DEDECMS 5.7 SP1 更换编辑器为 KindEditor 4.0.6
好久没发东西了,最近搞的项目是用DEDECMS搞的,发现5.7 SP1的编辑器太不给力了,网上查了一下,有不少人反馈,也有人返回了5.6的老板本编辑器,个人感觉也不算好用,就找了以前用过的KindEditor进行更换,虽然网上也有教程,但不适用于最新版的KindEditor 4.0.6。。我这里整理一下方法,方便大家更换,下面提供了我修改过的KindEditor ,把FLASH,音频,文件上传的部分去掉了。。。因为用不到啊
1、先修改/include/common.inc.php,找到如下行
if (DEBUG_LEVEL === TRUE) { echo '
修改为
/* // 添加kindeditor编辑器 modify by st0p 2012-04-02 17:16
if (DEBUG_LEVEL === TRUE)
{
echo 'Lua 标准库
基本函数库为Lua内置的函数库,不需要额外装载
1、assert (v [, message])
功能:相当于C的断言,
参数:
v:当表达式v为nil或false将触发错误,
message:发生错误时返回的信息,默认为"assertion failed!"
--------------------------------------------------------------------------------
2、collectgarbage (opt [, arg])
功能:是垃圾收集器的通用接口,用于操作垃圾收集器
参数:
opt:操作方法标志
"Stop": 停止垃圾收集器
"Restart": 重启垃圾收集器
"Collect": 执行一次全垃圾收集循环
"Count": 返回当前Lua中使用的内存量(以KB为单位)
"Step": 单步执行一个垃圾收集. 步长 "Size" 由参数arg指定 (大型的值需要多步才能完成),如果要准确指定步长,需要多次实验以达最优效果。如果步长完成一次收集循环,将返回True
"Setpause": 设置 arg/100 的值作为暂定收集的时长
"Setstepmul": 设置 arg/100 的值,作为步长的增幅(即新步长=旧步长*arg/100)
--------------------------------------------------------------------------------
3、dofile (filename)
功能:打开并且执行一个lua块,当忽略参数filename时,将执行标准输入设备(stdin)的内容。返回所有块的返回值。当发生错误时,dofile将错误反射给调用者
注:dofile不能在保护模式下运行
--------------------------------------------------------------------------------
4、error (message [, level])
功能:终止正在执行的函数,并返回message的内容作为错误信息(error函数永远都不会返回)
通常情况下,error会附加一些错误位置的信息到message头部.
Level参数指示获得错误的位置,
Level=1[默认]:为调用error位置(文件+行号)
Level=2:指出哪个调用error的函数的函数
Level=0:不添加错误位置信息
--------------------------------------------------------------------------------
5、_G全局环境表(全局变量)
功能:记录全局环境的变量值的表 _G._G = _G
--------------------------------------------------------------------------------
6、getfenv(f)
功能:返回函数f的当前环境表
参数:f可以为函数或调用栈的级别,级别1[默认]为当前的函数,级别0或其它值将返回全局环境_G
--------------------------------------------------------------------------------
7、getmetatable(object)
功能:返回指定对象的元表(若object的元表.__metatable项有值,则返回object的元表.__metatable的值),当object没有元表时将返回nil
lua
最近朋友玩QQ西游,买了一个外挂,不过脚本太少,需要自己写,然后就看了下....
好像蛮好玩的.可以加不少东西进来,目前实验中,他想加密他的脚本,并进行验证.....这样可以收费提供脚本,不错的想法...
