 id, 0.0 wa, 0.1 hi, 0.2 si, 0.0 st
MiB Mem : 7577.8 total, 4820.1 free, 1311.8 used, 1445.9 buff/cache
MiB Swap: 4095.9 total, 4095.9 free, 0.0 used. 5136.5 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
112568 greatwa+ 20 0 48704 13440 4608 S 1.3 0.2 0:00.92 sshd
可以看到1.3%的cpu利用率,0.2%的内存利用率
#查看磁盘利用率
[greatwall@172-17-230-8 ~]$ df
文件系统 1K-块 已用 可用 已用% 挂载点
devtmpfs 3598080 0 3598080 0% /dev
tmpfs 3879808 256 3879552 1% /dev/shm
tmpfs 3879808 17344 3862464 1% /run
tmpfs 3879808 0 3879808 0% /sys/fs/cgroup
/dev/mapper/gw-root 36473448 8461912 28011536 24% /
tmpfs 3879808 384 3879424 1% /tmp
/dev/vda2 1038336 358096 680240 35% /boot
/dev/vda1 204580 5844 198736 3% /boot/efi
tmpfs 775936 768 775168 1% /run/user/1000
#查看当前进程
ps aux|less
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.2 116800 17472 ? Ss 17:32 0:04 /usr/lib/systemd/systemd --switched-root --system --deserialize 18
root 2 0.0 0.0 0 0 ? S 17:32 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? I< 17:32 0:00 [rcu_gp]
root 4 0.0 0.0 0 0 ? I< 17:32 0:00 [rcu_par_gp]
root 6 0.0 0.0 0 0 ? I< 17:32 0:00 [kworker/0:0H-kblockd]
root 8 0.0 0.0 0 0 ? I< 17:32 0:00 [mm_percpu_wq]
root 9 0.0 0.0 0 0 ? S 17:32 0:00 [ksoftirqd/0]
root 10 0.0 0.0 0 0 ? I 17:32 0:03 [rcu_sched]
root 11 0.0 0.0 0 0 ? I 17:32 0:00 [rcu_bh]
...
#查看内核信息
[greatwall@172-17-230-8 ~]$ uname -a
Linux 172-17-230-8 4.19.90-17.5.ky10.aarch64 #1 SMP Fri Aug 7 13:35:33 CST 2020 aarch64 aarch64 aarch64 GNU/Linux
#查看网卡
[greatwall@172-17-230-8 ~]$ ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
ether 02:42:d4:b0:2f:06 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.230.8 netmask 255.255.0.0 broadcast 172.17.255.255
ether fa:60:0b:49:1f:00 txqueuelen 1000 (Ethernet)
RX packets 298986 bytes 30966719 (29.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 75780 bytes 19531935 (18.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 118 bytes 11156 (10.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 118 bytes 11156 (10.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#查看dns
1.cat /etc/sysconfig
2.nslookup
3.cat /etc/resolv.conf
[greatwall@172-17-230-8 ~]$ cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
nameserver 223.5.5.5
#列出/etc下文件
[greatwall@172-17-230-8 ~]$ ls /etc
adjtime dnf gtk-3.0 localtime_tmp ntp resolv.conf sysctl.conf
aliases dnsmasq.conf ha.d login.defs ntp.conf rhashrc sysctl.d
alternative...
#复制一个文件到opt下并修改
[greatwall@172-17-230-8 ~]$ sudo cp /etc/locale.conf /opt/1
[sudo] greatwall 的密码:
[greatwall@172-17-230-8 ~]$ cd /opt/
[greatwall@172-17-230-8 opt]$ ls
1 containerd firefox patch_workspace
[greatwall@172-17-230-8 opt]$ vim 1
#查看对外监听端口
[greatwall@172-17-230-8 opt]$ netstat -ano
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State Timer
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN off (0.00/0/0)
tcp 0 0 172.17.230.8:22 120.228.117.136:11178 ESTABLISHED keepalive (290.45/0/0)
tcp 0 0 172.17.230.8:22 223.153.86.67:63967 ESTABLISHED keepalive (7111.75/0/0)
tcp 0 600 172.17.230.8:22 223.153.86.67:63770 ESTABLISHED on (0.26/0/0)
tcp6 0 0 :::111 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::22 :::* LISTEN off (0.00/0/0)
tcp6 0 0 :::9090 :::* LISTEN off (0.00/0/0)
udp 0 0 0.0.0.0:68 0.0.0.0:* off (0.00/0/0)
#查看当前系统用户
[greatwall@172-17-230-8 opt]$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin
systemd-coredump:x:999:997:systemd Core Dumper:/:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin
systemd-resolve:x:193:193:systemd Resolver:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
systemd-timesync:x:998:995:systemd Time Synchronization:/:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
unbound:x:997:994:Unbound DNS resolver:/etc/unbound:/sbin/nologin
polkitd:x:996:993:User for polkitd:/:/sbin/nologin
saslauth:x:995:76:Saslauthd user:/run/saslauthd:/sbin/nologin
libstoragemgmt:x:994:990:daemon account for libstoragemgmt:/var/run/lsm:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
geoclue:x:993:989:User for geoclue:/var/lib/geoclue:/sbin/nologin
chrony:x:992:988::/var/lib/chrony:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/sbin/nologin
lightdm:x:991:987::/var/lib/lightdm:/sbin/nologin
rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin
ldap:x:55:55:OpenLDAP server:/var/lib/ldap:/sbin/nologin
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
dhcpd:x:177:177:DHCP server:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
cockpit-ws:x:990:983:User for cockpit-ws:/nonexisting:/sbin/nologin
named:x:25:25:Named:/var/named:/bin/false
setroubleshoot:x:989:982::/var/lib/setroubleshoot:/sbin/nologin
pulse:x:171:171:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
tomcat:x:91:91:Apache Tomcat:/usr/share/tomcat:/sbin/nologin
pesign:x:988:979:Group for the pesign signing daemon:/var/run/pesign:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
dnsmasq:x:977:977:Dnsmasq DHCP and DNS server:/var/lib/dnsmasq:/usr/sbin/nologin
dbus:x:976:976:System Message Bus:/:/usr/sbin/nologin
greatwall:x:1000:1000::/home/greatwall:/bin/bash
nginx:x:975:975:Nginx web server:/var/lib/nginx:/sbin/nologin
#使用history
[greatwall@172-17-230-8 opt]$ history
1 cd /usr/sbin/
2 ls
3 pwd
4 sudo su -
5 ls
6 netstat
7 sudo apt install nginx
8 yum install nginx
9 sudo yum install nginx
10 set +o history;
11 ls
12 sudo yum install nginx
13 top
14 cat /proc/cpuinfo
15 ;lvdisplay
16 df
17 ps aux
18 ps aux|less
19 ps aux|less
20 uname -a
21 ifconfig
22 cat /etc/resolve.conf
23 cat /etc/resolv.conf
24 ls /etc
25 touch 1
26 cp resolv.conf /opt/1
27 cp /etc/locale.conf /opt/1
28 sudo cp /etc/locale.conf /opt/1
29 cd /opt/
30 ls
31 vim 1
32 netstat -ano
33 netstat
34 cat /etc/passwd
35 history0x02 网络配置
#修改dns配置为114.114.114.114
sudo vim /etc/resolv.conf
修改成如下
; generated by /usr/sbin/dhclient-script
nameserver 223.5.5.5
nameserver 114.114.114.114
#查看路由配置
[greatwall@172-17-230-8 opt]$ ip route show
default via 172.17.0.1 dev enp1s0
169.254.169.254 via 172.17.255.254 dev enp1s0 proto static
172.17.0.0/16 dev enp1s0 proto kernel scope link src 172.17.230.8
172.18.0.0/16 dev docker0 proto kernel scope link src 172.18.0.1 linkdown
#SeLinux
Kernel 2.6 时代,那时候引入了一个新的安全系统,用以提供访问控制安全策略的机制。这个系统就是Security Enhanced Linux (SELinux),它是由美国国家安全局(NSA)贡献的,它为Linux内核子系统引入了一个健壮的强制控制访问Mandatory Access Control架构。
通过getenforce,setenforce来改变状态,disable为关闭
[greatwall@172-17-230-8 opt]$ sestatus
SELinux status: disabled
#iptables
这个在比赛中用来做禁用别人后门时用过
sudo lsof -i:80 查看80端口是否占用
sudo iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
sudo iptables-save
这样的方法重启后会失效
安装iptables-persistent
sudo apt-get install iptables-persistent
持久化规则
sudo netfilter-persistent save
sudo netfilter-persistent reload
可用新组件持久化
#nmap使用
这可太熟了23333
nmap -A -v -T4 36.158.226.26 ✔ 2344 20:02:00
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-22 20:26 CST
NSE: Loaded 153 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 20:26
Completed NSE at 20:26, 0.00s elapsed
Initiating NSE at 20:26
Completed NSE at 20:26, 0.00s elapsed
Initiating NSE at 20:26
Completed NSE at 20:26, 0.00s elapsed
Initiating Ping Scan at 20:26
Scanning 36.158.226.26 [2 ports]
Completed Ping Scan at 20:26, 2.01s elapsed (1 total hosts)
Nmap scan report for 36.158.226.26 [host down]
NSE: Script Post-scanning.
Initiating NSE at 20:26
Completed NSE at 20:26, 0.00s elapsed
Initiating NSE at 20:26
Completed NSE at 20:26, 0.00s elapsed
Initiating NSE at 20:26
Completed NSE at 20:26, 0.00s elapsed
Read data files from: /usr/local/bin/../share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 2.47 seconds0x03 Nginx
Nginx 配置
/etc/nginx/nginx.conf
把默认端口修改为8081
本博客所有文章除特别声明外,均采用 CC BY-SA 4.0 协议 ,转载请注明出处!