{"id":903,"date":"2025-06-21T02:59:20","date_gmt":"2025-06-20T18:59:20","guid":{"rendered":"http:\/\/162.14.82.114\/?p=903"},"modified":"2025-06-21T02:59:20","modified_gmt":"2025-06-20T18:59:20","slug":"hmv-_-disguise","status":"publish","type":"post","link":"http:\/\/162.14.82.114\/index.php\/903\/06\/21\/2025\/","title":{"rendered":"hmv[-_-]Disguise"},"content":{"rendered":"

Disguise<\/h1>\n

\"image-20250619011445950\"<\/div>
\n
\"image-20250620145229604\"<\/div><\/p>\n

\u4fe1\u606f\u641c\u96c6<\/h2>\n

\u7aef\u53e3\u626b\u63cf<\/h3>\n
\u250c\u2500\u2500(kali\u327fkali)-[~\/temp\/Disguise]\n\u2514\u2500$ rustscan -a $IP -- -sCV\n.----. .-. .-. .----..---.  .----. .---.   .--.  .-. .-.\n| {}  }| { } |{ {__ {_   _}{ {__  \/  ___} \/ {} \\ |  `| |\n| .-. \\| {_} |.-._} } | |  .-._} }\\     }\/  \/\\  \\| |\\  |\n`-' `-'`-----'`----'  `-'  `----'  `---' `-'  `-'`-' `-'\nThe Modern Day Port Scanner.\n________________________________________\n: http:\/\/discord.skerritt.blog         :\n: https:\/\/github.com\/RustScan\/RustScan :\n --------------------------------------\nRustScan: Making sure 'closed' isn't just a state of mind.\n\n[~] The config file is expected to be at "\/home\/kali\/.rustscan.toml"\n[!] File limit is lower than default batch size. Consider upping with --ulimit. May cause harm to sensitive servers\n[!] Your file limit is very small, which negatively impacts RustScan's speed. Use the Docker image, or up the Ulimit with '--ulimit 5000'. \nOpen 192.168.10.100:22\nOpen 192.168.10.100:80\n\nPORT   STATE SERVICE REASON         VERSION\n22\/tcp open  ssh     syn-ack ttl 64 OpenSSH 7.9p1 Debian 10+deb10u4 (protocol 2.0)\n| ssh-hostkey: \n|   2048 93:a4:92:55:72:2b:9b:4a:52:66:5c:af:a9:83:3c:fd (RSA)\n| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKpc4iyFhIzxDvlJoPvgE9rRlFPOqHm4EkLgqXQkVf31csyjpvJgyZpTgr4gYV3oztsMmQbIj+nFGD+L5pQfaSXtAdxKpqt4D\/MnFqVKP6KKGFhATWMCDzGXRaXQyaF7dOq49vkIoptczAU2af2PfwycA3aaI\/lNPOYSHPRufkm102lE\/lHZzNbXh0yJJXy9RJaqELeAibmqdrHFNpXFT8qAvsQrz\/6IKJkia4JLdVbfeMdZBOQ9lIlQg+2VfKXp7pF7kGZKKttIThc8ROqlcOaxlmuC5oKEgFQP7obty1+6fx\/QIuNn3D05FeQMqbvJfFZF1dE2IH4WEbFWRGH6w1\n|   256 1e:a7:44:0b:2c:1b:0d:77:83:df:1d:9f:0e:30:08:4d (ECDSA)\n| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAYupwIuJVRtRMDrYZ6fR\/3p5E5vsqXADwGAoZ2RW5vKPxDV3j\/+QjGbnRDj1iD5\/iwZxxlUggSr5raZfzAHrZA=\n|   256 d0:fa:9d:76:77:42:6f:91:d3:bd:b5:44:72:a7:c9:71 (ED25519)\n|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOshh8VG4l9hWlVYWfAvLuWuwPEdiF8EXmm5BFib\/+q\n80\/tcp open  http    syn-ack ttl 64 Apache httpd 2.4.59 ((Debian))\n|_http-server-header: Apache\/2.4.59 (Debian)\n|_http-title: Maintenance\nMAC Address: 08:00:27:B4:46:05 (PCS Systemtechnik\/Oracle VirtualBox virtual NIC)\nService Info: OS: Linux; CPE: cpe:\/o:linux:linux_kernel<\/code><\/pre>\n
