云计算课设

Zsm published on 2025-06-11 included in 容器

云计算课设

这个课设是一个基于MapReduce的倒排索引系统，核心是Hadoop+docker+k8s

整体架构

前端 vue+nodejs

后端 nodejs+express+redis+sqlite3

部署方法 dockerfile+k8s

数据处理方法 Hadoop

课设灵感

自己blog的搜索功能很弱，采用的是js插件的全局遍历搜索，就在网上查了一下优化方法，顺便知道了倒排索引这种方法，结合云计算课堂的docker和Hadoop知识，便有了这个课设

Study K8s

Zsm published on 2025-06-09 included in 容器

关于安装

mac的话可以直接orb一把梭了，里面直接启动即可，如果不想的话，就直接去看官方安装方法我感觉不如orb，linux和win只能安装官方的来咯

Study Docker

Zsm published on 2025-06-09 included in 容器

中文文档

https://yeasy.gitbook.io/docker_practice

关于部署

mac可以用docker-desktop，或者是orbstack(这个真的好用xd)，linux就直接指令操作吧。win不推荐，推荐wsl里面搞docker然后映射出来

HNCTF2025

Zsm published on 2025-06-08 included in CTF

前言

rank18 我是fw

题目

哈基coke

task.py

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34



import matplotlib.pyplot as plt
import cv2
import numpy as np
from PIL import Image
def arnold_encode(image, shuffle_times, a, b):
    """ Arnold shuffle for rgb image
    Args:
        image: input original rgb image
        shuffle_times: how many times to shuffle
    Returns:
        Arnold encode image
    """
    arnold_image = np.zeros(shape=image.shape)

    h, w = image.shape[0], image.shape[1]
    N = h

    for time in range(shuffle_times):
        for ori_x in range(h):
            for ori_y in range(w):

                new_x = (1*ori_x + b*ori_y)% N
                new_y = (a*ori_x + (a*b+1)*ori_y) % N

                arnold_image[new_x, new_y, :] = image[ori_x, ori_y, :]

        image = np.copy(arnold_image)

    cv2.imwrite('en_flag.png', arnold_image, [int(cv2.IMWRITE_PNG_COMPRESSION), 0])
    return arnold_image

img = cv2.imread('coke.png')
arnold_encode(img,6,9,1)

Arnold变换，我不是特别懂原理的，gpt一把梭了

关于MVC的小笔记or总结

Zsm published on 2025-06-06 included in Nodejs

前言

前面的nodejs「3」其实写过，但是很潦草且不深刻，这个稍微深刻一点

什么是MVC

三个字母对应三个单词，对应三个层次

M->Model
V->View
C->Control

在我浅薄的理解下，Model层是对于数据库去建立sql模型，以及增删查改等操作。Control去作为M和V之间的中间件，去衔接贯通，并且在我的理解里面，这个不应该含有web层面的业务逻辑(下单，支付等操作)。而View就是与前端进行交互，得到or发送状态/数据等信息。
那么web层面的逻辑就应该交给Services层去完成，衍生出来的DTO层，用于C->S时的数据处理以及规范，有趣的是他只是一个结构体，不能处理复杂的逻辑，比如权限管理，增加waf等，我第一开始真的想过在这里去加waf保证安全(如xss，sql注入等)

