├── LICENSE ├── README.md ├── 内网渗透 └── 域环境搭建 │ ├── 域环境搭建.assets │ ├── image-20221113150414746.png │ ├── image-20221113150557916.png │ ├── image-20221113150621146.png │ ├── image-20221113150941624.png │ ├── image-20221113151032792.png │ ├── image-20221113151112088.png │ ├── image-20221113151146092.png │ ├── image-20221113151215211.png │ ├── image-20221113151954017.png │ ├── image-20221113152046084.png │ ├── image-20221113152206162.png │ ├── image-20221113152711897.png │ ├── image-20221113153029439.png │ ├── image-20221113153149213.png │ ├── image-20221113153312315.png │ ├── image-20221113153336300.png │ ├── image-20221113153422235.png │ ├── image-20221113153621487.png │ ├── image-20221113153730018.png │ ├── image-20221113153752413.png │ ├── image-20221113153824974.png │ ├── image-20221113153917711.png │ ├── image-20221113153958572.png │ ├── image-20221113154035608.png │ ├── image-20221113154224283.png │ ├── image-20221113154313787.png │ ├── image-20221113154356770.png │ ├── image-20221113210342846.png │ ├── image-20221113210437065.png │ ├── image-20221113210538978.png │ ├── image-20221113210853382.png │ ├── image-20221113210928330.png │ ├── image-20221113211015267.png │ ├── image-20221113211452784.png │ ├── image-20221113213247180.png │ ├── image-20221113235528131.png │ ├── image-20221114104237486.png │ ├── image-20221114104931907.png │ ├── image-20221114125029659.png │ ├── image-20221114125224037.png │ ├── image-20221114125409591.png │ ├── image-20221114125443346.png │ ├── image-20221114125634224.png │ ├── image-20221114125820764.png │ ├── image-20221217195145181.png │ ├── image-20221217195345732.png │ ├── image-20221217195912782.png │ ├── image-20221217200009246.png │ ├── image-20221217200313916.png │ ├── image-20221217201311674.png │ └── image-20221217201346054.png │ ├── 域环境搭建.md │ ├── 域环境部署.drawio │ ├── 硬盘扩容.assets │ └── image-20221217193019549.png │ └── 硬盘扩容.md ├── 工具开发 ├── Golang-RDI │ └── Golang-RDI.md ├── Sliver中的进程注入 │ ├── Sliver中的进程注入.assets │ │ ├── image-20221221161530797.png │ │ ├── image-20221221161723071.png │ │ ├── image-20221221161853765.png │ │ ├── image-20221221161949512.png │ │ ├── image-20221221162159686.png │ │ ├── image-20221221162402858.png │ │ └── image-20221221162517487.png │ └── Sliver中的进程注入.md ├── StealToken │ ├── StealToken.assets │ │ ├── image-20221130215623677.png │ │ ├── image-20221130220409419.png │ │ ├── image-20221218140215540.png │ │ ├── image-20221218140309842.png │ │ ├── image-20221218141454877.png │ │ └── image-20221218141752717.png │ └── StealToken.md ├── exec.Command传参问题-空格和引号 │ ├── exec.Command传参问题-空格和引号.assets │ │ ├── image-20221220151150007.png │ │ ├── image-20221220151437516.png │ │ └── image-20221220151602936.png │ └── exec.Command传参问题-空格和引号.md ├── exec.Command执行ntlmrelayx │ ├── exec.Command执行ntlmrelayx.assets │ │ ├── image-20221221113811183.png │ │ ├── image-20221221113912280.png │ │ ├── image-20221221114030717.png │ │ ├── image-20221221114543563.png │ │ └── image-20221221115111312.png │ └── exec.Command执行ntlmrelayx.md ├── exec.Command执行报错解决 │ ├── exec.Command执行报错解决.assets │ │ ├── image-20221123215651733.png │ │ ├── image-20221123215929254.png │ │ ├── image-20221123220144989.png │ │ └── image-20221123220640640.png │ └── exec.Command执行报错解决.md ├── runtime.GOARCH代表的是什么 │ ├── runtime.GOARCH代表的是什么.assets │ │ ├── image-20221204162541882.png │ │ ├── image-20221204162610494.png │ │ ├── image-20221204162641832.png │ │ ├── image-20221204163014568.png │ │ ├── image-20221204163029594.png │ │ ├── image-20221204163050922.png │ │ └── image-20221204163252394.png │ └── runtime.GOARCH代表的是什么.md └── syscall.Syscall的调用 │ ├── syscall.Syscall的调用.assets │ ├── image-20230207141723643.png │ ├── image-20230207142009183.png │ ├── image-20230207142244474.png │ ├── image-20230207142423168.png │ ├── image-20230207142528655.png │ └── image-20230209100302657.png │ └── syscall.Syscall的调用.md └── 杂 ├── Android 环境部署 ├── Android 环境部署.assets │ ├── image-20221114224150215.png │ ├── image-20221114231439918.png │ ├── image-20221114231829948.png │ ├── image-20221114232041581.png │ ├── image-20221114232218612.png │ ├── image-20221114232324522.png │ ├── image-20221114232432696.png │ ├── image-20221114233452126.png │ ├── image-20221114233655635.png │ ├── image-20221114233719153.png │ ├── image-20221115102940606.png │ ├── image-20221115103043485.png │ └── image-20221115103153380.png └── Android 环境部署.md ├── GoLand Address already in use ├── GoLand Address already in use.assets │ └── image-20230114093824459.png └── GoLand Address already in use.md ├── Win11 网线无法识别问题 ├── Win11 网线无法识别.assets │ ├── image-20221114182932256.png │ ├── image-20221114183050773.png │ ├── image-20221114192454250.png │ ├── image-20221114192622178.png │ └── image-20221114192724263.png └── Win11 网线无法识别.md └── Windows安装GoogleStore ├── Windows安装GoogleStore.assets ├── image-20221204221320406.png ├── image-20221204221405954.png ├── image-20221204221619759.png ├── image-20221204221818445.png ├── image-20221204222802235.png ├── image-20221204224455165.png ├── image-20221204233427388.png ├── image-20221204233635964.png └── image-20221205092615632.png └── Windows安装GoogleStore.md /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 s3cst4rs 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Study_Notes 2 | 内网渗透、工具开发、二进制等相关笔记 3 | 4 | 每次都会攒下来非常多要研究、要沉淀的内容,最后都因为各种各样的原因搁置或者忘记,将计划与总结都记录下来,可能会有所改善吧 5 | 当然,更希望能够得到大家的指点(整体方向或者技术细节),也期望与大家探讨 6 | 7 | # Projects 8 | 在上方的 Projects 中可以看到我目前以及后续的学习计划表 9 | 10 | # Issues 11 | 如果有发现记录的问题或者有需要探讨的内容,请创建 Issues,并说明具体情况,至少包含下面三点 12 | - 链接(需要探讨或者有问题的链接) 13 | - 描述(描述具体问题,以及具体的环境等) 14 | - 思考/尝试(对于上面问题所进行的尝试或者自己的思考、想法、理解等) 15 | 16 | # 计划 17 | [Projects](https://github.com/users/s3cst4rs/projects/1) 18 | 19 | [2023安排](https://github.com/s3cst4rs/Study_Notes/issues/9) 20 | 21 | # 目录 22 | ## 内网渗透 23 | [域环境搭建](./内网渗透/域环境搭建/域环境搭建.md) 24 | 25 | [硬盘扩容](./内网渗透/域环境搭建/硬盘扩容.md) 26 | 27 | ## 工具开发 28 | [Sliver Review](https://github.com/s3cst4rs/Study_Notes/issues/3) 29 | 30 | [Havoc Review](https://github.com/s3cst4rs/Study_Notes/issues/10) 31 | 32 | [StealToken](./工具开发/StealToken/StealToken.md) 33 | 34 | [MakeToken](./工具开发/StealToken/StealToken.md#make_token) 35 | 36 | [Sliver中的进程注入](./工具开发/Sliver中的进程注入/Sliver中的进程注入.md) 37 | 38 | [Golang-RDI](./工具开发/Golang-RDI/Golang-RDI.md) 39 | 40 | ### Go 41 | [runtime.GOARCH代表的是什么](./工具开发/runtime.GOARCH代表的是什么/runtime.GOARCH代表的是什么.md) 42 | 43 | [exec.Command执行报错解决](./工具开发/exec.Command执行报错解决/exec.Command执行报错解决.md) 44 | 45 | [exec.Command传参问题-空格和引号](./工具开发/exec.Command传参问题-空格和引号/exec.Command传参问题-空格和引号.md) 46 | 47 | [exec.Command执行ntlmrelayx](./工具开发/exec.Command执行ntlmrelayx/exec.Command执行ntlmrelayx.md) 48 | 49 | [syscall.Syscall的调用](./工具开发/syscall.Syscall的调用/syscall.Syscall的调用.md) 50 | 51 | ## 二进制 52 | 53 | ## 杂 54 | [Win11 网线无法识别问题](./杂/Win11%20网线无法识别问题/Win11%20网线无法识别.md) 55 | 56 | [Android 环境部署](./杂/Android%20环境部署/Android%20环境部署.md) 57 | 58 | [Windows安装GoogleStore](./杂/Windows安装GoogleStore/Windows安装GoogleStore.md) 59 | 60 | [GoLand Address already in use](./杂/GoLand%20Address%20already%20in%20use/GoLand%20Address%20already%20in%20use.md) -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113150414746.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113150414746.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113150557916.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113150557916.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113150621146.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113150621146.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113150941624.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113150941624.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113151032792.