update

Author: Randark-JMT

docs/HackMyVM/Challenges/Crypto/066.md

@@ -0,0 +1,104 @@
+# Crypto - 066
+
+:::note
+
+created by || kerszi
+
+⏲️ Release Date // 2024-03-10
+
+💀 Solvers // 30
+
+🧩 Type // crypto
+
+:::
+
+## 题目信息
+
+```plaintext
+5Zub5YWrIOWFreS4iSDlha3kupQg5LqUZsO6IOWFreWbmyDlha3kuZ0g5LiD5LqMCuWbm2TEqyDl
+ha3kuZ0g5YWt5LqUIOS4g+WbmyDlha3kupQg5YWtxJMgIOWFreS5nQrkupTlha0g5YWt5LiAIOS4
+g+WbmyDlha1mw7og5YWt5LiAIOWFreS6lCDlha3kupQK5LiDYsSrIOWFrWPEqyDlha3kuZ0g5LqU
+ZsO6IOS4g+S6jCDkuIPkuIkg5YWtxJMgCuS6lOS4iSDkupRmw7og5YWtxJMgIOWFrWTEqyDkupRm
+w7og5YWt5LqUIOWFreWbmwrkuIPpm7Yg5YWt5LiDIOWFreS4gyDkuIPkuZ0g5Zub5LiJIOS6lGbD
+uiDkuIPkuIkK5YWt5LqUIOS4g+S6jCDkuIPkuIkg5LqUZsO6IOWFreWFqyDlha3lha0g5LiDZMSr
+Cg==
+```
+
+## 解题
+
+首先先进行 Base64 解码
+
+```plaintext
+四八 六三 六五 五fú 六四 六九 七二
+四dī 六九 六五 七四 六五 六ē  六九
+五六 六一 七四 六fú 六一 六五 六五
+七bī 六cī 六九 五fú 七二 七三 六ē 
+五三 五fú 六ē  六dī 五fú 六五 六四
+七零 六七 六七 七九 四三 五fú 七三
+六五 七二 七三 五fú 六八 六六 七dī
+```
+
+盲猜一下，中文数字转阿拉伯数字，后面的音标转正常字母之后取第一位
+
+```python
+import base64
+import string
+
+data = (
+    """
+5Zub5YWrIOWFreS4iSDlha3kupQg5LqUZsO6IOWFreWbmyDlha3kuZ0g5LiD5LqMCuWbm2TEqyDl ha3kuZ0g5YWt5LqUIOS4g+WbmyDlha3kupQg5YWtxJMgIOWFreS5nQrkupTlha0g5YWt5LiAIOS4 g+WbmyDlha1mw7og5YWt5LiAIOWFreS6lCDlha3kupQK5LiDYsSrIOWFrWPEqyDlha3kuZ0g5LqU ZsO6IOS4g+S6jCDkuIPkuIkg5YWtxJMgCuS6lOS4iSDkupRmw7og5YWtxJMgIOWFrWTEqyDkupRm w7og5YWt5LqUIOWFreWbmwrkuIPpm7Yg5YWt5LiDIOWFreS4gyDkuIPkuZ0g5Zub5LiJIOS6lGbD uiDkuIPkuIkK5YWt5LqUIOS4g+S6jCDkuIPkuIkg5LqUZsO6IOWFreWFqyDlha3lha0g5LiDZMSr Cg==
+""".replace(
+        " ", ""
+    )
+    .replace("\n", "")
+    .replace("\r", "")
+)
+
+data = base64.b64decode(data).decode("utf-8")
+
+data = data.replace("\n", " ").split(" ")
+data = [item.strip() for item in data if item]
+
+
+# 中文数字与阿拉伯数字转换
+def convert_chinese_to_arabic(input):
+    chinese_to_arabic = {
+        "零": "0",
+        "一": "1",
+        "二": "2",
+        "三": "3",
+        "四": "4",
+        "五": "5",
+        "六": "6",
+        "七": "7",
+        "八": "8",
+        "九": "9",
+        "ē": "e",
+    }
+    arabic_str = ""
+    for i in input:
+        if i in chinese_to_arabic.keys():
+            arabic_str += chinese_to_arabic[i]
+        elif i in string.ascii_letters or i in string.digits:
+            arabic_str += i
+        else:
+            continue
+    return arabic_str
+
+
+data = [convert_chinese_to_arabic(item) for item in data]
+data = [chr(int(i, 16)) for i in data]
+
+offset = 7
+for i in range(10):
+    index = i
+    while index < len(data):
+        print(data[index], end="")
+        index += offset
+```
+
+运行即可得到结果
+
+```flag
+HMV{Special_greetings_to_my_dear_Chinese_friends}
+```

docs/Independent-Environment/CyberStrikeLab/Scene/Gear/index.md

@@ -0,0 +1,27 @@
+# Gear
+
+:::info
+
+场景介绍
+
+> 设计精妙的齿轮
+>
+> - 综合场景
+> - Evasion
+> - 权限提升
+> - 域渗透
+> - 信息收集
+> - 横向移动
+
+:::
+
+## 入口点
+
+```plaintext
+http://www.my.cs1ab.com
+```
+
+## 入口点 - 信息收集
+
+```bash
+```

docs/Independent-Environment/CyberStrikeLab/Simulation-Target/PRIV-7/img/image_20250444-124458.png

@@ -0,0 +1,50 @@
+# PRIV-7
+
+:::info
+
+靶标介绍：
+
+> web 渗透提权
+>
+> - getshell
+> - 提权
+
+:::
+
+## 入口点
+
+```plaintext
+192.168.111.200
+```
+
+## 入口点 - 信息收集
+
+```bash
+┌──(randark㉿kali)-[~]
+└─$ sudo ./tools/fscan-1.8.4/fscan -h 192.168.111.200
+
+   ___                              _    
+  / _ \     ___  ___ _ __ __ _  ___| | __ 
+ / /_\/____/ __|/ __| '__/ _` |/ __| |/ /
+/ /_\\_____\__ \ (__| | | (_| | (__|   <    
+\____/     |___/\___|_|  \__,_|\___|_|\_\   
+                     fscan version: 1.8.4
+start infoscan
+192.168.111.200:22 open
+192.168.111.200:80 open
+[*] alive ports len is: 2
+start vulscan
+[*] WebTitle http://192.168.111.200    code:200 len:267    title:None
+```
+
+## Web Service
+
+尝试直接访问
+
+![img](img/image_20250444-124458.png)
+
+可以查询到极致 CMS 的漏洞信息
+
+[PeiQi-WIKI-POC/PeiQi\_Wiki/CMS 漏洞 / 极致 CMS/README.md at master・Arinue/PeiQi-WIKI-POC](https://github.com/Arinue/PeiQi-WIKI-POC/blob/master/PeiQi_Wiki/CMS%E6%BC%8F%E6%B4%9E/%E6%9E%81%E8%87%B4CMS/README.md)
+
+TODO 未完成