qwqdanchun
/
qwqdanchun.github.io
mirror of https://github.com/qwqdanchun/qwqdanchun.github.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: qwqdanchun:e1ef364f75845fa32524023a143c584348fb581c
Branches Tags
qwqdanchun:main
qwqdanchun:gh-pages
qwqdanchun:dependabot/npm_and_yarn/hexo-renderer-marked-6.1.1
qwqdanchun:dependabot/npm_and_yarn/hexo-renderer-stylus-3.0.0
...
compare: qwqdanchun:9e5898d2af9f3a94d540855c294dd3ae5d8869bd
Branches Tags
qwqdanchun:gh-pages
qwqdanchun:main
qwqdanchun:dependabot/npm_and_yarn/hexo-renderer-marked-6.1.1
qwqdanchun:dependabot/npm_and_yarn/hexo-renderer-stylus-3.0.0

3 Commits
e1ef364f75 ... 9e5898d2af

Author SHA1 Message Date
qwqdanchun 9e5898d2af Deploying to gh-pages from @ 0946cb1324 🚀 2024-01-02 14:46:40 +00:00
qwqdanchun b8b04006ea Deploying to gh-pages from @ 628a58ce6c 🚀 2024-01-02 14:30:53 +00:00
qwqdanchun da38c9b193 Deploying to gh-pages from @ d871a413fd 🚀 2024-01-02 14:25:32 +00:00
39 changed files with 2991 additions and 249 deletions
Show Stats Expand all files Collapse all files

6
Appdomain_AntiVM/index.html
View File

@ -24,7 +24,7 @@
<meta property="og:description" content="这次是标题党了主要还是记录一下自己在使用Appdomain中遇到的一点小坑 前情提要我一直很喜欢使用C#制作一些工具或者制作一些技术的poc在测试杀软对行为的拦截时为了避免频繁文件落地都是使用对一个C#远控添加插件的方式测试的。 最常用的插件加载方式就是Assembly.Load了使用过的都会发现这种方式可以加载不能卸载用Procexp之类的软件可以很方便的查看进程内的Assembly">
<meta property="og:locale" content="zh_CN">
<meta property="article:published_time" content="2023-02-17T01:29:19.000Z">
<meta property="article:modified_time" content="2023-12-01T07:50:52.914Z">
<meta property="article:modified_time" content="2024-01-02T14:46:17.485Z">
<meta property="article:author" content="qwqdanchun">
<meta property="article:tag" content=".Net">
<meta property="article:tag" content="Appdomain">
@ -381,7 +381,7 @@
<p class="note note-info">
本文最后更新于2023年12月1日 下午
本文最后更新于2024年1月2日 晚上
</p>
@ -476,7 +476,7 @@
<div class="license-meta-item license-meta-date">
<div>更新于</div>
<div>2023年12月1</div>
<div>2024年1月2</div>
</div>

12
BTPanel_Databases/index.html
View File

@ -24,7 +24,7 @@
<meta property="og:description" content="拿到装有宝塔面板的服务器后,在不登录面板的情况下不能直接查看数据库信息 为了解决这个问题,就制作了一个脚本去进行配置信息的解密 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253import os#使用前pip3 install PyCryptodome#">
<meta property="og:locale" content="zh_CN">
<meta property="article:published_time" content="2023-12-01T07:26:33.000Z">
<meta property="article:modified_time" content="2023-12-01T07:50:52.914Z">
<meta property="article:modified_time" content="2024-01-02T14:46:17.485Z">
<meta property="article:author" content="qwqdanchun">
<meta property="article:tag" content="Decrypt">
<meta name="twitter:card" content="summary_large_image">
@ -379,7 +379,7 @@
<p class="note note-info">
本文最后更新于2023年12月1日 下午
本文最后更新于2024年1月2日 晚上
</p>
@ -454,7 +454,7 @@
<div class="license-meta-item license-meta-date">
<div>更新于</div>
<div>2023年12月1</div>
<div>2024年1月2</div>
</div>
@ -491,6 +491,12 @@
<article class="post-prev col-6">
<a href="/Pillager_Forensics_2/" title="Pillager开发记录-2">
<i class="iconfont icon-arrowleft"></i>
<span class="hidden-mobile">Pillager开发记录-2</span>
<span class="visible-mobile">上一篇</span>
</a>
</article>
<article class="post-next col-6">

6
Backdoor_In_Source/index.html
View File

@ -24,7 +24,7 @@
<meta property="og:description" content="某大型活动还有一段时间,但是总会有很多新工具出现,想用但不敢用该怎么办,还是需要先了解下常见的源码投毒方式吧 方法1.代码带毒直接在代码中实现一个后门常见的操作包括但不限于在程序启动时按钮点击时程序结束时等位置添加恶意代码。常见恶意代码为反向shell或各式各样的shellcode加载器 对于visual studio等编译器不会在项目中显示未包含文件的代码但是如果引用到了依然会编译进">
<meta property="og:locale" content="zh_CN">
<meta property="article:published_time" content="2023-05-09T07:12:17.000Z">
<meta property="article:modified_time" content="2023-12-01T07:50:52.914Z">
<meta property="article:modified_time" content="2024-01-02T14:46:17.485Z">
<meta property="article:author" content="qwqdanchun">
<meta property="article:tag" content="Backdoor">
<meta property="article:tag" content="BlueTeam">
@ -353,7 +353,7 @@
<p class="note note-info">
本文最后更新于2023年12月1日 下午
本文最后更新于2024年1月2日 晚上
</p>
@ -460,7 +460,7 @@
<div class="license-meta-item license-meta-date">
<div>更新于</div>
<div>2023年12月1</div>
<div>2024年1月2</div>
</div>

6
Bypass_Secure_Browser/index.html
View File

@ -24,7 +24,7 @@
<meta property="og:description" content="早在疫情期间就经历了好久的线上考试,最近又遇到了类似的需求,正好就写写相关的东西吧。为了防止暴露是哪几款软件,文中就不放图了,只是说说方法。 逆向相关目前遇到过的主流是C#&#x2F;Electron的程序也有部分C++的程序。 C#的可以直接用DnSpy查看代码并修改 Electron的可以解包asar查看代码修改后也可以打包替换回去 C++的一般IDA辅助分析后可以手动跳过部分函数或判断">
<meta property="og:locale" content="zh_CN">
<meta property="article:published_time" content="2023-03-16T05:30:29.000Z">
<meta property="article:modified_time" content="2023-12-01T07:50:52.914Z">
<meta property="article:modified_time" content="2024-01-02T14:46:17.485Z">
<meta property="article:author" content="qwqdanchun">
<meta property="article:tag" content=".Net">
<meta property="article:tag" content="Crack">
@ -354,7 +354,7 @@
<p class="note note-info">
本文最后更新于2023年12月1日 下午
本文最后更新于2024年1月2日 晚上
</p>
@ -448,7 +448,7 @@
<div class="license-meta-item license-meta-date">
<div>更新于</div>
<div>2023年12月1</div>
<div>2024年1月2</div>
</div>

6
Bypass_Startup/index.html
View File

@ -24,7 +24,7 @@
<meta property="og:description" content="突发奇想的一个思路,不太好用就发出来玩玩吧 背景知识目录挂载subst是Windows自带的一个工具可以将文件目录挂载为磁盘但是重启后不会继续挂载了。 如果想长期挂载,需要修改注册表 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices。 https:&#x2F;&#x2F;learn.microsoft.com&#x2F;en-us&#x2F;windo">
<meta property="og:locale" content="zh_CN">
<meta property="article:published_time" content="2023-02-27T09:49:45.000Z">
<meta property="article:modified_time" content="2023-12-01T07:50:52.914Z">
<meta property="article:modified_time" content="2024-01-02T14:46:17.485Z">
<meta property="article:author" content="qwqdanchun">
<meta property="article:tag" content="Bypass">
<meta property="article:tag" content="360">
@ -354,7 +354,7 @@
<p class="note note-info">
本文最后更新于2023年12月1日 下午
本文最后更新于2024年1月2日 晚上
</p>
@ -443,7 +443,7 @@
<div class="license-meta-item license-meta-date">
<div>更新于</div>
<div>2023年12月1</div>
<div>2024年1月2</div>
</div>