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113151032792.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113151112088.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113151112088.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113151146092.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113151146092.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113151215211.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113151215211.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113151954017.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113151954017.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113152046084.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113152046084.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113152206162.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113152206162.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113152711897.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113152711897.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113153029439.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113153029439.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113153149213.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113153149213.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113153312315.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113153312315.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113153336300.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113153336300.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113153422235.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113153422235.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113153621487.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113153621487.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113153730018.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113153730018.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113153752413.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113153752413.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113153824974.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113153824974.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113153917711.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113153917711.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113153958572.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113153958572.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113154035608.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113154035608.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113154224283.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113154224283.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113154313787.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113154313787.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113154356770.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113154356770.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113210342846.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113210342846.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113210437065.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113210437065.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113210538978.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113210538978.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113210853382.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113210853382.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113210928330.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113210928330.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113211015267.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113211015267.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113211452784.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113211452784.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113213247180.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113213247180.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221113235528131.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221113235528131.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221114104237486.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221114104237486.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221114104931907.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221114104931907.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221114125029659.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221114125029659.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221114125224037.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221114125224037.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221114125409591.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221114125409591.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221114125443346.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221114125443346.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221114125634224.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221114125634224.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221114125820764.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221114125820764.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221217195145181.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221217195145181.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221217195345732.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221217195345732.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221217195912782.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221217195912782.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221217200009246.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221217200009246.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221217200313916.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221217200313916.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221217201311674.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221217201311674.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.assets/image-20221217201346054.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/域环境搭建.assets/image-20221217201346054.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境搭建.md: -------------------------------------------------------------------------------- 1 | # 之前的问题 2 | 3 | - 08 作为主域控,操作不是很舒服,略卡顿 4 | - 避免一个虚拟机重复拷贝,可能会出现加用户时,提示 SID 冲突 5 | - 账号密码未设置为永不失效,需要频繁修改密码 6 | - 只有一个域用户,所有机器均是它加进域的,测试委派时易混乱 7 | - AD CS 部署问题 8 | - 网段划分 9 | - 同网段内,域外机器,方便测试,包括 Kali 等机器 10 | - VM 仅主机模式,不出网问题 11 | 12 | # 规划图 13 | 14 | ![image-20221113235528131](./域环境搭建.assets/image-20221113235528131.png) 15 | 16 | 17 | 18 | # 双网卡 19 | 20 | 双网卡机器上,server16、server12 在访问 test.com 会走域内的 dns,win7 就直接访问了公网,更改 DNS 设置也不行 21 | 22 | 暂时考虑日常将 NAT 网卡禁用,需要联网下载时,再启用 23 | 24 | # ADCS 25 | 26 | ![image-20221113150414746](./域环境搭建.assets/image-20221113150414746.png) 27 | 28 | ![image-20221113150621146](./域环境搭建.assets/image-20221113150621146.png) 29 | 30 | ![image-20221113150557916](./域环境搭建.assets/image-20221113150557916.png) 31 | 32 | 先配置证书颁发机构,需要依赖前两个服务 33 | 34 | ![image-20221113150941624](./域环境搭建.assets/image-20221113150941624.png) 35 | 36 | ![image-20221113151032792](./域环境搭建.assets/image-20221113151032792.png) 37 | 38 | 结束后再配置其他角色服务 39 | 40 | ![image-20221113151112088](./域环境搭建.assets/image-20221113151112088.png) 41 | 42 | ![image-20221113151146092](./域环境搭建.assets/image-20221113151146092.png) 43 | 44 | 需要指定一个域用户,并且在本地的 IIS_IUSRS 组当中 ,如果 ADCS 安装在域控上,那么这个用户也需要能够登录域控(可以选择将其加入管理员组,当然是有风险的) 45 | 46 | ![image-20221113151215211](./域环境搭建.assets/image-20221113151215211.png) 47 | 48 | 将用户添加到域管组当中 