有兴趣的朋友可以看看,这东西不少游戏支持,有些外挂也支持,提供了接口可以调用...
http://www.lua.org/
Apache 路径大全
来源:http://wiki.apache.org/httpd/DistrosDefaultLayout
最常用的Apache路径有:
/etc/httpd/conf/httpd.conf
/usr/local/apache/conf/httpd.conf
/usr/local/apache2/conf/httpd.conf
Apache 2.2 default layout (apache.org source package):
ServerRoot :: /usr/local/apache2 DocumentRoot :: /usr/local/apache2/htdocs Apache Config File :: /usr/local/apache2/conf/httpd.conf Other Config Files :: /usr/local/apache2/conf/extra/ SSL Config File :: /usr/local/apache2/conf/extra/httpd-ssl.conf ErrorLog :: /usr/local/apache2/logs/error_log AccessLog :: /usr/local/apache2/logs/access_log cgi-bin :: /usr/local/apache2/cgi-bin (enabled by default, but the bundled scripts are 644) binaries (apachectl) :: /usr/local/apache2/bin start/stop :: /usr/local/apache2/bin/apachectl (start|restart|graceful|graceful-stop|stop|configtest)
Apache 2.0 default layout (apache.org source package):
ServerRoot :: /usr/local/apache2 DocumentRoot :: /usr/local/apache2/htdocs Apache Config File :: /usr/local/apache2/conf/httpd.conf SSL Config :: /usr/local/apache2/conf/ssl.conf ErrorLog :: /usr/local/apache2/logs/error_log AccessLog :: /usr/local/apache2/logs/access_log cgi-bin :: /usr/local/apache2/cgi-bin (enabled by default, but the bundled scripts are 644) binaries (apachectl) :: /usr/local/apache2/bin start/stop :: /usr/local/apache2/bin/apachectl (start|stop|graceful|configtest)
Apache 1.3 default layout (apache.org source package):
ServerRoot :: /usr/local/apache DocumentRoot :: /usr/local/apache/htdocs Apache Config File :: /usr/local/apache/conf/httpd.conf ErrorLog :: /usr/local/apache/logs/error_log AccessLog :: /usr/local/apache/logs/access_log cgi-bin :: /usr/local/apache/cgi-bin (enabled by default, but the bundled scripts are 644) binaries (apachectl) :: /usr/local/apache/bin start/stop :: /usr/local/apache/bin/apachectl (start|stop|graceful|configtest)
Debian, Ubuntu (Apache 2):
ServerRoot :: /etc/apache2
DocumentRoot :: /var/www
Apache Config Files :: /etc/apache2/apache2.conf
:: /etc/apache2/ports.conf
Default VHost Config :: /etc/apache2/sites-available/default, /etc/apache2/sites-enabled/000-default
Module Locations :: /etc/apache2/mods-available, /etc/apache2/mods-enabled
ErrorLog :: /var/log/apache2/error.log
AccessLog :: /var/log/apache2/access.log
cgi-bin :: /usr/lib/cgi-bin
binaries (apachectl) :: /usr/sbin
start/stop :: /etc/init.d/apache2 (start|stop|restart|reload|force-reload|start-htcacheclean|stop-htcacheclean)
Notes:
- The Debian/Ubuntu layout is fully documented in /usr/share/doc/apache2/README.Debian
- Debian/Ubuntu use symlinks to enable vhosts and modules. Configuration files are created in their respective sites-available and mods-available directories. To activate vhosts and modules, symlinks are created in the respective sites-enabled and mods-enabled directories to the config files in either sites-available and mods-available. Debian provides scripts to handle this process called ‘a2ensite’ and ‘a2enmod’ which enables vhosts and modules.
- The default DocumentRoot is specified in the default vhost config file, /etc/apache2/sites-available/default
Debian, Ubuntu (Apache 1.3):
ServerRoot :: /etc/apache DocumentRoot :: /var/www ErrorLog :: /var/log/apache/error.log AccessLog :: /var/log/apache/access.log cgi-bin :: /usr/lib/cgi-bin binaries (apachectl) :: /usr/sbin start/stop :: /etc/init.d/apache (start|stop|graceful|configtest)
Fedora Core, CentOS, RHEL:
ServerRoot :: /etc/httpd
Primary Config Fle :: /etc/httpd/conf/httpd.conf
Other Config Files :: /etc/httpd/conf.d
Module Locations :: /usr/lib/httpd/modules
DocumentRoot :: /var/www/html
ErrorLog :: /var/log/httpd/error_log
AccessLog :: /var/log/httpd/access_log
cgi-bin :: /var/www/cgi-bin (empty and disabled by default)
binary :: /usr/sbin/httpd
runtime directory :: /etc/httpd/run
start/stop :: /sbin/service httpd {start|stop|restart|condrestart|reload|status|fullstatus|graceful|help|configtest}
Notes:
- There is an extra config file in /etc/sysconfig/httpd which can be used to change to the worker mpm /usr/sbin/httpd.worker.
