我的GitHub

无星的小窝

技术为辅,业务为主

0%

发表于 分类于 阅读次数:
本文字数: 3.6k 阅读时长 ≈ 3 分钟

背景

弄简单一点,搞个vbs,设置为隐藏文件

再弄个快捷方式,指向这个vbs

再把快捷方式的logo设置成常见的word,excel,pdf,ppt之类的

弹窗.vbs

我们这里图方便,直接写个弹窗

如果要收集其他信息,自己写个curl把收集的信息发给服务端存一下

看看哪些人上当了

alert.vbs

1
X=Msgbox("安全意识不足!", 48, "安全提醒")
阅读全文 »

发表于 更新于 分类于 阅读次数:
本文字数: 920k 阅读时长 ≈ 13:56

背景

今天我们来解决一个Lottie动态更换文字的问题

比如有个抽奖动画,我们需要动态替换抽奖的奖品,这种需求在实际项目中还是比较常见的

这里我们有两种方式

1. 设计师比较顶

让设计师在静态字体处预留出一个占位符,然后在js加载时,动态替换这个占位符

比如

Lottie.json

1
{"v":"5.5.9","fr":24,"ip":0,"op":72,"w":200,"h":200,"nm":"合成 2","ddd":0,"assets":[{"id":"comp_0","layers":[{"ddd":0,"ind":1,"ty":5,"nm":"textnode","sr":1,"ks":{"o":{"a":0,"k":100,"ix":11},"r":{"a":1,"k":[{"i":{"x":[0.833],"y":[0.833]},"o":{"x":[0.167],"y":[0.167]},"t":0,"s":[0]},{"i":{"x":[0.833],"y":[0.833]},"o":{"x":[0.167],"y":[0.167]},"t":71,"s":[172.815]},{"t":119,"s":[174]}],"ix":10},"p":{"a":1,"k":[{"i":{"x":0.833,"y":0.833},"o":{"x":0.167,"y":0.167},"t":0,"s":[35,40,0],"to":[12.613,7.317,0],"ti":[-31.075,-18.028,0]},{"i":{"x":0.833,"y":0.833},"o":{"x":0.167,"y":0.167},"t":71,"s":[168.16,107.345,0],"to":[22.717,13.18,0],"ti":[-9.221,-5.349,0]},{"t":119,"s":[166,116,0]}],"ix":2},"a":{"a":0,"k":[0,0,0],"ix":1},"s":{"a":0,"k":[100,100,100],"ix":6}},"ao":0,"t":{"d":{"k":[{"s":{"s":28,"f":"STHeitiSC-Light","t":"${文本}","j":2,"tr":0,"lh":33.6,"ls":0,"fc":[0.524,0.043,0.043]},"t":0}]},"p":{},"m":{"g":1,"a":{"a":0,"k":[0,0],"ix":2}},"a":[]},"ip":0,"op":72,"st":0,"bm":0},{"ddd":0,"ind":2,"ty":4,"nm":"rect","sr":1,"ks":{"o":{"a":0,"k":100,"ix":11},"r":{"a":0,"k":0,"ix":10},"p":{"a":1,"k":[{"i":{"x":0.833,"y":0.833},"o":{"x":0.167,"y":0.167},"t":0,"s":[100,100,0],"to":[22.5,-0.5,0],"ti":[-22.5,0.5,0]},{"t":119,"s":[235,97,0]}],"ix":2},"a":{"a":0,"k":[0,0,0],"ix":1},"s":{"a":0,"k":[100,100,100],"ix":6}},"ao":0,"shapes":[{"ty":"gr","it":[{"ty":"rc","d":1,"s":{"a":0,"k":[67.559,65.285],"ix":2},"p":{"a":0,"k":[0,0],"ix":3},"r":{"a":0,"k":0,"ix":4},"nm":"矩形路径 1","mn":"ADBE Vector Shape - Rect","hd":false},{"ty":"st","c":{"a":0,"k":[1,1,1,1],"ix":3},"o":{"a":0,"k":100,"ix":4},"w":{"a":0,"k":2,"ix":5},"lc":1,"lj":1,"ml":4,"bm":0,"nm":"描边 1","mn":"ADBE Vector Graphic - Stroke","hd":false},{"ty":"fl","c":{"a":0,"k":[0.949019607843,0.309803921569,0.949019607843,1],"ix":4},"o":{"a":0,"k":100,"ix":5},"r":1,"bm":0,"nm":"填充 1","mn":"ADBE Vector Graphic - Fill","hd":false},{"ty":"tr","p":{"a":0,"k":[-66.314,60.561],"ix":2},"a":{"a":0,"k":[0,0],"ix":1},"s":{"a":0,"k":[71.745,69.722],"ix":3},"r":{"a":0,"k":0,"ix":6},"o":{"a":0,"k":100,"ix":7},"sk":{"a":0,"k":0,"ix":4},"sa":{"a":0,"k":0,"ix":5},"nm":"变换"}],"nm":"矩形 1","np":3,"cix":2,"bm":0,"ix":1,"mn":"ADBE Vector Group","hd":false}],"ip":0,"op":72,"st":0,"bm":0}]}],"fonts":{"list":[{"origin":0,"fPath":"","fClass":"","fFamily":"Heiti SC","fWeight":"","fStyle":"Light","fName":"STHeitiSC-Light","ascent":73.5989987850189}]},"layers":[{"ddd":0,"ind":1,"ty":0,"nm":"comp1","refId":"comp_0","sr":1,"ks":{"o":{"a":0,"k":100,"ix":11},"r":{"a":0,"k":0,"ix":10},"p":{"a":0,"k":[100,100,0],"ix":2},"a":{"a":0,"k":[100,100,0],"ix":1},"s":{"a":0,"k":[100,100,100],"ix":6}},"ao":0,"w":200,"h":200,"ip":0,"op":72,"st":0,"bm":0}],"markers":[]}