49 | 50 | ![image-20221113151954017](./域环境搭建.assets/image-20221113151954017.png) 51 | 52 | 指定时需要输入密码 53 | 54 | ![image-20221113152046084](./域环境搭建.assets/image-20221113152046084.png) 55 | 56 | 后面也有同样的需求,操作一致 57 | 58 | ![image-20221113152206162](./域环境搭建.assets/image-20221113152206162.png) 59 | 60 | 之后就完成了整个的安装 61 | 62 | 访问 `http://192.168.20.10/certsrv/` 63 | 64 | 需要使用域用户来认证 65 | 66 | ![image-20221113153149213](./域环境搭建.assets/image-20221113153149213.png) 67 | 68 | ![image-20221113153312315](./域环境搭建.assets/image-20221113153312315.png) 69 | 70 | 然后申请证书-》高级证书 71 | 72 | ![image-20221113153336300](./域环境搭建.assets/image-20221113153336300.png) 73 | 74 | 这里需要提交 Base64 的证书提交 75 | 76 | ![image-20221113153422235](./域环境搭建.assets/image-20221113153422235.png) 77 | 78 | 在 IIS 中进入服务器证书,选择创建 79 | 80 | ![image-20221113153029439](./域环境搭建.assets/image-20221113153029439.png) 81 | 82 | 通用名称就是需要申请的域名 83 | 84 | ![image-20221113153621487](./域环境搭建.assets/image-20221113153621487.png) 85 | 86 | 之后会生成一个 Base64 的证书文件 87 | 88 | ![image-20221113153730018](./域环境搭建.assets/image-20221113153730018.png) 89 | 90 | ![image-20221113153752413](./域环境搭建.assets/image-20221113153752413.png) 91 | 92 | 将值贴入,并选择证书模板为 Web 服务器 93 | 94 | ![image-20221113153824974](./域环境搭建.assets/image-20221113153824974.png) 95 | 96 | 之后下载证书,会得到一个 cer 的证书文件 97 | 98 | ![image-20221113153917711](./域环境搭建.assets/image-20221113153917711.png) 99 | 100 | 接着在 IIS 中选择完成创建 101 | 102 | ![image-20221113153958572](./域环境搭建.assets/image-20221113153958572.png) 103 | 104 | 选择并指定存储 105 | 106 | ![image-20221113154035608](./域环境搭建.assets/image-20221113154035608.png) 107 | 108 | 接下来验证一下,是否生效 109 | 110 | 手动增加一条 A 记录 111 | 112 | ![image-20221113152711897](./域环境搭建.assets/image-20221113152711897.png) 113 | 114 | 直接访问 https 会出现证书错误 115 | 116 | ![image-20221113154224283](./域环境搭建.assets/image-20221113154224283.png) 117 | 118 | 然后编辑网站并修改 SSL 证书 119 | 120 | ![image-20221113154313787](./域环境搭建.assets/image-20221113154313787.png) 121 | 122 | 之后再重新访问,证书已经正常工作 123 | 124 | ![image-20221113154356770](./域环境搭建.assets/image-20221113154356770.png) 125 | 126 | - 注意主备域控之间的数据同步是需要时间的,DNS 记录的同步默认需要 15 分钟,在同步之后还需要通过 `ipconfig /flushdns` 来刷新一下本地的 DNS 缓存才能够生效 127 | 128 | # Exchange 129 | 130 | 在 Server16 上安装 ExchangeServer2016-x64-cu11 131 | 132 | 需要先安装一个补丁包 kb3206632 133 | 134 | 但是如果直接装载会报错 135 | 136 | ![image-20221113210342846](./域环境搭建.assets/image-20221113210342846.png) 137 | 138 | 可以在本地解压完成后,再拷入执行 Setup 139 | 140 | ![image-20221113210437065](./域环境搭建.assets/image-20221113210437065.png) 141 | 142 | 之后等待一会,时间可能会较长,之后就会出现安装界面 143 | 144 | ![image-20221113210538978](./域环境搭建.assets/image-20221113210538978.png) 145 | 146 | 之后就是复制文件,初始化等操作了,静待安装 147 | 148 | ![image-20221113210853382](./域环境搭建.assets/image-20221113210853382.png) 149 | 150 | 为了简便,选择不拆分 151 | 152 | ![image-20221113210928330](./域环境搭建.assets/image-20221113210928330.png) 153 | 154 | 在检查完先决条件后,就可以安装了 155 | 156 | ![image-20221113211015267](./域环境搭建.assets/image-20221113211015267.png) 157 | 158 | 之后就发现需要有多个环境包需要安装 159 | 160 | ![image-20221113211452784](./域环境搭建.assets/image-20221113211452784.png) 161 | 162 | 在解决完依赖之后,就可以继续安装了 163 | 164 | ![image-20221113213247180](./域环境搭建.assets/image-20221113213247180.png) 165 | 166 | 漫长等待之后就完成了 167 | 168 | ![image-20221114104237486](./域环境搭建.assets/image-20221114104237486.png) 169 | 170 | 之后在 PC 机器上验证,此时只能登录管理员,其他域用户当前是不存在邮箱账号的 171 | 172 | ![image-20221114104931907](./域环境搭建.assets/image-20221114104931907.png) 173 | 174 | 如果登录的时候,出现了 "Microsoft.Exchange.Data.Storage.ObjectNotFoundException" 的错误 175 | 176 | ![image-20221114125029659](./域环境搭建.assets/image-20221114125029659.png) 177 | 178 | 此时事件查看器中的错误是 146 179 | 180 | ![image-20221114125409591](./域环境搭建.assets/image-20221114125409591.png) 181 | 182 | 可以去 Exchange 的 Management Shell 当中执行下面的命令,先禁用用户,之后再启用 183 | 184 | ``` 185 | Disable-Mailbox -identity administrator 186 | Enable-Mailbox -identity administrator 187 | ``` 188 | 189 | ![image-20221114125224037](./域环境搭建.assets/image-20221114125224037.png) 190 | 191 | 然后再刷新就可以了 192 | 193 | ![image-20221114125443346](./域环境搭建.assets/image-20221114125443346.png) 194 | 195 | 如果访问报了 503 等错误,可以在 Exchange 的 IIS 管理当中,检查默认网站的证书绑定情况 196 | 197 | ![image-20221114125634224](./域环境搭建.assets/image-20221114125634224.png) 198 | 199 | 还有 Exchange 444、81 等端口的证书绑定情况和开放情况等 200 | 201 | ![image-20221114125820764](./域环境搭建.assets/image-20221114125820764.png) 202 | 203 | 完后重启即可 204 | 205 | 206 | 207 | # SID 冲突 208 | 209 | 在之前的处理当中,并没有解决 SID 冲突的问题,经过朋友介绍,有一个工具可以完成这个需求 210 | 211 | sysprep,Windows自带,在 C 盘的 system32 目录下 212 | 213 | ![image-20221217195345732](./域环境搭建.assets/image-20221217195345732.png) 214 | 215 | 直接运行即可 216 | 217 | ![image-20221217200009246](./域环境搭建.assets/image-20221217200009246.png) 218 | 219 | 之后就会进入到重新安装的界面 220 | 221 | ![image-20221217200313916](./域环境搭建.assets/image-20221217200313916.png) 222 | 223 | 224 | 225 | 重启前 226 | 227 | ![image-20221217195145181](./域环境搭建.assets/image-20221217195145181.png) 228 | 229 | ![image-20221217195912782](./域环境搭建.assets/image-20221217195912782.png) 230 | 231 | 重启后 232 | 233 | ![image-20221217201346054](./域环境搭建.assets/image-20221217201346054.png) 234 | 235 | ![image-20221217201311674](./域环境搭建.assets/image-20221217201311674.png) 236 | 237 | 包括桌面等一些配置信息都已经被清除了,软件等还在,C 盘目录下的文件也还在 238 | 239 | 整体情况来看,就是将Windows系统相关的内容重置 240 | -------------------------------------------------------------------------------- /内网渗透/域环境搭建/域环境部署.drawio: -------------------------------------------------------------------------------- 1 | 5Zldb5swFIZ/jaXtohFgPswlELpV06ZprOvuJgouWAMcEWeh+fUziUkCdtq1WgdrpEiB9/gDv4997BAAg7J5V8eL/CNNcQEMLW0AnAPD0E3T4V+tcr9TEBJCVpNUFDoIEdlgIWpCXZEUL3sFGaUFI4u+mNCqwgnraXFd03W/2B0t+r0u4gxLQpTEhazekJTlOxVCTTsE3mOS5aJr00aiShl3pUXRZR6ndH0kwRDAoKaU7a7KJsBF615nzK7e5Yno/slqXLE/qYDv5l/nzcbSvlmL5nsY4CxcXbi7Vn7FxUqMWDwsu+8sqOmqSnHbiA6gv84Jw9EiTtromkPnWs7KQoRFc7hmuDn5nPp+9HzeYFpiVt/zIqLC3lsxZfTOwPUBAOq0/Mh7q5s0sYCe7ds+2MIvhDNPcEmXXQpN4CPg+yC0gHvZfkIboBB4zsU80HgFu+CP5d/W/CprryJcc1t0W454vEEtiOSA7hoz3UYzQ5t1QxuRy97ejguSuehQwcV5KSyGAgtnEgJkqbEYp7Bo6GH39dHdd5ypuW8q3LeBGwA0b91HHvD0LQYXeOhC+PxcAsb4BGyzTwDCsQnA5xA4nZoUbI4JjJ+BTH1qBKwnEQibJI8rfuB4wuZwTEAB6BNmvH8QOsCfA3fbF+/aG3+1IGdqrGyJ1WflRn1DqnaePQACKsKTBTFcNOboG4ejAqGY2xyE8zAHBb3JchguiPE5dBPjCATDSzZLaCm5xcfN+pYsWU1/4oAWtOZKRSte0r8jRTGQ4oJkFb9NuE+Y637rIuG/sDwRKEmatt0oGRwoaX9pF0eDc5QpY7AVFOCLUZBPsde3q4qtHvk98D/nINsafe7LZ6cPfKY+4vn/nG8m4Lm8A7f5hre1aY9Fy7g6n7Szf8kxWtqRd+GzgeFq1sRgyK/hBIyCLMnrBWGafRCmIkf9UxDdEM4NxHBFjA9CPhWdBYjhihg9NRnya74tCCtY822ijDfkzdVV9OPqOvoSvX29XKwBF+PlFgi/PfwptI0d/bcGw98= -------------------------------------------------------------------------------- /内网渗透/域环境搭建/硬盘扩容.assets/image-20221217193019549.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/内网渗透/域环境搭建/硬盘扩容.assets/image-20221217193019549.png -------------------------------------------------------------------------------- /内网渗透/域环境搭建/硬盘扩容.md: -------------------------------------------------------------------------------- 1 | 在搭建环境的时候经常会出现一段时间之后,空间不够的问题,但是扩容又发现无法进行,主要问题就只有一个,VM 的扩容不允许之前存在快照 2 | 3 | ![image-20221217193019549](./硬盘扩容.assets/image-20221217193019549.png) 4 | 5 | 所以需要先移除当前快照,或者将当前快照状态完整克隆一份新的出来,然后再进行增加 6 | 7 | 之后的操作就很容易了,用自带的也可以,用第三方工具也可以 8 | 9 | Windows 可以使用 DiskGenius 10 | 11 | Linux 可以使用 gparted 12 | 13 | ``` 14 | sudo apt-get install gparted 15 | ``` 16 | 17 | 都是图形化操作,纯点击就可以了 -------------------------------------------------------------------------------- /工具开发/Golang-RDI/Golang-RDI.md: -------------------------------------------------------------------------------- 1 | # 介绍 2 | 3 | 最近实现了一下 Golang 版本的 RDI,发现 WBG 已经实现过了,就直接借鉴一下 4 | 5 | 因为自己有对 RDI 进行其他的修改,就没办法直接拿来用了,在适配的时候发现在 Go 当中调用跟直接调用 C 版本一些差别,这里记录一下 6 | 7 | 8 | 9 | # 差异 10 | 11 | 在原版的 RDI 中,是通过 Intel 提供了一个函数来获取当前在 PE 文件中的位置 12 | 13 | ``` 14 | __declspec(noinline) ULONG_PTR caller( VOID ) { return (ULONG_PTR)_ReturnAddress(); } 15 | ``` 16 | 17 | 而用 GCC 编译的时候是没有这个符号的,需要替换 18 | 19 | ``` 20 | __declspec(noinline) ULONG_PTR caller( VOID ) { return (ULONG_PTR)__builtin_return_address(0); } 21 | ``` 22 | 23 | 在 GCC 文档中也能够看到相关的描述 https://gcc.gnu.org/onlinedocs/gcc/Return-Address.html 24 | 25 | 26 | 27 | 还有一个目前不确定作用的宏 `MINGW_FORCE_SYS_INTRINS` ,在刚开始编译的时候有重复定义的问题,后续又没有了,但是这个宏又跟这些没有关系,有可能是编译问题,重新编译之后才正常的,具体原因不清楚 28 | 29 | 30 | 31 | 对于其他的并没有太大的差别,主要还是 GCC 与 MSVC 的差异造成的一些小问题 32 | 33 | # 参考 34 | 35 | https://github.com/WBGlIl/go-ReflectiveDLL 36 | 37 | https://xz.aliyun.com/t/10143 -------------------------------------------------------------------------------- /工具开发/Sliver中的进程注入/Sliver中的进程注入.assets/image-20221221161530797.