\u76ee\u5f55\u626b\u63cf<\/h3>\n
\u250c\u2500\u2500(kali\u327fkali)-[~\/temp\/Disguise]\n\u2514\u2500$ feroxbuster -u http:\/\/$IP\/ -w \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt -x html txt php 2>\/dev\/null\n\n403      GET        9l       28w      279c Auto-filtering found 404-like response and created new filter; toggle off with --dont-filter\n503      GET      115l      268w     2449c Auto-filtering found 404-like response and created new filter; toggle off with --dont-filter\n301      GET        9l       28w      321c http:\/\/192.168.10.100\/wp-content => http:\/\/192.168.10.100\/wp-content\/\n200      GET        0l        0w        0c http:\/\/192.168.10.100\/wp-content\/index.php\n301      GET        9l       28w      328c http:\/\/192.168.10.100\/wp-content\/themes => http:\/\/192.168.10.100\/wp-content\/themes\/\n301      GET        9l       28w      329c http:\/\/192.168.10.100\/wp-content\/uploads => http:\/\/192.168.10.100\/wp-content\/uploads\/\n200      GET        0l        0w        0c http:\/\/192.168.10.100\/wp-content\/themes\/index.php\n200      GET      384l     3177w    19903c http:\/\/192.168.10.100\/license.txt<\/code><\/pre>\n
\u4e00\u626b\u5c31\u5361\u4f4f\u4e86\u3002\u3002\u3002\u3002\u4f46\u662f\u53d1\u73b0\u662fwordpress<\/code>\u7ad9\u70b9\u3002<\/p>\n
wordpress\u626b\u63cf<\/h3>\n
\u250c\u2500\u2500(kali\u327fkali)-[~\/temp\/Disguise]\n\u2514\u2500$ cmseek --url http:\/\/192.168.10.100\n\n[i] Updating CMSeeK result index...\n[*] Report index updated successfully!\n\n ___ _  _ ____ ____ ____ _  _\n|    |\\\/| [__  |___ |___ |_\/  by @r3dhax0r\n|___ |  | ___| |___ |___ | \\_ Version 1.1.3 K-RONA\n\n [+]  CMS Detection And Deep Scan  [+] \n\n[i] Scanning Site: http:\/\/192.168.10.100\/\n[*] CMS Detected, CMS ID: wp, Detection method: header\n[*] Version Detected, WordPress Version 6.8.1\n[i] Checking user registration status\n[i] Starting passive plugin enumeration\n[x] No plugins enumerated!\n[i] Starting passive theme enumeration\n[*] 2 themes detected!