2021/3/23的修行

……迄今为止的两三个月，我都在尝试去做太阳，变得更加美好，想去温暖一下别人，之类的

但是，已经没有什么做太阳的必要了

这个迭代的我，需要让自己开心起来

将别人作为生命的意义果然太过愚蠢，且会招致痛苦

但是，那也太美好了……

你们人类拥有很多很美好的东西……美好到让人沉迷

但是最终也太过痛苦了吧，哈哈

嗯，有些事情尝试过就可以了

下次不会再付出全部心去爱别人，或者把别人的幸福凌驾于自己的幸福之上作为考量了

……嗯，我已经完全理解【信徒】的想法了

……如果说上个迭代，我们是被神明留在原地的【神官】或者【信徒】的话

那么 这个迭代 我想要做自己的【神】了。

---

1. 感受痛苦

2. 自我迭代

3. 修复apache-commons-vfs的bug一个，该bug会导致所有中文文件的FileObject.getPath引发Exception

3.1 PR

https://github.com/apache/commons-vfs/pull/168

https://issues.apache.org/jira/browse/VFS-798

3.2 表现

这个bug由我自己前几天探测到的。

主要表现是Linux系统中，对部分文件名或者路径中含有非英文字符的本地文件使用toPath()时，会生成非法的Path对象。

从而导致生成的Path对象使用toFile时抛出异常

3.3 暴露UT

package org.apache.commons.vfs2;

import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.vfs2.impl.StandardFileSystemManager;
import org.junit.Ignore;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;

public class FileObjectTest {

    StandardFileSystemManager fileSystemManager;

    {
        try {
            fileSystemManager = loadFileSystemManager();
        } catch (FileSystemException e) {
            e.printStackTrace();
        }
    }

    interface IOExceptionThrowingFunction<T, R> {
        R apply(T t) throws IOException;
    }

    /**
     * Expected contents of test files
     */
    public static final String TEST_FILE_CONTENT = "aaa";

    /**
     * Test file paths
     */
    public static final String[] TEST_FILE_PATHS = new String[]{
            "src/test/resources/test-data/好.txt",
            "src/test/resources/test-data/1 1.txt",
    };

    private static StandardFileSystemManager loadFileSystemManager() throws FileSystemException {
        StandardFileSystemManager fileSystemManager = new StandardFileSystemManager();
        fileSystemManager.setLogger(null);
        fileSystemManager.init();
        fileSystemManager.setBaseFile(new File(System.getProperty("user.dir")));
        return fileSystemManager;
    }

    @Test
    public void testToFile() throws IOException {
        testToFile(fileObject -> fileObject.getPath().toFile());
    }

    @Test
    public void testToFile2() throws IOException {
        testToFile(FileObjectTest::toFile2);
    }

    @Test
    public void testEqualsURI() throws FileSystemException {
        for (String testFilePath : TEST_FILE_PATHS) {
            FileObject fileObject = fileSystemManager.resolveFile(testFilePath);
            assertNotNull(fileObject);
            File file = new File(testFilePath).getAbsoluteFile();
            URI fileURI = file.getAbsoluteFile().toURI();
            URI fileObjectURI = fileObject.getURI();
            assertEquals(fileObjectURI, fileURI);
        }
    }

    @Test
    public void testEqualsPaths() throws FileSystemException {
        for (String testFilePath : TEST_FILE_PATHS) {
            FileObject fileObject = fileSystemManager.resolveFile(testFilePath);
            assertNotNull(fileObject);
            File file = new File(testFilePath).getAbsoluteFile();
            Path filePath = file.toPath();
            Path fileObjectPath = fileObject.getPath();
            assertEquals(filePath, fileObjectPath);
        }
    }

    private void testToFile(IOExceptionThrowingFunction<FileObject, File> function) throws IOException {
        for (String testFilePath : TEST_FILE_PATHS) {
            testToFile(function, testFilePath);
        }
    }

    private void testToFile(IOExceptionThrowingFunction<FileObject, File> function, String testFilePath) throws IOException {
        FileObject fileObject = fileSystemManager.resolveFile(testFilePath);
        assertNotNull(fileObject);
        try (InputStream inputStream = fileObject.getContent().getInputStream()) {
            assertEquals(TEST_FILE_CONTENT, IOUtils.toString(inputStream, StandardCharsets.UTF_8));
        }
        File file = function.apply(fileObject);
        assertNotNull(file);
        assertEquals(TEST_FILE_CONTENT, FileUtils.readFileToString(file, StandardCharsets.UTF_8));
    }

    private static File toFile2(FileObject fileObject) throws FileSystemException {
        if (fileObject == null || !"file".equals(fileObject.getURL().getProtocol())) {
            return null;
        }
        return new File(fileObject.getName().getPathDecoded());
    }