6
Ch552_USBHUB/index.html
View File

@ -24,7 +24,7 @@
<meta property="og:description" content="首先感谢Zy143L大佬进行的PCB板的设计和制作。 特点 附带tf卡槽可自选是否附带储存空间 使用CH552单片机方便上手 通用G2版型方便购买或定制外壳 带有USBHUB可以同时作为U盘和可编程USB控制设备使用 带有霍尔开关,用于控制烧写,也可用于连接后的控制开关,即使加壳也不影响后续烧写 成本低廉,适合大批量使用 使用方法1.准备环境Windows系统安装Arduino IDE">
<meta property="og:locale" content="zh_CN">
<meta property="article:published_time" content="2023-09-06T10:47:22.000Z">
<meta property="article:modified_time" content="2023-12-01T07:50:52.922Z">
<meta property="article:modified_time" content="2024-01-02T14:46:17.493Z">
<meta property="article:author" content="qwqdanchun">
<meta property="article:tag" content="USB">
<meta name="twitter:card" content="summary_large_image">
@ -352,7 +352,7 @@
<p class="note note-info">
本文最后更新于2023年12月1日 下午
本文最后更新于2024年1月2日 晚上
</p>
@ -452,7 +452,7 @@
<div class="license-meta-item license-meta-date">
<div>更新于</div>
<div>2023年12月1</div>
<div>2024年1月2</div>
</div>

6
CobaltStrike_Modify/index.html
View File

@ -24,7 +24,7 @@
<meta property="og:description" content="2022年过的真的很快啊一转眼就2023了本来想着元旦的时候搞一点东西分享出来但是因为太忙没有腾出时间那就只好赶着春节前夕水一点文章了。 CobaltStrike简介CobaltStrike是一套商业化的C2框架提供了较好的兼容性和可扩展性也因此成为了目前红队中最为广泛使用的C2。但是因为使用广泛其特征也被大量采集并用于识别beacon及TeamServer这里我就简单的把自">
<meta property="og:locale" content="zh_CN">
<meta property="article:published_time" content="2023-01-21T15:59:59.000Z">
<meta property="article:modified_time" content="2023-12-01T07:50:52.922Z">
<meta property="article:modified_time" content="2024-01-02T14:46:17.497Z">
<meta property="article:author" content="qwqdanchun">
<meta property="article:tag" content="CobaltStrike">
<meta property="article:tag" content="Modify">
@ -380,7 +380,7 @@
<p class="note note-info">
本文最后更新于2023年12月1日 下午
本文最后更新于2024年1月2日 晚上
</p>
@ -489,7 +489,7 @@
<div class="license-meta-item license-meta-date">
<div>更新于</div>
<div>2023年12月1</div>
<div>2024年1月2</div>
</div>

6
CodePage_injection/index.html
View File

@ -24,7 +24,7 @@
<meta property="og:description" content="起源一年多以前Jonas L在推特首次提出了这个注入方法并在评论区提出了一些可能的利用方法。半年前有人在GitHub发布了一份Poc某种程度上进行了对注入方案的验证。 原理控制台程序会有一个对应的Code Page也就是代码页这个东西是字符代码的一个映射每个控制台对应两个代码页一个输入一个输出。 大部分Code Page都是nls文件但是看到有一部分是dll文件确切地说是5开">
<meta property="og:locale" content="zh_CN">
<meta property="article:published_time" content="2022-11-25T13:03:31.000Z">
<meta property="article:modified_time" content="2023-12-01T07:50:52.926Z">
<meta property="article:modified_time" content="2024-01-02T14:46:17.497Z">
<meta property="article:author" content="qwqdanchun">
<meta property="article:tag" content="Injection">
<meta property="article:tag" content="CodePage">
@ -354,7 +354,7 @@
<p class="note note-info">
本文最后更新于2023年12月1日 下午
本文最后更新于2024年1月2日 晚上
</p>
@ -459,7 +459,7 @@
<div class="license-meta-item license-meta-date">
<div>更新于</div>
<div>2023年12月1</div>
<div>2024年1月2</div>
</div>

26
Pillager_Forensics_1/index.html
View File

@ -24,7 +24,7 @@
<meta property="og:description" content="今年上半年,在开发 CobaltStrike 插件期间没用遇到合适且长期更新的信息收集工具便决定自己制作一款也就有了Pillager项目。 这款工具旨在收集机器上浏览器,聊天软件,已经其他常用工具的凭证、记录等敏感信息,从而进行进一步的后渗透工作。 思路的确定最初的想法只是为了制作一个小巧简介的 BOF ,但是后期研究发现使用 BOF 开发并不合适综合考虑下选择了使用C#开发。进而就要考虑">
<meta property="og:locale" content="zh_CN">
<meta property="article:published_time" content="2023-11-09T19:22:25.000Z">
<meta property="article:modified_time" content="2023-12-01T07:50:52.926Z">
<meta property="article:modified_time" content="2024-01-02T14:46:17.497Z">
<meta property="article:author" content="qwqdanchun">
<meta property="article:tag" content="Forensics">
<meta name="twitter:card" content="summary_large_image">
@ -307,7 +307,7 @@
aria-expanded="true"
>
Forensics
<span class="list-group-count">(2)</span>
<span class="list-group-count">(4)</span>
<i class="iconfont icon-arrowright"></i>
</a>
@ -337,6 +337,24 @@
</a>
<a href="/Pillager_Forensics_2/" title="Pillager开发记录-2"
class="list-group-item list-group-item-action
">
<span class="category-post">Pillager开发记录-2</span>
</a>
<a href="/Pillager_Forensics_3/" title="Pillager开发记录-3"
class="list-group-item list-group-item-action
">
<span class="category-post">Pillager开发记录-3</span>
</a>
</div>
@ -361,7 +379,7 @@
<p class="note note-info">
本文最后更新于2023年12月1日 下午
本文最后更新于2024年1月2日 晚上
</p>
@ -445,7 +463,7 @@
<div class="license-meta-item license-meta-date">
<div>更新于</div>
<div>2023年12月1</div>
<div>2024年1月2</div>
</div>

833
Pillager_Forensics_2/index.html Normal file
View File

File diff suppressed because one or more lines are too long

818
Pillager_Forensics_3/index.html Normal file
View File

File diff suppressed because one or more lines are too long

6
PrintNightmare/index.html
View File

@ -24,7 +24,7 @@
<meta property="og:description" content="概述CVE-2021-1675 &#x2F; CVE-2021-34527 这两个洞本质上就是一个洞只是因为修复的问题分配了两个编号。具体的漏洞分析就不赘述了很早就有人发过没必要炒冷饭这里只总结下实际使用时可能出现的问题以及很多poc中不会提到的细节 复现攻击环境注意事项1.域相关目标机器为域内Windows Server机器时攻击机必须为同一域内的机器目标机器为非域环境Window">
<meta property="og:locale" content="zh_CN">
<meta property="article:published_time" content="2022-11-12T19:34:50.000Z">
<meta property="article:modified_time" content="2023-12-01T07:50:52.926Z">
<meta property="article:modified_time" content="2024-01-02T14:46:17.497Z">
<meta property="article:author" content="qwqdanchun">
<meta property="article:tag" content="0&#x2F;N Day">
<meta property="article:tag" content="PrintNightmare">
@ -382,7 +382,7 @@
<p class="note note-info">
本文最后更新于2023年12月1日 下午
本文最后更新于2024年1月2日 晚上
</p>
@ -499,7 +499,7 @@
<div class="license-meta-item license-meta-date">
<div>更新于</div>
<div>2023年12月1</div>
<div>2024年1月2</div>
</div>

