upload dockers

.history/php/serialize_20211123144517.php

@@ -0,0 +1,74 @@
+<?php
+class Test{
+    protected $a;
+    private $b;
+
+    public function __construct()
+    {
+        $this->a = 'aaa';
+        $this->b = 'bbb';   
+    }
+}
+
+function process_serialized($serialized)
+    {
+        $new = '';
+        $last = 0;
+        $current = 0;
+        $pattern = '#\bs:([0-9]+):"#';
+
+        while(
+            $current < strlen($serialized) &&
+            preg_match(
+                $pattern, $serialized, $matches, PREG_OFFSET_CAPTURE, $current
+            )
+        )
+        {
+
+            $p_start = $matches[0][1];
+            $p_start_string = $p_start + strlen($matches[0][0]);
+            $length = $matches[1][0];
+            $p_end_string = $p_start_string + $length;
+
+            # Check if this really is a serialized string
+            if(!(
+                strlen($serialized) > $p_end_string + 2 &&
+                substr($serialized, $p_end_string, 2) == '";'
+            ))
+            {
+                $current = $p_start_string;
+                continue;
+            }
+            $string = substr($serialized, $p_start_string, $length);
+
+            # Convert every special character to its S representation
+            $clean_string = '';
+            for($i=0; $i < strlen($string); $i++)
+            {
+                $letter = $string{$i};
+                $clean_string .= ctype_print($letter) && $letter != '\\' ?
+                    $letter :
+                    sprintf("\\%02x", ord($letter));
+                ;
+            }
+
+            # Make the replacement
+            $new .= 
+                substr($serialized, $last, $p_start - $last) .
+                'S:' . $matches[1][0] . ':"' . $clean_string . '";'
+            ;
+            $last = $p_end_string + 2;
+            $current = $last;
+        }
+
+        $new .= substr($serialized, $last);
+        return $new;
+    }
+
+$gadget = serialize(new Test);
+$payload = process_serialized($gadget);
+var_dump($payload);
+
+
+
+?>

.history/php/serialize_20221028225608.php

@@ -0,0 +1,72 @@
+<?php
+class Test{
+    protected $a;
+    private $b;
+
+    public function __construct()
+    {
+        $this->a = 'aaa';
+        $this->b = 'bbb';   
+    }
+}
+
+function process_serialized($serialized)
+    {
+        $new = '';
+        $last = 0;
+        $current = 0;
+        $pattern = '#\bs:([0-9]+):"#';
+
+        while(
+            $current < strlen($serialized) &&
+            preg_match(
+                $pattern, $serialized, $matches, PREG_OFFSET_CAPTURE, $current
+            )
+        )
+        {
+
+            $p_start = $matches[0][1];
+            $p_start_string = $p_start + strlen($matches[0][0]);
+            $length = $matches[1][0];
+            $p_end_string = $p_start_string + $length;
+
+            # Check if this really is a serialized string
+            if(!(
+                strlen($serialized) > $p_end_string + 2 &&
+                substr($serialized, $p_end_string, 2) == '";'
+            ))
+            {
+                $current = $p_start_string;
+                continue;
+            }
+            $string = substr($serialized, $p_start_string, $length);
+
+            # Convert every special character to its S representation
+            $clean_string = '';
+            for($i=0; $i < strlen($string); $i++)
+            {
+                $letter = $string{$i};
+                $clean_string .= ctype_print($letter) && $letter != '\\' ?
+                    $letter :
+                    sprintf("\\%02x", ord($letter));
+                ;
+            }
+
+            # Make the replacement
+            $new .= 
+                substr($serialized, $last, $p_start - $last) .
+                'S:' . $matches[1][0] . ':"' . $clean_string . '";'
+            ;
+            $last = $p_end_string + 2;
+            $current = $last;
+        }
+
+        $new .= substr($serialized, $last);
+        return $new;
+    }
+
+$gadget = serialize(new Test);
+$payload = process_serialized($gadget);
+var_dump($payload);
+
+?>