THM WhyHackMe

Zsm published on 2025-06-02 included in 靶场

前言

THM的一个中等难度靶机，主要是xss相关？挺难的（

外网打点

nmap+dirsearch启动

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82


 nmap -sC -sV 10.10.146.135     
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-06-02 15:53 CST
Nmap scan report for 10.10.146.135
Host is up (0.24s latency).
Not shown: 997 closed tcp ports (conn-refused)
PORT   STATE SERVICE VERSION
21/tcp open  ftp     vsftpd 3.0.3
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_-rw-r--r--    1 0        0             318 Mar 14  2023 update.txt
| ftp-syst:
|   STAT:
| FTP server status:
|      Connected to 10.21.155.141
|      Logged in as ftp
|      TYPE: ASCII
|      No session bandwidth limit
|      Session timeout in seconds is 300
|      Control connection is plain text
|      Data connections will be plain text
|      At session startup, client count was 3
|      vsFTPd 3.0.3 - secure, fast, stable
|_End of status
22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.9 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
|   3072 47:71:2b:90:7d:89:b8:e9:b4:6a:76:c1:50:49:43:cf (RSA)
|   256 cb:29:97:dc:fd:85:d9:ea:f8:84:98:0b:66:10:5e:6f (ECDSA)
|_  256 12:3f:38:92:a7:ba:7f:da:a7:18:4f:0d:ff:56:c1:1f (ED25519)
80/tcp open  http    Apache httpd 2.4.41 ((Ubuntu))
|_http-title: Welcome!!
|_http-server-header: Apache/2.4.41 (Ubuntu)
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 56.16 seconds

 python dirsearch.py -u http://10.10.146.135            

  _|. _ _  _  _  _ _|_    v0.4.3
 (_||| _) (/_(_|| (_| )

Extensions: php, asp, aspx, jsp, html, htm | HTTP method: GET | Threads: 25 | Wordlist size: 12290

Target: http://10.10.146.135/

[15:57:12] Scanning:
[15:57:27] 403 -   278B - /.php
[15:58:04] 301 -   315B - /assets  ->  http://10.10.146.135/assets/
[15:58:04] 200 -    1KB - /assets/
[15:58:11] 403 -   278B - /cgi-bin/
[15:58:11] 403 -   278B - /cgi-bin/awstats.pl
[15:58:11] 403 -   278B - /cgi-bin/a1stats/a1disp.cgi
[15:58:11] 403 -   278B - /cgi-bin/awstats/
[15:58:11] 403 -   278B - /cgi-bin/htmlscript
[15:58:11] 403 -   278B - /cgi-bin/login
[15:58:11] 403 -   278B - /cgi-bin/login.php
[15:58:11] 403 -   278B - /cgi-bin/login.cgi
[15:58:11] 403 -   278B - /cgi-bin/mt-xmlrpc.cgi
[15:58:11] 403 -   278B - /cgi-bin/mt.cgi
[15:58:11] 403 -   278B - /cgi-bin/mt/mt-xmlrpc.cgi
[15:58:11] 403 -   278B - /cgi-bin/mt/mt.cgi
[15:58:11] 403 -   278B - /cgi-bin/mt7/mt-xmlrpc.cgi
[15:58:11] 403 -   278B - /cgi-bin/mt7/mt.cgi
[15:58:11] 403 -   278B - /cgi-bin/php.ini
[15:58:11] 403 -   278B - /cgi-bin/printenv.pl
[15:58:11] 403 -   278B - /cgi-bin/ViewLog.asp
[15:58:11] 403 -   278B - /cgi-bin/test-cgi
[15:58:11] 403 -   278B - /cgi-bin/test.cgi
[15:58:11] 403 -   278B - /cgi-bin/htimage.exe?2,2
[15:58:11] 403 -   278B - /cgi-bin/imagemap.exe?2,2
[15:58:11] 403 -   278B - /cgi-bin/index.html
[15:58:11] 403 -   278B - /cgi-bin/printenv
[15:58:15] 200 -     0B - /config.php
[15:58:22] 403 -   278B - /dir
[15:58:36] 200 -   563B - /index.php
[15:58:36] 200 -   563B - /index.php/login/
[15:58:42] 200 -   523B - /login.php
[15:58:43] 302 -     0B - /logout.php  ->  login.php
[15:59:02] 200 -   643B - /register.php
[15:59:06] 403 -   278B - /server-status/
[15:59:06] 403 -   278B - /server-status

Task Completed

这个时候缓一下，差点忘记21ftp没看，直接连接上去拿下来一个文件