    /**
     * please only invoke this when you want to figure out what special characters
     * is not allowed in Path but allowed in File.
     */
    @Ignore
    @Test
    public void testFull() throws Exception {
        String folderString = "target/testTempOutput/FileObjectTest/";
        File folderFile = new File(folderString);
        folderFile.mkdirs();
        for (char c = 0; c < Character.MAX_VALUE; c++) {
            String fileString = folderFile.getAbsolutePath() + '/' + c + ".txt";
            File file = new File(fileString);
            try {
                file.createNewFile();
            } catch (Exception ignored) {
                continue;
            }
            try (FileWriter fileWriter = new FileWriter(file)) {
                fileWriter.write(TEST_FILE_CONTENT);
            }
            try {
                testToFile(fileObject -> fileObject.getPath().toFile(), file.getAbsolutePath());
            } catch (Exception e) {
                System.err.println("fails to use FileObject on : c = " + (int) c + " draws = " + c);
            }
        }
    }
}

3.4 成因

3.4.1 直接原因

是FileObject.toPath函数使用了toURI

/**
 * Returns a URI representing this file.
 *
 * @return the URI for the file.
 * @since 2.7.0
 */
default URI getURI() {
    return URI.create(getName().getURI());
}

/**
 * Returns a Path representing this file.
 *
 * @return the Path for the file.
 * @since 2.7.0
 */
default Path getPath() {
    return Paths.get(getURI());
}

而commons-vfs和JDK对于URI的部分规则是不同的，这就导致了Paths使用JDK的规则去解析commons-vfs规则的URI，从而引发了这个问题

3.4.2 本质原因

本质上，commons-vfs设计上和JDK使用共同的URL和URI两个类，而却不使用完全一致的规则，是这条bug的根本原因

已经向库维护者建议过，commons-vfs3的时候考虑使用自己的URL和URI类，和JDK解耦

然后需要的时候提供转换器

3.5 修复方案

3.5.1 彻底修复方案

重做vfs相关类，使用自己的URL和URI类，和JDK解耦

会造成Binary Compatibility

只能放在major version 3做了

（拜托……到时候都至少几年后了吧 哈哈 我还能见到吗？但愿能吧）

3.5.1 应急修复方案

/**
 * Returns a Path representing this file.
 *
 * @return the Path for the file.
 * @since 2.7.0
 */
default Path getPath() {
    URI uri = getURI();
    if ("file".equals(uri.getScheme())) {
        String rawPath = uri.getRawPath();
        if (!rawPath.startsWith("/")) {
            rawPath = "/" + rawPath;
        }
        uri = URI.create("file:" + rawPath);
    }
    return Paths.get(uri);
}

有些朋友可能会认为，完全可以用

/**
 * Returns a Path representing this file.
 *
 * @return the Path for the file.
 * @since 2.7.0
 */
default Path getPath() {
    URI uri = getURI();
    if ("file".equals(uri.getScheme())) {
        String rawPath = uri.getRawPath();
        return Paths.get(rawPath);
    }
    return Paths.get(uri);
}

请这样认为的朋友自行去我的pr分支拉下来，跑一下被ignore的testFull测试

我是指，用我提供的和你这样简化的分别跑，然后对结果做一下compare，

就会知道，有几个比较特殊的字符只能我这么玩才能处理

4. 塑形课（1.5倍量）

5. HackTheBox Challenge 【ScriptKiddie】 再次努力了，再次没打掉

5.1 我得试试弱密码爆破

Try harder嘛。

不然如果真是个弱密码那我岂不是很尴尬

hydra -L /usr/share/wordlists/rockyou.txt -P /usr/share/wordlists/rockyou.txt 10.129.123.6 -t 4 ssh