- Extra config files named *.conf are loaded from /etc/httpd/conf.d. This directory is used by packages like mod_python for drop-in configs
- If you’re having issues with authorization and your permissions are correct make sure that you try testing with SELinux turned off. Run ‘setenforce 0′ and use ‘chcon’ to fix permissions. Run ‘ls -alZ’ to view the current permissions.’ SELinux first appeared in Fedora Core 3, RHEL 4, and CentOS 4.
RedHat 9.0 and older:
ServerRoot :: /etc/httpd
Primary Config Fle :: /etc/httpd/conf/httpd.conf
DocumentRoot :: /var/www/html
ErrorLog :: /var/log/httpd/error_log
AccessLog :: /var/log/httpd/access_log
cgi-bin :: /var/www/cgi-bin (empty and disabled by default)
binary :: /usr/sbin/httpd
start/stop :: /sbin/service httpd {start|stop|restart|condrestart|reload|status|fullstatus|graceful|help|configtest}
Mandriva (Apache 2.2):
ServerRoot :: /etc/httpd
Primary Config Fle :: /etc/httpd/conf/httpd.conf
DocumentRoot :: /var/www/html
ErrorLog :: /var/log/httpd/error_log
AccessLog :: /var/log/httpd/access_log
cgi-bin :: /var/www/cgi-bin
binary :: /usr/sbin/httpd
start/stop :: /sbin/service httpd
{start|stop|restart|reload|graceful|condreload|closelogs|update|condrestart|status|extendedstatus|configtest|configtest_vhosts|semcleanrestart|debug|show_defines}
Mac OS X (Leopard, Apache 2.2):
ServerRoot :: /usr Primary Config Fle :: /etc/apache2/httpd.conf DocumentRoot :: /Library/WebServer/Documents ErrorLog :: /var/log/apache2/error_log AccessLog :: /var/log/apache2/access_log cgi-bin :: /Library/WebServer/CGI-Executables (empty by default) binary :: /usr/sbin/httpd start/stop :: /usr/sbin/apachectl (start|stop|restart|fullstatus|status|graceful|graceful-stop|configtest|help)
Notes:
- apachectl graceful is equivalent to apachectl restart and doesn’t keep running connections alive. Similarly, graceful-stop is not graceful.
- The /usr/sbin/envvars script is ineffective for setting environment variables. See http://lists.apple.com/archives/web-dev/2008/Apr/msg00059.html
Mac OS X (Tiger and earlier, Apache 1.3):
ServerRoot :: /usr Primary Config Fle :: /etc/httpd/httpd.conf DocumentRoot :: /Library/WebServer/Documents ErrorLog :: /var/log/httpd/error_log AccessLog :: /var/log/httpd/access_log cgi-bin :: /Library/WebServer/CGI-Executables (empty by default) binary :: /usr/sbin/httpd start/stop :: apachectl (start|stop|restart|fullstatus|status|graceful|configtest|help)
NetBSD Apache 2.0 and 1.3 from pkgsrc (layout is identical):
ServerRoot :: /usr/pkg Config File :: /usr/pkg/etc/httpd/httpd.conf DocumentRoot :: /usr/pkg/share/httpd/htdocs ErrorLog :: /var/log/httpd/error_log AccessLog :: /var/log/httpd/access_log cgi-bin :: /usr/pkg/libexec/cgi-bin binaries (apachectl) :: /usr/pkg/sbin start/stop :: /etc/rc.d/apache [fast|force|one](start stop restart rcvar reload status poll) /etc/rc.conf variables :: apache=YES, apache_start="start" (or "startssl")
Notes:
- The “apache” script must be copied from the installation default /usr/pkg/share/examples/rc.d to /etc/rc.d (for automatic rc.conf usage) or /usr/pkg/etc/rc.d (for advanced usage).
