因为使用仿真软件会破坏 esxi 镜像引导，因此学会手动挂载是必要的

• 关掉杀软等会占用磁盘的软件

• FTK（一定要是图标是放大镜的版本）挂载镜像，有几块挂几块，一次性挂挂好，务必 可读可写（不一定 FTK，看自己习惯什么挂载软件就用什么挂载）

  

• 管理员模式打开 vmware，cpu 和内存给大点，先挂系统盘，再挂数据盘

  

• 成功启动

  

手动绕密（exsi7 及以下）

• 手动加一块 iso 镜像

  

• 打开电源时进入固件，选第二个

  

• 进入试用模式

  

  

  cp state.tgz /tmp cd /tmp tar xzf state.tgz tar xzf local.tgz cd etc cp shadow shadow.bak nano shadow #shadow咋改你懂得 cd .. tar czf local.tgz etc tar czf state.tgz local.tgz cp /tmp/state.tgz /media/ubuntu/586C-10CC2 

• 空密码登录

  

esxi 服务器的 esxi 版本为？

挂起来就好

请分析 ESXi 服务器，该系统的安装日期为：

请分析 ESXi 服务器数据存储“datastore”的 UUID 是？

ESXI 服务器的原 IP 地址？

仿起来就好

EXSI 服务器中共创建了几个虚拟机？

网站服务器绑定的 IP 地址为？

fscan 开扫就完事了

rocketchat 手动绕个密

1. 开机启动，选择（core），按++e++键

2. 如果是 CentOS，则修改 ro 为 rw init=/sysroot/bin/sh；如果是 Ubuntu，则修改 ro 为 rw single init=/bin/bash

3. 按++ctrl+x++，进入 shell 界面，再输入

   chroot /sysroot 

4. 输入下面的命令修改密码，需要输入两次来确认密码

   passwd 

5. 关闭 SELinux（可选）

   1. 编辑 SELinux 的 config 文件

      sudo vi /etc/selinux/config 

   2. 找到 SELINUX=enforcing 或 SELINUX=permissive 字段，按++i++进入编辑模式，将参数 SELINUX=enforcing 或 SELINUX=permissive 修改为 SELINUX=disabled，并保存++colon+w+q++

6. 重启

   reboot 

网站服务器的登录密码为？

fscan 扫出来了

网站服务器所使用的管理面板登陆入口地址对应的端口号为：

www 执行 bt 14

[root@localhost ~]# bt 14 =============================================== 正在执行(14)... =============================================== curl: (28) Resolving timed out after 4519 milliseconds curl: (28) Resolving timed out after 4519 milliseconds curl: (28) Resolving timed out after 4517 milliseconds ================================================================== BT-Panel default info! ================================================================== 获取外网IP失败，请使用服务器公网IP+端口访问面板 外网面板地址: https://服务器公网IP:14131/adec8c75 内网面板地址: https://192.168.8.89:14131/adec8c75 username: j9oehwoa password: ******** Warning: If you cannot access the panel,  release the following port (8888|888|80|443|20|21) in the security group 注意：初始密码仅在首次登录面板前能正确获取，其它时间请通过 bt 5 命令修改密码 ================================================================== 

网站服务器的 web 目录是？

www 执行

[root@localhost ~]# ls / bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  patch  proc  root  run  sbin  srv  sys  tmp  usr  var  webapp  webapp.zip  www [root@localhost ~]# ls /webapp dist      group       luck-prize  qz 7.11              ruoyi-admin.jar0826   ruoyi-admin.jar0904   ruoyi-admin.jar 7.26  ruoyi-admin.jar8.16  test dist0826  index.html  nohup.out   restart.sh           ruoyi-admin.jar0827   ruoyi-admin.jar0907   ruoyi-admin.jar8.14   ruoyi-admin.jarbak dist0906  kill.sh     profile     ruoyi-admin.jar      ruoyi-admin.jar0828   ruoyi-admin.jar0915   ruoyi-admin.jar8.15   ruoyi-admin.pid down      logs        qz          ruoyi-admin.jar0818  ruoyi-admin.jar08281  ruoyi-admin.jar 7.19  ruoyi-admin.jar8.151  start.sh 

