HTTP/1.1 301 Moved Permanently
Date: Sat, 01 Jan 2022 06:05:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 01 Jan 2022 07:05:40 GMT
Location: https://macchiato.ink/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZiOnbeUQy473ZRgLZnyUPDBHuzXpfEKUtliXoLE9a3M4JFUNI2rPzTRVq6FweGlqrKoD73wdfNFwiOuWTFQ5w%2FpqVcfM%2FeD8EQkj5Gi%2FZD5H9qeOr3OdcotnbrcYi5N5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 6c698ea61fa42ed7-SIN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1.0, user-scalable=no">

    
      <link rel="icon" href="/favicon.png" />
    

    <title>
        
          Macchiato&#39;s Blog - Macchiato
        
    </title>

    <!-- Spectre.css framework -->
    <link rel="stylesheet" href="https://unpkg.com/spectre.css/dist/spectre.min.css">
    <link rel="stylesheet" href="https://unpkg.com/spectre.css/dist/spectre-exp.min.css">
    <link rel="stylesheet" href="https://unpkg.com/spectre.css/dist/spectre-icons.min.css">

    <!-- theme css & js -->
    
<link rel="stylesheet" href="/css/book.css">

    
<script src="/js/book.js"></script>


    <!-- tocbot -->
    <script src="https://cdnjs.cloudflare.com/ajax/libs/tocbot/4.4.2/tocbot.min.js"></script>
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/tocbot/4.4.2/tocbot.css">
    
    <!-- katex -->
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/KaTeX/0.10.0/katex.min.css">

    
    
<script src="https://cdnjs.cloudflare.com/ajax/libs/zooming/2.1.1/zooming.min.js"></script>
<script>
document.addEventListener('DOMContentLoaded', function () {
    const zooming = new Zooming()
    zooming.listen('.book-content img')
})
</script>