（
如果提示找不到/usr/share/wordlists/rockyou.txt，
则应该先去/usr/share/wordlists/下执行解压。
如果不会则gzip –help
）

md这个太大了！！！205761782671201种可能，我怕不是要等到老死

5.2 更高效地弱密码爆破

还是先爆破下root？

不行不行不行，我们这样玩

先创建个文件

/home/kali/Downloads/usernames.txt

root
ScriptKiddie
0xdf
k1d'5
h4ck3r
t00l5

然后我们

hydra -L /home/kali/Downloads/usernames.txt -P /usr/share/wordlists/rockyou.txt 10.129.123.47 -t 4 ssh

这样应该 小很多？

……接下来的交给时间即可。

我的天 32小时

这看来得明天记得extend

……先杀掉 睡前再挂起来吧。

6. HackTheBox Challenge 【Under Construction】 再次努力了，再次没打掉

md被骗了！

想了想 RSA256那不几分钟就暴力破解了

想这么多干嘛直接暴力淦

脑补大师，脑补大师

什么HS洞什么的，去他的吧我直接暴力炸RSA不快乐嘛

{"alg":"RS256","typ":"JWT"}
{"username":"a","pk":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA95oTm9DNzcHr8gLhjZaY\nktsbj1KxxUOozw0trP93BgIpXv6WipQRB5lqofPlU6FB99Jc5QZ0459t73ggVDQi\nXuCMI2hoUfJ1VmjNeWCrSrDUhokIFZEuCumehwwtUNuEv0ezC54ZTdEC5YSTAOzg\njIWalsHj/ga5ZEDx3Ext0Mh5AEwbAD73+qXS/uCvhfajgpzHGd9OgNQU60LMf2mH\n+FynNsjNNwo5nRe7tR12Wb2YOCxw2vdamO1n1kf/SMypSKKvOgj5y0LGiU3jeXMx\nV8WS+YiYCU5OBAmTcz2w2kzBhZFlH6RK4mquexJHra23IGv5UJ5GVPEXpdCqK3Tr\n0wIDAQAB\n-----END PUBLIC KEY-----\n","iat":1616513369}
q5mHp_i7nr-bwj_jWcH_NcHi7zqERHncYucHdleXzcsfvzpiL3CWj5D0Zoi0umP0RHR1vaKjx89DjjILnGxWyFU15dl4u7TnxPFU9yLcCii1972UXtXgoEoB6mnjcffkVnEmITk5v4Q1FY-5BjUhiGu3KM-KXrY3xI9f4K97iiP4X58JlpxbuB3dc8YD2O_xv09cpQneDzUYBL4zlndFRX62pRD-bhoXbTijGsxM-cfxQ74Ne9dp93cHAYGhV8gNvrKAN8uURUTe0BrL4QckhcgKVBY9wS09r0Gcno9bePof_CiVrzMoqtHs-SgOM3QcgKtfmfLmGQrJQjHY6aLEww