26
Telegram_Forensics/index.html
View File

@ -24,7 +24,7 @@
<meta property="og:description" content="因为各种原因接触了一些场景要对Telegram进行信息收集这里就记录下基本思路只涉及Windows的官方客户端 1.关于tdata正常安装的Telegram会安装至 %appdata%\Telegram Desktop在这个目录中 modules文件夹存放了一个D3D的dlltdata文件夹存放所有数据unins000.exe&#x2F;unins000.dat文件是卸载相关Updater.e">
<meta property="og:locale" content="zh_CN">
<meta property="article:published_time" content="2023-04-14T21:40:56.000Z">
<meta property="article:modified_time" content="2023-12-01T07:50:52.926Z">
<meta property="article:modified_time" content="2024-01-02T14:46:17.497Z">
<meta property="article:author" content="qwqdanchun">
<meta property="article:tag" content="Forensics">
<meta property="article:tag" content="Telegram">
@ -308,7 +308,7 @@
aria-expanded="true"
>
Forensics
<span class="list-group-count">(2)</span>
<span class="list-group-count">(4)</span>
<i class="iconfont icon-arrowright"></i>
</a>
@ -338,6 +338,24 @@
</a>
<a href="/Pillager_Forensics_2/" title="Pillager开发记录-2"
class="list-group-item list-group-item-action
">
<span class="category-post">Pillager开发记录-2</span>
</a>
<a href="/Pillager_Forensics_3/" title="Pillager开发记录-3"
class="list-group-item list-group-item-action
">
<span class="category-post">Pillager开发记录-3</span>
</a>
</div>
@ -362,7 +380,7 @@
<p class="note note-info">
本文最后更新于2023年12月1日 下午
本文最后更新于2024年1月2日 晚上
</p>
@ -462,7 +480,7 @@
<div class="license-meta-item license-meta-date">
<div>更新于</div>
<div>2023年12月1</div>
<div>2024年1月2</div>
</div>

4
about/index.html
View File

@ -23,8 +23,8 @@
<meta property="og:site_name" content="簞純&#39;s Blog">
<meta property="og:description" content="这里是簞純一个单纯的日常生产bug再debug的菜鸡红队安全开发目前主要做Windows下的二进制方向开发 ID簞純 &#x2F; qwqdanchun Tag伪技术宅干饭人老二次元佛系咕咕咕夜猫子 QQ聊天群814084837">
<meta property="og:locale" content="zh_CN">
<meta property="article:published_time" content="2023-12-01T07:50:52.926Z">
<meta property="article:modified_time" content="2023-12-01T07:50:52.926Z">
<meta property="article:published_time" content="2024-01-02T14:46:17.497Z">
<meta property="article:modified_time" content="2024-01-02T14:46:17.497Z">
<meta property="article:author" content="qwqdanchun">
<meta name="twitter:card" content="summary_large_image">

2
archives/2022/11/index.html
View File

@ -227,7 +227,7 @@
<div class="list-group">
<p class="h4">共计 12 篇文章</p>
<p class="h4">共计 14 篇文章</p>
<hr>

2
archives/2022/index.html
View File

@ -227,7 +227,7 @@
<div class="list-group">
<p class="h4">共计 12 篇文章</p>
<p class="h4">共计 14 篇文章</p>
<hr>

2
archives/2023/01/index.html
View File

@ -227,7 +227,7 @@
<div class="list-group">
<p class="h4">共计 12 篇文章</p>
<p class="h4">共计 14 篇文章</p>
<hr>

2
archives/2023/02/index.html
View File

@ -227,7 +227,7 @@
<div class="list-group">
<p class="h4">共计 12 篇文章</p>
<p class="h4">共计 14 篇文章</p>
<hr>

2
archives/2023/03/index.html
View File

@ -227,7 +227,7 @@
<div class="list-group">
<p class="h4">共计 12 篇文章</p>
<p class="h4">共计 14 篇文章</p>
<hr>

2
archives/2023/04/index.html
View File

@ -227,7 +227,7 @@
<div class="list-group">
<p class="h4">共计 12 篇文章</p>
<p class="h4">共计 14 篇文章</p>
<hr>

2
archives/2023/05/index.html
View File

@ -227,7 +227,7 @@
<div class="list-group">
<p class="h4">共计 12 篇文章</p>
<p class="h4">共计 14 篇文章</p>
<hr>

2
archives/2023/09/index.html
View File

@ -227,7 +227,7 @@
<div class="list-group">
<p class="h4">共计 12 篇文章</p>
<p class="h4">共计 14 篇文章</p>
<hr>

2
archives/2023/11/index.html
View File

@ -227,7 +227,7 @@
<div class="list-group">
<p class="h4">共计 12 篇文章</p>
<p class="h4">共计 14 篇文章</p>
<hr>

2
archives/2023/12/index.html
View File

@ -227,7 +227,7 @@
<div class="list-group">
<p class="h4">共计 12 篇文章</p>
<p class="h4">共计 14 篇文章</p>
<hr>

2
archives/2023/index.html
View File

@ -227,7 +227,7 @@
<div class="list-group">
<p class="h4">共计 12 篇文章</p>
<p class="h4">共计 14 篇文章</p>
<hr>