\n[i] Starting Username Harvest\n[i] Harvesting usernames from wp-json api\n[*] Found user from wp-json : simpleadmin\n[i] Harvesting usernames from jetpack public api\n[!] No results from jetpack api... maybe the site doesn't use jetpack\n[i] Harvesting usernames from wordpress author Parameter\n[*] Found user from source code: simpleadmin\n[*] 1 Usernames was enumerated\n[i] Checking version vulnerabilities using wpvulns.com\n[x] Error Retriving data from wpvulndb\n\n ___ _  _ ____ ____ ____ _  _\n|    |\\\/| [__  |___ |___ |_\/  by @r3dhax0r\n|___ |  | ___| |___ |___ | \\_ Version 1.1.3 K-RONA\n\n [+]  Deep Scan Results  [+] \n\n \u250f\u2501Target: 192.168.10.100\n \u2503\n \u2520\u2500\u2500 CMS: WordPress\n \u2503    \u2502\n \u2503    \u251c\u2500\u2500 Version: 6.8.1\n \u2503    \u2570\u2500\u2500 URL: https:\/\/wordpress.org\n \u2503\n \u2520\u2500\u2500[WordPress Deepscan]\n \u2503    \u2502\n \u2503    \u251c\u2500\u2500 Readme file found: http:\/\/192.168.10.100\/\/readme.html\n \u2503    \u251c\u2500\u2500 License file: http:\/\/192.168.10.100\/\/license.txt\n \u2503    \u251c\u2500\u2500 Uploads directory has listing enabled: http:\/\/192.168.10.100\/\/wp-content\/uploads\n \u2503    \u2502\n \u2503    \u251c\u2500\u2500 Themes Enumerated: 2\n \u2503    \u2502    \u2502\n \u2503    \u2502    \u251c\u2500\u2500 Theme: newscrunch\n \u2503    \u2502    \u2502   \u2502\n \u2503    \u2502    \u2502   \u251c\u2500\u2500 Version: 6.8.1\n \u2503    \u2502    \u2502   \u2570\u2500\u2500 URL: http:\/\/192.168.10.100\/\/wp-content\/themes\/newscrunch\n \u2503    \u2502    \u2502\n \u2503    \u2502    \u2570\u2500\u2500 Theme: newsblogger\n \u2503    \u2502        \u2502\n \u2503    \u2502        \u251c\u2500\u2500 Version: 6.8.1\n \u2503    \u2502        \u2570\u2500\u2500 URL: http:\/\/192.168.10.100\/\/wp-content\/themes\/newsblogger\n \u2503    \u2502\n \u2503    \u2502\n \u2503    \u251c\u2500\u2500 Usernames harvested: 1\n \u2503    \u2502    \u2570\u2500\u2500 simpleadmin\n \u2503    \u2502\n \u2503\n \u2520\u2500\u2500 Result: \/home\/kali\/temp\/Disguise\/Result\/192.168.10.100\/cms.json\n \u2503\n \u2517\u2501Scan Completed in 1.21 Seconds, using 46 Requests\n\n CMSeeK says ~ shalom<\/code><\/pre>\n
\u5c1d\u8bd5\u4f7f\u7528wpscan<\/code>\u8fdb\u884c\u6d4b\u8bd5\uff1ahttps:\/\/github.com\/wpscanteam\/wpscan\/wiki\/WPScan-User-Documentation<\/a><\/p>\n
