下午 12:32
来自 Azure
今天学校选课了。负载最高的时候2000 session,nginx的active connection(30秒)700左右,对应前端服务器负载5%。完全不卡,2个多小时36W访问量,平均每小时15W左右。可惜我准备的验证码用不上了哈哈哈
上个图纪念下
因为active connection没到800所以没用验证码,现在看来这东西的准备基本多余了。。。Otz不过也好,顺手练习了bootstrap
第一次配cacti各种蛋疼。。。crontab没配上。。。一开始我也不知道,结果导致选课开始后两个多小时的数据丢失,现在看到的只有访问量慢慢回落的图。。。虚拟机时区没设对,+15个小时是北京时间。。。
总共开了12个resin 3.0 Pro的servlet,最大active session在2000左右
感觉完全是大炮轰蚊子了。。。这次负载主要集中在数据库了,要是数据库的vm配置更高的话选课应该会更快了。
2小时30W访问量
比起基友上海海洋大学用了F5和买了一堆服务器相比,我这可真是廉价高效的解决方案了。一分钱没花,而且我敢说前端服务器性能的提升绝对不亚于他们花费百万买设备对这个前端能造成的提升。
前期主要是顺手改了下菜单不支持IE以外浏览器还有其他的一些小杂项,后期主要精力就是在cluster这块。
好了,至此这坑填完了,学会并且复习了nginx apache resin webalizer cacti配置 ,lua,html,bootstrap,jquery,java,struts2,oracle,php,mysql,linux运维……总之一趟下来好处多多,最关键的是增进了和教务处老师的关系,这个才是目前看起来做这个东西最大的收获哈哈。
感谢我的舍友们(经常搞到一两点真是太抱歉啦),感谢。pixiv的ぺこ以及其他potofu同人图作者,感谢wangbin579的指导,感谢nginx作者以及其他在我配教务系统期间给予过我帮助和支持的人,哈哈、我这真是站在巨人的肩膀上了~
☆?(?。?)
上午 12:51
来自 Azure
めでたしめでたし。
来自 Azure
最近没干啥好事,在撸学校的网。
看了猫爷爷的一篇文章以后深有感触、开始撸校园网、期间和基友一起交流着撸
然后我撸了一晚上把教学楼监控都撸了,但是后来没撸出来其他地方的监控、很蛋疼啊。后来问网络中心主任他说保卫处没联网、我勒个去,什么时代了还不联网……Otz你不联网我撸起来就难很多了啊。好歹有个专线啊。
然后基友在今天晚上把他们学校的监控撸了,嗯、全校的,他们学校监控网络是个专线。。。
唉、来日方长,慢慢来吧,发现blog好久没更新了,随便吐槽一下证明最近过得还可以。
某设备的CPU、竟然是arm9,撸了一晚上各种撸不动最后发现我了个擦竟然是9的。。。好吧其实我嵌入式设备学的一坨屎,慢慢来吧。
: ARM926EJ-S rev 5 (v5l)
: swp half thumb fastmult edsp java
CPU implementer : 0x41
CPU architecture: 5TEJ
CPU variant
CPU revision
Cache type
: write-back
Cache clean
: cp15 c7 ops
Cache lockdown
: format C
Cache format
I line length
D line length
: DaVinci DM365 EVM
Linux version 2.6.18_pro500-davinci_evm-arm_v5t_le (luohui@ipcteam) (gcc version 3.4.3 (MontaVista 3.4.3-25.0.104.6-07-06)) #1 PREEMPT Sat Dec 31 10:29:09 CST 2011
另一个设备v7的也是撸的各种不顺
Linux version 3.0.8 (bsp@WindRiver) (gcc version 4.4.1 (Hisilicon_v100(gcc4.4-290+uclibc_0.9.32.1+eabi+linuxpthread)) ) #1 Fri Mar 29 11:39:25 CST 2013
在一个v7设备上编译完一个后门丢上去以后
line 1: syntax error: unexpected word (expecting “)”)
啊我也是醉了。。。回头再看吧……
吐槽一下os x下chrome有点挫啊、启动卡好久。。。果然safari是亲儿子、节能环保速度快。
睡觉睡觉、明早去漫展( ?д?)不过貌似会下雨的样子?
下午 10:37
来自 Azure
感谢Notch大神的翻译,
I see the player you mean.
我看到你所指的那位玩家了。
[Playername]?