/www/server/nginx/conf/nginx.conf 查看 nginx 反证

user  www www; worker_processes auto; error_log  /www/wwwlogs/nginx_error.log  crit; pid        /www/server/nginx/logs/nginx.pid; worker_rlimit_nofile 51200;  stream {     log_format tcp_format '$time_local|$remote_addr|$protocol|$status|$bytes_sent|$bytes_received|$session_time|$upstream_addr|$upstream_bytes_sent|$upstream_bytes_received|$upstream_connect_time';        access_log /www/wwwlogs/tcp-access.log tcp_format;     error_log /www/wwwlogs/tcp-error.log;     include /www/server/panel/vhost/nginx/tcp/*.conf; }  events     {         use epoll;         worker_connections 51200;         multi_accept on;     }  http     {         include       mime.types;                 #include luawaf.conf;                  include proxy.conf;         lua_package_path "/www/server/nginx/lib/lua/?.lua;;";          default_type  application/octet-stream;          server_names_hash_bucket_size 512;         client_header_buffer_size 32k;         large_client_header_buffers 4 32k;         client_max_body_size 50m;          sendfile   on;         tcp_nopush on;          keepalive_timeout 60;          tcp_nodelay on;          fastcgi_connect_timeout 300;         fastcgi_send_timeout 300;         fastcgi_read_timeout 300;         fastcgi_buffer_size 64k;         fastcgi_buffers 4 64k;         fastcgi_busy_buffers_size 128k;         fastcgi_temp_file_write_size 256k;                 fastcgi_intercept_errors on;          gzip on;         gzip_min_length  1k;         gzip_buffers     4 16k;         gzip_http_version 1.1;         gzip_comp_level 2;         gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml;         gzip_vary on;         gzip_proxied   expired no-cache no-store private auth;         gzip_disable   "MSIE [1-6]\.";          limit_conn_zone $binary_remote_addr zone=perip:10m;                 limit_conn_zone $server_name zone=perserver:10m;          server_tokens off;         access_log off;          server     {         listen 80;         server_name adminjmhw.sdxfwl.top;         index index.html;         root  /webapp/dist;         #解决页面刷新404问题         try_files $uri $uri/ /index.html;                  location /prod-api/ {             proxy_pass http://127.0.0.1:8080/;             proxy_set_header Host $host;             proxy_set_header X-Real-IP $remote_addr;             proxy_set_header REMOTE-HOST $remote_addr;             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;         }                               }         server     {         listen 80;         server_name groupadmin.sdxfwl.top;                  index index.html;         root  /webapp/group;         #解决页面刷新404问题         try_files $uri $uri/ /index.html;                  location /prod-api/ {             proxy_pass http://127.0.0.1:8080/;             proxy_set_header Host $host;             proxy_set_header X-Real-IP $remote_addr;             proxy_set_header REMOTE-HOST $remote_addr;             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;         }     }          server     {         listen 80;         server_name zihoutaijmhw.sdxfwl.top;                  index index.html;         root  /webapp/qz;         #解决页面刷新404问题         try_files $uri $uri/ /index.html;                  location /prod-api/ {             proxy_pass http://127.0.0.1:8080/;             proxy_set_header Host $host;             proxy_set_header X-Real-IP $remote_addr;             proxy_set_header REMOTE-HOST $remote_addr;             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;         }                       }          server     {         listen 80;         server_name apijmhw.sdxfwl.top;         location / {             proxy_pass http://127.0.0.1:8080/;             proxy_set_header Host $host;             proxy_set_header X-Real-IP $remote_addr;             proxy_set_header REMOTE-HOST $remote_addr;             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;         }                   #抽奖页面         location /luck-prize{             #解决页面刷新404问题             try_files $uri $uri/ /luck-prize/index.html;             index index.html;             alias  /webapp/luck-prize;         }                         location /download{             try_files $uri $uri/ /down/index.html;             index index.html;             alias  /webapp/down;         }                  location /app{             try_files $uri $uri/ /app/app.apk;             alias  /webapp/app;         }              }                server     {          listen 80;          server_name xiazai.sdxfwl.top;          location / {             root  /webapp/down;             try_files $uri $uri/ /down/index.html;             index index.html;         }              #抽奖页面         location /index{             #解决页面刷新404问题             try_files $uri $uri/ /www/server/nginx/guanwang/index.html;             index index.html;                     }         location /app{             alias  /webapp/app;             try_files $uri $uri/ /app/app.apk;         }              }                       server     {          listen 8888;                              #抽奖页面         location /{                          root   /www/server/nginx/guanwang;                            index index.html;                     }                     }    server     {         listen 888;         server_name phpmyadmin;         index index.html index.htm index.php;         root  /www/server/phpmyadmin;             location ~ /tmp/ {                 return 403;             }          #error_page   404   /404.html;         include enable-php.conf;          location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$         {             expires      30d;         }          location ~ .*\.(js|css)?$         {             expires      12h;         }          location ~ /\.         {             deny all;         }          access_log  /www/wwwlogs/access.log;     } include /www/server/panel/vhost/nginx/*.conf; } 