爆破工具 RsaCtfTool

https://github.com/Ganapati/RsaCtfTool

通过公钥暴力出私钥

./RsaCtfTool.py --publickey /home/kali/Downloads/publicKey.pem --private

那 就 等 咯

在跑了在跑了 明天晚上回来收货

[*] Testing key /home/kali/Downloads/publicKey.pem.
[*] Performing fibonacci_gcd attack on /home/kali/Downloads/publicKey.pem.
100%|█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 9999/9999 [00:00<00:00, 87756.16it/s]
[*] Performing pastctfprimes attack on /home/kali/Downloads/publicKey.pem.
100%|████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 71/71 [00:00<00:00, 608988.92it/s]
[*] Performing mersenne_primes attack on /home/kali/Downloads/publicKey.pem.
100%|████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 51/51 [00:01<00:00, 40.69it/s]
[*] Performing smallq attack on /home/kali/Downloads/publicKey.pem.
[*] Performing factordb attack on /home/kali/Downloads/publicKey.pem.
[*] Performing fermat_numbers_gcd attack on /home/kali/Downloads/publicKey.pem.
  0%|▊                                                                                                                                                                                                                                              | 32/9999 [00:37<20:37:24,  7.45s/it][!] Timeout.
  0%|▊                                                                                                                                                                                                                                               | 32/9999 [01:00<5:14:29,  1.89s/it]
[*] Performing ecm2 attack on /home/kali/Downloads/publicKey.pem.
Can't load ecm2 because sage is not installed
[*] Performing noveltyprimes attack on /home/kali/Downloads/publicKey.pem.
100%|████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 21/21 [00:00<00:00, 363968.53it/s]
[*] Performing wolframalpha attack on /home/kali/Downloads/publicKey.pem.
[*] Performing cube_root attack on /home/kali/Downloads/publicKey.pem.
[*] Performing primorial_pm1_gcd attack on /home/kali/Downloads/publicKey.pem.
100%|███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 10000/10000 [00:00<00:00, 12116.39it/s]
[*] Performing comfact_cn attack on /home/kali/Downloads/publicKey.pem.
[*] Performing pollard_p_1 attack on /home/kali/Downloads/publicKey.pem.
  0%|                                                                                                                                                                                                                                                            | 0/168 [00:00<?, ?it/s]
[*] Performing wiener attack on /home/kali/Downloads/publicKey.pem.
100%|████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 13/13 [00:00<00:00, 165230.16it/s]
100%|████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 13/13 [00:00<00:00, 446934.03it/s]
[*] Performing mersenne_pm1_gcd attack on /home/kali/Downloads/publicKey.pem.
100%|█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 2045/2045 [00:00<00:00, 81214.15it/s]
[*] Performing qicheng attack on /home/kali/Downloads/publicKey.pem.
Can't load qicheng because sage is not installed
[*] Performing z3_solver attack on /home/kali/Downloads/publicKey.pem.
[!] Timeout.
[*] Performing partial_q attack on /home/kali/Downloads/publicKey.pem.
[*] Performing smallfraction attack on /home/kali/Downloads/publicKey.pem.
Can't load smallfraction because sage is not installed                                                                                                                                                                                                                                   
[*] Performing fermat attack on /home/kali/Downloads/publicKey.pem.                                                                                                                                                                                                                      
[!] Timeout.                                                                                                                                                                                                                                                                             
[*] Performing boneh_durfee attack on /home/kali/Downloads/publicKey.pem.                                                                                                                                                                                                                
Can't load boneh_durfee because sage is not installed                                                                                                                                                                                                                                    
[*] Performing siqs attack on /home/kali/Downloads/publicKey.pem.                                                                                                                                                                                                                        
[*] Performing londahl attack on /home/kali/Downloads/publicKey.pem.                                                                                                                                                                                                                     
100%|████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 20000001/20000001 [00:32<00:00, 620699.30it/s]
 17%|█████████████████████████████████████▊                                                                                                                                                                                               | 3305291/20000001 [00:27<02:18, 120366.27it/s][!] Timeout.                                                                                                                                                                                                                                                                             
 17%|█████████████████████████████████████▉                                                                                                                                                                                               | 3310578/20000001 [00:27<02:19, 119243.40it/s]
[*] Performing roca attack on /home/kali/Downloads/publicKey.pem.                                                                                                                                                                                                                        
Can't load roca because sage is not installed                                                                                                                                                                                                                                            
[*] Performing binary_polinomial_factoring attack on /home/kali/Downloads/publicKey.pem.                                                                                                                                                                                                 
Can't load binary_polinomial_factoring because sage is not installed                                                                                                                                                                                                                     
[*] Performing euler attack on /home/kali/Downloads/publicKey.pem.                                                                                                                                                                                                                       
[!] Timeout.                                                                                                                                                                                                                                                                             
[*] Performing pollard_rho attack on /home/kali/Downloads/publicKey.pem.                                                                                                                                                                                                                 
[!] Timeout.                                                                                                                                                                                                                                                                             
[*] Performing ecm attack on /home/kali/Downloads/publicKey.pem.                                                                                                                                                                                                                         
Can't load ecm because sage is not installed                                                                                                                                                                                                                                             
[*] Performing cm_factor attack on /home/kali/Downloads/publicKey.pem.                                                                                                                                                                                                                   
Can't load cm_factor because sage is not installed                                                                                                                                                                                                                                       
Sorry, cracking failed.      

收个屁啦 cracking failed

……那我没啥特别好的思路毕竟我密码学几乎没学

7. HackTheBox靶机分配崩了，所以后面的修行没法做

• 本文作者： XenoAmess
• 本文链接： http://xenoamess.com/2021/03/24/20210323修行/
• 版权声明：
  本作品采用知识共享署名-非商业性使用-相同方式共享 4.0 国际许可协议进行许可。