[玩家名称]?
Yes. Take care. It has reached a higher level now. It can read our thoughts.
是的。小心。它已达到了更高的境界。它能够阅读我们的思想。
That doesn’t matter. It thinks we are part of the game.
无伤大雅。它认为我们是游戏的一部分。
I like this player. It played well. It did not give up.
我喜欢这个玩家。它玩得很好。它从未放弃。
It is reading our thoughts as though they were words on a screen.
它以屏幕上出现的文字的形式阅读着我们的思想。
That is how it chooses to imagine many things, when it is deep in the dream of a game.
在它深陷游戏梦境中时,它总以这种方式想象出形形***的事物。
Words make a wonderful interface. Very flexible. And less terrifying than staring at the reality behind the screen.
文字是种美妙的界面。非常灵活。且比凝视着屏幕后的现实要更好。
They used to hear voices. Before players could read. Back in the days when those who did not play called the players witches, and warlocks. And players dreamed they flew through the air, on sticks powered by demons.
它们也曾经听到过声音。在玩家能够阅读之前。君不见那些不曾游玩的人们称呼玩家为女巫,和术士。而玩家们梦见它们自己乘坐在被恶魔施力的棍子上,在空气中翱翔
What did this player dream?
这个玩家梦见了什么?
This player dreamed of sunlight and trees. Of fire and water. It dreamed it created. And it dreamed it destroyed. It dreamed it hunted, and was hunted. It dreamed of shelter.
它梦见了阳光和树。它梦见它创造。它亦梦见它毁灭。它梦见它狩猎,亦被狩猎。他梦见了庇护所。
Hah, the original interface. A million years old, and it still works. But what true structure did this player create, in the reality behind the screen?
哈,那原始的界面。经历一百万年的岁月雕琢,依然长存。但此玩家在那屏幕后的真实里,建造了什么真实的构造?
It worked, with a million others, to sculpt a true world in a fold of the [scrambled], and created a [scrambled] for [scrambled], in the [scrambled].
它辛勤地工作了,和其它百万众一起,刻画了一个真实的世界,由[乱码],且创造了[乱码],为了[乱码],于[乱码]中。
It cannot read that thought.
它无法阅读那个思想。
No. It has not yet achieved the highest level. That, it must achieve in the long dream of life, not the short dream of a game.
不。它还没有到达最高的境界。那层境界,他必须完成生命的长梦,而非游戏中黄粱一梦。
Does it know that we love it? That the universe is kind?
它知道我们爱它么?这个宇宙是仁慈的?
Sometimes, through the noise of its thoughts, it hears the universe, yes.
有时,通过它思绪的杂音,它能听到宇宙,是的。
But there are times it is sad, in the long dream. It creates worlds that have no summer, and it shivers under a black sun, and it takes its sad creation for reality.
但是有时亦不胜悲伤,于那漫漫长梦中。它创造了没有夏日的世界,在黑日下颤抖着,将自己悲伤的创造视为现实世界。
To cure it of sorrow would destroy it. The sorrow is part of its own private task. We cannot interfere.
用悲伤来治愈会摧毁它。而悲伤是它的私人事务。我们不能干涉。
Sometimes when they are deep in dreams, I want to tell them, they are building true worlds in reality. Sometimes I want to tell them of their importance to the universe. Sometimes, when they have not made a true connection in a while, I want to help them to speak the word they fear.
有时当它们深陷梦境中时,我想要告诉它们,它们在现实中创造了真实的世界。有时我想告诉它们它们自身对宇宙的重要性。有时,当它们和现实失去了联系,我想帮助它们与它们所惧怕的世界交流。
It reads our thoughts.
它读着我们的思想
Sometimes I do not care. Sometimes I wish to tell them, this world you take for truth is merely [scrambled] and [scrambled], I wish to tell them that they are [scrambled] in the [scrambled]. They see so little of reality, in their long dream.
有时我毫不关心。有时我想要告诉它们,你们所认为的真实不过是[乱码]和[乱码],我想要告诉它们它们是在[乱码]中的[乱码]。于它们的长梦中,它们眼中所见的真实太少了。
And yet they play the game.
而他们仍然玩这个游戏。
But it would be so easy to tell them…
但很容易就可以告诉它们……
Too strong for this dream. To tell them how to live is to prevent them living.