397
archives/2024/01/index.html Normal file
View File

@ -0,0 +1,397 @@
<!DOCTYPE html>
<html lang="zh-CN" data-default-color-scheme=auto>
<head>
<meta charset="UTF-8">
<link rel="apple-touch-icon" sizes="76x76" href="/img/favicon.ico">
<link rel="icon" href="/img/favicon.ico">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0, shrink-to-fit=no">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<meta name="theme-color" content="#2f4154">
<meta name="author" content="qwqdanchun">
<meta name="keywords" content="">
<meta property="og:type" content="website">
<meta property="og:title" content="归档">
<meta property="og:url" content="https://blog.qwqdanchun.com/archives/2024/01/index.html">
<meta property="og:site_name" content="簞純&#39;s Blog">
<meta property="og:locale" content="zh_CN">
<meta property="article:author" content="qwqdanchun">
<meta name="twitter:card" content="summary_large_image">
<meta name="referrer" content="no-referrer-when-downgrade">
<title>归档 - 簞純&#39;s Blog</title>
<link rel="stylesheet" href="https://lib.baomitu.com/twitter-bootstrap/4.6.1/css/bootstrap.min.css" />
<!-- 主题依赖的图标库,不要自行修改 -->
<!-- Do not modify the link that theme dependent icons -->
<link rel="stylesheet" href="//at.alicdn.com/t/font_1749284_hj8rtnfg7um.css">
<link rel="stylesheet" href="//at.alicdn.com/t/font_1736178_lbnruvf0jn.css">
<link rel="stylesheet" href="/css/main.css" />
<link id="highlight-css" rel="stylesheet" href="/css/highlight.css" />
<link id="highlight-css-dark" rel="stylesheet" href="/css/highlight-dark.css" />
<script id="fluid-configs">
var Fluid = window.Fluid || {};
Fluid.ctx = Object.assign({}, Fluid.ctx)
var CONFIG = {"hostname":"blog.qwqdanchun.com","root":"/","version":"1.9.3","typing":{"enable":true,"typeSpeed":70,"cursorChar":"_","loop":false,"scope":[]},"anchorjs":{"enable":true,"element":"h1,h2,h3,h4,h5,h6","placement":"left","visible":"hover","icon":""},"progressbar":{"enable":true,"height_px":3,"color":"#29d","options":{"showSpinner":false,"trickleSpeed":100}},"code_language":{"enable":true,"default":"TEXT"},"copy_btn":true,"image_caption":{"enable":true},"image_zoom":{"enable":true,"img_url_replace":["",""]},"toc":{"enable":true,"placement":"right","headingSelector":"h1,h2,h3,h4,h5,h6","collapseDepth":0},"lazyload":{"enable":true,"loading_img":"/img/loading.gif","onlypost":false,"offset_factor":2},"web_analytics":{"enable":false,"follow_dnt":true,"baidu":null,"google":null,"gtag":null,"tencent":{"sid":null,"cid":null},"woyaola":null,"cnzz":null,"leancloud":{"app_id":null,"app_key":null,"server_url":null,"path":"window.location.pathname","ignore_local":false}},"search_path":"/local-search.xml"};
if (CONFIG.web_analytics.follow_dnt) {
var dntVal = navigator.doNotTrack || window.doNotTrack || navigator.msDoNotTrack;
Fluid.ctx.dnt = dntVal && (dntVal.startsWith('1') || dntVal.startsWith('yes') || dntVal.startsWith('on'));
}
</script>
<script src="/js/utils.js" ></script>
<script src="/js/color-schema.js" ></script>
<meta name="generator" content="Hexo 6.3.0"></head>
<body>
<header>
<div class="header-inner" style="height: 60vh;">
<nav id="navbar" class="navbar fixed-top navbar-expand-lg navbar-dark scrolling-navbar">
<div class="container">
<a class="navbar-brand" href="/">
<strong>簞純&#39;s Blog</strong>
</a>
<button id="navbar-toggler-btn" class="navbar-toggler" type="button" data-toggle="collapse"
data-target="#navbarSupportedContent"
aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
<div class="animated-icon"><span></span><span></span><span></span></div>
</button>
<!-- Collapsible content -->
<div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav ml-auto text-center">
<li class="nav-item">
<a class="nav-link" href="/">
<i class="iconfont icon-home-fill"></i>
首页
</a>
</li>
<li class="nav-item">
<a class="nav-link" href="/archives/">
<i class="iconfont icon-archive-fill"></i>
归档
</a>
</li>
<li class="nav-item">
<a class="nav-link" href="/categories/">
<i class="iconfont icon-category-fill"></i>
分类
</a>
</li>
<li class="nav-item">
<a class="nav-link" href="/tags/">
<i class="iconfont icon-tags-fill"></i>
标签
</a>
</li>
<li class="nav-item">
<a class="nav-link" href="/about/">
<i class="iconfont icon-user-fill"></i>
关于
</a>
</li>
<li class="nav-item">
<a class="nav-link" href="/links/">
<i class="iconfont icon-link-fill"></i>
友链
</a>
</li>
<li class="nav-item" id="search-btn">
<a class="nav-link" target="_self" href="javascript:;" data-toggle="modal" data-target="#modalSearch" aria-label="Search">
&nbsp;<i class="iconfont icon-search"></i>&nbsp;
</a>
</li>
<li class="nav-item" id="color-toggle-btn">
<a class="nav-link" target="_self" href="javascript:;" aria-label="Color Toggle">&nbsp;<i
class="iconfont icon-dark" id="color-toggle-icon"></i>&nbsp;</a>
</li>
</ul>
</div>
</div>
</nav>
<div id="banner" class="banner" parallax=true
style="background: url('/img/default.png') no-repeat center center; background-size: cover;">
<div class="full-bg-img">
<div class="mask flex-center" style="background-color: rgba(0, 0, 0, 0.3)">
<div class="banner-text text-center fade-in-up">
<div class="h2">
<span id="subtitle" data-typed-text="归档"></span>
</div>
</div>
</div>
</div>
</div>
</div>
</header>
<main>
<div class="container nopadding-x-md">
<div id="board"
>
<div class="container">
<div class="row">
<div class="col-12 col-md-10 m-auto">
<div class="list-group">
<p class="h4">共计 14 篇文章</p>
<hr>
<p class="h5">2024</p>
<a href="/Pillager_Forensics_3/" class="list-group-item list-group-item-action">
<time>01-02</time>
<div class="list-group-item-title">Pillager开发记录-3</div>
</a>
<a href="/Pillager_Forensics_2/" class="list-group-item list-group-item-action">
<time>01-02</time>
<div class="list-group-item-title">Pillager开发记录-2</div>
</a>
</div>
</div>
</div>
</div>
</div>
</div>
<a id="scroll-top-button" aria-label="TOP" href="#" role="button">
<i class="iconfont icon-arrowup" aria-hidden="true"></i>
</a>
<div class="modal fade" id="modalSearch" tabindex="-1" role="dialog" aria-labelledby="ModalLabel"
aria-hidden="true">
<div class="modal-dialog modal-dialog-scrollable modal-lg" role="document">
<div class="modal-content">
<div class="modal-header text-center">
<h4 class="modal-title w-100 font-weight-bold">搜索</h4>
<button type="button" id="local-search-close" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">&times;</span>
</button>
</div>
<div class="modal-body mx-3">
<div class="md-form mb-5">
<input type="text" id="local-search-input" class="form-control validate">
<label data-error="x" data-success="v" for="local-search-input">关键词</label>
</div>
<div class="list-group" id="local-search-result"></div>
</div>
</div>
</div>
</div>
</main>
<footer>
<div class="footer-inner">
<div class="footer-content">
<a href="https://hexo.io" target="_blank" rel="nofollow noopener"><span>Hexo</span></a> <i class="iconfont icon-love"></i> <a href="https://github.com/fluid-dev/hexo-theme-fluid" target="_blank" rel="nofollow noopener"><span>Fluid</span></a>
</div>
<div class="statistics">
<span id="busuanzi_container_site_pv" style="display: none">
总访问量
<span id="busuanzi_value_site_pv"></span>
</span>
<span id="busuanzi_container_site_uv" style="display: none">
总访客数
<span id="busuanzi_value_site_uv"></span>
</span>
</div>
</div>
</footer>
<!-- Scripts -->
<script src="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.js" ></script>
<link rel="stylesheet" href="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.css" />
<script>
NProgress.configure({"showSpinner":false,"trickleSpeed":100})
NProgress.start()
window.addEventListener('load', function() {
NProgress.done();
})
</script>
<script src="https://lib.baomitu.com/jquery/3.6.0/jquery.min.js" ></script>
<script src="https://lib.baomitu.com/twitter-bootstrap/4.6.1/js/bootstrap.min.js" ></script>
<script src="/js/events.js" ></script>
<script src="/js/plugins.js" ></script>
<script src="https://lib.baomitu.com/typed.js/2.0.12/typed.min.js" ></script>
<script>
(function (window, document) {
var typing = Fluid.plugins.typing;
var subtitle = document.getElementById('subtitle');
if (!subtitle || !typing) {
return;
}
var text = subtitle.getAttribute('data-typed-text');
typing(text);
})(window, document);
</script>
<script src="/js/img-lazyload.js" ></script>
<script src="/js/local-search.js" ></script>
<script defer src="https://busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js" ></script>
<!-- 主题的启动项,将它保持在最底部 -->
<!-- the boot of the theme, keep it at the bottom -->
<script src="/js/boot.js" ></script>
<noscript>
<div class="noscript-warning">博客在允许 JavaScript 运行的环境下浏览效果更佳</div>
</noscript>
</body>
</html>