网站配置中 Redis 的连接超时时间为多少秒

[root@localhost tmp]# cat BOOT-INF/classes/application.yml  # 项目相关配置 ruoyi:   # 名称   name: 集美好物   # 版本   version: 3.8.2   # 版权年份   copyrightYear: 2022   # 实例演示开关   demoEnabled: true   # 文件路径 示例（ Windows配置D:/ruoyi/uploadPath，Linux配置 /home/ruoyi/uploadPath）   profile: /webapp/profile   # 域名链接   domainUrl: http://apijmhw.sdxfwl.top #  domainUrl: https://287h06775m.picp.vip   # 获取ip地址开关   addressEnabled: false   # 验证码类型 math 数组计算 char 字符验证   captchaType: math  # 开发环境配置 server:   # 服务器的HTTP端口，默认为8080   port: 8080   servlet:     # 应用的访问路径     context-path: /   tomcat:     # tomcat的URI编码     uri-encoding: UTF-8     # 连接数满后的排队数，默认为100     accept-count: 1000     threads:       # tomcat最大线程数，默认为200       max: 800       # Tomcat启动初始化的线程数，默认值10       min-spare: 100  # 日志配置 logging:   level:     com.ruoyi: debug     org.springframework: warn  # 腾讯云 tencent:   cloud:     im:       sdkAppId: 1400814018       key: 388ab0a1f2ab6413e97932fe0afef716ba4b1f989fa5470925891853ea0dfc98  #阿里云人脸识别 aliyun-face:   regionId: cn-hangzhou   accessKey: LTAI5tM8RJiEEuJnHfT8uVaa   secret: 19THhUjxRFhaeWlUJhIG5uV16hyFID  # Spring配置 spring:   # 资源信息   messages:     # 国际化资源文件路径     basename: i18n/messages   profiles:     active: druid   # 文件上传   servlet:      multipart:        # 单个文件大小        max-file-size:  10MB        # 设置总上传的文件大小        max-request-size:  20MB   # 服务模块   devtools:     restart:       # 热部署开关       enabled: true   # redis 配置   redis:     # 地址     host: localhost     # 端口，默认为6379     port: 6379     # 数据库索引     database: 3     # 密码     password:     # 连接超时时间     timeout: 10s     lettuce:       pool:         # 连接池中的最小空闲连接         min-idle: 0         # 连接池中的最大空闲连接         max-idle: 8         # 连接池的最大数据库连接数         max-active: 8         # #连接池最大阻塞等待时间（使用负值表示没有限制）         max-wait: -1ms  # token配置 token:     # 令牌自定义标识     header: Authorization     # 令牌密钥     secret: abcdefghijklmnopqrstuvwxyz     # 令牌有效期（默认30分钟）     expireTime: 1440  # MyBatis配置 mybatis:     # 搜索指定包别名     typeAliasesPackage: com.ruoyi.