C囂冱system()痕方?峇佩shell凋綜
屢購痕方?fork, execve, waitpid, popen
遊猟周?#include <stdlib.h>
協吶痕方?int system(const char * string);
痕方傍苧?system()氏距喘fork()恢伏徨序殻, 喇徨序殻栖距喘/bin/sh-c string 栖峇佩歌方string 忖憲堪侭旗燕議凋綜, 緩凋綜峇佩頼朔昧軸卦指圻距喘議序殻. 壓距喘system()豚寂SIGCHLD 佚催氏瓜壙扮檎崔,SIGINT 才SIGQUIT 佚催夸氏瓜策待.
卦指峙?
1、泌惚 system()壓距喘/bin/sh 扮払移夸卦指127, 凪麿払移圻咀卦指-1.。
2、飛歌方string 葎腎峺寞(NULL), 夸卦指掲巣峙.
3、泌惚system()距喘撹孔夸恷朔氏卦指峇佩shell 凋綜朔議卦指峙, 徽頁緩卦指峙匆嗤辛嬬葎system()距喘/bin/sh 払移侭卦指議127, 咀緩恷挫嬬壅殊臥errno 栖鳩範峇佩撹孔.
現紗傍苧?壓園亟醤嗤 SUID/SGID 幡尫議殻會扮萩齢聞喘system(), system()氏写覚桟廠延楚, 宥狛桟廠延楚辛嬬氏夛撹狼由芦畠議諒籾.
袈箭
#include <stdlib.h>
main()
{
system("ls -al /etc/passwd /etc/shadow");
}
峇佩?
-rw-r--r-- 1 root root 705 Sep 3 13 :52 /etc/passwd
-r--------- 1 root root 572 Sep 2 15 :34 /etc/shadow
遊猟周?#include <stdlib.h>
協吶痕方?int system(const char * string);
痕方傍苧?system()氏距喘fork()恢伏徨序殻, 喇徨序殻栖距喘/bin/sh-c string 栖峇佩歌方string 忖憲堪侭旗燕議凋綜, 緩凋綜峇佩頼朔昧軸卦指圻距喘議序殻. 壓距喘system()豚寂SIGCHLD 佚催氏瓜壙扮檎崔,SIGINT 才SIGQUIT 佚催夸氏瓜策待.
卦指峙?
1、泌惚 system()壓距喘/bin/sh 扮払移夸卦指127, 凪麿払移圻咀卦指-1.。
2、飛歌方string 葎腎峺寞(NULL), 夸卦指掲巣峙.
3、泌惚system()距喘撹孔夸恷朔氏卦指峇佩shell 凋綜朔議卦指峙, 徽頁緩卦指峙匆嗤辛嬬葎system()距喘/bin/sh 払移侭卦指議127, 咀緩恷挫嬬壅殊臥errno 栖鳩範峇佩撹孔.
現紗傍苧?壓園亟醤嗤 SUID/SGID 幡尫議殻會扮萩齢聞喘system(), system()氏写覚桟廠延楚, 宥狛桟廠延楚辛嬬氏夛撹狼由芦畠議諒籾.
袈箭
#include <stdlib.h>
main()
{
system("ls -al /etc/passwd /etc/shadow");
}
峇佩?
-rw-r--r-- 1 root root 705 Sep 3 13 :52 /etc/passwd
-r--------- 1 root root 572 Sep 2 15 :34 /etc/shadow