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/Sliver中的进程注入/Sliver中的进程注入.assets/image-20221221161530797.png -------------------------------------------------------------------------------- /工具开发/Sliver中的进程注入/Sliver中的进程注入.assets/image-20221221161723071.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/Sliver中的进程注入/Sliver中的进程注入.assets/image-20221221161723071.png -------------------------------------------------------------------------------- /工具开发/Sliver中的进程注入/Sliver中的进程注入.assets/image-20221221161853765.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/Sliver中的进程注入/Sliver中的进程注入.assets/image-20221221161853765.png -------------------------------------------------------------------------------- /工具开发/Sliver中的进程注入/Sliver中的进程注入.assets/image-20221221161949512.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/Sliver中的进程注入/Sliver中的进程注入.assets/image-20221221161949512.png -------------------------------------------------------------------------------- /工具开发/Sliver中的进程注入/Sliver中的进程注入.assets/image-20221221162159686.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/Sliver中的进程注入/Sliver中的进程注入.assets/image-20221221162159686.png -------------------------------------------------------------------------------- /工具开发/Sliver中的进程注入/Sliver中的进程注入.assets/image-20221221162402858.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/Sliver中的进程注入/Sliver中的进程注入.assets/image-20221221162402858.png -------------------------------------------------------------------------------- /工具开发/Sliver中的进程注入/Sliver中的进程注入.assets/image-20221221162517487.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/Sliver中的进程注入/Sliver中的进程注入.assets/image-20221221162517487.png -------------------------------------------------------------------------------- /工具开发/Sliver中的进程注入/Sliver中的进程注入.md: -------------------------------------------------------------------------------- 1 | 进程注入都是正常的注入流程,但是在 Sliver 中有些许的不同,拿 CreateRemoteThread 来说 2 | 3 | 拿 ired 中的例子来说明 4 | 5 | https://www.ired.team/offensive-security/code-injection-process-injection/process-injection#executing-shellcode-in-remote-process 6 | 7 | ``` 8 | processHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, DWORD(atoi(argv[1]))); 9 | remoteBuffer = VirtualAllocEx(processHandle, NULL, sizeof shellcode, (MEM_RESERVE | MEM_COMMIT), PAGE_EXECUTE_READWRITE); 10 | WriteProcessMemory(processHandle, remoteBuffer, shellcode, sizeof shellcode, NULL); 11 | remoteThread = CreateRemoteThread(processHandle, NULL, 0, (LPTHREAD_START_ROUTINE)remoteBuffer, NULL, 0, NULL); 12 | CloseHandle(processHandle); 13 | ``` 14 | 15 | 可以看到在获取句柄的时候,使用过 OpenProcess 获取 PROCESS_ALL_ACCESS 权限 16 | 17 | 但是在 Sliver 当中的流程是这样的 18 | 19 | 先 OpenProcess 获取 PROCESS_DUP_HANDLE;然后 DuplicateHandle 复制句柄,最后使用复制到的句柄进行注入 20 | 21 | ![image-20221221161530797](./Sliver中的进程注入.assets/image-20221221161530797.png) 22 | 23 | 注入就是一样的流程了 24 | 25 | ![image-20221221161723071](./Sliver中的进程注入.assets/image-20221221161723071.png) 26 | 27 | 那这两种操作有什么区别呢,翻看微软文档可以发现一些差异 28 | 29 | 当我们要去申请内存的时候,是需要有 PROCESS_VM_OPERATION 权限的 30 | 31 | ![image-20221221161853765](./Sliver中的进程注入.assets/image-20221221161853765.png) 32 | 33 | 再去看看权限列表,发现如果要完成后续的注入并不止这一些权限 34 | 35 | ![image-20221221161949512](./Sliver中的进程注入.assets/image-20221221161949512.png) 36 | 37 | 所以说要进行后续的操作需要有一系列的权限支持,所以我们一直使用的是 PROCESS_ALL_ACCESS 38 | 39 | 而 DuplicateHandle 很明显,要完成这个步骤只需要有一个权限 PROCESS_DUP_HANDLE 40 | 41 | ![image-20221221162159686](./Sliver中的进程注入.assets/image-20221221162159686.png) 42 | 43 | 那直接 OpenProcess 和 DuplicateHandle 有什么区别了,微软文档当中也有描述,可以看出它们在进行权限校验的时候是走了不同的验证逻辑 44 | 45 | ![image-20221221162402858](./Sliver中的进程注入.assets/image-20221221162402858.png) 46 | 47 | 再后面微软也有更加明确的描述,复制句柄之后能够获取到访问目标进程的最大权限 48 | 49 | ![image-20221221162517487](./Sliver中的进程注入.assets/image-20221221162517487.png) 50 | 51 | 从这块也就间接看出来,OpenProcess 获取 PROCESS_ALL_ACCESS 拿到的句柄权限 跟 DuplicateHandle 得到的句柄权限还是存在一定的大小差别 -------------------------------------------------------------------------------- /工具开发/StealToken/StealToken.assets/image-20221130215623677.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/StealToken/StealToken.assets/image-20221130215623677.png -------------------------------------------------------------------------------- /工具开发/StealToken/StealToken.assets/image-20221130220409419.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/StealToken/StealToken.assets/image-20221130220409419.png -------------------------------------------------------------------------------- /工具开发/StealToken/StealToken.assets/image-20221218140215540.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/StealToken/StealToken.assets/image-20221218140215540.png -------------------------------------------------------------------------------- /工具开发/StealToken/StealToken.assets/image-20221218140309842.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/StealToken/StealToken.assets/image-20221218140309842.png -------------------------------------------------------------------------------- /工具开发/StealToken/StealToken.assets/image-20221218141454877.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/StealToken/StealToken.assets/image-20221218141454877.png -------------------------------------------------------------------------------- /工具开发/StealToken/StealToken.assets/image-20221218141752717.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/StealToken/StealToken.assets/image-20221218141752717.png -------------------------------------------------------------------------------- /工具开发/StealToken/StealToken.md: -------------------------------------------------------------------------------- 1 | # StealToken 2 | 3 | StealToken 的流程是比较清楚简单的,但是要将其整合进框架等其他情况的话,还需要再多考虑一些其他的问题 4 | 5 | 基本流程就是这样 6 | 7 | ``` 8 | RtlAdjustPrivilege 9 | OpenProcess(PROCESS_QUERY_INFORMATION, TRUE, dwPid) 10 | OpenProcessToken(hProcess, TOKEN_DUPLICATE | TOKEN_ASSIGN_PRIMARY | TOKEN_QUERY, &hToken) 11 | ImpersonateLoggedOnUser(hToken) 12 | DuplicateTokenEx(hToken, MAXIMUM_ALLOWED, NULL, SecurityDelegation, TokenPrimary, &hNewToken) 13 | ImpersonateLoggedOnUser(hNewToken) 14 | ``` 15 | 16 | 在正常工具当中,到这里也就结束了,直接使用新的 Token 创建一个进程就 OK 了,当要整合的时候,就会发现,它还有一些需要考虑的地方,如何在不创建 cmd 的时候,继续使用 Token 去执行其他的命令 17 | 18 | 首先根据文档可以得知,当前模拟的 Token 是基于线程上下文的 19 | 20 | ![image-20221130215623677](./StealToken.assets/image-20221130215623677.png) 21 | 22 | 所以后续的执行流程都必须依赖于经过模拟的线程 23 | 24 | 当在 C2 中执行时,steal_token 执行完成后,当前的功能点也就结束了,然后继续执行 pth、dir \\\\xxxxx\\c$ 等命令时,所依赖的点已经不再是当前的线程了,为了保证后续所使用的功能都继续使用当前模拟的 Token 来进行 25 | 26 | 可以在 steal_token 执行完之后,将新 Token 的 Handle 保存下来,当在其他地方执行之前,先判断有无已经克隆的 Token,如果有的话就再使用这个 Handle 模拟一次,保证后续的流程 27 | 28 | ``` 29 | if TokenHandle != 0 { 30 | ImpersonateLoggedOnUser(TokenHandle) 31 | } else { 32 | RevertToSelf() 33 | } 34 | ``` 35 | 36 | 之后在 rev2self 的时候,也就需要注意将之前保存的句柄清除掉,以免后续继续使用一个不存在的句柄在继续模拟,导致问题的发生 37 | 38 | rev2self 所使用的就是微软提供的停止模拟的 API 39 | 40 | ``` 41 | BOOL RevertToSelf(); 42 | ``` 43 | 44 | ![image-20221130220409419](./StealToken.assets/image-20221130220409419.png) 45 | 46 | 47 | # C#中的模拟 48 | 49 | 昨天看到了 rastamouse 关于 Token impersonation 的文章 50 | 51 | https://rastamouse.me/token-impersonation-in-csharp/ 52 | 53 | 主要提了 C# 的两种模拟的方案 54 | 55 | ![image-20221218140215540](./StealToken.assets/image-20221218140215540.png) 56 | 57 | 这个很明确,通过一个指定的 Token 来执行所提供的函数 58 | 59 | 另外一个有点不一样,是通过修改上下文来进行执行的 60 | 61 | ![image-20221218140309842](./StealToken.assets/image-20221218140309842.png) 62 | 63 | 这次对这块进行补充主要的原因是,在上面通过 Win32API 进行的模拟,只对于当前线程有作用 64 | 65 | 而在这篇文章中则提到了 C# 当中跨线程的模拟 66 | 67 | ![image-20221218141454877](./StealToken.assets/image-20221218141454877.png) 68 | 69 | # make_token 70 | 71 | 顺带一提,rastamouse 文章中也描述的 make_token ,make_token 使用的是 LogonUserW 来实现的,用来制作 Token 主要是依赖于其中的两个参数 72 | 73 | ![image-20221218141752717](./StealToken.assets/image-20221218141752717.png) 74 | 75 | 它会保证当前线程继续使用原有的 Token,只有在进行网络请求访问的时候才会使用新的模拟的 Token -------------------------------------------------------------------------------- /工具开发/exec.Command传参问题-空格和引号/exec.Command传参问题-空格和引号.assets/image-20221220151150007.