施坤的博客

// 设置接口访问的根目录
axios.defaults.baseURL = "http://host:8081/myapi/"
// 设置原型属性后,其他地方如果要调用，只要用this.$http.get就可以了
Vue.prototype.$http = axios

npm run build

pip install pipreqs
pipreqs --use-local --encoding=utf8 --force .

[root@VM-24-13-centos mysite]# python  --version
Python 3.6.8

firewall-cmd --zone=public --add-port=8100/tcp --permanent
firewall-cmd --zone=public --add-port=8081/tcp --permanent

firewall-cmd --reload   # 配置立即生效
firewall-cmd --zone=public --list-port # 查看防火墙所有开放的端口
 firewall-cmd --state # 查看防火墙状态
netstat -lnpt # 查看监听的端口
netstat -lnpt |grep 8081# 查看监听的具体端口

root@VM-24-13-centos git]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

vi /etc/nginx/nginx.conf

   server {
        listen       8001;
        listen       [::]:8001;
        server_name  www.XXX.123;
        root         /home/dist; # vue的路径
        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
        error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }

[root@VM-24-13-centos home]# tar -zxvf dist.tar.gz
dist/
dist/css/
dist/css/app.54a7ebec.css
dist/css/chunk-vendors.84bb20f7.css
dist/favicon.ico
dist/fonts/
dist/fonts/element-icons.535877f5.woff
dist/fonts/element-icons.732389de.ttf
dist/img/
dist/img/logo.82b9c7a5.png
dist/index.html
dist/js/
dist/js/app.942844bf.js
dist/js/app.942844bf.js.map
dist/js/chunk-vendors.0b404296.js
dist/js/chunk-vendors.0b404296.js.map

systemctl restart nginx

cd /usr/local/mysite
pip install -r requirements.txt

python3 manage.py runserver 0.0.0.0:8081

corsheaders 文件不存在

pip3 install django-cors-headers

ile "/usr/local/lib/python3.6/site-packages/django/db/backends/sqlite3/base.py", line 67, in check_sqlite_version
    raise ImproperlyConfigured('SQLite 3.8.3 or later is required (found %s).' % Database.sqlite_version)
django.core.exceptions.ImproperlyConfigured: SQLite 3.8.3 or later is required (found 3.7.17).

vi /usr/local/lib/python3.6/site-packages/django/db/backends/sqlite3/base.py

def check_sqlite_version():
    if Database.sqlite_version_info < (3, 7, 17):
        raise ImproperlyConfigured('SQLite 3.7.17 or later is required (found %s).' % Database.sqlite_version)

root@VM-24-13-centos mysite]# pwd
/usr/local/mysite
[root@VM-24-13-centos mysite]# vi start_api.sh

MYDATE=`date +%Y%m%d`
ALL_LOGFILE=/home/api_log/log/log_$MYDATE

nohup python3 manage.py runserver 0.0.0.0:8081 > ${ALL_LOGFILE} 2>&1 &

netstat -lnpt |grep 8081

sh start.sh

systemctl restart nginx

npm install echarts --save

npm install axios

import Vue from "vue"
import axios from 'axios'

// 设置接口访问的根目录
axios.defaults.baseURL = "http://127.0.0.1:8100/myapi/"
// 设置原型属性后,其他地方如果要调用，只要用this.$http.get就可以了
Vue.prototype.$http = axios

<div id="echarts_box" style="width: 600px;height:400px;">
        
</div>
<script>
    var echarts = require('echarts');

  export default {
    data() {
      return {
      }
    },
    mounted() {
      this.drawLine();
    },
    created() {
     
    },
    methods: {
      async drawLine() {
           const {data:res}  = await this.$http.get('reports')
            if (res.code != 1){
                return this.$message.erro("获取数据失败")
            }
            console.log(res)
          // 初始化echarts实例
          let myChart = echarts.init(document.getElementById('echarts_box'))
          myChart.setOption({
    	  	title: {text: res.data.title.text},
          	tooltip: {},
  		  	xAxis: {data: res.data.xAxis.data},
  		  	yAxis: {},
  		  	series: [{name: res.data.series[0].name,type: res.data.series[0].type,
      				data: res.data.series[0].data}]
			});
      }
    }
  }
</script>