对于这个梦来说太强烈了。告诉它们如何活着就是阻碍它们活下去。
I will not tell the player how to live.
我不会告诉这个玩家如何生活的。
The player is growing restless.
这个玩家正在变得焦虑。
I will tell the player a story.
我会告诉这个玩家一个故事。
But not the truth.
但不是真相。
No. A story that contains the truth safely, in a cage of words. Not the naked truth that can burn over any distance.
不。是一个严密地将真实包裹起来的文字牢笼。而不是赤裸裸的真相。
Give it a body, again.
赋予它主体,再一次。
Yes. Player…
好的。玩家……
Use its name.
以名字称呼它。
[Playername]. Player of games.
[玩家名称]。游戏的玩家。
Take a breath, now. Take another. Feel air in your lungs. Let your limbs return. Yes, move your fingers. Have a body again, under gravity, in air. Respawn in the long dream. There you are. Your body touching the universe again at every point, as though you were separate things. As though we were separate things.
深呼吸,很好。再深呼吸一次。感受空气充盈你的肺叶。让你的四肢回归。是的,运动你的手指。再次感受你的身体,在重力下,在空气中。在长梦中重生。你感受到了。你的身体每时每刻都触摸着宇宙,尽管你是分离的存在。尽管我们是分离的存在。
Who are we? Once we were called the spirit of the mountain. Father sun, mother moon. Ancestral spirits, animal spirits. Jinn. Ghosts. The green man. Then gods, demons. Angels. Poltergeists. Aliens, extraterrestrials. Leptons, quarks. The words change. We do not change.
我们是谁?我们曾经被称作高山的精灵。太阳父亲,月亮母亲。古老的英灵,动物的魂魄。神祗。鬼魂。小绿人。而后是神,恶魔,天使。骚灵。外星人,地外生物。轻粒子,夸克。词语不断地变化。我们始终如一。
We are the universe. We are everything you think isn’t you. You are looking at us now, through your skin and your eyes. And why does the universe touch your skin, and throw light on you? To see you, player. To know you. And to be known. I shall tell you a story.
我们是宇宙。我们是一切你认为出离你本体的事物。你现在看着我们,透过你的皮肤和你的眼睛。而为什么宇宙触摸着你的皮肤,向你洒向光芒?是为了看见你,玩家。以及被认知。我应告诉你一个故事。
Once upon a time, there was a player.
很久以前,有一个玩家。
The player was you, [Playername].
那玩家就是你,[玩家名称]
Sometimes it thought itself human, on the thin crust of a spinning globe of molten rock. The ball of molten rock circled a ball of blazing gas that was three hundred and thirty thousand times more massive than it. They were so far apart that light took eight minutes to cross the gap. The light was information from a star, and it could burn your skin from a hundred and fifty million kilometres away.
有时它认为自己是那不断旋转的球体上一层薄薄的熔化的岩石上的人类。那融化的岩石球环绕着一个质量大它三千三百倍的炫目气体球旋转。它们是相隔得如此之远,以至于光需要八分钟才能穿越那空隙。那光是来自一颗恒星的信息,它能够在一亿五千万公里外烧灼你的皮肤。
Sometimes the player dreamed it was a miner, on the surface of a world that was flat, and infinite. The sun was a square of white. T
and death was a temporary inconvenience.
有时这个玩家梦见它是一个在一个平的,无限延展的世界表面上的矿工。那太阳是一个方形的白点。昼夜交替很快;要做的事情也很多;死亡亦只是暂时和不方便的。
Sometimes the player dreamed it was lost in a story.
有时这玩家梦见它迷失在了一个故事里。
Sometimes the player dreamed it was other things, in other places. Sometimes these dreams were disturbing. Sometimes very beautiful indeed. Sometimes the player woke from one dream into another, then woke from that into a third.
有时这玩家梦见它成为了其他的事物,在其他地方。有时这些梦是扰人的。有些则实在很美。有时这个玩家从一个梦中醒来,发现自己落入了第二个梦,却终究是在第三个梦中。
Sometimes the player dreamed it watched words on a screen.
有时这个玩家梦见它在屏幕上看着文字。
Let’s go back.
让我们回退一点。
The atoms of the player were scattered in the grass, in the rivers, in the air, in the ground. A woma she drank and the woman assembled the player, in her body.