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/exec.Command传参问题-空格和引号/exec.Command传参问题-空格和引号.assets/image-20221220151150007.png -------------------------------------------------------------------------------- /工具开发/exec.Command传参问题-空格和引号/exec.Command传参问题-空格和引号.assets/image-20221220151437516.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/exec.Command传参问题-空格和引号/exec.Command传参问题-空格和引号.assets/image-20221220151437516.png -------------------------------------------------------------------------------- /工具开发/exec.Command传参问题-空格和引号/exec.Command传参问题-空格和引号.assets/image-20221220151602936.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/exec.Command传参问题-空格和引号/exec.Command传参问题-空格和引号.assets/image-20221220151602936.png -------------------------------------------------------------------------------- /工具开发/exec.Command传参问题-空格和引号/exec.Command传参问题-空格和引号.md: -------------------------------------------------------------------------------- 1 | 当使用 exec.Command 来进行传参执行的时候,会出现参数没有被正确识别的情况,在跟引号和路径等相关情况的时候最为突出 2 | 3 | 在搜索资料的时候,发现了一篇有类似情况的文章 https://oser.space/post/gocmd/ 4 | 5 | 作者提到了官方文档中的一段话,这块之前确实没有注意到 6 | 7 | https://pkg.go.dev/os/exec#Command 8 | 9 | ![image-20221220151150007](./exec.Command传参问题-空格和引号.assets/image-20221220151150007.png) 10 | 11 | 大致是由于不同地方对于参数处理的不一致,导致了不同的执行结果 12 | 13 | 在 Go 的 Issues 当中也有类似的反馈 14 | 15 | https://github.com/golang/go/issues/17149 16 | 17 | ![image-20221220151437516](./exec.Command传参问题-空格和引号.assets/image-20221220151437516.png) 18 | 19 | 其中所指向的另一篇文章对这一块的例子说的很明确了,不同程序下所对应的不同解析 20 | 21 | https://daviddeley.com/autohotkey/parameters/parameters.htm#WIN 22 | 23 | ![image-20221220151602936](./exec.Command传参问题-空格和引号.assets/image-20221220151602936.png) 24 | 25 | 官方文档中给出的建议是,将参数放在 `SysProcAttr.CmdLine` 当中,并将 `Args ` 处制空 26 | 27 | > In these or other similar cases, you can do the quoting yourself and provide the full command line in SysProcAttr.CmdLine, leaving Args empty. 28 | 29 | 这样就可以正常进行解析了 -------------------------------------------------------------------------------- /工具开发/exec.Command执行ntlmrelayx/exec.Command执行ntlmrelayx.assets/image-20221221113811183.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/exec.Command执行ntlmrelayx/exec.Command执行ntlmrelayx.assets/image-20221221113811183.png -------------------------------------------------------------------------------- /工具开发/exec.Command执行ntlmrelayx/exec.Command执行ntlmrelayx.assets/image-20221221113912280.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/exec.Command执行ntlmrelayx/exec.Command执行ntlmrelayx.assets/image-20221221113912280.png -------------------------------------------------------------------------------- /工具开发/exec.Command执行ntlmrelayx/exec.Command执行ntlmrelayx.assets/image-20221221114030717.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/exec.Command执行ntlmrelayx/exec.Command执行ntlmrelayx.assets/image-20221221114030717.png -------------------------------------------------------------------------------- /工具开发/exec.Command执行ntlmrelayx/exec.Command执行ntlmrelayx.assets/image-20221221114543563.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/exec.Command执行ntlmrelayx/exec.Command执行ntlmrelayx.assets/image-20221221114543563.png -------------------------------------------------------------------------------- /工具开发/exec.Command执行ntlmrelayx/exec.Command执行ntlmrelayx.assets/image-20221221115111312.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/exec.Command执行ntlmrelayx/exec.Command执行ntlmrelayx.assets/image-20221221115111312.png -------------------------------------------------------------------------------- /工具开发/exec.Command执行ntlmrelayx/exec.Command执行ntlmrelayx.md: -------------------------------------------------------------------------------- 1 | 在正常执行 exec.Command 的时候是这样调用的 2 | 3 | ```go 4 | cmd = exec.Command(path, args[1:]...) 5 | cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true} 6 | if err = cmdhandle.Start(); err != nil { 7 | return err.Error() 8 | } 9 | if err = cmdhandle.Wait(); err != nil { 10 | return err.Error() 11 | } 12 | ``` 13 | 14 | 正常执行等是没有问题的,但是在执行 ntlmrelayx 的时候缺出现了 Python 进程直接退出的情况,但是在命令行下执行是没有问题的 15 | 16 | ![image-20221221113811183](./exec.Command执行ntlmrelayx.assets/image-20221221113811183.png) 17 | 18 | 而在 Golang 中用 exec.Command 的 Start() 就会直接结束,虽然执行到了同一个地方,但是进程直接没有了 19 | 20 | ![image-20221221113912280](./exec.Command执行ntlmrelayx.assets/image-20221221113912280.png) 21 | 22 | 于是想确定一下所执行到的位置,来判断一下可能出问题的地方 23 | 24 | 增加了五次结果输出 25 | 26 | ![image-20221221114030717](./exec.Command执行ntlmrelayx.assets/image-20221221114030717.png) 27 | 28 | 然后命令行与 Golang 执行的结果如下 29 | 30 | 命令行 31 | 32 | ``` 33 | Impacket v0.10.1.dev1 - Copyright 2022 SecureAuth Corporation 34 | 35 | [*] Protocol Client DCSYNC loaded.. 36 | [*] Protocol Client HTTPS loaded.. 37 | [*] Protocol Client HTTP loaded.. 38 | [*] Protocol Client IMAP loaded.. 39 | [*] Protocol Client IMAPS loaded.. 40 | [*] Protocol Client LDAP loaded.. 41 | [*] Protocol Client LDAPS loaded.. 42 | [*] Protocol Client MSSQL loaded.. 43 | [*] Protocol Client RPC loaded.. 44 | [*] Protocol Client SMB loaded.. 45 | [*] Protocol Client SMTP loaded.. 46 | [*] Running in reflection mode 47 | [*] Setting up SMB Server 48 | [*] Setting up HTTP Server on port 80 49 | [*] Setting up WCF Server 50 | [*] Setting up RAW Server on port 6666 51 | 52 | [*] Servers started, waiting for connections 53 | 2 54 | ``` 55 | 56 | Golang 57 | 58 | ``` 59 | Impacket v0.10.1.dev1 - Copyright 2022 SecureAuth Corporation 60 | 61 | 62 | [*] Protocol Client DCSYNC loaded.. 63 | [*] Protocol Client HTTP loaded.. 64 | [*] Protocol Client HTTPS loaded.. 65 | [*] Protocol Client IMAPS loaded.. 66 | [*] Protocol Client IMAP loaded.. 67 | [*] Protocol Client LDAPS loaded.. 68 | [*] Protocol Client LDAP loaded.. 69 | [*] Protocol Client MSSQL loaded.. 70 | [*] Protocol Client RPC loaded.. 71 | [*] Protocol Client SMB loaded.. 72 | [*] Protocol Client SMTP loaded.. 73 | [*] Running in relay mode to single host 74 | [*] Setting up SMB Server 75 | [*] Setting up HTTP Server on port 80 76 | [*] Setting up WCF Server 77 | 78 | [*] Setting up RAW Server on port 6666 79 | [*] Servers started, waiting for connections 80 | 2 81 | 3 82 | 4 83 | 5 84 | --- PASS: TestExecCmd (0.63s) 85 | PASS 86 | 87 | 88 | Process finished with the exit code 0 89 | 90 | ``` 91 | 92 | 对照上面的内容,也就是说明问题是出在 `sys.stdin.read()` 函数上 93 | 94 | 从字面意思可以明白,这里是在读取标准输入信息的,可是这里并为什么会决定 Golang 的执行流程呢,我们也没有做多余的处理 95 | 96 | 为了确定这里到底做了什么事情,跟进 Start() 看了一下实际的实现 97 | 98 | 一步步跟进去以后,发现并没有做什么特殊的操作,最后都是直接调用了 CreateProcess 来进行进程创建 99 | 100 | ![image-20221221114543563](./exec.Command执行ntlmrelayx.assets/image-20221221114543563.png) 101 | 102 | 所以问题并不应该出在进程创建,而是应该在一些流程或者参数的处理上 103 | 104 | 翻阅了很多资料,一直没有发现可能出现问题的地方,一度怀疑是交互的问题,又寻找了很多 Golang 实现交互式 Shell 的代码,并没有找到预期的东西 105 | 106 | 但是发现了一个共性的地方,它们的代码都有去专门处理 `stdin` ,难道是这个问题??? 