qwqdanchun
/
qwqdanchun.github.io
mirror of https://github.com/qwqdanchun/qwqdanchun.github.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
qwqdanchun.github.io/index.html

1013 lines
28 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="zh-CN" data-default-color-scheme=auto>
<head>
<meta charset="UTF-8">
<link rel="apple-touch-icon" sizes="76x76" href="/img/favicon.ico">
<link rel="icon" href="/img/favicon.ico">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0, shrink-to-fit=no">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<meta name="theme-color" content="#2f4154">
<meta name="author" content="qwqdanchun">
<meta name="keywords" content="">
<meta property="og:type" content="website">
<meta property="og:title" content="簞純&#39;s Blog">
<meta property="og:url" content="https://blog.qwqdanchun.com/index.html">
<meta property="og:site_name" content="簞純&#39;s Blog">
<meta property="og:locale" content="zh_CN">
<meta property="article:author" content="qwqdanchun">
<meta name="twitter:card" content="summary_large_image">
<meta name="referrer" content="no-referrer-when-downgrade">
<title>簞純&#39;s Blog</title>
<link rel="stylesheet" href="https://lib.baomitu.com/twitter-bootstrap/4.6.1/css/bootstrap.min.css" />
<!-- 主题依赖的图标库,不要自行修改 -->
<!-- Do not modify the link that theme dependent icons -->
<link rel="stylesheet" href="//at.alicdn.com/t/font_1749284_hj8rtnfg7um.css">
<link rel="stylesheet" href="//at.alicdn.com/t/font_1736178_lbnruvf0jn.css">
<link rel="stylesheet" href="/css/main.css" />
<link id="highlight-css" rel="stylesheet" href="/css/highlight.css" />
<link id="highlight-css-dark" rel="stylesheet" href="/css/highlight-dark.css" />
<script id="fluid-configs">
var Fluid = window.Fluid || {};
Fluid.ctx = Object.assign({}, Fluid.ctx)
var CONFIG = {"hostname":"blog.qwqdanchun.com","root":"/","version":"1.9.3","typing":{"enable":true,"typeSpeed":70,"cursorChar":"_","loop":false,"scope":[]},"anchorjs":{"enable":true,"element":"h1,h2,h3,h4,h5,h6","placement":"left","visible":"hover","icon":""},"progressbar":{"enable":true,"height_px":3,"color":"#29d","options":{"showSpinner":false,"trickleSpeed":100}},"code_language":{"enable":true,"default":"TEXT"},"copy_btn":true,"image_caption":{"enable":true},"image_zoom":{"enable":true,"img_url_replace":["",""]},"toc":{"enable":true,"placement":"right","headingSelector":"h1,h2,h3,h4,h5,h6","collapseDepth":0},"lazyload":{"enable":true,"loading_img":"/img/loading.gif","onlypost":false,"offset_factor":2},"web_analytics":{"enable":false,"follow_dnt":true,"baidu":null,"google":null,"gtag":null,"tencent":{"sid":null,"cid":null},"woyaola":null,"cnzz":null,"leancloud":{"app_id":null,"app_key":null,"server_url":null,"path":"window.location.pathname","ignore_local":false}},"search_path":"/local-search.xml"};
if (CONFIG.web_analytics.follow_dnt) {
var dntVal = navigator.doNotTrack || window.doNotTrack || navigator.msDoNotTrack;
Fluid.ctx.dnt = dntVal && (dntVal.startsWith('1') || dntVal.startsWith('yes') || dntVal.startsWith('on'));
}
</script>
<script src="/js/utils.js" ></script>
<script src="/js/color-schema.js" ></script>
<meta name="generator" content="Hexo 6.3.0"></head>
<body>
<header>
<div class="header-inner" style="height: 100vh;">