397
archives/2024/index.html Normal file
View File

@ -0,0 +1,397 @@
<!DOCTYPE html>
<html lang="zh-CN" data-default-color-scheme=auto>
<head>
<meta charset="UTF-8">
<link rel="apple-touch-icon" sizes="76x76" href="/img/favicon.ico">
<link rel="icon" href="/img/favicon.ico">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0, shrink-to-fit=no">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<meta name="theme-color" content="#2f4154">
<meta name="author" content="qwqdanchun">
<meta name="keywords" content="">
<meta property="og:type" content="website">
<meta property="og:title" content="归档">
<meta property="og:url" content="https://blog.qwqdanchun.com/archives/2024/index.html">
<meta property="og:site_name" content="簞純&#39;s Blog">
<meta property="og:locale" content="zh_CN">
<meta property="article:author" content="qwqdanchun">
<meta name="twitter:card" content="summary_large_image">
<meta name="referrer" content="no-referrer-when-downgrade">
<title>归档 - 簞純&#39;s Blog</title>
<link rel="stylesheet" href="https://lib.baomitu.com/twitter-bootstrap/4.6.1/css/bootstrap.min.css" />
<!-- 主题依赖的图标库,不要自行修改 -->
<!-- Do not modify the link that theme dependent icons -->
<link rel="stylesheet" href="//at.alicdn.com/t/font_1749284_hj8rtnfg7um.css">
<link rel="stylesheet" href="//at.alicdn.com/t/font_1736178_lbnruvf0jn.css">
<link rel="stylesheet" href="/css/main.css" />
<link id="highlight-css" rel="stylesheet" href="/css/highlight.css" />
<link id="highlight-css-dark" rel="stylesheet" href="/css/highlight-dark.css" />
<script id="fluid-configs">
var Fluid = window.Fluid || {};
Fluid.ctx = Object.assign({}, Fluid.ctx)
var CONFIG = {"hostname":"blog.qwqdanchun.com","root":"/","version":"1.9.3","typing":{"enable":true,"typeSpeed":70,"cursorChar":"_","loop":false,"scope":[]},"anchorjs":{"enable":true,"element":"h1,h2,h3,h4,h5,h6","placement":"left","visible":"hover","icon":""},"progressbar":{"enable":true,"height_px":3,"color":"#29d","options":{"showSpinner":false,"trickleSpeed":100}},"code_language":{"enable":true,"default":"TEXT"},"copy_btn":true,"image_caption":{"enable":true},"image_zoom":{"enable":true,"img_url_replace":["",""]},"toc":{"enable":true,"placement":"right","headingSelector":"h1,h2,h3,h4,h5,h6","collapseDepth":0},"lazyload":{"enable":true,"loading_img":"/img/loading.gif","onlypost":false,"offset_factor":2},"web_analytics":{"enable":false,"follow_dnt":true,"baidu":null,"google":null,"gtag":null,"tencent":{"sid":null,"cid":null},"woyaola":null,"cnzz":null,"leancloud":{"app_id":null,"app_key":null,"server_url":null,"path":"window.location.pathname","ignore_local":false}},"search_path":"/local-search.xml"};
if (CONFIG.web_analytics.follow_dnt) {
var dntVal = navigator.doNotTrack || window.doNotTrack || navigator.msDoNotTrack;
Fluid.ctx.dnt = dntVal && (dntVal.startsWith('1') || dntVal.startsWith('yes') || dntVal.startsWith('on'));
}
</script>
<script src="/js/utils.js" ></script>
<script src="/js/color-schema.js" ></script>
<meta name="generator" content="Hexo 6.3.0"></head>
<body>
<header>
<div class="header-inner" style="height: 60vh;">
<nav id="navbar" class="navbar fixed-top navbar-expand-lg navbar-dark scrolling-navbar">
<div class="container">
<a class="navbar-brand" href="/">
<strong>簞純&#39;s Blog</strong>
</a>
<button id="navbar-toggler-btn" class="navbar-toggler" type="button" data-toggle="collapse"
data-target="#navbarSupportedContent"
aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
<div class="animated-icon"><span></span><span></span><span></span></div>
</button>
<!-- Collapsible content -->
<div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav ml-auto text-center">
<li class="nav-item">
<a class="nav-link" href="/">
<i class="iconfont icon-home-fill"></i>
首页
</a>
</li>
<li class="nav-item">
<a class="nav-link" href="/archives/">
<i class="iconfont icon-archive-fill"></i>
归档
</a>
</li>
<li class="nav-item">
<a class="nav-link" href="/categories/">
<i class="iconfont icon-category-fill"></i>
分类
</a>
</li>
<li class="nav-item">
<a class="nav-link" href="/tags/">
<i class="iconfont icon-tags-fill"></i>
标签
</a>
</li>
<li class="nav-item">
<a class="nav-link" href="/about/">
<i class="iconfont icon-user-fill"></i>
关于
</a>
</li>
<li class="nav-item">
<a class="nav-link" href="/links/">
<i class="iconfont icon-link-fill"></i>
友链
</a>
</li>
<li class="nav-item" id="search-btn">
<a class="nav-link" target="_self" href="javascript:;" data-toggle="modal" data-target="#modalSearch" aria-label="Search">
&nbsp;<i class="iconfont icon-search"></i>&nbsp;
</a>
</li>
<li class="nav-item" id="color-toggle-btn">
<a class="nav-link" target="_self" href="javascript:;" aria-label="Color Toggle">&nbsp;<i
class="iconfont icon-dark" id="color-toggle-icon"></i>&nbsp;</a>
</li>
</ul>
</div>
</div>
</nav>
<div id="banner" class="banner" parallax=true
style="background: url('/img/default.png') no-repeat center center; background-size: cover;">
<div class="full-bg-img">
<div class="mask flex-center" style="background-color: rgba(0, 0, 0, 0.3)">
<div class="banner-text text-center fade-in-up">
<div class="h2">
<span id="subtitle" data-typed-text="归档"></span>
</div>
</div>
</div>
</div>
</div>
</div>
</header>
<main>
<div class="container nopadding-x-md">
<div id="board"
>
<div class="container">
<div class="row">
<div class="col-12 col-md-10 m-auto">
<div class="list-group">
<p class="h4">共计 14 篇文章</p>
<hr>
<p class="h5">2024</p>
<a href="/Pillager_Forensics_3/" class="list-group-item list-group-item-action">
<time>01-02</time>
<div class="list-group-item-title">Pillager开发记录-3</div>
</a>
<a href="/Pillager_Forensics_2/" class="list-group-item list-group-item-action">
<time>01-02</time>
<div class="list-group-item-title">Pillager开发记录-2</div>
</a>
</div>
</div>
</div>
</div>
</div>
</div>
<a id="scroll-top-button" aria-label="TOP" href="#" role="button">
<i class="iconfont icon-arrowup" aria-hidden="true"></i>
</a>
<div class="modal fade" id="modalSearch" tabindex="-1" role="dialog" aria-labelledby="ModalLabel"
aria-hidden="true">
<div class="modal-dialog modal-dialog-scrollable modal-lg" role="document">
<div class="modal-content">
<div class="modal-header text-center">
<h4 class="modal-title w-100 font-weight-bold">搜索</h4>
<button type="button" id="local-search-close" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">&times;</span>
</button>
</div>
<div class="modal-body mx-3">
<div class="md-form mb-5">
<input type="text" id="local-search-input" class="form-control validate">
<label data-error="x" data-success="v" for="local-search-input">关键词</label>
</div>
<div class="list-group" id="local-search-result"></div>
</div>
</div>
</div>
</div>
</main>
<footer>
<div class="footer-inner">
<div class="footer-content">
<a href="https://hexo.io" target="_blank" rel="nofollow noopener"><span>Hexo</span></a> <i class="iconfont icon-love"></i> <a href="https://github.com/fluid-dev/hexo-theme-fluid" target="_blank" rel="nofollow noopener"><span>Fluid</span></a>
</div>
<div class="statistics">
<span id="busuanzi_container_site_pv" style="display: none">
总访问量
<span id="busuanzi_value_site_pv"></span>
</span>
<span id="busuanzi_container_site_uv" style="display: none">
总访客数
<span id="busuanzi_value_site_uv"></span>
</span>
</div>
</div>
</footer>
<!-- Scripts -->
<script src="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.js" ></script>
<link rel="stylesheet" href="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.css" />
<script>
NProgress.configure({"showSpinner":false,"trickleSpeed":100})
NProgress.start()
window.addEventListener('load', function() {
NProgress.done();
})
</script>
<script src="https://lib.baomitu.com/jquery/3.6.0/jquery.min.js" ></script>
<script src="https://lib.baomitu.com/twitter-bootstrap/4.6.1/js/bootstrap.min.js" ></script>
<script src="/js/events.js" ></script>
<script src="/js/plugins.js" ></script>
<script src="https://lib.baomitu.com/typed.js/2.0.12/typed.min.js" ></script>
<script>
(function (window, document) {
var typing = Fluid.plugins.typing;
var subtitle = document.getElementById('subtitle');
if (!subtitle || !typing) {
return;
}
var text = subtitle.getAttribute('data-typed-text');
typing(text);
})(window, document);
</script>
<script src="/js/img-lazyload.js" ></script>
<script src="/js/local-search.js" ></script>
<script defer src="https://busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js" ></script>
<!-- 主题的启动项,将它保持在最底部 -->
<!-- the boot of the theme, keep it at the bottom -->
<script src="/js/boot.js" ></script>
<noscript>
<div class="noscript-warning">博客在允许 JavaScript 运行的环境下浏览效果更佳</div>
</noscript>
</body>
</html>