107 | 108 | 于是自己测试了一下,增加了对于这块的处理,将系统的标准输入给到当前 109 | 110 | ``` 111 | cmd.Stdin = os.Stdin 112 | ``` 113 | 114 | 之后再进行测试已经完全没有问题了,进程也不会因此而退出 115 | 116 | ![image-20221221115111312](./exec.Command执行ntlmrelayx.assets/image-20221221115111312.png) 117 | 118 | 于是盲猜,可能是如果我们没有专门去指定输入、输出的话,它会直接不接收或者直接进行自己专门的处理 119 | 120 | 后面跟了一下 Golang 的相关处理,也对照微软文档寻找了相关的参数描述,但是并没有发现其中会出现问题的地方,这块有机会再继续跟进吧 -------------------------------------------------------------------------------- /工具开发/exec.Command执行报错解决/exec.Command执行报错解决.assets/image-20221123215651733.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/exec.Command执行报错解决/exec.Command执行报错解决.assets/image-20221123215651733.png -------------------------------------------------------------------------------- /工具开发/exec.Command执行报错解决/exec.Command执行报错解决.assets/image-20221123215929254.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/exec.Command执行报错解决/exec.Command执行报错解决.assets/image-20221123215929254.png -------------------------------------------------------------------------------- /工具开发/exec.Command执行报错解决/exec.Command执行报错解决.assets/image-20221123220144989.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/exec.Command执行报错解决/exec.Command执行报错解决.assets/image-20221123220144989.png -------------------------------------------------------------------------------- /工具开发/exec.Command执行报错解决/exec.Command执行报错解决.assets/image-20221123220640640.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/exec.Command执行报错解决/exec.Command执行报错解决.assets/image-20221123220640640.png -------------------------------------------------------------------------------- /工具开发/exec.Command执行报错解决/exec.Command执行报错解决.md: -------------------------------------------------------------------------------- 1 | # 问题 2 | 3 | 使用 `exec.Command(name, args)` 来执行命令,在执行 `sc query w32time` 时,报错 `executable file not found in %PATH%` 4 | 5 | # 尝试 6 | 7 | 根据 Command 的代码实现,如果第一个参数只填写名字的话,他会通过 LookPath 来寻找文件路径之后再执行 8 | 9 | ![image-20221123215651733](./exec.Command执行报错解决.assets/image-20221123215651733.png) 10 | 11 | LookPath 当中也获取了 path 环境变量,然后从中寻找 12 | 13 | ![image-20221123215929254](./exec.Command执行报错解决.assets/image-20221123215929254.png) 14 | 15 | 理论上来说是没有问题的,但是实际上还是会出现无法找到的情况 16 | 17 | 就报错和翻阅的资料来说,确实是环境变量的问题 18 | 19 | # 解决 20 | 21 | 从官方文档中的示例可以看到它有专门设置环境变量的例子 22 | 23 | https://pkg.go.dev/os/exec#Command 24 | 25 | ![image-20221123220144989](./exec.Command执行报错解决.assets/image-20221123220144989.png) 26 | 27 | 其中调用了 `os.Environ()` 来获取基本的环境变量,可以看到非常全的环境变量 28 | 29 | ![image-20221123220640640](./exec.Command执行报错解决.assets/image-20221123220640640.png) 30 | 31 | 之后再执行命令就不会出现问题了 32 | 33 | ``` 34 | cmd := exec.Command("prog") 35 | cmd.Env = append(cmd.Env, os.Environ()) 36 | ``` 37 | 38 | -------------------------------------------------------------------------------- /工具开发/runtime.GOARCH代表的是什么/runtime.GOARCH代表的是什么.assets/image-20221204162541882.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/runtime.GOARCH代表的是什么/runtime.GOARCH代表的是什么.assets/image-20221204162541882.png -------------------------------------------------------------------------------- /工具开发/runtime.GOARCH代表的是什么/runtime.GOARCH代表的是什么.assets/image-20221204162610494.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/runtime.GOARCH代表的是什么/runtime.GOARCH代表的是什么.assets/image-20221204162610494.png -------------------------------------------------------------------------------- /工具开发/runtime.GOARCH代表的是什么/runtime.GOARCH代表的是什么.assets/image-20221204162641832.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/runtime.GOARCH代表的是什么/runtime.GOARCH代表的是什么.assets/image-20221204162641832.png -------------------------------------------------------------------------------- /工具开发/runtime.GOARCH代表的是什么/runtime.GOARCH代表的是什么.assets/image-20221204163014568.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/runtime.GOARCH代表的是什么/runtime.GOARCH代表的是什么.assets/image-20221204163014568.png -------------------------------------------------------------------------------- /工具开发/runtime.GOARCH代表的是什么/runtime.GOARCH代表的是什么.assets/image-20221204163029594.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/runtime.GOARCH代表的是什么/runtime.GOARCH代表的是什么.assets/image-20221204163029594.png -------------------------------------------------------------------------------- /工具开发/runtime.GOARCH代表的是什么/runtime.GOARCH代表的是什么.assets/image-20221204163050922.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/runtime.GOARCH代表的是什么/runtime.GOARCH代表的是什么.assets/image-20221204163050922.png -------------------------------------------------------------------------------- /工具开发/runtime.GOARCH代表的是什么/runtime.GOARCH代表的是什么.assets/image-20221204163252394.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/runtime.GOARCH代表的是什么/runtime.GOARCH代表的是什么.assets/image-20221204163252394.png -------------------------------------------------------------------------------- /工具开发/runtime.GOARCH代表的是什么/runtime.GOARCH代表的是什么.md: -------------------------------------------------------------------------------- 1 | `runtime.GOARCH` 获得的到底是代表运行进程还是操作系统的架构 2 | 3 | 在网上有很多地方都在说当前是代表了当前系统的架构 4 | 5 | ![image-20221204162541882](./runtime.GOARCH代表的是什么.assets/image-20221204162541882.png) 6 | 7 | ![image-20221204162610494](./runtime.GOARCH代表的是什么.assets/image-20221204162610494.png) 8 | 9 | 但实际上并不是这样,官方给的注释是这样的 10 | 11 | ![image-20221204162641832](./runtime.GOARCH代表的是什么.assets/image-20221204162641832.png) 12 | 13 | 可以通过一个程序验证一下 14 | 15 | ``` 16 | package main 17 | 18 | import ( 19 | "runtime" 20 | "time" 21 | ) 22 | 23 | func main() { 24 | println(runtime.GOARCH) 25 | time.Sleep(20 * time.Second) 26 | } 27 | ``` 28 | 29 | 然后设置环境变量,编译一个 32 位的程序出来 30 | 31 | ``` 32 | set GOARCH=386 33 | go build main.go 34 | ``` 35 | 36 | ![image-20221204163014568](./runtime.GOARCH代表的是什么.assets/image-20221204163014568.png) 37 | 38 | 然后运行 39 | 40 | ![image-20221204163029594](./runtime.GOARCH代表的是什么.assets/image-20221204163029594.png) 41 | 42 | 此时在 Windows 进程列表中的展示是 43 | 44 | ![image-20221204163050922](./runtime.GOARCH代表的是什么.assets/image-20221204163050922.png) 45 | 46 | 也就更加准确的说明了 `runtime.GOARCH` 代表的实际上是当前进程的架构,与操作系统无关 47 | 48 | 如何判断当前操作系统的架构情况,这里借鉴最近在看的 Sliver 中的代码来说明 49 | 50 | 先判断 amd64 这个没有争议 51 | 52 | 然后判断当前进程是否是 Wow64,然后再最终决定当前是 32 位还是 64 位 53 | 54 | ![image-20221204163252394](./runtime.GOARCH代表的是什么.assets/image-20221204163252394.png) 55 | 56 | 57 | 58 | Sliver 相关的笔记可以参考 https://github.com/l4stchance/sliver/blob/Review/Sliver-Review.md 59 | -------------------------------------------------------------------------------- /工具开发/syscall.Syscall的调用/syscall.Syscall的调用.assets/image-20230207141723643.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/syscall.Syscall的调用/syscall.Syscall的调用.assets/image-20230207141723643.png -------------------------------------------------------------------------------- /工具开发/syscall.Syscall的调用/syscall.Syscall的调用.assets/image-20230207142009183.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/syscall.Syscall的调用/syscall.Syscall的调用.assets/image-20230207142009183.png -------------------------------------------------------------------------------- /工具开发/syscall.Syscall的调用/syscall.Syscall的调用.assets/image-20230207142244474.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/syscall.Syscall的调用/syscall.Syscall的调用.assets/image-20230207142244474.png -------------------------------------------------------------------------------- /工具开发/syscall.Syscall的调用/syscall.Syscall的调用.assets/image-20230207142423168.