**.domain     # 配置mapper的扫描，找到所有的mapper.xml映射文件     mapperLocations: classpath*:mapper/**/*Mapper.xml     # 加载全局的配置文件     configLocation: classpath:mybatis/mybatis-config.xml  # PageHelper分页插件 pagehelper:   helperDialect: mysql   # 超出页数返回最后一页   reasonable: false   supportMethodsArguments: true   params: count=countSql  # Swagger配置 swagger:   # 是否开启swagger   enabled: true   # 请求前缀   pathMapping: /  # 防止XSS攻击 xss:   # 过滤开关   enabled: true   # 排除链接（多个用逗号分隔）   excludes: /system/notice   # 匹配链接   urlPatterns: /system/*,/monitor/*,/tool/*  # 加密 security:   publicKey: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrhYO3r2h87IITw/H3ZMYJbBOip0WWjkez2dGcqkXWmBLcovAkZ5bqY0WMWmODlTuW2fFk7nZRTytbOgmfd9rCx5Ehx4du2VhTXnhI4VtpNC6q+NRt075MnBiIFqBW7UEMRpc1rDcSVWRZVhL8VY47B35gRiAzslxMrtZuIm75M1P4DWt57QCy6D1Kvsbvk5IvevMDZflTV6DwjABqrKXV5OmGetbehb5D7Ap5jWcQVE845lrKf4dCCi+hX9ebYCsxQOg6/jLH2Qo2FKZ3BECh1SfjUfuhjleP0obi/egvPYHubxR4u2RJ/hdUX68umXh7/AbT7mjD+GqLunf1xD8wIDAQAB   privateKey: MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCyuFg7evaHzsghPD8fdkxglsE6KnRZaOR7PZ0ZyqRdaYEtyi8CRnlupjRYxaY4OVO5bZ8WTudlFPK1s6CZ932sLHkSHHh27ZWFNeeEjhW2k0Lqr41G3TvkycGIgWoFbtQQxGlzWsNxJVZFlWEvxVjjsHfmBGIDOyXEyu1m4ibvkzU/gNa3ntALLoPUq+xu+Tki968wNl+VNXoPCMAGqspdXk6YZ61t6FvkPsCnmNZxBUTzjmWsp/h0IKL6Ff15tgKzFA6Dr+MsfZCjYUpncEQKHVJ+NR+6GOV4/ShuL96C89ge5vFHi7ZEn+F1Rfry6ZeHv8BtPuaMP4aou6d/XEPzAgMBAAECggEBAKvXswbmMbvdqPLEAhHXZpMNAZhTD/KUd/TEBpWxEh+7fXkwyciPSN2KtBSTX0L6ZDWMYQZLMhUwcjsiD49buBvf2z394BrCUR13+jergtc9e38680WrHZbcI9mEThQRP5krshU3tWrKssxPWNZdFB5CJNcnabKfoa46TNC7LSL3NNkofKrH9kdi1J5GnDR3c3+nuflPy4aM9iqMtPlp+J+kBcRq/9DXoZrBZouu/4QJ7241iGofKVu8HjhfBNUyXWDI9JKu5t291unXYJ13vgGmNkzced+6TK1quPA9pQIOktw0a2daVepnLeoJ0jJBQcdEHf8d8ounb/Z9LdXnl/kCgYEA6JB8lp16fnjMTeQpgLw9R2Eq9jfTZx1jZqIOQJ6dLuX0YOW+l64eZwhd8dEfPkK+2AptWqX87OnRs/5iR607oWuWnyvmlziN2emx+Y9BAKbGhP7E2F/pZ0kLQQ11FxkNwwndJjwnBH/9O4n9CAFJimDZ8lwhxYZDIVhs89v91v0CgYEAxLrTMz9IcT7zfI/egxohgOluylRLRke+IlQ66TPF0oPnRqthouoYHh3HySAjdsyBKd/Vi/CCQFZWrUg15quHuRoxBHOD4t+AybX3aFKK18ILNBJ7ioZ6gHFxgqXPewb4SGWWv4MNT/4IzIx6mJ4Lh4Z3BdxRQ8adWsN80Gmlka8CgYBtb2ghG7ODheZllMLu4CVZzGCCAh0JfavDpOheAgVnBzBq1FFOYNHPnAFRBB3Wl2Pkl2uD523QMerK7x5iKiNQPydeeTMF38foTe7Ax2dIHjJ2bMhGJUPYpWeVUfbSSqjOKXsWPeICXRPVi4Y02R447oBAapg9sYMvUsPaMKAPJQKBgQCXGWdd1R0u3crlwRqGV2ukN6aAgH3QXQoME+Wrd7hZGDZqcPdsyZ/8gaMRNz4F4MzT/Ldn5DImeCnarbu4j8aOxS8g3BhQCJpCUyDTX5KEZOV1+TwqCV/Nh1RHpFLXi2LnOB+wuFdhORxI/xyqW7k/PmfseGtyQvpY3AzhhkNEwQKBgQCmXBf7PrI7gi+PCrtSgQEbm84bda6Y9b24095KLDA22VtabYmF7VwvzJxoHUKtpd2nrcQT/1eZkbLaEsoVP0wFKtvIiTzQZ3VPOHuJiLctAcrQ4hKVI/6nu2r+yRCCar9gcrqB3TLZb+oyR+nPmcBSok78zdeUpFseYaGgbGouwg==  #支付宝 alipay:   pid: 2088441384291084   appId: 2021003181631188   privateKey: MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDUB6gxWCkmKJkYulS2hnKMN0FG8OWFwpYie6ytLVnbZZdejY95sg42wFIhTdu6ItQDm417BogazyKfMneSfUGuzpuhwByJr7dBcmuoD3YIEYsGJehLsIqRaLYIeqd42s71sdtTHfviml38tk174SsIEwK21XlM2uBC8YRrQqOYj7nFVcKlEAF0kDISuyBtyQY7Kp5CXM6yW8HJACO1RXocbb6o5IgaXoBn3osr3JScjrbL53jr6Ha7TvQIz7slCiatkxNiFQZy13sMRcZrbUzifg0uZJnTFIA/zFSmD9bifVHAhZ5qBln6Q7Ts0ADpoj14acz18IT+epfLHE0QjFZrAgMBAAECggEBAI0+1JKakj7zSJmqdwhopCI4JOonTB9BM1ahYLS0w2leUeoRD4UYUlOy5oN9JGTpEqecljFgdoa1efDnY7RYcMsMo6yrF9e5ELEukf0Q36YcWaqs0gSqBIU9ZhZb7viZesk9xEeob8XS482XfCKMK2hjkalOqFHEdSTjUz1I1UapMNdNgQyKy5LhhTfOFu2Gozl0UuiH7pmzSQpTTPSDmXJbsvrW5H/KM7UZU0vxdB+7Osib0c9CvaMNqIri/uNBkCIATUEQQgunCqAQDhj5CN2VWw058/TZh1qPG8rrxutrP9hg4m9KUXBE3mfzKXADmef/x/jEhGsxo1UCI3mov2ECgYEA+7x7wGn8JEnTrgt61WCB2I2jTrXl+MGpq2DK3+3HynjB8aRP7kjToNUB4rqy4mAZ2z+GWIFtD8oml5Qf470Sx/4chB6QjR23g3RYSrG0hfFtWjdZYIQrL9PX0jwJ8I04sNTcYosfwGsZiTxxHl9G44lbA6ngTBqGwIVx5oHeRoMCgYEA158CO2bzfswoxZnQYohZYwmanLLy8P9tFBZZFbbzsEjbsy3Tr+K+HSKxo51WBp7UqBzG3ELQ+/n+G/mG9ett20f3GPvUe/vEO55KrlLdZDE8pmzFQCQD4DNX+u0Ln6ryxltihh3ZhPZXdVg9qhnKP0eOMbo6kzesx+HAEfrLa/kCgYAQK9F/UM+jvSJeAdrILkTpFmAxRDobusUdf0BJFktJVGyRC08fLYp6wHQ4jmnDZQ0EKpaExPuukfvcrOVHifPU6RwH2LbMeeY6CZVKZxQDrripnPie3J6xmdg5ZyX0T/4eTe5CXlGR2M9xI3LY0qIJJ9+y4ozIFsQlRe1FM36F5QKBgQCyZ2VAYxlbM28UuAScUjarZBniR4oNbzoAYdFJzztoA5CMe4FoSRKGJtuWBatVBPvtMQo02q/xnNHssZRCS4503eGMcWlJQHIH5hviiruVl8uX4+18+Y+fZLwJ6TIx5Q7Eon4te+srQWvxspYq9PXLT9hOOskWX/180MPL3JeNeQKBgGlIaT9Mru3EJ1q0537JIuq/58LN2RL//QIwjp/m7nXrLz0r7XLMzyKCcw2QNCLnl+Su83YLllEdaLXo/CkKYY5x7RbMPHLzI9+v844H2uhON6Up1VHcc94BM3UghNpmoUbqRdv9rsIckTwRNwtgGkVGvFziPVrPARVkb3v1eMk9  #alipay: #  pid: 2088541582026142 #  appId: 2021003174680109 #  privateKey: MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDNNk8fLV5gnxsWN3G8bwzW3H+BnuXgXckMEO/Qr3vJ2LrgRRxvO8bPrJmr57tPgoQwpbTn3wJv/af/9QSuqaboje5lFSX0NkBBppf+hjfn1vmlSO9kIHgyAkfstRmPkM8SJIoCT9gM0nYwge9FVUAJgegMxETLLLkg4F3RSIE3X6QmI7Fl+k/ww3Q8Qw+3mKRvGIf+FTacBLs/xKMsP8QV9M9PV10Jt8lh0nvW6QDY2FHt6Yzyy1atbHfopyrfU77CptJsGyOlxMD+5O2rK+K47fEWm2+wWwN89lh2qxZ7cl7vcTMoensDrjZpETPu9iVSP0e0Xl3wi7eR2hY5U903AgMBAAECggEAL1QmPW+OQ8SOT7pr3eTS1j82nSOTqwKWWtURKlU+vJfiydTGsRTdToplStOATN8yM7IUHiI+AqxC8fKFqO7x0tLhN6j//uoAOeP9TDOSc0MOgsNmivY+InKKOhqukYD5cRrCRbQ6hQKJRbjCAYCe61JtvXwKzb072UxF9v2855MaAASzxsO0RBhYwPsaaXG1Kq+2hBvQ0RlRuur3rJXQ3eWlfk9XpL5pLrWCNvEWQ40TB436R60DFBkEG95M6tXmnNLiYFGV37UsztH0qUw+PFCoBMt+T72+kg+l1DM1dVgyNYPWolFjZJxPyzi+SzdsxVSaBA1FDa9V1OTjZV/vWQKBgQD/3LcuiAYB/I/5g6azrhDzKjBusoFNPU+xpfIz5ub+xyTGZ54ZhFhNSeSgXlNoIVcfa+1bCvMSLvkIie1uaB3E8QivioU1uNEyu7jCapr+P1xIkw6Um1ZLx5lNfyigYqn6KaYWiIpMkAUje7ulNGr9YN4l3XAIO2kdW5rHCA9AlQKBgQDNUpvRt4iRoweMPsUNUpOWtJ+5b5RwGpFsGfRDrt8sdTvMEaDOyn3AiHrBiHuhAUrsAY2ZrvL20eFM+SpaTC1unqnRu8QykMfIQQ83PTsmNtKjoOBI5X4mOXeIrKpJGm53ecwOyOQcQv0xN9AwNHn7eJATPvO8YRrjK/0Dg6j3mwKBgAkvsoAAMD8IA19RA741xLQGUsDWtd/BEMhvDdghNS/2lHJvK/T8lHMJ8SR03ofBkrA1HsuDBCEmAJj24shxAoicotQyo/++x/wLU2Hfk/sG6VhNt1tMjHeiDfYDV8ESacnqjuUGN/jxvs18Vstiq2i3fqJbZfdVsrt0G4WD25BVAoGBAIyOQJ0QRy1rrX8UeVDldqN0guMuvy7/AQ4/tjefPqfwmT7Z0nu9othqlZ5nEDrn56IobgcG/Mx6YQGQkK2/+FoBw78QCv+SnTE5WHE4OYWvggMB3ogIkpMYQ/wMN4ZT0ct4VXjJjV7LfQh0bNCTG+5KWlbSgYgz8XQSaOI+/yyBAoGBAJ+ahhO8U54bM0m8vci2UTAHV7kliLlkK7RU9piRZzh1muOSZkef+XL6WICefJ91gtnv0UmEElbMYwgyxdsJK5VnVUgZVY8V4QBC4NpF0M5e1rt95LUAjQYqnHvqGboRhuUh7OxLzSyFZIBA1qZeXuyX3Mij8Rzc2593ONbaLCNt 