32
archives/index.html
View File

@ -227,12 +227,27 @@
<div class="list-group">
<p class="h4">共计 12 篇文章</p>
<p class="h4">共计 14 篇文章</p>
<hr>
<p class="h5">2024</p>
<a href="/Pillager_Forensics_3/" class="list-group-item list-group-item-action">
<time>01-02</time>
<div class="list-group-item-title">Pillager开发记录-3</div>
</a>
<a href="/Pillager_Forensics_2/" class="list-group-item list-group-item-action">
<time>01-02</time>
<div class="list-group-item-title">Pillager开发记录-2</div>
</a>
<p class="h5">2023</p>
<a href="/BTPanel_Databases/" class="list-group-item list-group-item-action">
@ -282,21 +297,6 @@
<div class="list-group-item-title">一种利用Appdomain特性实现隐蔽的反沙箱分析</div>
</a>
<a href="/CobaltStrike_Modify/" class="list-group-item list-group-item-action">
<time>01-21</time>
<div class="list-group-item-title">CobaltStrike二次开发</div>
</a>
<p class="h5">2022</p>
<a href="/CodePage_injection/" class="list-group-item list-group-item-action">
<time>11-25</time>
<div class="list-group-item-title">Code Page注入方法的武器化</div>
</a>
</div>

17
archives/page/2/index.html
View File

@ -227,14 +227,29 @@
<div class="list-group">
<p class="h4">共计 12 篇文章</p>
<p class="h4">共计 14 篇文章</p>
<hr>
<p class="h5">2023</p>
<a href="/CobaltStrike_Modify/" class="list-group-item list-group-item-action">
<time>01-21</time>
<div class="list-group-item-title">CobaltStrike二次开发</div>
</a>
<p class="h5">2022</p>
<a href="/CodePage_injection/" class="list-group-item list-group-item-action">
<time>11-25</time>
<div class="list-group-item-title">Code Page注入方法的武器化</div>
</a>
<a href="/PrintNightmare/" class="list-group-item list-group-item-action">
<time>11-13</time>
<div class="list-group-item-title">PrintNightmare 实战利用Tips</div>

17
categories/Forensics/index.html
View File

@ -227,12 +227,27 @@
<div class="list-group">
<p class="h4">共计 2 篇文章</p>
<p class="h4">共计 4 篇文章</p>
<hr>
<p class="h5">2024</p>
<a href="/Pillager_Forensics_3/" class="list-group-item list-group-item-action">
<time>01-02</time>
<div class="list-group-item-title">Pillager开发记录-3</div>
</a>
<a href="/Pillager_Forensics_2/" class="list-group-item list-group-item-action">
<time>01-02</time>
<div class="list-group-item-title">Pillager开发记录-2</div>
</a>
<p class="h5">2023</p>
<a href="/Pillager_Forensics_1/" class="list-group-item list-group-item-action">

20
categories/index.html
View File

@ -318,7 +318,7 @@
<a href="/categories/Forensics/" class="category-count col-2 col-md-1 col-xm-1">
<i class="iconfont icon-articles"></i>
<span>2</span>
<span>4</span>
</a>
<div class="category-collapse collapse " id="collapse-9759d20db6b94132676173d6d2302ff4"
@ -331,6 +331,24 @@
<a href="/Pillager_Forensics_3/" title="Pillager开发记录-3"
class="list-group-item list-group-item-action
">
<span class="category-post">Pillager开发记录-3</span>
</a>
<a href="/Pillager_Forensics_2/" title="Pillager开发记录-2"
class="list-group-item list-group-item-action
">
<span class="category-post">Pillager开发记录-2</span>
</a>
<a href="/Pillager_Forensics_1/" title="Pillager开发记录-1"
class="list-group-item list-group-item-action
">

6
hello-world/index.html
View File

@ -24,7 +24,7 @@
<meta property="og:description" content="历时半个多月删站的我又决定把博客搭起来了这次从用了五年的Wordpress换成了Hexo自动部署的纯静态博客似乎也是不错的 不过之前的文章没有保存了,很多都是早年写的东西,现在看来已经没有意义了 后面会尽量恢复记笔记的习惯,也就顺手更一些文章吧,希望我的文章可以帮到你">
<meta property="og:locale" content="zh_CN">
<meta property="article:published_time" content="2022-11-11T11:15:50.000Z">
<meta property="article:modified_time" content="2023-12-01T07:50:52.926Z">
<meta property="article:modified_time" content="2024-01-02T14:46:17.497Z">
<meta property="article:author" content="qwqdanchun">
<meta name="twitter:card" content="summary_large_image">
@ -351,7 +351,7 @@
<p class="note note-info">
本文最后更新于2023年12月1日 下午
本文最后更新于2024年1月2日 晚上
</p>
@ -419,7 +419,7 @@
<div class="license-meta-item license-meta-date">
<div>更新于</div>
<div>2023年12月1</div>
<div>2024年1月2</div>
</div>

250
index.html
View File

@ -231,6 +231,128 @@
<div class="row mx-auto index-card">
<article class="col-12 col-md-12 mx-auto index-info">
<h1 class="index-header">
<a href="/Pillager_Forensics_3/" target="_self">
Pillager开发记录-3
</a>
</h1>
<a class="index-excerpt index-excerpt__noimg" href="/Pillager_Forensics_3/" target="_self">
<div>
网易邮箱大师的账号接管网易邮箱大师的数据文件默认保存在 %LocalAppdata%\Netease\MailMaster\data\app.db内此文件为Sqlite格式储存 获取目录app.db的Account表中的每一行对应一个账号DataPath项对应的值即为账号信息保存目录。 接管账号本地安装网易邮箱大师后,将上一步获取的文件夹,复制回本地,依次点击设置-邮箱设置-导入邮箱数据,选
</div>
</a>
<div class="index-btm post-metas">
<div class="post-meta mr-3">
<i class="iconfont icon-date"></i>
<time datetime="2024-01-02 22:11" pubdate>
2024-01-02
</time>
</div>
<div class="post-meta mr-3 d-flex align-items-center">
<i class="iconfont icon-category"></i>
<span class="category-chains">
<span class="category-chain">
<a href="/categories/Forensics/" class="category-chain-item">Forensics</a>
</span>
</span>
</div>
<div class="post-meta">
<i class="iconfont icon-tags"></i>
<a href="/tags/Forensics/">#Forensics</a>
</div>
</div>
</article>
</div>
<div class="row mx-auto index-card">
<article class="col-12 col-md-12 mx-auto index-info">
<h1 class="index-header">
<a href="/Pillager_Forensics_2/" target="_self">
Pillager开发记录-2
</a>
</h1>
<a class="index-excerpt index-excerpt__noimg" href="/Pillager_Forensics_2/" target="_self">
<div>
Chrome系列浏览器的信息提取Chrome浏览器的数据默认保存在 %LocalAppdata%\Google\Chrome\User Data内此目录中 Local State文件保存了 MasterKey信息Default目录保存了默认配置信息如有更多配置则保存于 Profile 数字的文件夹中 历史记录对于每一个配置文件夹,其中的 History文件即为保存为Sqlite数据库格式的
</div>
</a>
<div class="index-btm post-metas">
<div class="post-meta mr-3">
<i class="iconfont icon-date"></i>
<time datetime="2024-01-02 20:16" pubdate>
2024-01-02
</time>
</div>
<div class="post-meta mr-3 d-flex align-items-center">
<i class="iconfont icon-category"></i>
<span class="category-chains">
<span class="category-chain">
<a href="/categories/Forensics/" class="category-chain-item">Forensics</a>
</span>
</span>
</div>
<div class="post-meta">
<i class="iconfont icon-tags"></i>
<a href="/tags/Forensics/">#Forensics</a>
</div>
</div>
</article>
</div>
<div class="row mx-auto index-card">
@ -735,134 +857,6 @@
</article>
</div>
<div class="row mx-auto index-card">
<article class="col-12 col-md-12 mx-auto index-info">
<h1 class="index-header">
<a href="/CobaltStrike_Modify/" target="_self">
CobaltStrike二次开发
</a>
</h1>
<a class="index-excerpt index-excerpt__noimg" href="/CobaltStrike_Modify/" target="_self">
<div>
2022年过的真的很快啊一转眼就2023了本来想着元旦的时候搞一点东西分享出来但是因为太忙没有腾出时间那就只好赶着春节前夕水一点文章了。 CobaltStrike简介CobaltStrike是一套商业化的C2框架提供了较好的兼容性和可扩展性也因此成为了目前红队中最为广泛使用的C2。但是因为使用广泛其特征也被大量采集并用于识别beacon及TeamServer这里我就简单的把自
</div>
</a>
<div class="index-btm post-metas">
<div class="post-meta mr-3">
<i class="iconfont icon-date"></i>
<time datetime="2023-01-21 23:59" pubdate>
2023-01-21
</time>
</div>
<div class="post-meta mr-3 d-flex align-items-center">
<i class="iconfont icon-category"></i>
<span class="category-chains">
<span class="category-chain">
<a href="/categories/Develop/" class="category-chain-item">Develop</a>
</span>
</span>
</div>
<div class="post-meta">
<i class="iconfont icon-tags"></i>
<a href="/tags/CobaltStrike/">#CobaltStrike</a>
<a href="/tags/Modify/">#Modify</a>
</div>
</div>
</article>
</div>
<div class="row mx-auto index-card">
<article class="col-12 col-md-12 mx-auto index-info">
<h1 class="index-header">
<a href="/CodePage_injection/" target="_self">
Code Page注入方法的武器化
</a>
</h1>
<a class="index-excerpt index-excerpt__noimg" href="/CodePage_injection/" target="_self">
<div>
起源一年多以前Jonas L在推特首次提出了这个注入方法并在评论区提出了一些可能的利用方法。半年前有人在GitHub发布了一份Poc某种程度上进行了对注入方案的验证。 原理控制台程序会有一个对应的Code Page也就是代码页这个东西是字符代码的一个映射每个控制台对应两个代码页一个输入一个输出。 大部分Code Page都是nls文件但是看到有一部分是dll文件确切地说是5开
</div>
</a>
<div class="index-btm post-metas">
<div class="post-meta mr-3">
<i class="iconfont icon-date"></i>
<time datetime="2022-11-25 21:03" pubdate>
2022-11-25
</time>
</div>
<div class="post-meta mr-3 d-flex align-items-center">
<i class="iconfont icon-category"></i>
<span class="category-chains">
<span class="category-chain">
<a href="/categories/Injection/" class="category-chain-item">Injection</a>
</span>
</span>
</div>
<div class="post-meta">
<i class="iconfont icon-tags"></i>
<a href="/tags/Injection/">#Injection</a>
<a href="/tags/CodePage/">#CodePage</a>
<a href="/tags/NLS/">#NLS</a>
</div>
</div>
</article>
</div>
<nav aria-label="navigation">