<nav id="navbar" class="navbar fixed-top navbar-expand-lg navbar-dark scrolling-navbar">
<div class="container">
<a class="navbar-brand" href="/">
<strong>簞純&#39;s Blog</strong>
</a>
<button id="navbar-toggler-btn" class="navbar-toggler" type="button" data-toggle="collapse"
data-target="#navbarSupportedContent"
aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
<div class="animated-icon"><span></span><span></span><span></span></div>
</button>
<!-- Collapsible content -->
<div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav ml-auto text-center">
<li class="nav-item">
<a class="nav-link" href="/">
<i class="iconfont icon-home-fill"></i>
首页
</a>
</li>
<li class="nav-item">
<a class="nav-link" href="/archives/">
<i class="iconfont icon-archive-fill"></i>
归档
</a>
</li>
<li class="nav-item">
<a class="nav-link" href="/categories/">
<i class="iconfont icon-category-fill"></i>
分类
</a>
</li>
<li class="nav-item">
<a class="nav-link" href="/tags/">
<i class="iconfont icon-tags-fill"></i>
标签
</a>
</li>
<li class="nav-item">
<a class="nav-link" href="/about/">
<i class="iconfont icon-user-fill"></i>
关于
</a>
</li>
<li class="nav-item">
<a class="nav-link" href="/links/">
<i class="iconfont icon-link-fill"></i>
友链
</a>
</li>
<li class="nav-item" id="search-btn">
<a class="nav-link" target="_self" href="javascript:;" data-toggle="modal" data-target="#modalSearch" aria-label="Search">
&nbsp;<i class="iconfont icon-search"></i>&nbsp;
</a>
</li>
<li class="nav-item" id="color-toggle-btn">
<a class="nav-link" target="_self" href="javascript:;" aria-label="Color Toggle">&nbsp;<i
class="iconfont icon-dark" id="color-toggle-icon"></i>&nbsp;</a>
</li>
</ul>
</div>
</div>
</nav>
<div id="banner" class="banner" parallax=true
style="background: url('/img/default.png') no-repeat center center; background-size: cover;">
<div class="full-bg-img">
<div class="mask flex-center" style="background-color: rgba(0, 0, 0, 0.3)">
<div class="banner-text text-center fade-in-up">
<div class="h2">
<span id="subtitle" data-typed-text="簞純&#39;s Blog"></span>
</div>
</div>
<div class="scroll-down-bar">
<i class="iconfont icon-arrowdown"></i>
</div>
</div>
</div>
</div>
</div>
</header>
<main>
<div class="container nopadding-x-md">
<div id="board"
style="margin-top: 0">
<div class="container">
<div class="row">
<div class="col-12 col-md-10 m-auto">
<div class="row mx-auto index-card">
<article class="col-12 col-md-12 mx-auto index-info">
<h1 class="index-header">
<a href="/Pillager_Forensics_3/" target="_self">
Pillager开发记录-3
</a>
</h1>
<a class="index-excerpt index-excerpt__noimg" href="/Pillager_Forensics_3/" target="_self">
<div>
网易邮箱大师的账号接管网易邮箱大师的数据文件默认保存在 %LocalAppdata%\Netease\MailMaster\data\app.db内此文件为Sqlite格式储存 获取目录app.db的Account表中的每一行对应一个账号DataPath项对应的值即为账号信息保存目录。 接管账号本地安装网易邮箱大师后,将上一步获取的文件夹,复制回本地,依次点击设置-邮箱设置-导入邮箱数据,选
</div>
</a>
<div class="index-btm post-metas">
<div class="post-meta mr-3">
<i class="iconfont icon-date"></i>
<time datetime="2024-01-02 22:11" pubdate>
2024-01-02
</time>
</div>
<div class="post-meta mr-3 d-flex align-items-center">
<i class="iconfont icon-category"></i>
<span class="category-chains">
<span class="category-chain">
<a href="/categories/Forensics/" class="category-chain-item">Forensics</a>