\u250c\u2500\u2500(kali\u327fkali)-[~\/temp\/Disguise]\n\u2514\u2500$ wpscan --url http:\/\/$IP\/ -e vp --plugins-detection mixed --api-token xxxxxxxxxxxxxxx\n_______________________________________________________________\n[i] Plugin(s) Identified:\n\n[+] akismet\n | Location: http:\/\/192.168.10.100\/wp-content\/plugins\/akismet\/\n | Latest Version: 5.4\n | Last Updated: 2025-05-07T16:30:00.000Z\n |\n | Found By: Known Locations (Aggressive Detection)\n |  - http:\/\/192.168.10.100\/wp-content\/plugins\/akismet\/, status: 403\n |\n | [!] 1 vulnerability identified:\n |\n | [!] Title: Akismet 2.5.0-3.1.4 - Unauthenticated Stored Cross-Site Scripting (XSS)\n |     Fixed in: 3.1.5\n |     References:\n |      - https:\/\/wpscan.com\/vulnerability\/1a2f3094-5970-4251-9ed0-ec595a0cd26c\n |      - https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2015-9357\n |      - http:\/\/blog.akismet.com\/2015\/10\/13\/akismet-3-1-5-wordpress\/\n |      - https:\/\/blog.sucuri.net\/2015\/10\/security-advisory-stored-xss-in-akismet-wordpress-plugin.html\n |\n | The version could not be determined.\n\n\u250c\u2500\u2500(kali\u327fkali)-[~\/temp\/Disguise]\n\u2514\u2500$ wpscan --url http:\/\/$IP\/ -e u --api-token QgjGEj5XxGc1lJEYv4jXvhLKKWIbJqyqIUvjQnb84Jc\n-------------------------------\n[i] User(s) Identified:\n\n[+] simpleadmin\n | Found By: Wp Json Api (Aggressive Detection)\n |  - http:\/\/192.168.10.100\/wp-json\/wp\/v2\/users\/?per_page=100&page=1\n | Confirmed By:\n |  Author Id Brute Forcing - Author Pattern (Aggressive Detection)\n |  Login Error Messages (Aggressive Detection)\n\n[+] simpleAdmin\n | Found By: Rss Generator (Aggressive Detection)\n | Confirmed By: Login Error Messages (Aggressive Detection)<\/code><\/pre>\n
\u627e\u5230\u4e86\u4fe9\u7528\u6237simpleadmin<\/code>\u4ee5\u53casimpleAdmin<\/code>\uff0c\u524d\u8005\u5927\u6982\u7387\u4e3awordpress<\/code>\u7684\u7528\u6237\uff0c\u540e\u8005\u672a\u77e5\u3002<\/p>\n
\u6f0f\u6d1e\u53d1\u73b0<\/h2>\n
\u8e29\u70b9<\/h3>\n
\u8bbf\u95ee\u4e5f\u6162\u7684\u4e00\u6279\uff0c\u53ef\u80fd\u662f\u505a\u4e86\u5565\u914d\u7f6e\uff1f\u91cd\u542f\u9776\u673a\u8fdb\u884c\u6d4b\u8bd5\uff1a<\/p>\n
\"image-20250620150748888\"<\/div><\/p>\n
\u250c\u2500\u2500(kali\u327fkali)-[~\/temp\/Disguise]\n\u2514\u2500$ whatweb http:\/\/$IP\/\nhttp:\/\/192.168.10.100\/ [200 OK] Apache[2.4.59], Country[RESERVED][ZZ], HTML5, HTTPServer[Debian Linux][Apache\/2.4.59 (Debian)], IP[192.168.10.100], JQuery[3.7.1], MetaGenerator[WordPress 6.8.1], Script[speculationrules,text\/javascript], Title[Just a simple wordpress site], UncommonHeaders[link], WordPress[6.8.1], X-UA-Compatible[IE=edge]<\/code><\/pre>\n
\u770b\u770b\u5e38\u7528\u5f97\u654f\u611f\u76ee\u5f55\uff1a<\/p>\n