<meta name="generator" content="Hexo 4.2.1"></head>

<body>

<div class="book-container">
  <div class="book-sidebar">
    <div class="book-brand">
  <a href="/">
    <img src="/favicon.png">
    <span>MACCHIATO</span>
  </a>
</div>
    <div class="book-menu">
  <h1 id="WEB"><a href="#WEB" class="headerlink" title="WEB"></a><strong>WEB</strong></h1><h2 id="WEB安全"><a href="#WEB安全" class="headerlink" title="WEB安全"></a>WEB安全</h2><ul>
<li><a href="/web/web_security/webshell">WebShell</a></li>
<li><a href="/web/web_security/php_code_execute">PHP代码执行函数</a></li>
<li><a href="/web/web_security/redis">Redis未授权访问</a></li>
<li><a href="/web/web_security/mssql_injection_setup">MSSQL注入环境搭建</a></li>
<li><a href="/web/web_security/AntSword">蚁剑流量php</a></li>
<li><a href="/web/web_security/unserialize">php反序列化入门</a></li>
<li><a href="/web/web_security/mssql_shell">MSSQL GetShell方法</a></li>
<li><a href="/web/web_security/cover">PHP变量覆盖漏洞</a></li>
<li><a href="/web/web_security/PostgreSQL_Inject">PostgreSQL注入入门</a></li>
<li><a href="/web/web_security/mysql_shell">MYSQL注入 GETSHELL</a></li>
<li><a href="/web/web_security/Windows-Linux_RCE">Windows/Linux下的无回显命令执行</a></li>
</ul>
<h2 id="漏洞复现"><a href="#漏洞复现" class="headerlink" title="漏洞复现"></a>漏洞复现</h2><ul>
<li><a href="/web/vulnerability/CVE-2020-0796">CVE-2020-0796</a></li>
<li><a href="/web/vulnerability/MS17-010">MS17-010</a></li>
<li><a href="/web/vulnerability/tongda_2017_rce">通达OA RCE</a></li>
<li><a href="/web/vulnerability/tongda_RedisSSRF_Getshell">通达OA Redis_SSRF Getshell</a></li>
</ul>
<h2 id="CTF"><a href="#CTF" class="headerlink" title="CTF"></a>CTF</h2><ul>
<li><a href="/web/ctf/shell5">一道命令执行</a></li>
<li><a href="/web/ctf/cisp-pte-2">cisp-pte模拟</a></li>
<li><a href="/web/ctf/AWD_setup">AWD平台搭建</a></li>
<li><a href="/web/ctf/ctfshow(sql)">CTFSHOW(SQL注入)</a></li>
<li><a href="/web/ctf/mysql8">MYSQL8注入新特性</a></li>
</ul>
<h2 id="常用工具"><a href="#常用工具" class="headerlink" title="常用工具"></a>常用工具</h2><ul>
<li><a href="/web/tools/AVkiller">Avkiller+</a></li>
<li><a href="/web/tools/frp">FRP用法</a></li>
<li><a href="/web/tools/CS_Profile"> 自定义CS profile配置文件</a></li>
<li><a href="/web/tools/xdebug">PhpSrorm配置xdebug</a></li>
</ul>
<h2 id="实战"><a href="#实战" class="headerlink" title="实战"></a>实战</h2><ul>
<li><a href="/web/attack/edu_jwc">对某查成绩系统的一次渗透测试</a></li>
</ul>
<h2 id="代码审计"><a href="#代码审计" class="headerlink" title="代码审计"></a>代码审计</h2><ul>
<li><a href="/web/code_audit/lmxcms">梦想CMS代码审计</a></li>
</ul>
<h1 id="后渗透"><a href="#后渗透" class="headerlink" title="后渗透"></a><strong>后渗透</strong></h1><h2 id="内网渗透"><a href="#内网渗透" class="headerlink" title="内网渗透"></a>内网渗透</h2><ul>
<li><a href="/hst/nwst/PEB">修改PEB伪装进程</a></li>
<li><a href="/hst/bypassav/Modify_PEB_BypassAV">Argue实现</a></li>
<li><a href="/hst/nwst/RtlReportSilentProcessExit">RtlReportSilentProcessExit dump Lsass.exe</a></li>
<li><a href="/hst/nwst/Dump_TeamViewer">Dump内存得到TeamViewer账号密码</a></li>
</ul>
<h2 id="免杀"><a href="#免杀" class="headerlink" title="免杀"></a>免杀</h2><ul>
<li><a href="/hst/bypassav/fail_bypassav">记一次失败的shellcode免杀</a></li>
<li><a href="/hst/bypassav/myccl">MYCCL使用方法</a></li>
<li><a href="/hst/bypassav/void">(void(*)()exec)()的理解</a></li>
<li><a href="/hst/bypassav/go_shellcode">两则免杀GO shellcode加载器</a></li>
<li><a href="/hst/bypassav/go_ssi">GO重写SSI</a></li>
<li><a href="/hst/bypassav/sc_bypassav">手搓一个免杀</a></li>
<li><a href="/hst/bypassav/imitation_cs">模仿CobaltStrike shellcode功能实现免杀</a></li>
<li><a href="/hst/bypassav/shellcode">Windows系统中编写Shellcode</a></li>
<li><a href="/hst/bypassav/cs_shellcode">CobaltStrike Shellcode分析</a></li>
<li><a href="/hst/bypassav/syscall_bypassav">使用系统调用SYSCALL规避杀软HOOK</a></li>
</ul>
<h2 id="进程注入"><a href="#进程注入" class="headerlink" title="进程注入"></a>进程注入</h2><ul>
<li><a href="/hst/ProcessInjection/CreateRemoteThread">CreateRemoteThread</a></li>
<li><a href="/hst/ProcessInjection/DLLInject">DLL注入</a></li>
<li><a href="/hst/ProcessInjection/InlineHook">InlineHook</a></li>
</ul>
<h2 id="权限提升"><a href="#权限提升" class="headerlink" title="权限提升"></a>权限提升</h2><ul>
<li><a href="/hst/ElevatedPrivileges/AdjustToken">修改访问令牌</a></li>
<li><a href="/hst/ElevatedPrivileges/RtlAdjustPrivilege">RtlAdjustPrivilege开启特权</a></li>
</ul>
<h1 id="靶机"><a href="#靶机" class="headerlink" title="靶机"></a><strong>靶机</strong></h1><h2 id="vulnstack"><a href="#vulnstack" class="headerlink" title="vulnstack"></a>vulnstack</h2><ul>
<li><a href="/target/vulnstack/vulnstack_one">红队评估一</a></li>
<li><a href="/target/vulnstack/vulnstack_three">红队评估三</a></li>
<li><a href="/target/vulnstack/vulnstack_four">红队评估四</a></li>
</ul>
<h2 id="vulnhub"><a href="#vulnhub" class="headerlink" title="vulnhub"></a>vulnhub</h2><ul>
<li><a href="/target/vulnhub/Sar_1">Sar: 1</a></li>
<li><a href="/target/vulnhub/Prime_1">Prime: 1</a></li>
<li>[test]</li>
</ul>
<h2 id="Root-Me"><a href="#Root-Me" class="headerlink" title="Root-Me"></a>Root-Me</h2><ul>
<li><a href="/target/Root-Me/Kioptrix_level_2">Kioptrix level 2</a></li>
<li><a href="/target/Root-Me/DC-1">DC-1</a></li>
</ul>
<h1 id="编程语言"><a href="#编程语言" class="headerlink" title="编程语言"></a><strong>编程语言</strong></h1><h2 id="java"><a href="#java" class="headerlink" title="java"></a>java</h2><ul>
<li><a href="/program/java/java_jar">java源码打包成jar包</a></li>
</ul>
<h1 id="逆向"><a href="#逆向" class="headerlink" title="逆向"></a><strong>逆向</strong></h1><h2 id="PE"><a href="#PE" class="headerlink" title="PE"></a>PE</h2><ul>
<li><a href="/reverse/PE/PE_inject">PE注入</a></li>
</ul>
<h1 id="其它"><a href="#其它" class="headerlink" title="其它"></a><strong>其它</strong></h1><h2 id="关于博客"><a href="#关于博客" class="headerlink" title="关于博客"></a>关于博客</h2><ul>
<li><a href="/other/about_the_blog/SetupBlog">博客搭建</a>    </li>
</ul>
<h2 id="面试"><a href="#面试" class="headerlink" title="面试"></a>面试</h2><ul>
<li><a href="/other/interview/qianxinym">奇安信一面</a></li>
<li><a href="/other/interview/ys">某小厂面试</a></li>
<li><a href="/other/interview/zjak">浙江安科面试</a></li>
</ul>
<h2 id="杂谈"><a href="#杂谈" class="headerlink" title="杂谈"></a>杂谈</h2><ul>
<li><a href="/zt/ghg/Anime_Memories">动漫回忆</a></li>
</ul>

</div>