</span>
</span>
</div>
<div class="post-meta">
<i class="iconfont icon-tags"></i>
<a href="/tags/Forensics/">#Forensics</a>
</div>
</div>
</article>
</div>
<div class="row mx-auto index-card">
<article class="col-12 col-md-12 mx-auto index-info">
<h1 class="index-header">
<a href="/Pillager_Forensics_2/" target="_self">
Pillager开发记录-2
</a>
</h1>
<a class="index-excerpt index-excerpt__noimg" href="/Pillager_Forensics_2/" target="_self">
<div>
Chrome系列浏览器的信息提取Chrome浏览器的数据默认保存在 %LocalAppdata%\Google\Chrome\User Data内此目录中 Local State文件保存了 MasterKey信息Default目录保存了默认配置信息如有更多配置则保存于 Profile 数字的文件夹中 历史记录对于每一个配置文件夹,其中的 History文件即为保存为Sqlite数据库格式的
</div>
</a>
<div class="index-btm post-metas">
<div class="post-meta mr-3">
<i class="iconfont icon-date"></i>
<time datetime="2024-01-02 20:16" pubdate>
2024-01-02
</time>
</div>
<div class="post-meta mr-3 d-flex align-items-center">
<i class="iconfont icon-category"></i>
<span class="category-chains">
<span class="category-chain">
<a href="/categories/Forensics/" class="category-chain-item">Forensics</a>
</span>
</span>
</div>
<div class="post-meta">
<i class="iconfont icon-tags"></i>
<a href="/tags/Forensics/">#Forensics</a>
</div>
</div>
</article>
</div>
<div class="row mx-auto index-card">
<article class="col-12 col-md-12 mx-auto index-info">
<h1 class="index-header">
<a href="/BTPanel_Databases/" target="_self">
无需登录,获取宝塔面板保存的数据库密码
</a>
</h1>
<a class="index-excerpt index-excerpt__noimg" href="/BTPanel_Databases/" target="_self">
<div>
拿到装有宝塔面板的服务器后,在不登录面板的情况下不能直接查看数据库信息 为了解决这个问题,就制作了一个脚本去进行配置信息的解密 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253import os#使用前pip3 install PyCryptodome#
</div>
</a>
<div class="index-btm post-metas">
<div class="post-meta mr-3">
<i class="iconfont icon-date"></i>
<time datetime="2023-12-01 15:26" pubdate>
2023-12-01
</time>
</div>
<div class="post-meta mr-3 d-flex align-items-center">
<i class="iconfont icon-category"></i>
<span class="category-chains">
<span class="category-chain">
<a href="/categories/Develop/" class="category-chain-item">Develop</a>
</span>
</span>
</div>
<div class="post-meta">
<i class="iconfont icon-tags"></i>
<a href="/tags/Decrypt/">#Decrypt</a>
</div>
</div>
</article>
</div>
<div class="row mx-auto index-card">
<article class="col-12 col-md-12 mx-auto index-info">
<h1 class="index-header">
<a href="/Pillager_Forensics_1/" target="_self">
Pillager开发记录-1
</a>
</h1>
<a class="index-excerpt index-excerpt__noimg" href="/Pillager_Forensics_1/" target="_self">
<div>
今年上半年,在开发 CobaltStrike 插件期间没用遇到合适且长期更新的信息收集工具便决定自己制作一款也就有了Pillager项目。 这款工具旨在收集机器上浏览器,聊天软件,已经其他常用工具的凭证、记录等敏感信息,从而进行进一步的后渗透工作。 思路的确定最初的想法只是为了制作一个小巧简介的 BOF ,但是后期研究发现使用 BOF 开发并不合适综合考虑下选择了使用C#开发。进而就要考虑
</div>
</a>
<div class="index-btm post-metas">
<div class="post-meta mr-3">
<i class="iconfont icon-date"></i>
<time datetime="2023-11-10 03:22" pubdate>
2023-11-10
</time>
</div>
<div class="post-meta mr-3 d-flex align-items-center">
<i class="iconfont icon-category"></i>
<span class="category-chains">
<span class="category-chain">
<a href="/categories/Forensics/" class="category-chain-item">Forensics</a>
</span>
</span>
</div>
<div class="post-meta">
<i class="iconfont icon-tags"></i>
<a href="/tags/Forensics/">#Forensics</a>