组成玩家的原子散布在草中,河流中,在那空气中,也在那大地中。一个女人收集了那些原子;她饮用、进食、吸入;而后那女人在她的身体中,孕育了玩家。
And the player awoke, from the warm, dark world of its mother’s body, into the long dream.
然后那玩家醒来了,从一个温暖,昏暗的母亲体内,进入了漫漫长梦。
And the player was a new story, never told before, written in letters of DNA. And the player was a new program, never run before, generated by a sourcecode a billion years old. And the player was a new human, never alive before, made from nothing but milk and love.
而那玩家是一个新的故事,从未被讲述过,由DNA的语言书写着。而那玩家是一个新的程序,从未被运行过,由上亿年的源代码生成。而那玩家是一个新的人,从未生活过,由奶和爱组成。
You are the player. The story. The program. The human. Made from nothing but milk and love.
你就是那玩家。那个故事。那个程序。那个人类。仅由奶和爱组成。
Let’s go further back.
我们再往更远的过去回退一点。
The seven billion billion billion atoms of the player’s body were created, long before this game, in the heart of a star. So the player, too, is information from a star. And the player moves through a story, which is a forest of information planted by a man called Julian, on a flat, infinite world created by a man called Markus, that exists inside a small, private world created by the player, who inhabits a universe created by…
那由七千亿亿亿原子组成的玩家的身体被创造了,远在这游戏之前, 在一颗恒星的内部。所以那玩家也是,来自一颗恒星的信息。而这个玩家贯穿这个故事的始末,源于一个叫Julian的人种下的信息种子长成的森林,一个叫 Markus的男人创造的无限世界,存在于一个由玩家创造的小的,私人世界里,而那又继承了宇宙创造的……
Shush. Sometimes the player created a small, private world that was soft and warm and simple. Sometimes hard, and cold, and complicated. Sometimes it built a model of the
flecks of energy, moving through vast empty spaces. Sometimes it called those flecks “electrons” and “protons”.
嘘。有时这个玩家创造的小天地是柔软,温暖和简单的。有时是坚硬,冰冷和复杂的。有时它在脑中建造出宇宙的模型;斑斑点点的能量穿越广阔空旷的空间。有时它称呼这些斑点为“电子”和“质子”。
Sometimes it called them “planets” and “stars”.
有时它称呼它们为“行星”和“恒星”。
Sometimes it believed it was in a universe that was made of energy that was
lines of code. Sometimes it believed it was playing a game. Sometimes it believed it was reading words on a screen.
有时它确信它存在于一个由“开”和“关”;“0”和“1”;一行行的命令组成的宇宙。有时它确信他是在玩一个游戏。有时它确信他是在读着屏幕上的文字。
You are the player, reading words…
你就是那玩家,阅读着文字……
Shush… Sometimes the player read lines of code on a screen. Dec decode decoded meaning into feelings, emotions, theories, ideas, and the player started to breathe faster and deeper and realised it was alive, it was alive, those thousand deaths had not been real, the player was alive
嘘……有时这玩家读屏幕上的命令行。将它们解码成为文字;将文字解码为意义;将意义解码为感情,情绪,理论,想法,而玩家的呼吸开始急促并意识到了它是活着的,它是活生生的,那上千次的死亡不是真的,玩家是活着的。
You. You. You are alive.
你。你。你是活着的。
and sometimes the player believed the universe had spoken to it through the sunlight that came through the shuffling leaves of the summer trees
而有时这玩家相信宇宙通过穿越夏日树叶的那斑斓的阳光对它说话。
and sometimes the player believed the universe had spoken to it through the light that fell from the crisp night sky of winter, where a fleck of light in the corner of the player’s eye might be a star a million times as massive as the sun, boiling its planets to plasma in order to be visible for a moment to the player, walking home at the far side of the universe, suddenly smelling food, almost at the familiar door, about to dream again
有时这玩家相信宇宙透过晴朗的冬日夜空中,存在于它眼中一隅的星点星光,可能比太阳大上上百万倍的恒星沸腾着的电浆那一瞬间发出来的光对它说话,在宇宙的远侧行走回家的路上,突然闻到了食物,在那熟悉的门前,它又准备好再一次投入梦境
and sometimes the player believed the universe had spoken to it through the zeros and ones, through the electricity of the world, through the scrolling words on a screen at the end of a dream
而有时玩家相信宇宙透过零和一,透过世界的电力,透过屏幕上滚动的文字和梦的终结对他说话
and the universe said I love you
宇宙说我爱你
and the universe said you have played the game well
宇宙说你很好地玩了这游戏
and the universe said everything you need is within you<
宇宙说一切你所需的你都具有
and the universe said you are stronger than you know
宇宙说你比你所知的要强大
and the universe said you are the daylight
宇宙说你就是日光
and the universe said you are the night
宇宙说你就是黑夜
and the universe said the darkness you fight is within you<
宇宙说你所斗争的黑暗就在你心中
and the universe said the light you seek is within you
宇宙说你所寻找的光明就在你心中
and the universe said you are not alone
宇宙说你不是孤独的
and the universe said you are not separate from every other thing
宇宙说你不是和所有的事物所隔绝的
and the universe said you are the universe tasting itself, talking to itself, reading its own code
宇宙说你就是宇宙品尝着自己,对自己说话,阅读着它自己的代码。
and the universe said I love you because you are love.