C:\WINDOWS\system32>net stop "Tenable Nessus"
Tenable Nessus 服务正在停止.
Tenable Nessus 服务已成功停止。

attrib -s -r -h "E:\app\Tenable\Nessus\nessus\plugins\*.*" 


attrib -s -r -h "E:\app\Tenable\Nessus\nessus\plugin_feed_info.inc"

PLUGIN_SET = "202201111911";
PLUGIN_FEED = "ProfessionalFeed (Direct)";
PLUGIN_FEED_TRANSPORT = "Tenable Network Security Lightning";

云中转网盘:
https://yzzpan.com/#sharefile=fCSsVfsp_26946
解压密码:www.ddosi.org

"E:\app\Tenable\Nessus\nessuscli.exe" update "e:\exe\all-2.0_202201111911.tar.gz"

Fri Mar  4 10:42:22 2022][25076.1] Warning: Long rDNS lookup.  Took 2081ms for 169.254.105.105 to DESKTOP-8MTHS2J

[info] Copying templates version 202102012215 to E:\app\Tenable\Nessus\nessus\templates\tmp
[info] Finished copying templates.
[info] Moved new templates with version 202102012215 from plugins dir.
 * Update successful.  The changes will be automatically processed by Nessus

C:\WINDOWS\system32>copy "E:\app\Tenable\Nessus\nessus\plugins\plugin_feed_info.inc" "E:\app\Tenable\Nessus\nessus\"

覆盖 E:\app\Tenable\Nessus\nessus\plugin_feed_info.inc 吗? (Yes/No/All): all
已复制         1 个文件。

C:\WINDOWS\system32>net start "Tenable Nessus"
Tenable Nessus 服务正在启动 .
Tenable Nessus 服务已经启动成功。

net stop "Tenable Nessus" 

copy "E:\app\Tenable\Nessus\nessus\plugins\plugin_feed_info.inc" "E:\app\Tenable\Nessus\nessus\"

PLUGIN_SET = "202201111911";
PLUGIN_FEED = "ProfessionalFeed (Direct)";
PLUGIN_FEED_TRANSPORT = "Tenable Network Security Lightning";

copy "E:\app\Tenable\Nessus\nessus\plugins\plugin_feed_info.inc" "E:\app\Tenable\Nessus\nessus\"

attrib +s +r +h "E:\app\Tenable\Nessus\nessus\plugins\*.*" 
attrib +s +r +h "E:\app\Tenable\Nessus\nessus\plugin_feed_info.inc"
attrib -s -r -h "E:\app\Tenable\Nessus\nessus\plugins\plugin_feed_info.inc"

vi /etc/httpd/conf/httpd.conf

DocumentRoot "/var/www/html/DVWA-2.0.1"

systemctl restart httpd

-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAw5RpKHoP/hDYpsiLFB7oEmYk22zR2PWeAqQq4GjQDTdJL7G8...
-----END RSA PRIVATE KEY-----

127.0.0.1 updates.acunetix.com
127.0.0.1 erp.acunetix.com

GET http://ip:8001/DVWA-2.0.1/login.php HTTP/1.1
GET http://ip.101:8001/DVWA-2.0.1/security.php HTTP/1.1
GET http://ip:8001/DVWA-2.0.1/phpinfo.php HTTP/1.1
GET http://ip:8001/DVWA-2.0.1/setup.php HTTP/1.1
GET http://ip:8001/DVWA-2.0.1/instructions.php HTTP/1.1

msf6 > use auxiliary/scanner/ssh/ssh_login_pubkey
msf6 auxiliary(scanner/ssh/ssh_login_pubkey) > show options
...