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/syscall.Syscall的调用/syscall.Syscall的调用.assets/image-20230207142423168.png -------------------------------------------------------------------------------- /工具开发/syscall.Syscall的调用/syscall.Syscall的调用.assets/image-20230207142528655.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/syscall.Syscall的调用/syscall.Syscall的调用.assets/image-20230207142528655.png -------------------------------------------------------------------------------- /工具开发/syscall.Syscall的调用/syscall.Syscall的调用.assets/image-20230209100302657.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/工具开发/syscall.Syscall的调用/syscall.Syscall的调用.assets/image-20230209100302657.png -------------------------------------------------------------------------------- /工具开发/syscall.Syscall的调用/syscall.Syscall的调用.md: -------------------------------------------------------------------------------- 1 | 在之前看 Windows API 调用的时候,只记得有很多个 Syscall 的函数版本,用于处理不同个数的参数传递,并没有太注意实际该如何调用 2 | 3 | https://justen.codes/breaking-all-the-rules-using-go-to-call-windows-api-2cbfd8c79724 4 | 5 | ![image-20230207141723643](./syscall.Syscall的调用.assets/image-20230207141723643.png) 6 | 7 | - 在最新版本,有所不同,后面会提到 8 | 9 | 但是今天在看代码的时候,发现了要去调用的需求,在去查看文档的时候,发现官方没有给出参数说明 10 | 11 | https://pkg.go.dev/syscall#Syscall 12 | 13 | ![image-20230207142009183](./syscall.Syscall的调用.assets/image-20230207142009183.png) 14 | 15 | 在源码中翻了一下,发现了 syscall 官方包里面的一些调用例子,大概能猜测出调用方式 16 | 17 | 在跟入 Syscall 的时候,发现最新版跟上面所描述的有一定的区别 18 | 19 | 多了 18 参数的调用方案,而且这些都已经被弃用,最终都是选择直接调用 SyscallN 来完成 20 | 21 | ![image-20230207142244474](./syscall.Syscall的调用.assets/image-20230207142244474.png) 22 | 23 | 在翻了几个官方的例子后可以发现第一个参数是实际要调用的函数地址,通过 NewProc,然后调用其 Addr 方法 24 | 25 | 第二个参数就是后面有多少参数要传递的,紧接着后面就跟着相应个数的参数 26 | 27 | ![image-20230207142528655](./syscall.Syscall的调用.assets/image-20230207142528655.png) 28 | 29 | ![image-20230207142423168](./syscall.Syscall的调用.assets/image-20230207142423168.png) 30 | 31 | 按照旧版本有 Syscall、Syscall6 等版本,如果参数不够填满的时候,就用 0 来补充就好了 32 | 33 | 所以就变成了这个样子 34 | 35 | ``` 36 | Syscall(地址,2,a,a,0) 37 | Syscall6(地址,2,a,a,0,0,0,0) 38 | ``` 39 | 40 | 根据返回值可以发现 41 | 42 | Syscall 的三个返回值,第一个是函数调用的返回值信息 return,第三个是错误信息,相当于 GetLastError 获取到的内容 43 | 44 | ![image-20230209100302657](./syscall.Syscall的调用.assets/image-20230209100302657.png) 45 | 46 | -------------------------------------------------------------------------------- /杂/Android 环境部署/Android 环境部署.assets/image-20221114224150215.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Android 环境部署/Android 环境部署.assets/image-20221114224150215.png -------------------------------------------------------------------------------- /杂/Android 环境部署/Android 环境部署.assets/image-20221114231439918.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Android 环境部署/Android 环境部署.assets/image-20221114231439918.png -------------------------------------------------------------------------------- /杂/Android 环境部署/Android 环境部署.assets/image-20221114231829948.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Android 环境部署/Android 环境部署.assets/image-20221114231829948.png -------------------------------------------------------------------------------- /杂/Android 环境部署/Android 环境部署.assets/image-20221114232041581.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Android 环境部署/Android 环境部署.assets/image-20221114232041581.png -------------------------------------------------------------------------------- /杂/Android 环境部署/Android 环境部署.assets/image-20221114232218612.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Android 环境部署/Android 环境部署.assets/image-20221114232218612.png -------------------------------------------------------------------------------- /杂/Android 环境部署/Android 环境部署.assets/image-20221114232324522.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Android 环境部署/Android 环境部署.assets/image-20221114232324522.png -------------------------------------------------------------------------------- /杂/Android 环境部署/Android 环境部署.assets/image-20221114232432696.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Android 环境部署/Android 环境部署.assets/image-20221114232432696.png -------------------------------------------------------------------------------- /杂/Android 环境部署/Android 环境部署.assets/image-20221114233452126.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Android 环境部署/Android 环境部署.assets/image-20221114233452126.png -------------------------------------------------------------------------------- /杂/Android 环境部署/Android 环境部署.assets/image-20221114233655635.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Android 环境部署/Android 环境部署.assets/image-20221114233655635.png -------------------------------------------------------------------------------- /杂/Android 环境部署/Android 环境部署.assets/image-20221114233719153.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Android 环境部署/Android 环境部署.assets/image-20221114233719153.png -------------------------------------------------------------------------------- /杂/Android 环境部署/Android 环境部署.assets/image-20221115102940606.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Android 环境部署/Android 环境部署.assets/image-20221115102940606.png -------------------------------------------------------------------------------- /杂/Android 环境部署/Android 环境部署.assets/image-20221115103043485.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Android 环境部署/Android 环境部署.assets/image-20221115103043485.png -------------------------------------------------------------------------------- /杂/Android 环境部署/Android 环境部署.assets/image-20221115103153380.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Android 环境部署/Android 环境部署.assets/image-20221115103153380.png -------------------------------------------------------------------------------- /杂/Android 环境部署/Android 环境部署.md: -------------------------------------------------------------------------------- 1 | 虽然有各种安卓模拟器,但是看着就烦人,一点都不纯净,最终选择使用 Android Studio,用着更安心 2 | 3 | # 安装 4 | 5 | 开始的时候需要下载各种依赖 6 | 7 | ![image-20221114224150215](./Android%20环境部署.assets/image-20221114224150215.png) 8 | 9 | 新建项目,选择 No Activity 10 | 11 | ![image-20221114231439918](./Android%20环境部署.assets/image-20221114231439918.png) 12 | 13 | 选择详细的版本等信息 14 | 15 | ![image-20221114231829948](./Android%20环境部署.assets/image-20221114231829948.png) 16 | 17 | 经过短暂等待,下载所需环境之后就进入了项目界面 18 | 19 | ![image-20221114232041581](./Android%20环境部署.assets/image-20221114232041581.png) 20 | 21 | 可以在这里新建一个设备 22 | 23 | ![image-20221114232218612](./Android%20环境部署.assets/image-20221114232218612.png) 24 | 25 | ![image-20221114232324522](./Android%20环境部署.assets/image-20221114232324522.png) 26 | 27 | 系统镜像选择 S 28 | 29 | ![image-20221114232432696](./Android%20环境部署.assets/image-20221114232432696.png) 30 | 31 | 之后就完成了安装 32 | 33 | ![image-20221114233452126](./Android%20环境部署.assets/image-20221114233452126.png) 34 | 35 | 直接运行 36 | 37 | ![image-20221114233655635](./Android%20环境部署.assets/image-20221114233655635.png) 38 | 39 | 还可以直接管理文件 40 | 41 | ![image-20221114233719153](./Android%20环境部署.assets/image-20221114233719153.png) 42 | 43 | 实测画面比较卡顿,经过查找,可以去调整所占用的内存等 44 | 45 | ![image-20221115103043485](./Android%20环境部署.assets/image-20221115103043485.png) 46 | 47 | 按照自己的情况调整 48 | 49 | ![image-20221115102940606](./Android%20环境部署.assets/image-20221115102940606.png) 50 | 51 | 然后清理重启一下 52 | 53 | ![image-20221115103153380](./Android%20环境部署.assets/image-20221115103153380.png) 54 | 55 | 虽然有效果,但还是略卡顿,如果用来替代安卓虚拟机,感觉还是稍微有点不爽 56 | 57 | 58 | 59 | # 参考 60 | 61 | https://www.trustedsec.com/blog/set-up-an-android-hacking-lab-for-0/ 62 | 63 | https://www.jianshu.com/p/d508a4d9c9c4 64 | 65 | -------------------------------------------------------------------------------- /杂/GoLand Address already in use/GoLand Address already in use.assets/image-20230114093824459.