0%

Posted on In , Views: Valine:
Symbols count in article: 5.3k Reading time ≈ 5 mins.

SSM-13-文件

文件上传

  1. commons-fileupload-1.3.12
  2. comons-io-2.5.jar

控制器

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
@Controller
public class FileUploadController {

	@RequestMapping("/fileUpload")
	public String handleFormUpload(@RequestParam("name") String name,
			@RequestParam("uploadfile") List<MultipartFile> uploadfile, HttpServletRequest request) {
		//
		if(!uploadfile.isEmpty() && uploadfile.size()>0 ) {
			//循环输出上传文件
			for (MultipartFile file: uploadfile) {
				//获取原始名称
				String originalFiename = file.getOriginalFilename();
				String dirPath = request.getServletContext().getRealPath("/upload/");
				File filePath = new File(dirPath);
				if(!filePath.exists()) {
					filePath.mkdir();
				}
				//使用uuid重新命名
				String newFilename = name + "_" + UUID.randomUUID() + "_" + originalFiename;
				//使用multipartFile接口方法上传
				try {
					System.out.println(dirPath);
					file.transferTo(new File(dirPath +"/" + newFilename));
					System.out.println(dirPath + newFilename);
				} catch (Exception e) {
					e.printStackTrace();
					return "error";
				}
			}
			return "success";
		}else {
			return "error";
		}
	}
}
Read more »

Posted on In , Views: Valine:
Symbols count in article: 6.3k Reading time ≈ 6 mins.

SSM-12-拦截器

  1. 权限验证
  2. 记录请求信息日志
  3. 判断用户是否登录

拦截器的配置

1
2
3
<mvc:interceptors>

</mvc:interceptors>
  • 全局拦截器
  • 拦截指定路径
  • 不需要拦截的路径
  • /hello 拦截以/hello结尾的路径

拦截器的执行流程

单个拦截器的执行流程

  1. 配置jar包
  2. 配置web.xml
  3. 配置控制器
Read more »

Posted on In , Views: Valine:
Symbols count in article: 3.3k Reading time ≈ 3 mins.

SSM-11-JSON

  1. 对象结构
  2. 数组结构

json数据转换

HttpMessageConverter

Jackson

  • jackson-annoations-2.8.8
  • 1
  • 2

@RequestBody 和 @ResponseBody

控制器

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
@Controller
public class UserController {

	@RequestMapping("/testJson")
	@ResponseBody
	public User testJson(@RequestBody User user) {
		System.out.println(user);
		return user;
	}
	
	@RequestMapping("/toIndex")
	public String toIndex() {
		return "index";
	}
}
Read more »

Posted on In , Views: Valine:
Symbols count in article: 1.1k Reading time ≈ 1 mins.

linux运维安全

系统安全

保持内核不更新

1
2
#保持包不更新
sudo apt-mark hold 包名
1
2
#先查看linux-headers
dpkg -l|grep linux-headers
1
2
#在查看linux-images
dpkg -l|grep linux-image

关闭自动更新

修改配置文件

1
vi /etc/xdg/autostart/parrot-updater.desktop
Read more »

Posted on In , Views: Valine:
Symbols count in article: 136 Reading time ≈ 1 mins.

linux命令手册

vim模式中 D,F向下翻页,B向上翻页

less, more同样适用

查看末尾几行

tail -行数 文件名

tail -f 文件名 持续查看

本文作者:NoOne
本文地址https://noonegroup.xyz/posts/66162ca9/
版权声明:转载请注明出处!

Posted on In , Views: Valine:
Symbols count in article: 167 Reading time ≈ 1 mins.

C#命名空间

解决方案里包含多个项目名,项目名不是最主要的,实质是命名空间,像用到反射机制的话,在配置文件里写的应该是命名空间而不是项目名,可以更改项目名,但是命名空间没修改的话,写项目名直接会出现空引用

本文作者:NoOne
本文地址https://noonegroup.xyz/posts/e5cd08f2/
版权声明:转载请注明出处!

Posted on In Views: Valine:
Symbols count in article: 1.1k Reading time ≈ 1 mins.
此文章已被加密,需要输入密码访问。
Read more »

Posted on In Views: Valine:
Symbols count in article: 2k Reading time ≈ 2 mins.

2020网鼎杯-第二场

re

py

pyinstall打包的exe,解压即可

安利个工具

一键转py

输出下key

image-20200515184852413

然后输入就完了

image-20200515184903157

恶龙

image-20200519110711253 动态调试修改eax的值得到, 改6次,在选项2里,让decrypt三个都执行,最后直接出来就完事了…假提示,不能patch,修改eax不也等于patch,懒得在patch了

flag{0259-6430-726f077b-5959-bf477a78c83b}

Read more »

Posted on In Views: Valine:
Symbols count in article: 5k Reading time ≈ 5 mins.

2020虎符网络安全大赛

py逆向

py字节码逆向,苦力活,照着这份对应上文档

check0感觉最难逆向…我没法还原,只能做成照着样子的

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/usr/bin/env python
# coding=utf-8
arr0 = [249, 91, 149, 113, 16, 91, 53, 41]
arr1 = [43, 1, 6, 69, 20, 62, 6, 44, 24, 113, 6, 35, 0, 3, 6, 44, 20 ,22 ,127, 60]
arr2 = [90, 100, 87, 109, 86, 108, 86, 105, 90, 104, 88, 102]
all = None
flag = raw_input()
if check0(flag) and check1(flag) and check2(flag) and check3(flag):
    print("ok")
else:
    print("no")

def genexpr(s):
    result = []
    for each in s:
        if ord(each) > 32 and ord(each) < 128:
            result.append(ord(each))
    return result

def check0(s):
  return genexpr(s)

def check1(s):
    if len(s) < 100 and len(s)*len(s)%777^233 ==513:
      return True
     else:
       return False
       
def check2(s):
    if ((((ord(s[0])*128 + ord(s[1]))*128 + ord(s[2]))*128 + ord(s[3])*128) + ord(s[4])*128 + ord(s[5]) == 3533889469877:
        if ord(s[-1]) == 125:
            return True
    return False

def check3(s):
  arr = map(ord,s)
  a = arr[6:30:3]
  for i in range(len(a)):
    if (a[i]*17684+372511)%257 != arr0[i]:
      return False
  b = arr[-2:33:-1]*5
  c = map(lambda x,y:x^y,zip(b, arr[7:27]))
  if c!=arr1:
    return False
  p = 0
  for i in range(28, 34):
    if (arr[i]+107)/16+77 !=arr2[p] and (arr[i]+117)%16+99 != arr2[p+1]:
      return False
       p = p+2
  return True
Read more »