网站普通用户密码中使用的盐值为

这里手撕或者重构网站都可以，我一开始选择手撕，感觉 ruoyi 框架开源的好手撕一点，重构写在文末

网站管理员用户密码的加密算法名称是什么

data 执行

[root@localhost ~]# docker inspect 9b | grep -i pass                 "MYSQL_ROOT_PASSWORD=my-secret-pw", 

bcrypt，一眼顶针

网站超级管理员用户账号创建的时间是？

重构进入网站之后，用户管理下的用户列表页面默认有多少页数据

这个只能重构

该网站的系统接口文档版本号为

搜 SwaggerConfig

该网站获取订单列表的接口

还是搜索关键字

受害人卢某的用户 ID

受害人卢某一共充值了多少钱

网站设置的单次抽奖价格为多少元

网站显示的总余额数是

只能重构

网站数据库的 root 密码

docker inspect 能看，cmd5 也可以跑，不过付费

数据库服务器的操作系统版本是

[root@localhost ~]# cat /etc/*release CentOS Linux release 7.9.2009 (Core) NAME="CentOS Linux" VERSION="7 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="7" PRETTY_NAME="CentOS Linux 7 (Core)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:7" HOME_URL="https://www.centos.org/" BUG_REPORT_URL="https://bugs.centos.org/"  CENTOS_MANTISBT_PROJECT="CentOS-7" CENTOS_MANTISBT_PROJECT_VERSION="7" REDHAT_SUPPORT_PRODUCT="centos" REDHAT_SUPPORT_PRODUCT_VERSION="7"  CentOS Linux release 7.9.2009 (Core) CentOS Linux release 7.9.2009 (Core) 

数据库服务器的 Docker Server 版本是

[root@localhost ~]# docker version Client:  Version:         1.13.1  API version:     1.26  Package version: docker-1.13.1-209.git7d71120.el7.centos.x86_64  Go version:      go1.10.3  Git commit:      7d71120/1.13.1  Built:           Wed Mar  2 15:25:43 2022  OS/Arch:         linux/amd64  Server:  Version:         1.13.1  API version:     1.26 (minimum version 1.12)  Package version: docker-1.13.1-209.git7d71120.el7.centos.x86_64  Go version:      go1.10.3  Git commit:      7d71120/1.13.1  Built:           Wed Mar  2 15:25:43 2022  OS/Arch:         linux/amd64  Experimental:    false 

数据库服务器中数据库容器的完整 ID 是

[root@localhost ~]# docker ps -a --no-trunc CONTAINER ID                                                       IMAGE               COMMAND                         CREATED             STATUS              PORTS                    NAMES 9bf1cecec3957a5cd23c24c0915b7d3dd9be5238322ca5646e3d9e708371b765   eclipse/mysql       "docker-entrypoint.sh mysqld"   7 weeks ago         Up 14 minutes       0.0.0.0:3306->3306/tcp   mysql 

数据库服务器中数据库容器使用的镜像 ID

[root@localhost ~]# docker images --no-trunc REPOSITORY                TAG                 IMAGE ID                                                                  CREATED             SIZE docker.io/eclipse/mysql   latest              sha256:66c0e7ca4921e941cbdbda9e92242f07fe37c2bcbbaac4af701b4934dfc41d8a   6 years ago         436 MB 

数据库服务器中数据库容器创建的北京时间

[root@localhost ~]# docker inspect 9b | grep -i create         "Created": "2024-03-13T12:15:23.02589108Z", 

数据库服务器中数据库容器的 ip 是

[root@localhost ~]# docker inspect 9b | grep -i ip                         "HostIp": "",             "IpcMode": "",             "Image": "eclipse/mysql",             "LinkLocalIPv6Address": "",             "LinkLocalIPv6PrefixLen": 0,                         "HostIp": "0.0.0.0",             "SecondaryIPAddresses": null,             "SecondaryIPv6Addresses": null,             "GlobalIPv6Address": "",             "GlobalIPv6PrefixLen": 0,             "IPAddress": "172.17.0.2",             "IPPrefixLen": 16,             "IPv6Gateway": "",                     "IPAMConfig": null,                     "IPAddress": "172.17.0.2",                     "IPPrefixLen": 16,                     "IPv6Gateway": "",                     "GlobalIPv6Address": "",                     "GlobalIPv6PrefixLen": 0, 