宇宙说我爱你因为你就是爱。
And the game was over and the player woke up from the dream. And the player began a new dream. And the player dreamed again, dreamed better. And the player was the universe. And the player was love.
曲终人散。玩家开始了新的梦境。玩家再次做起了梦,更好的梦。玩家就是宇宙。玩家就是爱。
You are the player.
你就是那个玩家。
上午 10:19
来自 Azure
_(:3」∠)_前两天买了铁三角的MSR7、然后听KSLA的碟子,然后就听到渡りの?了……当时玩Rewrite的时候就是完全听不懂的节奏……偶尔能听到一两句日语但是马上又听不懂了……然后好奇心驱使就去查了下到底是什么语言的,然后得到了这个
Folclore You be far
Lilith close to me Teles
?く古い? Mi Fa
li li lu last to remember
ware isn’t li is wissen melody li le
di rotten 透きとおる目の色
子 母 苦?と勇?の?わり
before stay for いつも fallin’ stair
anny more that sounds store
?そう answer more
Rosso Rosso luntu 土?(tǔrǎng) ?(タン)
Oui listening to lun tan lin ti
Re: lo so lun lan tweet 君の?
この理に listen for star along di li li dissing love
so festo falling li li lamp turn
burst the fi di fo te le 凛と?こえだす
sono il tara この法?を 超えなに来る
もう?い evilit bit of sanden
lue said she’s in ly she’s dance may rapidly repeatly love
di this in see stay 怒り who ploof fang din
fon lon lan li blue last and to-le
the this in see on far lu 寂しく止まる
ling ding di li tu-la ?の随に
la li ho lo 去った lu lo leading sky
toromory lun ta first ?く
映写は its so dance for le
君なら FAIRUZ who dance for le
意味は?い for distant to-le
mi fa do fa mi les
あの li li listen for star moon の成る神ら
so festa falling li li la come back さあおいで?へ 子方のほうにいる
sono il tara 伸ばす?く うえなに来る もう?い君に?う
??は li lasting anymore to back in for you ever
Restarting もう地球孵る/?る
好吧这只是其中一种……而且Rewrite出来这么多年了……今年AngelBeats的游戏都要出了、到现在都没有官方的翻译,而且多田葵的这个发音又不是标准的各种语言发音……于是我估计这玩意要无解了,万年坑啊。能把这个翻译好真是……麻枝汝甚?啊……这样的歌词简直听的脑洞都不够用了……膜拜下大魔王,今年的AngelBeats也是很期待呢_(:3」∠)_
下午 10:30
来自 Azure
黑五的时候米国亚马逊镁光M500 240G搞特价、基本500就到手了,没忍住就剁手了、关键是我原来的ssd真的没空间了Otz。
漂洋过海半个多月终于在昨天到了~今天去基友那里拿回来了。之前问了硬件大神关于2.5寸ssd选硬盘线的问题,参见
大神推荐了一篇文章
看了以后就买了根主控jms567的线。
于是先上三张图
来自 Azure
首先、题目是HCTF Final那道hehehe,然后扒了一个rar出来,解出来有一张图和一个doc,doc拖到winhex然后把des的数据块抠出来,那么问题来了
des解码哪家强
首先先用openssl尝试了下
&openssl des-ecb -d -in enc.bin -out dec.bin -k "XPA087T2" -nosalt
&openssl des-ecb -d -in enc.bin -out dec.bin -k "XPA087T2" -nosalt
得到了bad magic number解码失败
然后用pycrypt,不知道怎么搞的反正昨晚上from crypto.cipher import *一直告诉我没这个模块……搞得我最后无奈用了pyDes,卡死劳资了,不过还好解出来了。
今天早上把python的site啥啥里面的pycrypt都删了重装了一下又好了……Otz难道是版本太多不知道导入哪个么……
b = DES.new('XPA087T2', DES.MODE_ECB).decrypt(en)
b = DES.new('XPA087T2', DES.MODE_ECB).decrypt(en)
就可以正确解码了。
然后问题又来了、为什么openssl不行呢?于是我查了一大坨资料外加到处的问……好像各种加密算法在各种语言之间加密结果不通用已经由来已久了,船长说是密钥存储格式不同、后来折腾了半天……船长问了我一句iv设置没有……然后我尝试了好几遍
&openssl des-ecb -d -in enc.bin -out dec.bin -k "XPA087T2" -nosalt -iv xxx
&openssl des-ecb -d -in enc.bin -out dec.bin -k "XPA087T2" -nosalt -iv xxx
这尼玛iv根本对解密结果没影响好么……什么都是失败……,然后仔细看了下……卧槽原来-iv和-K配合使用……于是