\u250c\u2500\u2500(kali\u327fkali)-[~\/temp\/Disguise]\n\u2514\u2500$ curl -s http:\/\/$IP\/robots.txt                                     \nUser-agent: *\nDisallow: \/wp-admin\/\nAllow: \/wp-admin\/admin-ajax.php<\/code><\/pre>\n
\u67e5\u770b\u4e3b\u9875\u6e90\u4ee3\u7801\uff0c\u53d1\u73b0\u57df\u540d\u89e3\u6790\uff1a<\/p>\n
192.168.10.100   disguise.hmv<\/code><\/pre>\n
FUZZ<\/h3>\n
\u250c\u2500\u2500(kali\u327fkali)-[~\/temp\/Disguise]\n\u2514\u2500$ ffuf -u "http:\/\/192.168.10.100" -H "Host: FUZZ.disguise.hmv" -c -w \/usr\/share\/wordlists\/seclists\/Discovery\/DNS\/subdomains-top1million-110000.txt -fw 11916 2>\/dev\/null\nwww                     [Status: 301, Size: 0, Words: 1, Lines: 1, Duration: 327ms]\ndark                    [Status: 200, Size: 873, Words: 124, Lines: 19, Duration: 185ms]<\/code><\/pre>\n
\u6709\u9690\u85cf\u57df\u540d\uff0c\u6dfb\u52a0\u4e00\u4e0b\uff1a<\/p>\n
192.168.10.100   disguise.hmv  dark.disguise.hmv<\/code><\/pre>\n
\u250c\u2500\u2500(kali\u327fkali)-[~\/temp\/Disguise]\n\u2514\u2500$ gobuster dir -u http:\/\/dark.disguise.hmv -w \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt -x php,txt,html -t 50\n===============================================================\nGobuster v3.6\nby OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)\n===============================================================\n[+] Url:                     http:\/\/dark.disguise.hmv\n[+] Method:                  GET\n[+] Threads:                 50\n[+] Wordlist:                \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt\n[+] Negative Status codes:   404\n[+] User Agent:              gobuster\/3.6\n[+] Extensions:              php,txt,html\n[+] Timeout:                 10s\n===============================================================\nStarting gobuster in directory enumeration mode\n===============================================================\n\/.php                 (Status: 403) [Size: 282]\n\/index.php            (Status: 200) [Size: 873]\n\/.html                (Status: 403) [Size: 282]\n\/login.php            (Status: 200) [Size: 1134]\n\/register.php         (Status: 200) [Size: 2103]\n\/profile.php          (Status: 302) [Size: 0] [--> login.php]\n\/images               (Status: 301) [Size: 323] [--> http:\/\/dark.disguise.hmv\/images\/]\n\/logout.php           (Status: 302) [Size: 0] [--> login.php]\n\/config.php           (Status: 200) [Size: 0]\n\/captcha.php          (Status: 200) [Size: 367]\n\/functions.php        (Status: 200) [Size: 0]\n\/manager              (Status: 301) [Size: 324] [--> http:\/\/dark.disguise.hmv\/manager\/]\n\/.php                 (Status: 403) [Size: 282]\n\/.html                (Status: 403) [Size: 282]\n\/server-status        (Status: 403) [Size: 282]<\/code><\/pre>\n
