编译 openwrt 19.07 稳定版 + lean lede的插件

想使用openwrt官方稳定版,又想用lean’s lede固件里的插件???
先建一个目录,下载源码,进去

mkdir wrt32xopenwrt_stab_lean_plugin
cd wrt32xopenwrt_stab_lean_plugin
git clone https://github.com/openwrt/openwrt.git
git clone https://github.com/coolsnowwolf/lede.git

进openwrt目录,选择稳定版

cd openwrt
git tag

显示

reboot
v17.01.0
v17.01.0-rc1
v17.01.0-rc2
v17.01.1
v17.01.2
v17.01.3
v17.01.4
v17.01.5
v17.01.6
v17.01.7
v18.06.0
v18.06.0-rc1
v18.06.0-rc2
v18.06.1
v18.06.2
v18.06.3
v18.06.4
v18.06.5
v18.06.6
v19.07.0
v19.07.0-rc1
v19.07.0-rc2
git branch

显示

* master

使用 19.07.0 稳定版

git checkout v19.07.0

显示

Note: checking out 'v19.07.0'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:

  git checkout -b <new-branch-name>

HEAD is now at aca39acedf OpenWrt v19.07.0: adjust config defaults

退到上级目录,拷贝lede/package/lean文件夹到openwrt/package 里面

cd ..
cp -R lede/package/lean openwrt/package/

使用lean lede里的旧版luci (新版luci配合lean插件可能会出错)

mv openwrt/feeds.conf.default openwrt/feeds.conf.default.openwrt_old
cp lede/feeds.conf.default openwrt/feeds.conf.default

自定义默认安装的包
编辑openwrt/include/target.mk

DEFAULT_PACKAGES:=base-files libc libgcc busybox dropbear mtd uci opkg netifd fstools uclient-fetch logd urandom-seed urngd
换成
DEFAULT_PACKAGES:=base-files libc libgcc busybox dropbear mtd uci opkg netifd fstools uclient-fetch logd default-settings luci luci-app-upnp luci-app-autoreboot luci-app-ssr-plus luci-app-vlmcsd luci-app-ramfree luci-app-flowoffload  

---------

DEFAULT_PACKAGES.router:=dnsmasq iptables ip6tables ppp ppp-mod-pppoe firewall odhcpd-ipv6only odhcp6c kmod-ipt-offload
换成
DEFAULT_PACKAGES.router:=dnsmasq-f

[……]阅读全文–>>

Lean’s LEDE 固件编译记录

git地址: https://github.com/coolsnowwolf/lede
以下是openwrt19.07 linksys wrt32x的一些配置,并不是除了下面其他都不选了, 下面的至少是需要稍微注意的选项, 根据个人需要选择.

make menuconfig

Target System (Marvell EBU Armada)
Subtarget (Marvell Armada 37x/38x/XP)
Target Profile (Linksys WRT32X (Venom))  ---> 

Target Images
[*] squashfs (NEW)

--------------------
Base system
-*- dnsmasq-full
[*]   Build with DHCP support. (NEW)
[*]     Build with DHCPv6 support.
[*]   Build with DNSSEC support.
[*]   Build with IPset support. (NEW)

Administration
<*> htop

--------------------
LUCI
1. Collections
-*- luci
<*> luci-ssl-openssl

3. Applications 
<*> luci-app-accesscontrol
<*> luci-app-advanced-reboot
<*> luci-app-arpbind.
<*> luci-app-attendedsysupgrade
<*> luci-app-autoreboot
<*> luci-app-ddns
<*> luci-app-filetransfer
-*- luci-app-firewall
<*> luci-app-flowoffload
<*> luci-app-guest-wifi
<*> luci-app-meshwizard
-*- luci-app-mwan3
<*> luci-app-mwan3helper
<*> luci-app-nlbwmon
<*> luci-app-qos
<*> luci-app-ramfree
<*> luci-app-ssr-plus
[*] Include Shadowsocks New Version
[*] Include V2ray
[*] Include Trojan
[*] Include Kcptun
<*> luci-app-syncdial
<*> luci-app-upnp
<*> luci-app-vlmcsd
<*> luci-app-wireguard
<*> luci-app-wol

4. Themes (主题自选)

5. Protocols
<*> luci-proto-openconnect
-*- luci-proto-ppp
-*- luci-proto-wireguard

--------------------
Network
File Transfer  --->
<*> curl
-*- wget

IP Addresses and Names
<*> bind-dig

Web Servers/Proxies
-*- shadowsocks-libev-config
<*> shadowsocks-libev-ss-local
-*- shadowsocks-libev-ss-redir
<*> shadowsocks-libev-ss-rules
<*> shadowsocks-libev-ss-tunnel