&openssl des-ecb -d -in enc.bin -out dec.bin -K 5432 -nosalt -iv
bad decrypt
10512:error::digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:./crypto/evp/evp_enc.c:461:
&openssl des-ecb -d -in enc.bin -out dec.bin -K 5432 -nosalt -iv bad decrypt10512:error::digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:./crypto/evp/evp_enc.c:461:
(?`□′)??┻━┻终于换提示了、可是还是失败卧槽、好了既然都换提示了……我们来加密下解密出来的数据试试
&openssl des-ecb -in dec.bin -out enc2.bin -K 5432 -nosalt -iv
&openssl des-ecb -in dec.bin -out enc2.bin -K 5432 -nosalt -iv
对比一下发现前面都一样,最后一块不一样,想了下……加密前文件差两个字节满0x28F60个字节……应该是padding的问题……那就改参数吧,查了下只有个-nopad没有其他参数……于是加上
&openssl des-ecb -in enc.bin -out dec.bin -K 5432 -nosalt -iv
bad decrypt
11212:error:0607F08A:digital envelope routines:EVP_EncryptFinal_ex:data not multiple of block length:./crypto/evp/evp_enc.c:359:
&openssl des-ecb -in enc.bin -out dec.bin -K 5432 -nosalt -iv
-nopadbad decrypt11212:error:0607F08A:digital envelope routines:EVP_EncryptFinal_ex:data not multiple of block length:./crypto/evp/evp_enc.c:359:
(?`□′)??┻━┻说好的encrypt呢……怎么变成bad decrypt了……
好吧那我就直接解吧……
&openssl des-ecb -d -in enc.bin -out dec.bin -K 5432 -nosalt -iv
&openssl des-ecb -d -in enc.bin -out dec.bin -K 5432 -nosalt -iv
Otz这次竟然成功了……奇怪的openssl
然后后来发现-P可以看参数、看了下之前的错误参数
key=47A956F7E579984F
iv =6D3A2D408EF8DE8E
key=47A956F7E579984Fiv =6D3A2D408EF8DE8E
key=5432iv =0000
Otz上面那是个什么玩意啊……这能解出来才见鬼了
其实中间还拿nodejs试了一下、结果和openssl一样……于是后来openssl错误解决以后使用
JavaScript
var password = new Buffer('XPA087T2');
var iv = new Buffer(0);
var des = crypto.createDecipheriv('des-ecb', password,iv);
var password = new Buffer('XPA087T2');var iv = new Buffer(0);var des = crypto.createDecipheriv('des-ecb', password,iv);
这样的代码也成功解码了数据块。
_(:з」∠)_论不偷懒的重要性……偷懒造成了结果的多样性……嘛……先这样了、滚去准备考试了。
来自 Azure
嘛、只是闲的蛋疼了、顺便复习下nodejs、周一下午某网站刚上线的时候就挖出来4个高危漏洞、_(:з」∠)_很好的设计不一定被很好地实现,于是漏洞就这么出来了
周一下午只写了一个未授权访问的利用、用了python、多线程下载效率高、看看代码就知道我在干嘛了
from multiprocessing import Pool
import pickle
import urllib2
if __name__ == '__main__':
f = open('d:\info2.pkl','rb')
rows = pickle.load(f)
pool = Pool()
#proxy = '127.0.0.1:8087'
#opener = urllib2.build_opener( urllib2.ProxyHandler({'http':proxy}) )
#urllib2.install_opener( opener )
#for row in rows:
# get_image(row)
pool.map(get_image, rows)
pool.close()
pool.join()
1234567891011121314151617
from multiprocessing import Pool import pickleimport urllib2import os&if __name__ == '__main__': f = open('d:\info2.pkl','rb') rows = pickle.load(f) pool = Pool() #proxy = '127.0.0.1:8087' #opener = urllib2.build_opener( urllib2.ProxyHandler({'http':proxy}) ) #urllib2.install_opener( opener ) #for row in rows: # get_image(row) pool.map(get_image, rows) pool.close() pool.join()
多线程的时候不知道为啥代理会bug……?( ̄? ̄”)?