\n
\u6211\u8fd9\u91cc\u51fa\u73b0\u4fee\u6539hosts<\/code>\u5931\u6548\uff0c\u8bbf\u95ee 502\uff0c\u540e\u67e5\u660e\u662f\u56e0\u4e3a\u5f00\u4e86\u4ee3\u7406\u3002\u3002\u3002\u3002\u3002\u3002<\/p>\n<\/blockquote>\n
AES-128 ECB\u4f2a\u9020cookie<\/h3>\n
\u6253\u5f00\u65b0\u57df\u540d\u770b\u4e00\u4e0b\uff1a<\/p>\n
\"image-20250620172312774\"<\/div><\/p>\n
\u5c1d\u8bd5\u8fdb\u884c\u6ce8\u518c\uff1a<\/p>\n
\"image-20250620172346999\"<\/div><\/p>\n
\n
\u600e\u4e48\u611f\u89c9\u50cf cursor \u5199\u7684\uff0c\u54c8\u54c8\u54c8\u54c8\u3002<\/p>\n<\/blockquote>\n
username\npassword<\/code><\/pre>\n
\"image-20250620172449455\"<\/div><\/p>\n
\u6ca1\u4e1c\u897f\uff0c\u4f46\u662f cookie \u770b\u4e0a\u53bb\u6709\u70b9\u4e1c\u897f\uff1a<\/p>\n
\"image-20250620172701309\"<\/div><\/p>\n
dark_session: %2BRofqaf35NZSFE50nowHdw%3D%3D\nPHPSESSID: 1j48gohlqpqf9knohfbac7bm0q<\/code><\/pre>\n
\u5c1d\u8bd5\u8fdb\u884c\u7834\u8bd1\uff1a<\/p>\n
\"image-20250620172848403\"<\/div><\/p>\n
\u770b\u4e0a\u53bb\u50cf\u662fbase64<\/code>\u4f46\u662f\u53c8\u4e0d\u4e00\u6837\uff0c\u6709 + <\/code>\uff0c\u5c1d\u8bd5\u518d\u521b\u5efa\u4e00\u4e2a\u8d26\u53f7\u5bf9\u6bd4\u4e00\u4e0b\uff1a<\/p>\n
kali\nkali<\/code><\/pre>\n
cookie \u5219\u4e3a\uff1a<\/p>\n
dark_session: NL8B2mVVM8jKIu9pbCLIyw%3D%3D\nPHPSESSID: 1j48gohlqpqf9knohfbac7bm0q<\/code><\/pre>\n
\u89e3\u7801\u4ee5\u540e\u5206\u522b\u4e3a\uff1a<\/p>\n
+Rofqaf35NZSFE50nowHdw==\nNL8B2mVVM8jKIu9pbCLIyw==<\/code><\/pre>\n
AES-128\u52a0\u5bc6<\/h4>\n
\u4f4d\u6570\u4e00\u6837\uff0c\u7531\u4e8e\u5bc6\u7801\u622a\u7136\u4e0d\u4e00\u6837\uff0c\u770b\u4e0d\u51fa\u5173\u7cfb\uff0c\u5c1d\u8bd5\u591a\u6ce8\u518c\u51e0\u4e2a\uff1a<\/p>\n
aaaa:bbbb:4\naaaaaaaa:bbbbbbbb:8\naaaaaaaaaaaaaaaa:bbbbbbbbbbbbbbbb:16\naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa:bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb:32\naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa:bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb\n========>\ne3Opvt7372tUQCmdavBBxA%3D%3D\n5SKl5Bbstz3e0GrQ8QBCkA%3D%3D\nFUoxH12UY%2FN58pkbRNAAfw3VkIUgMs7BjIoGhLHIvrE%3D\nFUoxH12UY%2FN58pkbRNAAf0Kfd1bvz3G39ZMOl2HnjTEN1ZCFIDLOwYyKBoSxyL6x\n\ne3Opvt7372tUQCmdavBBxA==\n5SKl5Bbstz3e0GrQ8QBCkA==\nFUoxH12UY\/N58pkbRNAAfw3VkIUgMs7BjIoGhLHIvrE=\nFUoxH12UY\/N58pkbRNAAf0Kfd1bvz3G39ZMOl2HnjTEN1ZCFIDLOwYyKBoSxyL6x<\/code><\/pre>\n