msf6 auxiliary(scanner/ssh/ssh_login_pubkey) > set key_path /usr/local/ssh_key 
key_path => /usr/local/ssh_key

msf6 auxiliary(scanner/ssh/ssh_login_pubkey) > set rhosts 192.168.56.105
rhosts => 192.168.56.105
msf6 auxiliary(scanner/ssh/ssh_login_pubkey) > set username vagrant
username => vagrant

msf6 auxiliary(scanner/ssh/ssh_login_pubkey) > run

java -jar selenium-server-standalone-v3.0.1.jar -role hub -port 4455

java -jar selenium-server-standalone-v3.0.1.jar -role node -port 5555 -hub http://192.168.0.102:4444/grid/registe

java -jar selenium-server-standalone-v3.0.1.jar -role node -port 6666 -hub http://192.168.0.102:4444/grid/registe

java -Dwebdriver.ie.driver=D:\IEDriverServer.exe -jar selenium-server-standalone-2.37.0.jar -role node -hub [http://127.0.0.1:4444/grid/register](http://127.0.0.1:4444/grid/register) -maxSession 20 -browser "browserName=internet explorer,version=9,platform=WINDOWS,maxInstances=20" -port 5555

vi /home/git/hexoBlog.git/hooks/post-receive

yum install -y nginx

systemctl start nginx

systemctl status nginx.service
Feb 25 09:20:06 VM-24-13-centos systemd[1]: Failed to start The nginx HTTP and reverse proxy server.

vi /etc/nginx/nginx.conf

user root; #我这里改为了root


server {
    listen 80 default_server;
    listen [::]:80 default_server;
    root /home/hexoBlog;    #需要修改
    
    server_name www.shikun.work; #需要修改
    
    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;
    location / {
    }
    error_page 404 /404.html;
        location = /40x.html {
    }

systemctl restart nginx

deploy:
  type: git
  repo: root@ip:/home/git/hexoBlog
  branch: master

hexo cl && hexo g && hexo d

nmap -sV 192.168.56.102

Starting Nmap 7.92 ( https://nmap.org ) at 2022-02-23 21:42 EST
Nmap scan report for 192.168.56.102
Host is up (0.00033s latency).
Not shown: 981 closed tcp ports (conn-refused)
PORT      STATE SERVICE              VERSION
21/tcp    open  ftp                  Microsoft ftpd
22/tcp    open  ssh                  OpenSSH 7.1 (protocol 2.0)
80/tcp    open  http                 Microsoft IIS httpd 7.5
135/tcp   open  msrpc                Microsoft Windows RPC
139/tcp   open  netbios-ssn          Microsoft Windows netbios-ssn
445/tcp   open  microsoft-ds         Microsoft Windows Server 2008 R2 - 2012 microsoft-ds
3306/tcp  open  mysql                MySQL 5.5.20-log
3389/tcp  open  ssl/ms-wbt-server?
4848/tcp  open  ssl/http             Oracle Glassfish Application Server
7676/tcp  open  java-message-service Java Message Service 301
8080/tcp  open  http                 Sun GlassFish Open Source Edition  4.0
8181/tcp  open  ssl/intermapper?
8383/tcp  open  http                 Apache httpd
9200/tcp  open  wap-wsp?
49152/tcp open  msrpc                Microsoft Windows RPC
49153/tcp open  msrpc                Microsoft Windows RPC
49154/tcp open  msrpc                Microsoft Windows RPC
49155/tcp open  msrpc                Microsoft Windows RPC
49176/tcp open  java-rmi             Java RMI

msfconsole
                                                  

       =[ metasploit v6.1.14-dev                          ]
+ -- --=[ 2180 exploits - 1155 auxiliary - 399 post       ]
+ -- --=[ 592 payloads - 45 encoders - 10 nops            ]
+ -- --=[ 9 evasion                                       ]

Metasploit tip: Open an interactive Ruby terminal with 
irb

msf6 > 

msf6 > use auxiliary/scanner/ftp/anonymous

msf6 > set RHOSTS 192.168.56.102

sf6 auxiliary(scanner/ftp/anonymous) > run

[*] 192.168.56.102:21     - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

msf6 auxiliary(scanner/ftp/anonymous) > exploit -i

[*] 192.168.56.102:21     - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/ftp/anonymous) > 

msf6 > use auxiliary/scanner/ftp/ftp_login
msf6 auxiliary(scanner/ftp/ftp_login) > 

msf6 auxiliary(scanner/ftp/ftp_login) > show options

Module options (auxiliary/scanner/ftp/ftp_login):