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/GoLand Address already in use/GoLand Address already in use.assets/image-20230114093824459.png -------------------------------------------------------------------------------- /杂/GoLand Address already in use/GoLand Address already in use.md: -------------------------------------------------------------------------------- 1 | 在打开 GoLand 的时候,突然出现了 Start Failed,错误是 address already in use bind 2 | 3 | 大概弹窗是下面这样,我的图没有截,这里用网上的一张图来说明 4 | 5 | ![image-20230114093824459](./GoLand%20Address%20already%20in%20use.assets/image-20230114093824459.png) 6 | 7 | 官方给的描述是在启动的时候,会尝试绑定 6942 和 6991 之间的第一个可用端口 8 | 9 | 正常来说不应该出现全都被占用的情况 10 | 11 | 12 | 13 | 后面经过搜索,找到了一个可以的解决方案 14 | 15 | 管理员权限执行下面的命令即可 16 | 17 | ``` 18 | net stop winnat 19 | net start winnat 20 | ``` 21 | 22 | -------------------------------------------------------------------------------- /杂/Win11 网线无法识别问题/Win11 网线无法识别.assets/image-20221114182932256.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Win11 网线无法识别问题/Win11 网线无法识别.assets/image-20221114182932256.png -------------------------------------------------------------------------------- /杂/Win11 网线无法识别问题/Win11 网线无法识别.assets/image-20221114183050773.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Win11 网线无法识别问题/Win11 网线无法识别.assets/image-20221114183050773.png -------------------------------------------------------------------------------- /杂/Win11 网线无法识别问题/Win11 网线无法识别.assets/image-20221114192454250.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Win11 网线无法识别问题/Win11 网线无法识别.assets/image-20221114192454250.png -------------------------------------------------------------------------------- /杂/Win11 网线无法识别问题/Win11 网线无法识别.assets/image-20221114192622178.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Win11 网线无法识别问题/Win11 网线无法识别.assets/image-20221114192622178.png -------------------------------------------------------------------------------- /杂/Win11 网线无法识别问题/Win11 网线无法识别.assets/image-20221114192724263.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Win11 网线无法识别问题/Win11 网线无法识别.assets/image-20221114192724263.png -------------------------------------------------------------------------------- /杂/Win11 网线无法识别问题/Win11 网线无法识别.md: -------------------------------------------------------------------------------- 1 | # 问题 2 | 3 | 在 Win11 中,插入网线后,以太网依旧显示已拔出 4 | 5 | ![image-20221114192454250](./Win11%20网线无法识别.assets/image-20221114192454250.png) 6 | 7 | 但是将网线接入到 Win10 的虚拟机就一切正常了 8 | 9 | # 解决 10 | 11 | 这是由于 Win11 的问题,将属性当中的 LLDP 协议的勾去掉,就一切正常了 12 | 13 | ![image-20221114192622178](./Win11%20网线无法识别.assets/image-20221114192622178.png) 14 | 15 | ![image-20221114192724263](./Win11%20网线无法识别.assets/image-20221114192724263.png) 16 | 17 | -------------------------------------------------------------------------------- /杂/Windows安装GoogleStore/Windows安装GoogleStore.assets/image-20221204221320406.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Windows安装GoogleStore/Windows安装GoogleStore.assets/image-20221204221320406.png -------------------------------------------------------------------------------- /杂/Windows安装GoogleStore/Windows安装GoogleStore.assets/image-20221204221405954.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Windows安装GoogleStore/Windows安装GoogleStore.assets/image-20221204221405954.png -------------------------------------------------------------------------------- /杂/Windows安装GoogleStore/Windows安装GoogleStore.assets/image-20221204221619759.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Windows安装GoogleStore/Windows安装GoogleStore.assets/image-20221204221619759.png -------------------------------------------------------------------------------- /杂/Windows安装GoogleStore/Windows安装GoogleStore.assets/image-20221204221818445.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Windows安装GoogleStore/Windows安装GoogleStore.assets/image-20221204221818445.png -------------------------------------------------------------------------------- /杂/Windows安装GoogleStore/Windows安装GoogleStore.assets/image-20221204222802235.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Windows安装GoogleStore/Windows安装GoogleStore.assets/image-20221204222802235.png -------------------------------------------------------------------------------- /杂/Windows安装GoogleStore/Windows安装GoogleStore.assets/image-20221204224455165.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Windows安装GoogleStore/Windows安装GoogleStore.assets/image-20221204224455165.png -------------------------------------------------------------------------------- /杂/Windows安装GoogleStore/Windows安装GoogleStore.assets/image-20221204233427388.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Windows安装GoogleStore/Windows安装GoogleStore.assets/image-20221204233427388.png -------------------------------------------------------------------------------- /杂/Windows安装GoogleStore/Windows安装GoogleStore.assets/image-20221204233635964.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Windows安装GoogleStore/Windows安装GoogleStore.assets/image-20221204233635964.png -------------------------------------------------------------------------------- /杂/Windows安装GoogleStore/Windows安装GoogleStore.assets/image-20221205092615632.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/s3cst4rs/Study_Notes/f0c14ec3f07dff416cf00efcc794f72969c2423b/杂/Windows安装GoogleStore/Windows安装GoogleStore.assets/image-20221205092615632.png -------------------------------------------------------------------------------- /杂/Windows安装GoogleStore/Windows安装GoogleStore.md: -------------------------------------------------------------------------------- 1 | 不使用 Windows 默认提供的 WSA,从 https://github.com/LSPosed/MagiskOnWSALocal 中来操作 2 | 3 | 如果已经安装了,先从已安装中卸载 4 | 5 | ![image-20221204221320406](./Windows安装GoogleStore.assets/image-20221204221320406.png) 6 | 7 | 然后开启开发者模式,允许从其他地方进行安装 8 | 9 | ![image-20221204221405954](./Windows安装GoogleStore.assets/image-20221204221405954.png) 10 | 11 | 启用 虚拟机平台、虚拟机监控程序平台 功能 12 | 13 | ![image-20221204224455165](./Windows安装GoogleStore.assets/image-20221204224455165.png) 14 | 15 | 然后将区域设置为美国,这样才能支持 WSA 和 GoogleStore 的设置 16 | 17 | ![image-20221204221619759](./Windows安装GoogleStore.assets/image-20221204221619759.png) 18 | 19 | 然后到项目中进行下载 https://github.com/LSPosed/MagiskOnWSALocal 20 | 21 | 因为项目已经不提供 Action 的直接编译了,我们需要在本地进行编译 22 | 23 | ![image-20221204221818445](./Windows安装GoogleStore.assets/image-20221204221818445.png) 24 | 25 | 这里使用的是 Ubuntu,然后使用 root 权限执行 script 目录下的 build.sh 26 | 27 | 经过漫长的等待.... 28 | 29 | 会在 output 目录下生成一个文件夹,有 2.3G 30 | 31 | ![image-20221204222802235](./Windows安装GoogleStore.assets/image-20221204222802235.png) 32 | 33 | 拷贝出来,放到一个合适的目录下,因为这个文件夹之后是不能被删除的 34 | 35 | 然后运行目录下的 run.bat,两次继续之后,就可以看到应用商店了 36 | 37 | ![image-20221204233427388](./Windows安装GoogleStore.assets/image-20221204233427388.png) 38 | 39 | 然后在其中开启开发人员模式,方便文件控制等操作 40 | 41 | ![image-20221204233635964](./Windows安装GoogleStore.assets/image-20221204233635964.png) 42 | 43 | 44 | 45 | 如果安装后不能正常运行,大概率是编译出问题了 46 | 47 | 可以考虑使用别人已经编译好的 https://github.com/PeterNjeim/MagiskOnWSA 48 | 49 | 50 | 51 | 在之后还需要设置代理,不然没办法进行登录 52 | 53 | 设置代理,第一次执行会出问题,因为需要授权一下 Key,授权之后再执行一次就正常了 54 | 55 | ``` 56 | adb connect 127.0.0.1:58526 && adb shell "settings put global http_proxy `ip route list match 0 table all scope global | cut -F3`:7890" 57 | ``` 58 | 59 | 通过下面命令可以查看设置的情况 60 | 61 | ``` 62 | adb shell settings get global http_proxy 63 | ``` 64 | 65 | 如果发现 IP:PORT 有问题,还可以通过下面的命令进行修改 66 | 67 | ``` 68 | adb shell settings put global http_proxy 192.168.1.2:7890 69 | ``` 70 | 71 | 之后就可以进行登录了 72 | 73 | ![image-20221205092615632](./Windows安装GoogleStore.assets/image-20221205092615632.png) 74 | 75 | 76 | 77 | 经过使用,在一些情况下,Google Store 会有闪退的情况,但是并不太影响使用 78 | --------------------------------------------------------------------------------