</div>
</div>
</article>
</div>
<div class="row mx-auto index-card">
<article class="col-12 col-md-12 mx-auto index-info">
<h1 class="index-header">
<a href="/Ch552_USBHUB/" target="_self">
可编程USB控制设备
</a>
</h1>
<a class="index-excerpt index-excerpt__noimg" href="/Ch552_USBHUB/" target="_self">
<div>
首先感谢Zy143L大佬进行的PCB板的设计和制作。 特点 附带tf卡槽可自选是否附带储存空间 使用CH552单片机方便上手 通用G2版型方便购买或定制外壳 带有USBHUB可以同时作为U盘和可编程USB控制设备使用 带有霍尔开关,用于控制烧写,也可用于连接后的控制开关,即使加壳也不影响后续烧写 成本低廉,适合大批量使用 使用方法1.准备环境Windows系统安装Arduino IDE
</div>
</a>
<div class="index-btm post-metas">
<div class="post-meta mr-3">
<i class="iconfont icon-date"></i>
<time datetime="2023-09-06 18:47" pubdate>
2023-09-06
</time>
</div>
<div class="post-meta mr-3 d-flex align-items-center">
<i class="iconfont icon-category"></i>
<span class="category-chains">
<span class="category-chain">
<a href="/categories/Ch552/" class="category-chain-item">Ch552</a>
</span>
</span>
</div>
<div class="post-meta">
<i class="iconfont icon-tags"></i>
<a href="/tags/USB/">#USB</a>
</div>
</div>
</article>
</div>
<div class="row mx-auto index-card">
<article class="col-12 col-md-12 mx-auto index-info">
<h1 class="index-header">
<a href="/Backdoor_In_Source/" target="_self">
红队工具的投毒相关
</a>
</h1>
<a class="index-excerpt index-excerpt__noimg" href="/Backdoor_In_Source/" target="_self">
<div>
某大型活动还有一段时间,但是总会有很多新工具出现,想用但不敢用该怎么办,还是需要先了解下常见的源码投毒方式吧 方法1.代码带毒直接在代码中实现一个后门常见的操作包括但不限于在程序启动时按钮点击时程序结束时等位置添加恶意代码。常见恶意代码为反向shell或各式各样的shellcode加载器 对于visual studio等编译器不会在项目中显示未包含文件的代码但是如果引用到了依然会编译进
</div>
</a>
<div class="index-btm post-metas">
<div class="post-meta mr-3">
<i class="iconfont icon-date"></i>
<time datetime="2023-05-09 15:12" pubdate>
2023-05-09
</time>
</div>
<div class="post-meta mr-3 d-flex align-items-center">
<i class="iconfont icon-category"></i>
<span class="category-chains">
<span class="category-chain">
<a href="/categories/Backdoor/" class="category-chain-item">Backdoor</a>
</span>
</span>
</div>
<div class="post-meta">
<i class="iconfont icon-tags"></i>
<a href="/tags/Backdoor/">#Backdoor</a>
<a href="/tags/BlueTeam/">#BlueTeam</a>
</div>
</div>
</article>
</div>
<div class="row mx-auto index-card">
<article class="col-12 col-md-12 mx-auto index-info">
<h1 class="index-header">
<a href="/Telegram_Forensics/" target="_self">
Telegram取证相关的记录
</a>
</h1>
<a class="index-excerpt index-excerpt__noimg" href="/Telegram_Forensics/" target="_self">
<div>
因为各种原因接触了一些场景要对Telegram进行信息收集这里就记录下基本思路只涉及Windows的官方客户端 1.关于tdata正常安装的Telegram会安装至 %appdata%\Telegram Desktop在这个目录中 modules文件夹存放了一个D3D的dlltdata文件夹存放所有数据unins000.exe/unins000.dat文件是卸载相关Updater.e
</div>
</a>
<div class="index-btm post-metas">
<div class="post-meta mr-3">
<i class="iconfont icon-date"></i>
<time datetime="2023-04-15 05:40" pubdate>
2023-04-15
</time>
</div>
<div class="post-meta mr-3 d-flex align-items-center">
<i class="iconfont icon-category"></i>
<span class="category-chains">
<span class="category-chain">
<a href="/categories/Forensics/" class="category-chain-item">Forensics</a>
</span>
</span>
</div>
<div class="post-meta">
<i class="iconfont icon-tags"></i>
<a href="/tags/Forensics/">#Forensics</a>
<a href="/tags/Telegram/">#Telegram</a>
</div>
</div>
</article>
</div>
<div class="row mx-auto index-card">