README.md

@@ -2,10 +2,39 @@
 
 ## 目录结构
 ```
+.
 ├── README.md
+├── dockers
+│   └── docker_php_debug
+│       ├── README.md
+│       ├── docker-compose.yml
+│       ├── logs
+│       │   └── nginx
+│       │       ├── access.log
+│       │       ├── error.log
+│       │       ├── info.log
+│       │       └── notice.log
+│       ├── mysql
+│       │   ├── Dockerfile
+│       │   ├── db.sql
+│       │   └── xyhcms.sql
+│       ├── nginx
+│       │   ├── Dockerfile
+│       │   ├── nginx.conf
+│       │   └── templates
+│       │       └── default.conf.template
+│       ├── php-fpm
+│       │   ├── Dockerfile
+│       │   ├── mongodb-1.14.1.tgz
+│       │   ├── www.conf
+│       │   ├── xdebug-3.1.5.tgz
+│       │   └── xdebug.ini
+│       └── source
+│           └── test.php
 ├── javascript
 │   ├── node-ssrf-split.js
 │   ├── port-scan.js
+│   ├── test.js
 │   └── xss-bot.js
 ├── misc
 │   ├── UploadServer.py
@@ -52,3 +81,4 @@
 | contend2.py|比较优雅的进行条件竞争模版，来自@P神 |
 |convert2javabytes.py |转字符串为16进制字节码，方便java中的命令执行例如EL表达式：${T(java.lang.Runtime).getRuntime().exec(new String(new byte[]{0x6f,0x70,0x65,0x6e,0x20,0x2d,0x61,0x20,0x43,0x61,0x6c,0x63,0x75,0x6c,0x61,0x74,0x6f,0x72}))} |
 | c\perl交互readflag脚本| [readflag](https://github.com/ZeddYu/ReadFlag)|
+| docker_php_debug| docker远程调试php板子，mysql+nginx+php-fpm+xdebug|

dockers/docker_php_debug/.env

@@ -0,0 +1,12 @@
+COMPOSE_PROJECT_NAME=phpxdebug
+# development/production
+DEPLOY_MODE=development
+
+COMPOSE_PATH_SEPARATOR=:
+
+COMPOSE_FILE=docker-compose.yml
+
+#访问域名
+NGINX_HOST=localhost
+
+APP_CODE_PATH=/usr/share/nginx/html

dockers/docker_php_debug/.history/README_20230701115009.md

@@ -0,0 +1,10 @@
+PHP Docker开发环境，PHPStorm及Xdebug的使用。
+
+修改PHP
+
+```shell
+cd docker
+docker-compose up -d 
+```
+
+

dockers/docker_php_debug/.history/README_20230701115120.md

@@ -0,0 +1,10 @@
+PHP Docker开发环境，PHPStorm及Xdebug的使用。
+
+目录结构
+
+```shell
+cd docker
+docker-compose up -d 
+```
+
+

dockers/docker_php_debug/.history/README_20230701115129.md

@@ -0,0 +1,10 @@
+PHP Docker开发环境，PHPStorm及Xdebug的使用。
+
+目录结构
+
+```shell
+cd docker
+docker-compose up -d 
+```
+
+

dockers/docker_php_debug/.history/docker-compose_20230627161420.yml

@@ -0,0 +1,34 @@
+version: "3.7"
+services:
+  nginx:
+    container_name: nginx-xyhcms
+    build: ./nginx
+    depends_on:
+      - php-fpm
+      - mysql
+    volumes:
+      - ./source:/usr/share/nginx/html:rw
+      - ./nginx/templates:/etc/nginx/templates
+      - ./logs/nginx:/var/log/nginx
+    ports:
+      - "8888:80"
+    environment:
+      - NGINX_HOST=${NGINX_HOST}
+      - NGINX_PORT=80
+    restart: always
+  php-fpm:
+    container_name: php-fpm-xyhcms
+    build:
+      context: ./php-fpm
+      args:
+        - APP_CODE_PATH=${APP_CODE_PATH}
+    environment:
+      PHP_IDE_CONFIG: serverName=${NGINX_HOST}
+    volumes:
+      - ./source:/usr/share/nginx/html:rw
+  mysql:
+    container_name: mysql-xyhcms
+    build: ./mysql
+    environment:
+      MYSQL_ROOT_PASSWORD: root
+    restart: always

dockers/docker_php_debug/.history/docker-compose_20230630092348.yml

@@ -0,0 +1,34 @@
+version: "3.7"
+services:
+  nginx:
+    container_name: nginx-xyhcms
+    build: ./nginx
+    depends_on:
+      - php-fpm
+      - mysql
+    volumes:
+      - ./source:/usr/share/nginx/html:rw
+      - ./nginx/templates:/etc/nginx/templates
+      - ./logs/nginx:/var/log/nginx
+    ports:
+      - "8888:80"
+    environment:
+      - NGINX_HOST=${NGINX_HOST}
+      - NGINX_PORT=80
+    restart: always
+  php-fpm:
+    container_name: php-fpm-xyhcms
+    build:
+      context: ./php-fpm
+      args:
+        - APP_CODE_PATH=${APP_CODE_PATH}
+    environment:
+      PHP_IDE_CONFIG: serverName=${NGINX_HOST}
+    volumes:
+      - ./source:/usr/share/nginx/html:rw
+  mysql:
+    container_name: mysql-xyhcms
+    build: ./mysql
+    environment:
+      MYSQL_ROOT_PASSWORD: root
+    restart: always

dockers/docker_php_debug/.history/mysql/Dockerfile_20200131115111

@@ -0,0 +1,3 @@
+FROM mysql:5.7
+
+COPY ./db.sql /docker-entrypoint-initdb.d/

dockers/docker_php_debug/.history/mysql/Dockerfile_20230630091116

@@ -0,0 +1,3 @@
+FROM mysql:5.7
+
+COPY ./db.sql /docker-entrypoint-initdb.d/

dockers/docker_php_debug/README.md

@@ -0,0 +1,25 @@
+PHP Docker开发环境，PHPStorm及Xdebug的使用。
+
+# 目录结构
+| 文件夹名称 | 作用 |
+|---|---|
+| logs | 存放nginx&xdebug日志 |
+| mysql | mysql-docker构建 |
+| nginx | nginx构建 |
+| php-fpm | php-fpm构建 |
+| source | web源码 |
+| .env | 控制docker-compose变量 |
+
+# 说明
+* 构建的web目录根路径在：/usr/share/nginx/html
+* xdebug3.x，指定client_host为docker宿主机，端口为宿主机9003
+* 默认nginx_host为localhost，通过.env更改
+
+
+# 启动
+```shell
+cd docker
+docker-compose up -d 
+```
+
+

dockers/docker_php_debug/docker-compose.yml

@@ -0,0 +1,34 @@
+version: "3.7"
+services:
+  nginx:
+    container_name: nginx-xyhcms
+    build: ./nginx
+    depends_on:
+      - php-fpm
+      - mysql
+    volumes:
+      - ./source:/usr/share/nginx/html:rw
+      - ./nginx/templates:/etc/nginx/templates
+      - ./logs/nginx:/var/log/nginx
+    ports:
+      - "8888:80"
+    environment:
+      - NGINX_HOST=${NGINX_HOST}
+      - NGINX_PORT=80
+    restart: always
+  php-fpm:
+    container_name: php-fpm-xyhcms
+    build:
+      context: ./php-fpm
+      args:
+        - APP_CODE_PATH=${APP_CODE_PATH}
+    environment:
+      PHP_IDE_CONFIG: serverName=${NGINX_HOST}
+    volumes:
+      - ./source:/usr/share/nginx/html:rw
+  mysql:
+    container_name: mysql-xyhcms
+    build: ./mysql
+    environment:
+      MYSQL_ROOT_PASSWORD: root
+    restart: always