Routing and Redirection
-*- ip-full

第一级下面
<*> iperf3
-*- ipset

--------------------
Utilities

Compression 
<*> bzip2
<*> gzip
<*>

[……]阅读全文–>>

Debian stretch / Kali Linux 远程桌面 xrdp+vnc4server

安装桌面环境的话可以用 tasksel 选择 “Debian desktop environment” 和需要的桌面 GNOME 或者 XFCE

apt update && apt upgrade -y
apt install xrdp vnc4server -y
systemctl start xrdp
systemctl enable xrdp
#-------
#改端口
nano /etc/xrdp/xrdp.ini
port=48001
#-------
systemctl restart xrdp
adduser 用户名

确认防火墙开放 48001 端口,直接用Windows mstsc连接。
这种配置一个用户只能在一个设备登录如果不注销的话,其他设备同一用户是不能登录的,也不能还原上次会话。下面配置登录上次会话。
修改 /etc/xrdp/xrdp.ini 最后 添加一段

[Reconnect]
name=Reconnect
lib=libvnc.so
username=ask
password=ask
ip=127.0.0.1
#port=5910
port=ask5910

修改 /etc/xrdp/sesman.ini
找到 [Xvnc]
在参数下面添加两行

param=-SecurityTypes
param=None

最终类似这样

[Xvnc]
param=Xvnc
param=-bs
param=-nolisten
param=tcp
param=-localhost
param=-dpi
param=96
param=-SecurityTypes
param=None

最后重启服务器 reboot

每次重启第一次登录的话选 xvnc 然后输入用户名密码,不注销直接关闭mstsc窗口
下次想继续之前会话 选 Reconnect 即可。[……]阅读全文–>>

黑群晖6.2.1升级6.2.2不能连接然后降级、及某些小问题

引导:jun’s loader 1.04b 918+
主板:华擎Q1900M,网卡Realtek
在线升级6.2.2之后网络搜不到
查阅相关资料得知6.2.2网卡驱动问题。于是想点子降级。

一、尝试失败的方法:
1.改/etc.defaults/VERSION为低版本,再升级 — 失败
2.先用一个新U盘6.2.1引导,新硬盘,拔掉老硬盘,只挂新硬盘,在新硬盘安装6.2.1,然后拔掉新硬盘,挂上老硬盘,和新U盘6.2.1引导,开机提示还原,还原之后仍然无法访问 —失败

二、成功的办法:
1、准备一个3617的引导盘,注意SN和MAC要和原来的不一样
2、安装3617的6.2版本或者6.2.1(试过6.2.2一样安装后黑屏无法连接)
3、修改原来918+引导盘的SN和MAC(可以和3617的引导盘一样,但不能使用原来6.2.2的SN和MAC)
4、安装6.2.1,成功后可以改回原来的SN和MAC。

这种方法第一次没有成功,应该怪我点成第一项保留数据和大多数配置了
第二次点只保留数据重装了一次,还有有小问题,然后在此基础上又只保留数据重装了一次。

—————成功降级之后的问题—————

1.问题:因为之前安装了虚拟机,怕虚拟机不好还原,于是启动 Virtual Machine Manager 看看会怎么样,结果中途提示无法创建集群 (英文版是failed to create the cluster)
解决:一开始提示的中文 “无法创建集群” 搜索了某些中文论坛发现无解,然后设置dsm语言为英文提示 “failed to create the cluster”,于是搜到了这篇帖子 VMM cannot create cluster 也看了下 /var/log/messages 发现创建的时候错误跟他一样,主要如下:

...... ccc/utils.cpp:197 Failed to get first mac of DS.
...... ccc/host.cpp:590 Failed to get the first mac address.

获取不到mac,于是重新确认下U盘下的mac配置,果然是之前乱改忘记改回去了。

set mac1=001132211223 #一定是真实的mac地址

重启之后问题解决

—————使用中的小问题—————
1.video station无法生成缩略图:
解决:因为序列号无效,尝试用群晖自带docker安装一个DDSM,然后浏览器打开DDSM地址,进去打开控制面板—信息中心—产品序列号,复制这个序列号替换U盘引导里的 set sn=xxxxxxxx,重启重新索引即可。[……]阅读全文–>>

oracle注入环境搭建:CentOS7 lnmp安装oci8扩展连接oracle

https://www.oracle.com/technetwork/topics/linuxx86-64soft-092277.html
1.安装依赖

rpm -ivh oracle-instantclient18.5-basic-18.5.0.0.0-3.x86_64.rpm
rpm -ivh oracle-instantclient18.5-devel-18.5.0.0.0-3.x86_64.rpm
rpm -ivh oracle-instantclient18.5-jdbc-18.5.0.0.0-3.x86_64.rpm
rpm -ivh oracle-instantclient18.5-sqlplus-18.5.0.0.0-3.x86_64.rpm
tar zxvf oci8-2.2.0.tgz
cd oci8-2.2.0
phpize
./configure --with-oci8=shared,instantclient,/usr/lib/oracle/18.5/client64/lib --with-php-config=/usr/local/php/bin/php-config
make && make install

2.修改php.ini配置 /usr/local/php/etc/php.ini,添加

extension=oci8.so

3.重启lnmp

lnmp restart

相关下载(下载最新版):
http://pecl.php.net/package/oci8
https://www.oracle.com/technetwork/topics/linuxx86-64soft-092277.html[……]阅读全文–>>

oracle注入环境搭建:建库+php源码

假设oracle数据库已经安装好并且可以远程连接
本机连接oracle

sqlplus / as sysdba

提示

Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options

SQL>

下面建库、表并插入测试数据,sql语句将在 SQL> 之后执行

1.创建数据表空间

create tablespace pentest datafile '/u01/app/oracle/oradata/TSH1/pentest.dbf' size 100m;

2.创建用户并指定表空间

create user pentest identified by pentest default tablespace pentest;

3.给用户授予权限(因为是测试注入,所以给dba权限)

grant connect,resource,dba to pentest;

4.建表并插入数据
4.1建表

CREATE TABLE USERS (
IDX NUMBER(10) NOT NULL ,
NAME VARCHAR2(20 BYTE) NULL ,
SEX VARCHAR2(2 BYTE) NULL ,
AGE NUMBER(3) NULL ,
REGDATE DATE NULL 
)
LOGGING
NOCOMPRESS
NOCACHE;

4.2插入测试数据

INSERT INTO USERS VALUES ('1', 'xiaoming', 'M', '18', TO_DATE('2019-04-25 19:48:11', 'YYYY-MM-DD HH24:MI:SS'));
INSERT INTO USERS VALUES ('2', 'limao', 'F', '22', TO_DATE('2019-04-25 19:49:08', 'YYYY-MM-DD HH24:MI:SS'));

4.3设置主键

ALTER TABLE USERS ADD PRIMARY KEY ("IDX");

有漏洞的php源码


<?php
//$conn = oci_connect('username', 'password', 'host or ip/SID');
$conn = oci_connect('pentest', 'pentest', '192.168.x.x/ORCL');
if(!$conn)
{
        $e = oci_error();
        echo $e['message'];
        exit();
}
if(!isset($_GET['nm']) || $_GET['nm'] == null)
{
        echo "oracle sqlinjection test: oracle_test.php?nm=limao</br>";
        $sql = "select * from USERS";
}
else
{
        $name = $_GET['nm'];
        $sql = "select * from USERS WHERE NAME='" .$name."'";
        echo $sql;
}
$stid = oci_parse($conn, $sql);
oci_execute($stid);

echo "<table border='1'>\n";
while ($row = oci_fetch_array($stid, OCI_ASSOC+OCI_RETURN_NULLS))
{
        echo "<tr>\n";
        foreach ($row as $item)
        {
                echo "    <td>" . ($item !== null ? htmlentities($

[……]阅读全文–>>

masscan快速扫开放端口+nmap扫描鉴别服务(单IP)

零、debian/ubuntu环境安装:

apt update && apt-get install clang git gcc make libpcap-dev nmap -y && cd /root/ && git clone https://github.com/robertdavidgraham/masscan && cd masscan && make && ln -s /root/masscan/bin/masscan /bin/masscan && masscan

一、基础信息:
1.masscan快速扫描,rate不敢设置太大,免得漏掉端口

masscan 1.2.3.4 -p 1-65535 --rate 5000 --open-only

2.nmap扫描具体端口

nmap -T4 -Pn -sV -n 1.2.3.4 -p 21,80,1433,...

二、用python3搞个脚本自动实现上面过程,bash脚本不会。。。

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import os,re,sys

def exec_return(command):
    with os.popen(command) as r:
        text = r.read()
    #print(text)
    return text

def nmap_scan(ip, ports):
    commands = 'nmap -T4 -Pn -sV -n '+ ip + ' -p ' + ports
    print('[*] %s' % commands)
    with os.popen(commands) as r:
        res = r.read()
    print(res)
    return res

def write_log(logstring, logfile):
  try:
    with open(logfile, 'a') as f:
      f.write(logstring)
  except Exception as e:
    print('[-] write log error:', e)

def main():
  ip = ''
  if len(sys.argv) != 2:
    exit('[-] xxxx.py ip')
  else:
    ip = sys.argv[1]
  print('[*] masscaning %s ...' % ip)
  mascmd = 'masscan '+ ip +' -p 1-65535 --rate 5000 --open-only'
  print('[*] %s' % mascmd)
  res = exec_return(mascmd)
  ports = re.findall('port (.*?)/tcp on', res, re.S)
  if len(ports) == 0:
    exit('[-] not found open port...')
  port_nmap_format = ','.join(ports)
  print('[+] open ports: %s ' % port_nmap_format)
  print('[*] nmap scaning port service...')
  res = nmap_scan(ip, port_nmap_format)
  if res:
    write_log(res, ip+'_ports.txt')

if __name__ == '__main__':
  main()

参考信息:
Bash实现快速端口识别与服务监控
记录我的masscan安装、研究、测试之旅[……]阅读全文–>>