50
local-search.xml
View File

File diff suppressed because one or more lines are too long

128
page/2/index.html
View File

@ -231,6 +231,134 @@
<div class="row mx-auto index-card">
<article class="col-12 col-md-12 mx-auto index-info">
<h1 class="index-header">
<a href="/CobaltStrike_Modify/" target="_self">
CobaltStrike二次开发
</a>
</h1>
<a class="index-excerpt index-excerpt__noimg" href="/CobaltStrike_Modify/" target="_self">
<div>
2022年过的真的很快啊一转眼就2023了本来想着元旦的时候搞一点东西分享出来但是因为太忙没有腾出时间那就只好赶着春节前夕水一点文章了。 CobaltStrike简介CobaltStrike是一套商业化的C2框架提供了较好的兼容性和可扩展性也因此成为了目前红队中最为广泛使用的C2。但是因为使用广泛其特征也被大量采集并用于识别beacon及TeamServer这里我就简单的把自
</div>
</a>
<div class="index-btm post-metas">
<div class="post-meta mr-3">
<i class="iconfont icon-date"></i>
<time datetime="2023-01-21 23:59" pubdate>
2023-01-21
</time>
</div>
<div class="post-meta mr-3 d-flex align-items-center">
<i class="iconfont icon-category"></i>
<span class="category-chains">
<span class="category-chain">
<a href="/categories/Develop/" class="category-chain-item">Develop</a>
</span>
</span>
</div>
<div class="post-meta">
<i class="iconfont icon-tags"></i>
<a href="/tags/CobaltStrike/">#CobaltStrike</a>
<a href="/tags/Modify/">#Modify</a>
</div>
</div>
</article>
</div>
<div class="row mx-auto index-card">
<article class="col-12 col-md-12 mx-auto index-info">
<h1 class="index-header">
<a href="/CodePage_injection/" target="_self">
Code Page注入方法的武器化
</a>
</h1>
<a class="index-excerpt index-excerpt__noimg" href="/CodePage_injection/" target="_self">
<div>
起源一年多以前Jonas L在推特首次提出了这个注入方法并在评论区提出了一些可能的利用方法。半年前有人在GitHub发布了一份Poc某种程度上进行了对注入方案的验证。 原理控制台程序会有一个对应的Code Page也就是代码页这个东西是字符代码的一个映射每个控制台对应两个代码页一个输入一个输出。 大部分Code Page都是nls文件但是看到有一部分是dll文件确切地说是5开
</div>
</a>
<div class="index-btm post-metas">
<div class="post-meta mr-3">
<i class="iconfont icon-date"></i>
<time datetime="2022-11-25 21:03" pubdate>
2022-11-25
</time>
</div>
<div class="post-meta mr-3 d-flex align-items-center">
<i class="iconfont icon-category"></i>
<span class="category-chains">
<span class="category-chain">
<a href="/categories/Injection/" class="category-chain-item">Injection</a>
</span>
</span>
</div>
<div class="post-meta">
<i class="iconfont icon-tags"></i>
<a href="/tags/Injection/">#Injection</a>
<a href="/tags/CodePage/">#CodePage</a>
<a href="/tags/NLS/">#NLS</a>
</div>
</div>
</article>
</div>
<div class="row mx-auto index-card">

4
sitemap.txt
View File

@ -3,9 +3,11 @@ https://blog.qwqdanchun.com/Pillager_Forensics_1/
https://blog.qwqdanchun.com/PrintNightmare/
https://blog.qwqdanchun.com/Telegram_Forensics/
https://blog.qwqdanchun.com/hello-world/
https://blog.qwqdanchun.com/Pillager_Forensics_3/
https://blog.qwqdanchun.com/Pillager_Forensics_2/
https://blog.qwqdanchun.com/CobaltStrike_Modify/
https://blog.qwqdanchun.com/about/index.html
https://blog.qwqdanchun.com/av/index.html
https://blog.qwqdanchun.com/CobaltStrike_Modify/
https://blog.qwqdanchun.com/Ch552_USBHUB/
https://blog.qwqdanchun.com/Appdomain_AntiVM/
https://blog.qwqdanchun.com/BTPanel_Databases/