\"image-20250620221750970\"<\/div><\/p>\n
\u524d\u7aef\u8fdb\u884c\u6821\u9a8c\u4e86\uff0c\u53ef\u4ee5\u7981\u7528\u6389 js\uff0c\u518d\u6ce8\u518c\u5373\u53ef\uff1a<\/p>\n
\"image-20250620222008455\"<\/div><\/p>\n
\u200b   \u5f53\u8fdb\u884c\u5230\u6700\u540e\u4e00\u4e2a\u7684\u65f6\u5019\u62a5\u9519\u4e86\uff1a<\/p>\n
\"image-20250620222247787\"<\/div><\/p>\n
\u200b      \u53d1\u73b0\u5728\u7528\u6237\u540d\u6216\u5bc6\u7801\u957f\u7684\u65f6\u5019\uff0c\u524d\u9762\u7684\u524d\u7f00\u662f\u4e00\u6837\u7684\uff0c\u4f46\u662f\u540e\u9762\u622a\u7136\u4e0d\u540c\uff0c\u4e14\u5f53\u7528\u6237\u540d\u6216\u5bc6\u7801\u957f\u5ea6\u4e0d\u540c\u65f6\uff0ccookie\u957f\u5ea6\u53ef\u80fd\u76f8\u540c\uff0c\u8bf4\u660e\u53ef\u80fd\u662f\u5757\u52a0\u5bc6\u65b9\u5f0f\uff0c\u5728\u957f\u5ea6\u4e0d\u591f\u7684\u65f6\u5019\u8fdb\u884c\u586b\u5145\uff0c\u8fbe\u5230\u4e00\u5b9a\u4f4d\u6570\u7684\u65f6\u5019\u8fdb\u884c\u52a0\u5bc6\uff0c\u53ef\u4ee5\u901a\u8fc7\u4e00\u4e2a\u4e00\u4e2a\u6ce8\u518c\u5f97\u5230\u90a3\u4e2a\u4f4d\u6570\uff0c\u53ef\u4ee5\u57fa\u672c\u786e\u5b9a\u662f AES128 \u52a0\u5bc6\u3002<\/p>\n
\n\n\n\n\n\n\n\n\n\n
\u7279\u6027<\/strong><\/th>\nAES-128<\/strong><\/th>\nAES-192<\/strong><\/th>\nAES-256<\/strong><\/th>\n<\/tr>\n<\/thead>\n
\u5bc6\u94a5\u957f\u5ea6<\/strong><\/td>\n128 \u4f4d\uff0816 \u5b57\u8282\uff09<\/td>\n192 \u4f4d\uff0824 \u5b57\u8282\uff09<\/td>\n256 \u4f4d\uff0832 \u5b57\u8282\uff09<\/td>\n<\/tr>\n
\u52a0\u5bc6\u8f6e\u6570<\/strong><\/td>\n10 \u8f6e<\/td>\n12 \u8f6e<\/td>\n14 \u8f6e<\/td>\n<\/tr>\n
\u5b89\u5168\u5f3a\u5ea6<\/strong><\/td>\n\u57fa\u7840\u5b89\u5168\u6027\uff08\u6297\u66b4\u529b\u7834\u89e3\u9700 2128 \u6b21\uff09<\/td>\n\u4e2d\u7b49\u5b89\u5168\u6027\uff082192 \u6b21\uff09<\/td>\n\u6700\u9ad8\u5b89\u5168\u6027\uff082256 \u6b21\uff09<\/td>\n<\/tr>\n
\u6027\u80fd\u5f00\u9500<\/strong><\/td>\n\u6700\u4f4e\uff08\u8ba1\u7b97\u6700\u5feb\uff09<\/td>\n\u4e2d\u7b49<\/td>\n\u6700\u9ad8\uff08\u8ba1\u7b97\u6700\u6162\uff09<\/td>\n<\/tr>\n
\u9002\u7528\u573a\u666f<\/strong><\/td>\n\u79fb\u52a8\u8bbe\u5907\u3001\u5b9e\u65f6\u901a\u4fe1\uff08\u5982 TLS 1.3\uff09<\/td>\n\u4f01\u4e1a\u7ea7\u6570\u636e\u52a0\u5bc6\uff08\u8f83\u5c11\u4f7f\u7528\uff09<\/td>\n\u519b\u4e8b\u3001\u91d1\u878d\u3001\u533a\u5757\u94fe\u7b49\u9ad8\u654f\u611f\u9886\u57df<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/blockquote>\n