   Name              Current Setting  Required  Description
   ----              ---------------  --------  -----------
   BLANK_PASSWORDS   false            no        Try blank passwords for all users
   BRUTEFORCE_SPEED  5                yes       How fast to bruteforce, from 0 to 5
   DB_ALL_CREDS      false            no        Try each user/password couple stored in the current database
   DB_ALL_PASS       false            no        Add all passwords in the current database to the list
   DB_ALL_USERS      false            no        Add all users in the current database to the list
   DB_SKIP_EXISTING  none             no        Skip existing credentials stored in the current database (Accepted: none, user, user&realm)
   PASSWORD                           no        A specific password to authenticate with
   PASS_FILE                          no        File containing passwords, one per line
   Proxies                            no        A proxy chain of format type:host:port[,type:host:port][...]
   RECORD_GUEST      false            no        Record anonymous/guest logins to the database
   RHOSTS                             yes       The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
   RPORT             21               yes       The target port (TCP)
   STOP_ON_SUCCESS   false            yes       Stop guessing when a credential works for a host
   THREADS           1                yes       The number of concurrent threads (max one per host)
   USERNAME                           no        A specific username to authenticate as
   USERPASS_FILE                      no        File containing users and passwords separated by space, one pair per line
   USER_AS_PASS      false            no        Try the username as the password for all users
   USER_FILE                          no        File containing usernames, one per line
   VERBOSE           true             yes       Whether to print output for all attempts

msf6 auxiliary(scanner/ftp/ftp_login) > set RHOSTS 192.168.56.102

msf6 auxiliary(scanner/ftp/ftp_login) >  set THREADS 14

msf6 auxiliary(scanner/ftp/ftp_login) >set USERPASS_FILE /usr/share/metasploit-framework/data/wordlists/root_userpass.txt

msf6 auxiliary(scanner/ftp/ftp_login) > run

msf6 auxiliary(scanner/ftp/easy_file_sharing_ftp) > use auxiliary/scanner/ftp/ftp_version  
msf6 auxiliary(scanner/ftp/ftp_version) > set RHOSTS 192.168.56.102
RHOSTS => 192.168.56.102
msf6 auxiliary(scanner/ftp/ftp_version) > run

[+] 192.168.56.102:21     - FTP Banner: '220 Microsoft FTP Service\x0d\x0a'
[*] 192.168.56.102:21     - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

mkdir metasploitable3-workspace
cd metasploitable3-workspace

PS E:\app\metasploitable3-workspace> vagrant box add rapid7/metasploitable3-win2k8 d:\exe\metasploitable3-win2k8.box
==> box: Box file was not detected as metadata. Adding it directly...
==> box: Adding box 'rapid7/metasploitable3-win2k8' (v0) for provider:
    box: Unpacking necessary files from: file:///d:/exe/metasploitable3-win2k8.box
    box:
==> box: Successfully added box 'rapid7/metasploitable3-win2k8' (v0) for 'virtualbox'!
PS E:\app\metasploitable3-workspace>

PS C:\Users\Admin\.vagrant.d\boxes\rapid7-VAGRANTSLASH-metasploitable3-win2k8\0\virtualbox> vagrant init rapid7/metasploitable3-win2k8
A `Vagrantfile` has been placed in this directory. You are now
ready to `vagrant up` your first virtual environment! Please read
the comments in the Vagrantfile as well as documentation on
`vagrantup.com` for more information on using Vagrant.

vagrant up

[+] Starting database
[+] Creating database user 'msf'
[+] Creating databases 'msf'
[+] Creating databases 'msf_test'
[+] Creating configuration file '/usr/share/metasploit-framework/config/database.yml' 
[+] Creating initial database schema
...
       =[ metasploit v6.1.14-dev                          ]
+ -- --=[ 2180 exploits - 1155 auxiliary - 399 post       ]
+ -- --=[ 592 payloads - 45 encoders - 10 nops            ]
+ -- --=[ 9 evasion                                       ]

Metasploit tip: You can use help to view all 
available commands

msf6 >