114
sitemap.xml
View File

@ -4,7 +4,7 @@
<url>
<loc>https://blog.qwqdanchun.com/CodePage_injection/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>monthly</changefreq>
<priority>0.6</priority>
@ -13,7 +13,7 @@
<url>
<loc>https://blog.qwqdanchun.com/Pillager_Forensics_1/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>monthly</changefreq>
<priority>0.6</priority>
@ -22,7 +22,7 @@
<url>
<loc>https://blog.qwqdanchun.com/PrintNightmare/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>monthly</changefreq>
<priority>0.6</priority>
@ -31,7 +31,7 @@
<url>
<loc>https://blog.qwqdanchun.com/Telegram_Forensics/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>monthly</changefreq>
<priority>0.6</priority>
@ -40,25 +40,25 @@
<url>
<loc>https://blog.qwqdanchun.com/hello-world/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>monthly</changefreq>
<priority>0.6</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/about/index.html</loc>
<loc>https://blog.qwqdanchun.com/Pillager_Forensics_3/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>monthly</changefreq>
<priority>0.6</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/av/index.html</loc>
<loc>https://blog.qwqdanchun.com/Pillager_Forensics_2/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>monthly</changefreq>
<priority>0.6</priority>
@ -67,7 +67,25 @@
<url>
<loc>https://blog.qwqdanchun.com/CobaltStrike_Modify/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>monthly</changefreq>
<priority>0.6</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/about/index.html</loc>
<lastmod>2024-01-02</lastmod>
<changefreq>monthly</changefreq>
<priority>0.6</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/av/index.html</loc>
<lastmod>2024-01-02</lastmod>
<changefreq>monthly</changefreq>
<priority>0.6</priority>
@ -76,7 +94,7 @@
<url>
<loc>https://blog.qwqdanchun.com/Ch552_USBHUB/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>monthly</changefreq>
<priority>0.6</priority>
@ -85,7 +103,7 @@
<url>
<loc>https://blog.qwqdanchun.com/Appdomain_AntiVM/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>monthly</changefreq>
<priority>0.6</priority>
@ -94,7 +112,7 @@
<url>
<loc>https://blog.qwqdanchun.com/BTPanel_Databases/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>monthly</changefreq>
<priority>0.6</priority>
@ -103,7 +121,7 @@
<url>
<loc>https://blog.qwqdanchun.com/Backdoor_In_Source/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>monthly</changefreq>
<priority>0.6</priority>
@ -112,7 +130,7 @@
<url>
<loc>https://blog.qwqdanchun.com/Bypass_Secure_Browser/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>monthly</changefreq>
<priority>0.6</priority>
@ -121,7 +139,7 @@
<url>
<loc>https://blog.qwqdanchun.com/Bypass_Startup/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>monthly</changefreq>
<priority>0.6</priority>
@ -130,7 +148,7 @@
<url>
<loc>https://blog.qwqdanchun.com/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>daily</changefreq>
<priority>1.0</priority>
</url>
@ -138,161 +156,161 @@
<url>
<loc>https://blog.qwqdanchun.com/tags/Net/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/tags/Appdomain/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/tags/Anti-VM/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/tags/Decrypt/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/tags/Backdoor/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/tags/BlueTeam/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/tags/Crack/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/tags/Electron/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/tags/Bypass/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/tags/360/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/tags/Persistence/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/tags/Injection/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/tags/CodePage/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/tags/NLS/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/tags/Forensics/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/tags/0-N-Day/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/tags/PrintNightmare/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/tags/CVE-2021-1675/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/tags/CVE-2021-34527/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/tags/Telegram/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/tags/CobaltStrike/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/tags/Modify/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/tags/USB/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
@ -301,56 +319,56 @@
<url>
<loc>https://blog.qwqdanchun.com/categories/Develop/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/categories/Backdoor/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/categories/Crack/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/categories/Persistence/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/categories/Injection/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/categories/Forensics/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/categories/Life/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>
<url>
<loc>https://blog.qwqdanchun.com/categories/Ch552/</loc>
<lastmod>2023-12-01</lastmod>
<lastmod>2024-01-02</lastmod>
<changefreq>weekly</changefreq>
<priority>0.2</priority>
</url>

17
tags/Forensics/index.html
View File

@ -231,12 +231,27 @@
<div class="list-group">
<p class="h4">共计 2 篇文章</p>
<p class="h4">共计 4 篇文章</p>
<hr>
<p class="h5">2024</p>
<a href="/Pillager_Forensics_3/" class="list-group-item list-group-item-action">
<time>01-02</time>
<div class="list-group-item-title">Pillager开发记录-3</div>
</a>
<a href="/Pillager_Forensics_2/" class="list-group-item list-group-item-action">
<time>01-02</time>
<div class="list-group-item-title">Pillager开发记录-2</div>
</a>
<p class="h5">2023</p>
<a href="/Pillager_Forensics_1/" class="list-group-item list-group-item-action">

2
tags/index.html
View File

@ -231,7 +231,7 @@
<div class="text-center tagcloud">
<a href="/tags/Net/" style="font-size: 30px; color: #337ab7">.Net</a> <a href="/tags/0-N-Day/" style="font-size: 15px; color: #bbe">0/N Day</a> <a href="/tags/360/" style="font-size: 15px; color: #bbe">360</a> <a href="/tags/Anti-VM/" style="font-size: 15px; color: #bbe">Anti-VM</a> <a href="/tags/Appdomain/" style="font-size: 15px; color: #bbe">Appdomain</a> <a href="/tags/Backdoor/" style="font-size: 15px; color: #bbe">Backdoor</a> <a href="/tags/BlueTeam/" style="font-size: 15px; color: #bbe">BlueTeam</a> <a href="/tags/Bypass/" style="font-size: 15px; color: #bbe">Bypass</a> <a href="/tags/CVE-2021-1675/" style="font-size: 15px; color: #bbe">CVE-2021-1675</a> <a href="/tags/CVE-2021-34527/" style="font-size: 15px; color: #bbe">CVE-2021-34527</a> <a href="/tags/CobaltStrike/" style="font-size: 15px; color: #bbe">CobaltStrike</a> <a href="/tags/CodePage/" style="font-size: 15px; color: #bbe">CodePage</a> <a href="/tags/Crack/" style="font-size: 15px; color: #bbe">Crack</a> <a href="/tags/Decrypt/" style="font-size: 15px; color: #bbe">Decrypt</a> <a href="/tags/Electron/" style="font-size: 15px; color: #bbe">Electron</a> <a href="/tags/Forensics/" style="font-size: 30px; color: #337ab7">Forensics</a> <a href="/tags/Injection/" style="font-size: 15px; color: #bbe">Injection</a> <a href="/tags/Modify/" style="font-size: 15px; color: #bbe">Modify</a> <a href="/tags/NLS/" style="font-size: 15px; color: #bbe">NLS</a> <a href="/tags/Persistence/" style="font-size: 15px; color: #bbe">Persistence</a> <a href="/tags/PrintNightmare/" style="font-size: 15px; color: #bbe">PrintNightmare</a> <a href="/tags/Telegram/" style="font-size: 15px; color: #bbe">Telegram</a> <a href="/tags/USB/" style="font-size: 15px; color: #bbe">USB</a>
<a href="/tags/Net/" style="font-size: 22.5px; color: #779bd3">.Net</a> <a href="/tags/0-N-Day/" style="font-size: 15px; color: #bbe">0/N Day</a> <a href="/tags/360/" style="font-size: 15px; color: #bbe">360</a> <a href="/tags/Anti-VM/" style="font-size: 15px; color: #bbe">Anti-VM</a> <a href="/tags/Appdomain/" style="font-size: 15px; color: #bbe">Appdomain</a> <a href="/tags/Backdoor/" style="font-size: 15px; color: #bbe">Backdoor</a> <a href="/tags/BlueTeam/" style="font-size: 15px; color: #bbe">BlueTeam</a> <a href="/tags/Bypass/" style="font-size: 15px; color: #bbe">Bypass</a> <a href="/tags/CVE-2021-1675/" style="font-size: 15px; color: #bbe">CVE-2021-1675</a> <a href="/tags/CVE-2021-34527/" style="font-size: 15px; color: #bbe">CVE-2021-34527</a> <a href="/tags/CobaltStrike/" style="font-size: 15px; color: #bbe">CobaltStrike</a> <a href="/tags/CodePage/" style="font-size: 15px; color: #bbe">CodePage</a> <a href="/tags/Crack/" style="font-size: 15px; color: #bbe">Crack</a> <a href="/tags/Decrypt/" style="font-size: 15px; color: #bbe">Decrypt</a> <a href="/tags/Electron/" style="font-size: 15px; color: #bbe">Electron</a> <a href="/tags/Forensics/" style="font-size: 30px; color: #337ab7">Forensics</a> <a href="/tags/Injection/" style="font-size: 15px; color: #bbe">Injection</a> <a href="/tags/Modify/" style="font-size: 15px; color: #bbe">Modify</a> <a href="/tags/NLS/" style="font-size: 15px; color: #bbe">NLS</a> <a href="/tags/Persistence/" style="font-size: 15px; color: #bbe">Persistence</a> <a href="/tags/PrintNightmare/" style="font-size: 15px; color: #bbe">PrintNightmare</a> <a href="/tags/Telegram/" style="font-size: 15px; color: #bbe">Telegram</a> <a href="/tags/USB/" style="font-size: 15px; color: #bbe">USB</a>
</div>
</div>