启用32位 UBUNTU 10.10 PAE 4G以上内存的解决方案
sudo apt-get install linux-generic-pae #内核包 sudo apt-get install linux-headers-generic-pae #内核header包 sudo apt-get install nvidia-current nvidia-settings #适用于N卡
特别提示。
32位系统,打开内存得映射功能后,系统将不能使用休眠功能(休眠与待机不同)
Linux 系统之父Linus Torvalds此前曾经说过,在开启和关闭CONFIG_HIGHMEM4G(可让32位系统支持4GB物理内存)的系统内核之间存在25%的性能差异。Ubuntu 32位内核默认开启了CONFIG_HIGHMEM4G,但PAE模式是关闭的,这样32位内核在系统配置4GB内存的时候会有1GB保留给内核虚拟空间,用户实际可用的只有3GB,而Ubuntu PAE内核使用的是CONFIG_HIGHMEM64G,能处理最多64GB内存。
WebCruiser - Web Vulnerability Scanner V2.5.0
一个不错的注入工具,更新如下..需要.Net Framework 2.0 支持
Key Features:
* Crawler(Site Directories And Files);
* Vulnerability Scanner: SQL Injection, Cross Site Scripting, XPath Injection etc.;
* SQL Injection Scanner;
* SQL Injection Tool: GET/Post/Cookie Injection POC(Proof of Concept);
* SQL Injection for SQL Server: PlainText/Union/Blind Injection;
* SQL Injection for MySQL: PlainText/Union/Blind Injection;
* SQL Injection for Oracle: PlainText/Union/Blind/CrossSite Injection;
* SQL Injection for DB2: Union/Blind Injection;
* SQL Injection for Access: Union/Blind Injection;
* Post Data Resend;
* Cross Site Scripting Scanner and POC;
* XPath Injection Scanner and POC;
* Auto Get Cookie From Web Browser For Authentication;
* Report Output.
官方下载地址:http://sec4app.com/download/WebCruiserEnt.zip
st0p.org
9EF6-CC8C-F068-B1D6
Internet Information Services(IIS) 7.5 Express 试用
作者:st0p
转载请注明出处 http://www.st0p.org
IIS 7.5 Express 兼具 IIS 7.5 的强大功能与轻型 Web 服务器(例如 ASP.NET 开发服务器,也称为“Cassini”)的便利,可以增强在 Windows 上开发和测试 Web 应用程序的能力。 Microsoft WebMatrix 中包含 IIS 7.5 Express,这套集成工具可以让 Windows 上的 Web 应用程序开发工作变得简单、顺畅。 IIS 7.5 Express 也可与 Visual Studio 2010 一起使用,功能强大足以代替 Cassini。 使用 IIS 7.5 Express 的好处包括:
在生产服务器上运行的同一 Web 服务器现在可以在开发计算机上使用。
在无需管理员特权的情况下,可以完成大多数任务。
IIS 7.5 Express 在 Windows XP 和所有更高版本的 Windows 上运行。
多位用户可在相同的计算机上独立工作。
此包仅安装 IIS 7.5 Express。 对于集成的开发体验,还要安装 Microsoft WebMatrix 或 Visual Studio 2010。
今天在网上看到Internet Information Services(IIS) 7.5 Express这个的下载地址,就下载试用了一下....
安装这个之前必须要安装.NET 4
Microsoft .NET Framework 4(独立安装程序)
http://www.microsoft.com/downloads/details.aspx?FamilyID=0A391ABD-25C1-4FC0-919F-B21F31AB88B7&displayLang=zh-cn
Internet Information Services (IIS) 7.5 Express
http://www.microsoft.com/downloads/details.aspx?FamilyID=ABC59783-89DE-4ADC-B770-0A720BB21DEB&displaylang=zh-cn
安装好后,在控制面板的管理工具中不会出现IIS管理工具....