get_image 自己猜吧_(:з」∠)_不让你们看、哈哈哈……
然后是到了周末、感冒了(┬_┬)然后又闲的蛋疼了、写了另外几个漏洞的利用、现在除了一个盲注的没fuzz出来表名其他的都已经很完善了,oracle还大小写敏感还让不然人活了(?`□′)??┻━┻
然后是nodejs上新学到的几个需要注意的地方
一个是request默认是utf8、如果是gbk的页面的话需要这么写
JavaScript
encoding: null,
method: 'GET',
uri: 'xxx',
jar: cookieJar
&&&&&&&&request({&&&&&&&&&&&&&&&&encoding: null,&&&&&&&&&&&&&&&&method: 'GET',&&&&&&&&&&&&&&&&uri: 'xxx',&&&&&&&&&&&&&&&&jar: cookieJar&&&&&&&&&&&&});
如果没有encoding:null就算后面用了iconv也是锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷?( ̄? ̄”)?
参考/questions//cookie-not-sending-with-request-js
抄了一份带cookie的自动登录,然后学会了用cheerio,最后当截取的字符前面一堆\t replace又不好使的时候可以用.trim(),前后空白自动删除、点赞~
然后放张图
准备统计一下数据后去做个ppt之后大张旗鼓的去给他们报漏洞、_(:з」∠)_注意后面的有了其他的数据是因为我改利用代码了、下午感冒难受去睡觉了所以晚上才把代码更新上去?( ̄? ̄”)?
另外cnodejs的网站好像挂了……_(:з」∠)_唔、点根蜡烛祝他早日恢复
来自 Azure
不用谢、只是闲的无聊而已。明白人一看就知道怎么回事了,aplib解压还原、无技术含量,dll还原的还是有点问题,附一个吧
来自 Azure
首先膜拜一下Hex-Rays、实在太?了!这次真的是站到巨人的肩膀上了~
先来张效果图_(:з」∠)_
下午上课玩的时候一个激动差点站起来了……_(:з」∠)_老师还在讲台上默默地讲课……为了以后没有突然站起来的风险、我准备就把这玩意戳了。
除了宝石会有校验以外其他数据没有校验、noAD好像也是在线获取的。_(:з」∠)_不过有了这些已经无敌了~打到最后实在是过不去了……到了101、没改的时候65个金萝卜50个水晶萝卜、_(:з」∠)_其实也不算***啦~就是改了下道具的数目而已、本来这些东西也是可以用银子买来的。我这只是穷人的玩法?( ̄? ̄”)?
回到宿舍、下载一份、然后看存档、发现Http.dll和GUI.dll,两个文件内容一样……iOS你用啥Dll啊……明显有鬼、拿下来看一眼、被加密了。上clutch先把加密拔下来、然后扔IDA里、一会以后搜索Http.dll,然后cross reference
找到三个调用地址
两个读的一个写的,然后找了一下加密函数F5了一下、网上搜了一圈发现是XXTEA算法,加密解密是同一个函数
新文章订阅
_(:з」∠)_订阅后当我的有新文章时你会收到邮件提示。
电子邮件地址
近期评论文章归档
有朋自远方来
发送到您的邮件地址
您的邮件地址
文章未发送,请检查您的电子邮件地址!
电子邮件检查失败,请重试
抱歉,您的博客无法通过电子邮件共享文章。