分析数据库数据，在该平台邀请用户进群最多的用户的登录 IP 是

SELECT inviter_id, COUNT(*) AS invite_count FROM app_group_apply GROUP BY inviter_id ORDER BY invite_count DESC LIMIT 1;  

分析数据库数据，在该平台抢得最多红包金额的用户的登录 IP 是

SELECT user_id, SUM(money) AS total_amount FROM app_group_redpacket_member GROUP BY user_id ORDER BY total_amount DESC LIMIT 1;  

数据库中记录的提现成功的金额总记是多少（不考虑手续费）

SELECT SUM(amount) AS total_withdrawn_amount FROM app_user_withdraw WHERE status = 3;  

rocketchat 服务器中，有几个真实用户？

root@debian:~# netstat -nlpt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name     tcp        0      0 127.0.0.1:587           0.0.0.0:*               LISTEN      2448/sendmail: MTA:  tcp        0      0 0.0.0.0:888             0.0.0.0:*               LISTEN      1628/nginx: master   tcp        0      0 0.0.0.0:3000            0.0.0.0:*               LISTEN      1975/docker-proxy    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1628/nginx: master   tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2448/sendmail: MTA:  tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      1011/pure-ftpd (SER  tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      3335/sshd: /usr/sbi  tcp        0      0 127.0.0.1:8461          0.0.0.0:*               LISTEN      866/python3          tcp        0      0 0.0.0.0:14811           0.0.0.0:*               LISTEN      1824/python3         tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      1628/nginx: master   tcp6       0      0 :::21                   :::*                    LISTEN      1011/pure-ftpd (SER  tcp6       0      0 :::22                   :::*                    LISTEN      3335/sshd: /usr/sbi  tcp6       0      0 :::3306                 :::*                    LISTEN      1621/mysqld          root@debian:~# docker ps CONTAINER ID   IMAGE                                                COMMAND                  CREATED       STATUS       PORTS                    NAMES 160c806d13ea   registry.rocket.chat/rocketchat/rocket.chat:latest   "docker-entrypoint.s…"   7 weeks ago   Up 3 hours   0.0.0.0:3000->3000/tcp   rocketchat-rocketchat-1 929dad307aa4   bitnami/mongodb:5.0                                  "/opt/bitnami/script…"   7 weeks ago   Up 3 hours   27017/tcp                rocketchat-mongodb-1 

rocketchat 服务器中，聊天服务的端口号是？

见上

rocketchat 服务器中，聊天服务的管理员的邮箱是？

见上

rocketchat 服务器中，聊天服务使用的数据库的版本号是？

rocketchat 服务器中，最大的文件上传大小是？（以字节为单位）

rocketchat 服务器中，管理员账号的创建时间为？

rocketchat 服务器中，技术员提供的涉诈网站地址是？

综合分析服务器，该团伙的利润分配方案中，老李的利润占比是多少

综合分析服务器，该团队“杀猪盘”收网的可能时间段为

请综合分析，警方未抓获的重要嫌疑人，其使用聊天平台时注册邮箱号为？

分析 openwrt 镜像，该系统的主机名为

分析 openwrt 镜像，该系统的内核版本为

分析 openwrt 镜像，该静态 ip 地址为

见 PC 浏览器

分析 openwrt 镜像，所用网卡的名称为

分析 openwrt 镜像，该系统中装的 docker 的版本号为

分析 openwrt 镜像，nastools 的配置文件路径为

分析 openwrt 镜像，使用的 vpn 代理软件为

分析 openwrt 镜像，vpn 实际有多少个可用节点

分析 openwrt 镜像，节点 socks 的监听端口是多少

分析 openwrt 镜像，vpn 的订阅链接是

• 网站重构方法

之前队友传过一份运维手册，一条一条改，傻瓜式

修改两个yaml文件

修改数据库

• 绕密

  

  

  

总结

这次打了第四，还差一捏捏有点可惜了，思路没啥大问题，手贱交错几条flag
欢迎加微信交流：WQZ1127786222

b3nguang
2024.5.5