渲染的html

阅读全文 »

发表于 更新于 分类于 阅读次数:
本文字数: 5.7k 阅读时长 ≈ 5 分钟

Ubuntu 安装 gitea

二进制安装

1. 下载

1
2
3
4
mkdir gitea
cd gitea
wget -O gitea https://dl.gitea.com/gitea/main-nightly/gitea-main-nightly-linux-amd64
chmod +x gitea

2. 注册用户

1
2
3
4
5
6
7
8
adduser \
   --system \
   --shell /bin/bash \
   --gecos 'Git Version Control' \
   --group \
   --disabled-password \
   --home /home/git \
   git

3. 配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
mkdir -p /var/lib/gitea/{custom,data,log}
chown -R git:git /var/lib/gitea/
chmod -R 750 /var/lib/gitea/
mkdir /etc/gitea
chown root:git /etc/gitea
chmod 770 /etc/gitea

vim ~/.bashrc
# 添加如下环境变量
export GITEA_WORK_DIR=/var/lib/gitea/
# 保存退出

source ~/.bashrc

# 复制二进制到全局位置
cp gitea /usr/local/bin/gitea

配置app.ini

1
2
mkdir /etc/gitea
vim /etc/gitea/app.ini
阅读全文 »

发表于 更新于 分类于 阅读次数:
本文字数: 205 阅读时长 ≈ 1 分钟

青龙面板忘记账号密码了

阅读源码可知,使用的是sqlite

进入容器

1
sudo docker exec -it ece2d /bin/sh

并且数据库保存在db目录下

1
/ql/data/db/keyv.sqlite

所以我们只要把这个db拷出来打开就能找到账号密码

1
sudo docker cp qinglong:/ql/data/db/keyv.sqlite /home/ubuntu/temp/

下载该sqlite打开即可得到账号密码

阅读全文 »

发表于 更新于 分类于 阅读次数:
本文字数: 438 阅读时长 ≈ 1 分钟

背景

有小鸡了,怎么处理

ssh链接

不多提

跑性能

1
curl -L https://gitlab.com/spiritysdx/za/-/raw/main/ecs.sh -o ecs.sh && chmod +x ecs.sh && bash ecs.sh

输入1

测速

1
bash <(curl -Ls Net.Check.Place) -4

测IP

阅读全文 »

发表于 分类于 阅读次数:
本文字数: 5.9k 阅读时长 ≈ 5 分钟

frida

Frida 16.7.19

Frida-Tools 13.7.1

先说版本对应关系

1
2
frida==16.7.19
frida-tools==13.7.1

建议使用16版本,17版本可能存在Java定义问题

看雪大哥记录的版本对应关系

frida-tools==1.0.0 —— 12.0.0<=frida<13.0.0

frida-tools==1.1.0 —— 12.0.0<=frida<13.0.0

frida-tools==1.2.0 —— 12.1.0<=frida<13.0.0

frida-tools==1.2.1 —— 12.1.0<=frida<13.0.0

frida-tools==1.2.2 —— 12.1.0<=frida<13.0.0

frida-tools==1.2.3 —— 12.1.0<=frida<13.0.0

frida-tools==1.3.0 —— 12.3.0<=frida<13.0.0

frida-tools==1.3.1 —— 12.3.0<=frida<13.0.0

frida-tools==1.3.2 —— 12.4.0<=frida<13.0.0

frida-tools==2.0.0 —— 12.5.3<=frida<13.0.0

frida-tools==2.0.1 —— 12.5.9<=frida<13.0.0

frida-tools==2.0.2 —— 12.5.9<=frida<13.0.0

frida-tools==2.1.0 —— 12.5.9<=frida<13.0.0

frida-tools==2.1.1 —— 12.5.9<=frida<13.0.0

frida-tools==2.2.0 —— 12.5.9<=frida<13.0.0

frida-tools==3.0.0 —— 12.6.17<=frida<13.0.0

frida-tools==3.0.1 —— 12.6.17<=frida<13.0.0

frida-tools==4.0.0 —— 12.6.21<=frida<13.0.0

frida-tools==4.0.1 —— 12.6.21<=frida<13.0.0

frida-tools==4.0.2 —— 12.6.21<=frida<13.0.0

frida-tools==4.1.0 —— 12.6.21<=frida<13.0.0

frida-tools==5.0.0 —— 12.6.21<=frida<13.0.0

frida-tools==5.0.1 —— 12.7.3<=frida<13.0.0

frida-tools==5.1.0 —— 12.7.3<=frida<13.0.0

frida-tools==5.2.0 —— 12.7.3<=frida<13.0.0

frida-tools==5.3.0 —— 12.7.3<=frida<13.0.0

frida-tools==5.4.0 —— 12.7.3<=frida<13.0.0

frida-tools==6.0.0 —— 12.8.5<=frida<13.0.0

frida-tools==6.0.1 —— 12.8.5<=frida<13.0.0

frida-tools==7.0.0 —— 12.8.12<=frida<13.0.0

frida-tools==7.0.1 —— 12.8.12<=frida<13.0.0

frida-tools==7.0.2 —— 12.8.12<=frida<13.0.0

frida-tools==7.1.0 —— 12.8.12<=frida<13.0.0

frida-tools==7.2.0 —— 12.8.12<=frida<13.0.0

frida-tools==7.2.1 —— 12.8.12<=frida<13.0.0

frida-tools==7.2.2 —— 12.8.12<=frida<13.0.0

frida-tools==8.0.0 —— 12.10.4<=frida<13.0.0

frida-tools==8.0.1 —— 12.10.4<=frida<13.0.0

frida-tools==8.1.0 —— 12.10.4<=frida<13.0.0

frida-tools==8.1.1 —— 12.10.4<=frida<13.0.0

frida-tools==8.1.2 —— 12.10.4<=frida<13.0.0

frida-tools==8.1.3 —— 12.10.4<=frida<13.0.0

frida-tools==8.2.0 —— 12.10.4<=frida<13.0.0

frida-tools==9.0.0 —— 14.0.0<=frida<15.0.0

frida-tools==9.0.1 —— 14.0.0<=frida<15.0.0

frida-tools==9.1.0 —— 14.2.0<=frida<15.0.0

frida-tools==9.2.0 —— 14.2.9<=frida<15.0.0

frida-tools==9.2.1 —— 14.2.9<=frida<15.0.0

frida-tools==9.2.2 —— 14.2.9<=frida<15.0.0

frida-tools==9.2.3 —— 14.2.9<=frida<15.0.0

frida-tools==9.2.4 —— 14.2.9<=frida<15.0.0

frida-tools==9.2.5 —— 14.2.9<=frida<15.0.0

frida-tools==10.0.0 —— 15.0.0<=frida<16.0.0

frida-tools==10.1.0 —— 15.0.0<=frida<16.0.0

frida-tools==10.1.1 —— 15.0.0<=frida<16.0.0

frida-tools==10.2.0 —— 15.0.0<=frida<16.0.0

frida-tools==10.2.1 —— 15.0.0<=frida<16.0.0

frida-tools==10.2.2 —— 15.0.0<=frida<16.0.0

frida-tools==10.3.0 —— 15.0.0<=frida<16.0.0

frida-tools==10.4.0 —— 15.0.0<=frida<16.0.0

frida-tools==10.4.1 —— 15.0.0<=frida<16.0.0

frida-tools==10.5.0 —— 15.0.0<=frida<16.0.0

frida-tools==10.5.1 —— 15.0.0<=frida<16.0.0

frida-tools==10.5.2 —— 15.0.0<=frida<16.0.0

frida-tools==10.5.3 —— 15.0.0<=frida<16.0.0

frida-tools==10.5.4 —— 15.0.0<=frida<16.0.0

frida-tools==10.6.0 —— 15.0.0<=frida<16.0.0

frida-tools==10.6.1 —— 15.0.0<=frida<16.0.0

frida-tools==10.6.2 —— 15.0.0<=frida<16.0.0

frida-tools==10.7.0 —— 15.0.0<=frida<16.0.0

frida-tools==10.8.0 —— 15.0.0<=frida<16.0.0

frida-tools==11.0.0 —— 15.2.0<=frida<16.0.0

frida-tools==12.0.0 —— 16.0.0<=frida<17.0.0

frida-tools==12.0.1 —— 16.0.0<=frida<17.0.0

frida-tools==12.0.2 —— 16.0.0<=frida<17.0.0

frida-tools==12.0.3 —— 16.0.0<=frida<17.0.0

frida-tools==12.0.4 —— 16.0.0<=frida<17.0.0

frida-tools==12.1.0 —— 16.0.0<=frida<17.0.0

frida-tools==12.1.1 —— 16.0.9<=frida<17.0.0

frida-tools==12.1.2 —— 16.0.9<=frida<17.0.0

frida-tools==12.1.3 —— 16.0.9<=frida<17.0.0

frida-tools==12.2.0 —— 16.0.9<=frida<17.0.0

frida-tools==12.2.1 —— 16.0.9<=frida<17.0.0

frida-tools==12.3.0 —— 16.0.9<=frida<17.0.0

Android

安装

阅读全文 »

发表于 分类于 阅读次数:
本文字数: 1.7k 阅读时长 ≈ 2 分钟

创建demo,运行一直卡Running Gradle task 'assembleDebug'

执行flutter run -v

查看记录发现卡在kotlin-compiler-embeddable下载

代理也配了,怎么都不行

接下来我们讲讲怎么手动下载这些包

下载路径

一共要下载三个东西,路径自己看log提示,版本自行替换

1
2
3
https://plugins.gradle.org/m2/org/jetbrains/kotlin/kotlin-compiler-embeddable/2.0.21/kotlin-compiler-embeddable-2.0.21.jar
https://plugins.gradle.org/m2/org/jetbrains/kotlin/kotlin-compiler-embeddable/2.0.21/kotlin-compiler-embeddable-2.0.21-sources.jar
https://plugins.gradle.org/m2/org/jetbrains/kotlin/kotlin-compiler-embeddable/2.0.21/kotlin-compiler-embeddable-2.0.21.pom

保存路径

1
C:\Users\username\.gradle\caches\modules-2\files-2.1\org.jetbrains.kotlin\kotlin-compiler-embeddable\2.0.21
阅读全文 »

发表于 更新于 分类于 阅读次数:
本文字数: 223 阅读时长 ≈ 1 分钟

is_numeric

比对是否是数字或者数字字符串

==

弱比较

1
2
3
4
5
$num=$_GET['num'];
if(!is_numeric($num)){
    echo $num;
    if($num==1)  echo 'flag{**********}';
}

比较数字,竟然只比较数字 $num=1a的情况下,比到1=1就停了

即 会截取字符串开头连续的数字部分

离谱

阅读全文 »

发表于 更新于 分类于 阅读次数:
本文字数: 5.3k 阅读时长 ≈ 5 分钟

WEB

信息收集、爆破、认证

1.敏感文件泄露

2.dirsearch\dirb\

3.BURP

  • a.登录框->admin密码【登录获取flag】
  • b.给一个字典,爆出普通用户密码,登录后,有些权限验证方法
  • c.Cookie->user改为admin
  • d.JWT验证
  • i.修改算法
  • ii.算法改为None,none
  • iii.爆破密钥
  • iv.删除signature,删除签名

命令执行

1.成因

阅读全文 »