<article class="col-12 col-md-12 mx-auto index-info">
<h1 class="index-header">
<a href="/Bypass_Secure_Browser/" target="_self">
记录绕过某考试软件的安全防护
</a>
</h1>
<a class="index-excerpt index-excerpt__noimg" href="/Bypass_Secure_Browser/" target="_self">
<div>
早在疫情期间就经历了好久的线上考试,最近又遇到了类似的需求,正好就写写相关的东西吧。为了防止暴露是哪几款软件,文中就不放图了,只是说说方法。 逆向相关目前遇到过的主流是C#&#x2F;Electron的程序也有部分C++的程序。 C#的可以直接用DnSpy查看代码并修改 Electron的可以解包asar查看代码修改后也可以打包替换回去 C++的一般IDA辅助分析后可以手动跳过部分函数或判断
</div>
</a>
<div class="index-btm post-metas">
<div class="post-meta mr-3">
<i class="iconfont icon-date"></i>
<time datetime="2023-03-16 13:30" pubdate>
2023-03-16
</time>
</div>
<div class="post-meta mr-3 d-flex align-items-center">
<i class="iconfont icon-category"></i>
<span class="category-chains">
<span class="category-chain">
<a href="/categories/Crack/" class="category-chain-item">Crack</a>
</span>
</span>
</div>
<div class="post-meta">
<i class="iconfont icon-tags"></i>
<a href="/tags/Net/">#.Net</a>
<a href="/tags/Crack/">#Crack</a>
<a href="/tags/Electron/">#Electron</a>
</div>
</div>
</article>
</div>
<div class="row mx-auto index-card">
<article class="col-12 col-md-12 mx-auto index-info">
<h1 class="index-header">
<a href="/Bypass_Startup/" target="_self">
一个不太好用的过360启动方案
</a>
</h1>
<a class="index-excerpt index-excerpt__noimg" href="/Bypass_Startup/" target="_self">
<div>
突发奇想的一个思路,不太好用就发出来玩玩吧 背景知识目录挂载subst是Windows自带的一个工具可以将文件目录挂载为磁盘但是重启后不会继续挂载了。 如果想长期挂载,需要修改注册表 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices。 https://learn.microsoft.com/en-us/windo
</div>
</a>
<div class="index-btm post-metas">
<div class="post-meta mr-3">
<i class="iconfont icon-date"></i>
<time datetime="2023-02-27 17:49" pubdate>
2023-02-27
</time>
</div>
<div class="post-meta mr-3 d-flex align-items-center">
<i class="iconfont icon-category"></i>
<span class="category-chains">
<span class="category-chain">
<a href="/categories/Persistence/" class="category-chain-item">Persistence</a>
</span>
</span>
</div>
<div class="post-meta">
<i class="iconfont icon-tags"></i>
<a href="/tags/Bypass/">#Bypass</a>
<a href="/tags/360/">#360</a>
<a href="/tags/Persistence/">#Persistence</a>
</div>
</div>
</article>
</div>
<div class="row mx-auto index-card">
<article class="col-12 col-md-12 mx-auto index-info">
<h1 class="index-header">
<a href="/Appdomain_AntiVM/" target="_self">
一种利用Appdomain特性实现隐蔽的反沙箱分析
</a>
</h1>
<a class="index-excerpt index-excerpt__noimg" href="/Appdomain_AntiVM/" target="_self">
<div>
这次是标题党了主要还是记录一下自己在使用Appdomain中遇到的一点小坑 前情提要我一直很喜欢使用C#制作一些工具或者制作一些技术的poc在测试杀软对行为的拦截时为了避免频繁文件落地都是使用对一个C#远控添加插件的方式测试的。 最常用的插件加载方式就是Assembly.Load了使用过的都会发现这种方式可以加载不能卸载用Procexp之类的软件可以很方便的查看进程内的Assembly
</div>
</a>
<div class="index-btm post-metas">
<div class="post-meta mr-3">
<i class="iconfont icon-date"></i>
<time datetime="2023-02-17 09:29" pubdate>
2023-02-17
</time>
</div>
<div class="post-meta mr-3 d-flex align-items-center">
<i class="iconfont icon-category"></i>
<span class="category-chains">
<span class="category-chain">
<a href="/categories/Develop/" class="category-chain-item">Develop</a>
</span>
</span>
</div>
<div class="post-meta">
<i class="iconfont icon-tags"></i>
<a href="/tags/Net/">#.Net</a>
<a href="/tags/Appdomain/">#Appdomain</a>