运行C:\Program Files\IIS Express\iisexpress.exe
会弹出窗口提示站点运行...默认是可以通过http://localhost:8080进行访问的,不过这样我们用起来比较麻烦,我们去改一下配置,由于我的测试环境是在虚拟机的Windows XP下进行的,所以需要修改的文件如下..
首先关掉iisexpress.exe弹出的窗口
默认配置文件:C:\Documents and Settings\Administrator\My Documents\IISExpress\config\applicationhost.config
默认网站目录:C:\Documents and Settings\Administrator\My Documents\My Web Sites\WebSite1
为了方便我们修改一下站点显示名称,网站所在目录,和默认首页文件...修改内容如下图..
由于我的目录在d:\wwwroot中,在里面新建index.asp文件,内容为<%Response.Write "St0p测试于"&now%>
运行iisexpress.exe.后弹出窗口,我们访问http://localhost
当然你也可以新建html和aspx进行测试,而且在C:\Program Files\IIS Express\目录下也有两个命令行的管理工具可以用来管理,不过我们只是偶尔测试一下东西用,用不着他们了..有兴趣的朋友可以自己看一下.....appcmd.exe和IisExpressAdminCmd.exe的用法....
八卦个linux非交互环境下本地提权的方法
文章来源:http://key0.cn/?p=220
最近好多牛都在八卦webshell-root,试问一般web用户可有对/etc/cron.d/的写入权限?浮云而已~
引用包子牛的一段话:
在iptables限制非常严格的时候,无法走icmp udp tcp的bind shell或connect back shell,又需要本地提权,root了之后关闭iptables,看看能否绕过访问控制手段(当然了,如果别人是硬件的防火墙,下文解决不了问题)。在 这一场景下,可以考虑参考下文的非交互式本地提权的方法,或许还有其他linux localroot exploit也能实现,实战出真知。
我也八卦个,没什么技术含量,关键还是思路
看图不解释,你懂的
初使化wine
唉,好久没发过东西了。。。
上次在WINE下装了点东西。但发现运行起来还是不如在virtualbox下面,所以想清理一下。。。直接初使化一下得了。。。。
删除用户目录下的.wine目录,如我的为/home/st0p/.wine
然后运行wineboot
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | st0p@st0p-desktop:~$ rm -rf /home/st0p/.wine st0p@st0p-desktop:~$ rm -rf /home/st0p/.local/share/applications/wine* st0p@st0p-desktop:~$ rm -rf /home/st0p/.local/share/desktop-directories/wine* st0p@st0p-desktop:~$ wineboot wine: created the configuration directory '/home/st0p/.wine' fixme:msvcrt:_setmbcp trail bytes data not available for DBCS codepage 0 - assuming all bytes fixme:system:SetProcessDPIAware stub! fixme:dwmapi:DwmIsCompositionEnabled 0x33cfdc fixme:file:MoveFileWithProgressW MOVEFILE_WRITE_THROUGH unimplemented fixme:advapi:SetNamedSecurityInfoW L"C:\\windows\\system32\\gecko\\1.0.0\\wine_gecko\\components\\xpti.dat" 1 536870916 (nil) (nil) 0x1ed1d4 (nil) fixme:iphlpapi:NotifyAddrChange (Handle 0xa62e8d8, overlapped 0xa62e8e0): stub fixme:file:MoveFileWithProgressW MOVEFILE_WRITE_THROUGH unimplemented fixme:advapi:SetNamedSecurityInfoW L"C:\\windows\\system32\\gecko\\1.0.0\\wine_gecko\\components\\compreg.dat" 1 536870916 (nil) (nil) 0x1cb6b8c (nil) wine: configuration in '/home/st0p/.wine' has been updated. |
如果在开始菜单中还存在有快捷方式。那就去/home/st0p/.local/share/applications/wine下删掉里面的内容