\u200b      \u7136\u540e\u610f\u8bc6\u5230\u4e00\u4e2a\u6709\u610f\u601d\u7684\u5730\u65b9\uff0c\u8fd9\u4e2acookie\u5e94\u8be5\u548c\u5bc6\u7801\u6ca1\u5173\u7cfb\uff0c\u56e0\u4e3a\u6211\u4eec\u9700\u8981\u6784\u9020\u7684\u6b63\u662f\u7ba1\u7406\u5458simpleAdmin<\/code>\uff08\u4fe1\u606f\u641c\u96c6\u5230\u7684\uff09\u7684cookie\uff0c\u5982\u679c\u6709\u5bc6\u7801\u5c31\u4e0d\u9700\u8981\u8fdb\u884c\u6784\u9020\u4e86\u3002\u3002\u3002\u3002\u3002<\/p>\n
\u518d\u6ce8\u518c\u51e0\u4e2a\u627e\u5230\u6070\u597d\u591a\u5206\u4e00\u4e2a\u5757\u7684\u90a3\u4e2a\u7279\u6b8a\u957f\u5ea6\uff1a<\/p>\n
aaaaaaaaaa ==> Hxs4O2FVu%2FQM9EqHsnvrOA%3D%3D ==> Hxs4O2FVu\/QM9EqHsnvrOA==\naaaaaaaaaaaa ==> FUoxH12UY%2FN58pkbRNAAf8JwkfrsOdSxW16pbszGJLY%3D ==> FUoxH12UY\/N58pkbRNAAf8JwkfrsOdSxW16pbszGJLY=\n                                                                      FUoxH12UY\/N58pkbRNAAfw3VkIUgMs7BjIoGhLHIvrE=\naaaaaaaaaaa ==> OuQ8RKZ9v61RFPShspbyzg%3D%3D ==> OuQ8RKZ9v61RFPShspbyzg==<\/code><\/pre>\n
\u53ef\u4ee5\u76f4\u5230\u957f\u5ea6\u4e3a 12 \u65f6\u5019\u52a0\u5bc6\u591a\u4e86\u4e00\u5757\uff0c\u53ef\u77e5\u586b\u5145\u4e86 5 \u4e2a\u5b57\u8282\u7684\u672a\u77e5\u6570\u636e\uff0c12 + 5 -16 = 1 ,\u591a\u4e86\u4e00\u4e2a\u5b57\u8282\uff0c\u6545\u65b0\u586b\u5145\u4e86\u4e00\u4e2a\u5757\u3002<\/p>\n
ECB \u52a0\u5bc6<\/h4>\n
\u5c1d\u8bd5\u521b\u5efa\u4e00\u4e2a\u5f88\u957f\u4e14\u91cd\u590d\u7684\u7528\u6237\uff0c\u4f7f\u4e24\u4e2a\u5757\u7684\u957f\u5ea6\u76f8\u540c\uff0c\u770b\u770b\u662f\u5426\u5b58\u5728\u91cd\u590d\uff0c\u501f\u6b64\u5224\u65ad\u662f\u54ea\u79cd\u586b\u5145\u65b9\u5f0f\uff1a<\/p>\n
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa(40)\nFUoxH12UY%2FN58pkbRNAAf0Kfd1bvz3G39ZMOl2HnjTG6fpyT%2BeTDSMZZI3t8yCtj\nFUoxH12UY\/N58pkbRNAAf0Kfd1bvz3G39ZMOl2HnjTG6fpyT+eTDSMZZI3t8yCtj\n# \u518d\u957f\u4e00\u70b9\uff0c\u5e76\u672a\u591a\u5206\u51fa\u4e00\u4e2a\u5757\u3002\u3002\u3002\u3002\naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa(45)\nFUoxH12UY%2FN58pkbRNAAf0Kfd1bvz3G39ZMOl2HnjTFCn3dW789xt%2FWTDpdh540xx5DP1Yb6SI4MM0Hr7sTwjg%3D%3D\nFUoxH12UY\/N58pkbRNAAf0Kfd1bvz3G39ZMOl2HnjTFCn3dW789xt\/WTDpdh540xx5DP1Yb6SI4MM0Hr7sTwjg==<\/code><\/pre>\n
\u5c06\u5bc6\u6587\u6539\u4e3aurl > base64 > hex<\/code>\u89e3\u5bc6\u5373\u53ef\u770b\u5230\u91cd\u590d\uff1a<\/p>\n
\"image-20250620235035507\"<\/div><\/p>\n
\u53ef\u4ee5\u786e\u5b9a\u662fECB<\/code>\u52a0\u5bc6\u65b9\u5f0f\uff0c\u5176\u4ed6\u52a0\u5bc6\u65b9\u5f0f\u57fa\u672c\u4e0a\u90fd\u4e0d\u4f1a\u51fa\u73b0\u91cd\u590d\uff0c\u4f1a\u51fa\u73b0\u8f6e\u8f6c\u4e4b\u7c7b\u7684\u597d\u50cf\u3002<\/p>\n
PKCS7\u586b\u5145<\/h3>\n
\u6709\u4e24\u79cd\u586b\u5145\u65b9\u5f0f\u731c\u6d4b\uff1a<\/p>\n