<a href="/tags/Anti-VM/">#Anti-VM</a>
</div>
</div>
</article>
</div>
<nav aria-label="navigation">
<span class="pagination" id="pagination">
<span class="page-number current">1</span><a class="page-number" href="/page/2/#board">2</a><a class="extend next" rel="next" href="/page/2/#board"><i class="iconfont icon-arrowright"></i></a>
</span>
</nav>
</div>
</div>
</div>
</div>
</div>
<a id="scroll-top-button" aria-label="TOP" href="#" role="button">
<i class="iconfont icon-arrowup" aria-hidden="true"></i>
</a>
<div class="modal fade" id="modalSearch" tabindex="-1" role="dialog" aria-labelledby="ModalLabel"
aria-hidden="true">
<div class="modal-dialog modal-dialog-scrollable modal-lg" role="document">
<div class="modal-content">
<div class="modal-header text-center">
<h4 class="modal-title w-100 font-weight-bold">搜索</h4>
<button type="button" id="local-search-close" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">&times;</span>
</button>
</div>
<div class="modal-body mx-3">
<div class="md-form mb-5">
<input type="text" id="local-search-input" class="form-control validate">
<label data-error="x" data-success="v" for="local-search-input">关键词</label>
</div>
<div class="list-group" id="local-search-result"></div>
</div>
</div>
</div>
</div>
</main>
<footer>
<div class="footer-inner">
<div class="footer-content">
<a href="https://hexo.io" target="_blank" rel="nofollow noopener"><span>Hexo</span></a> <i class="iconfont icon-love"></i> <a href="https://github.com/fluid-dev/hexo-theme-fluid" target="_blank" rel="nofollow noopener"><span>Fluid</span></a>
</div>
<div class="statistics">
<span id="busuanzi_container_site_pv" style="display: none">
总访问量
<span id="busuanzi_value_site_pv"></span>
</span>
<span id="busuanzi_container_site_uv" style="display: none">
总访客数
<span id="busuanzi_value_site_uv"></span>
</span>
</div>
</div>
</footer>
<!-- Scripts -->
<script src="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.js" ></script>
<link rel="stylesheet" href="https://lib.baomitu.com/nprogress/0.2.0/nprogress.min.css" />
<script>
NProgress.configure({"showSpinner":false,"trickleSpeed":100})
NProgress.start()
window.addEventListener('load', function() {
NProgress.done();
})
</script>
<script src="https://lib.baomitu.com/jquery/3.6.0/jquery.min.js" ></script>
<script src="https://lib.baomitu.com/twitter-bootstrap/4.6.1/js/bootstrap.min.js" ></script>
<script src="/js/events.js" ></script>
<script src="/js/plugins.js" ></script>
<script src="https://lib.baomitu.com/typed.js/2.0.12/typed.min.js" ></script>
<script>
(function (window, document) {
var typing = Fluid.plugins.typing;
var subtitle = document.getElementById('subtitle');
if (!subtitle || !typing) {
return;
}
var text = subtitle.getAttribute('data-typed-text');
typing(text);
})(window, document);
</script>
<script src="/js/img-lazyload.js" ></script>
<script src="/js/local-search.js" ></script>
<script defer src="https://busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js" ></script>
<!-- 主题的启动项,将它保持在最底部 -->
<!-- the boot of the theme, keep it at the bottom -->
<script src="/js/boot.js" ></script>
<noscript>
<div class="noscript-warning">博客在允许 JavaScript 运行的环境下浏览效果更佳</div>
</noscript>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink