狗东西的防黑之路
本文章基于 SSH 出发 作者很随性,随缘写文 涉及知识面:openssh ,proxy ,fwknop ,docker OPENSSHOpenSSH (also known as OpenBSD Secure Shell[a]) is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture.[4][5] OpenSSH started as a fork of the free SSH program developed by Tatu Ylönen; later versions of Ylönen’s SSH were proprietary software offered by SSH Communications Security.[6] OpenSSH was first...
Docker Action IniT
Dockerfile12345678910111213141516171819LABEL maintainer="xrsec"LABEL mail="Jalapeno1868@outlook.com"LABEL Github="https://github.com/XRSec/Code-Server-Update"RUN apt update -y && apt upgrade -y \ && apt install -y ncurses-bin \ && apt clean -y \RUN yum update -y && yum upgrade -y \ && yum install ncurses -y \ && yum clean all -y \WORKDIRENTRYPOINT ["/goby.sh"]EXPOSE 80ENV...
Centos init
Centos init12345678910111213141516171819202122yum update -y && yum upgrade -yyum install wget unzip git util-linux-user net-tools iputils util-linux-user zsh ncurses -ycurl -s curl -s https://mirror.ghproxy.com/https://gist.githubusercontent.com/Ran-Xing/0e47c9b793887d201bab9de2a07a740c/raw/3a63ca4fe9b775c5a8e141f05ddb35cc1ea09334/zsh_init.sh | bash -source ~/.zshrcsudo yum install -y yum-utilssudo yum remove docker \ docker-client \ ...
Docker Centos init
1docker run -it --name server centos:latest 12345678yum update -y && yum upgrade -y && yum install wget git curl sudo net-tools iputils util-linux-user zsh ncurses -ychsh -s /usr/bin/zshsh -c "$(wget https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)"git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlightinggit clone...
趣玩Github Action
在 GitHub Actions 的仓库中自动化、自定义和执行软件开发工作流程。 您可以发现、创建和共享操作以执行您喜欢的任何作业(包括 CI/CD),并将操作合并到完全自定义的工作流程中。 Action 能干啥?都能干,前段时间还有人挖矿 下面所有的用户名和仓库用 laowang 和 zhangshan 代替 Actions secrets一些不方便的隐私的东西可以放进去,然后用环境变量代替 https://github.com/laowang/zhangshan/settings/secrets/actions 12345# 推荐变量名DOCKERHUB_PASSWORD 123456 ${{ secrets.DOCKERHUB_PASSWORD }}DOCKERHUB_TOKEN 123456 ${{ secrets.DOCKERHUB_TOKEN }}DOCKERHUB_USERNAME laowang ${{...
Github Action Public_Private
This is a set of communication interactions between Github open source and privacyFunction: Synchronize README.md Sync hub.docker Overview The private warehouse is successfully constructed and the information is sent to the public warehouse to complete the construction Build containers and push to Aliyun, Hub.docker, etc. Open source warehouse receives signal to update README 这是一套关于Github 开源和隐私之间的通信交互功能: 同步 README.md 同步 hub.docker 的 Overview 私有仓库构建成功发送信息到公有仓库完成构建 构建容器并推送到 Aliyun,...
PHP FPM Docker
Please compile manually, github action may time out USE123FROM xrsec/php:latest | FROM xrsec/php:5.6 | FROM xrsec/php:7.4 | FROM xrsec/php:initLABEL From="xrsec"ARG TARGETPLATFORM 123RUN mkdir -p /www /www/server /www/bak /www/server/php74 /www/server/php56COPY --from=xrsec/php:7.4 /www/server/php74 /www/server/php74COPY --from=xrsec/php:5.6 /www/server/php56 /www/server/php56 123456789101112131415161718RUN ln -sf /www/server/php74/bin/php /www/env/php74 \ &&...
Oracle Java Docker
README This warehouse code and container are prohibited from commercial use OracleJava Dockerfile official Oracle Java Step Download Split 1234567891011split -b 50m jdk-8u301-linux-x64.rpm jdk-8u301-linux-amd64-split -b 50m jdk-11.0.12_linux-x64_bin.rpm jdk-11.0.12_linux-amd64-split -b 50m jdk-11.0.12_linux-aarch64_bin.rpm jdk-11.0.12_linux-arm64-split -b 50m jdk-16.0.2_linux-x64_bin.rpm jdk-16.0.2_linux-amd64-split -b 50m jdk-16.0.2_linux-aarch64_bin.rpm jdk-16.0.2_linux-arm64-split...
微信公众号 Markdown 排版工具
用于格式化 Markdown,粘贴到微信公众号的工具。 在线使用地址https://wxweb.zygd.site/ Docker 部署1docker run -it -d --restart=always -p 5052:80 --name wxweb wxweb:latest 问题反馈 & 建议https://github.com/softwarefly/online-markdown/issues/new 致谢 @Phodal @barretlee @dyc87112 @softwarefly XRSec has the right to modify and interpret this article. If you want to reprint or disseminate this article, you must ensure the integrity of this article, including all contents such as copyright notice. Without the permission...
Code Server Update
Run VS Code on any machine anywhere and access it in the browser. Highlights Code on any device with a consistent development environment Use cloud servers to speed up tests, compilations, downloads, and more Preserve battery life when you’re on the go; all intensive tasks run on your server RequirementsSee requirements for minimum specs, as well as instructions on how to set up a Google VM on which you can install code-server. TL;DR: Linux machine with WebSockets enabled, 1 GB RAM,...
Goby Server By Docker
About Attack surface mapping The new generation of network security technology achieves rapid security emergency through the establishment of a complete asset database for the target. Info123127.0.0.1:15001Username: gobyPassword: docker logs goby | grep " Goby_PassWord :" Github : https://github.com/XRSec/Goby-Docker.git UseInStall12345docker run -it --name goby -p 15001:15001 -e password=password -e port=15001 xrsec/goby:latest# Installing containers or updating goby requires...
Github Action with Docker
12DOCKERHUB_USERNAMEDOCKERHUB_TOKEN Lite versionCanvas_Docker_Build.yml1234567891011121314151617181920212223242526272829303132333435363738394041name: Canvas Docker Buildon: push: branches: - main schedule: - cron: '0 0 * * MON'jobs: Canvas_Docker_Build: name: Canvas Docker Build runs-on: ubuntu-latest steps: - name: Private Actions Checkout uses: actions/checkout@v2.3.4 - name: Docker Setup QEMU uses:...
Xiaomi Mi Router 4C OpenWrt
刷机恩山无线论坛 小米路由器4C 刷 OpenWrt 废话不多说哈 1234567891011121314151617dd if=/dev/mtd0 of=/tmp/all.bindd if=/dev/mtd1 of=/tmp/bootloader.bindd if=/dev/mtd3 of=/tmp/eeprom.bin#nc -l 9995 > all.bin[ mi4c ] nc 192.168.31.226 9995 < /tmp/all.binnc -l 9995 > bootloader.bin[ mi4c ] nc 192.168.31.226 9995 < /tmp/bootloader.binnc -l 9995 > eeprom.bin[ mi4c ] nc 192.168.31.226 9995 < /tmp/eeprom.bin## 注意方向[ mi4c ] nc -l 9995 < breed-mt7688-reset38.binnc 192.168.31.226 9995 >...
绕过CSDN 爬虫限制
今天准备整理书签,首选 Visual Studio Code 正则过滤 + Sublime Text 多选删除, 删除到一半,我需要知道目标网址的 description img 等信息, 我想干脆 requests 请求 text 然后再正则很快就搞定了,没想到 请求 CSDN 无内容 requests 请求123python3 -c 'import requestsrequests.packages.urllib3.disable_warnings()print(requests.get("https://blog.csdn.net/qq_33451584/article/details/119834318", timeout=5, verify=False).content.decode("utf-8"))' urllib3请求12python3 -c 'import urllib3print(urllib3.PoolManager().urlopen("GET",...
Vulnhub EvilBox靶机打靶过程
靶机详解难度: 中级 环境 kali Linux 2021 192.168.0.104Linux Kernel 192.168.0.103 涉及技术主机发现 网络扫描 强制访问 参数爆破 文件包含 PHP封装器 任意文件读取 SSH公钥登录 离线密码破解 系统权限漏洞利用 打靶开始1sudo arp-scan -l 进行主机发现 发现目标主机IP为 192.168.0.103 进行端口扫描 1nmap -sC -sV -p- 192.168.0.103 发现目标主机打开的22,80端口,首先率先考虑 80 端口是否存在漏洞 打开后发现如下, 使用 dirsearch 进行目录爆破 1dirsearch -u http://192.168.0.103/ -w /home/yifang/fuzz/dirtop60000.txt -f 发现目标存在 secret文件夹,打开后发现了一段字符 hacker ,继续使用dirsearch 进行目录爆破,发现了在secret下有一个evil.php的文件。此时的渗透工作似乎进入了瓶颈期,想到了可以对evil.php下的文件的get...
