1、1 什么是本地提权?
建网站原本是网站策划师、网络程序员、网页设计师等,应用各种网络程序开发技术和网页设计技术配合操作的协同工作。创新互联专业提供网站设计、成都网站制作,网页设计,网站制作(企业站、成都响应式网站建设、电商门户网站)等服务,从网站深度策划、搜索引擎友好度优化到用户体验的提升,我们力求做到极致!
本地提权是指攻击者在已经取得文件访问权限的进程上下文中,利用该进程的权限来提升自己的权限,这种攻击方式通常发生在具有较高权限的进程中,例如root用户。
1、2 本地提权的原理
本地提权的原理是利用进程间的信息传递,将攻击者的代码注入到目标进程中,从而实现对目标进程的控制,这种攻击方式通常利用了程序运行时的环境,例如系统调用、库函数等。
1、3 本地提权的方法
常见的本地提权方法有:
使用C库函数setuid和setgid实现权限提升;
利用系统调用如open、read、write等实现代码注入;
利用动态链接库加载技术实现代码注入;
利用内存共享技术实现代码注入。
2、1 什么是EXP?
EXP是一种基于Linux内核漏洞的攻击手段,通过执行恶意代码并读取受影响的进程内存来实现对系统的控制,EXP利用了Linux内核中的一个设计缺陷,即某些系统调用允许任意进程执行任意代码。
2、2 EXP利用的原理
EXP利用的原理是利用Linux内核中的EXP(Execute and Read)漏洞,通过发送特制的系统调用参数,使目标进程执行恶意代码,一旦恶意代码成功执行,攻击者就可以进一步利用目标进程的权限进行其他操作。
2、3 EXP利用的方法
常见的EXP利用方法有:
构造特制的系统调用参数,使目标进程执行恶意代码;
在恶意代码中添加后门,以便在后续攻击中继续控制目标进程;
利用目标进程的内存空间存储敏感数据,以便后续攻击。
3、1 示例一:使用setuid和setgid实现本地提权
includeinclude include include include include include include include include include include include include include include include include include include include include include include include include include include include include include define AT_FDCWD (-100) /* file descriptor for current working directory */ /* see fcntl(2) */ /* POSIX.1-2001 */ /* removed in POSIX.1-2008 */ /* replaced by AT_SYMLINK_NOFOLLOW (since Linux 2.6.24) */ /* added in POSIX.1-2008 */ /* removed in POSIX.1-2008 */ /* replaced by AT_REMOVEDIR (since Linux 2.6.24) */ /* added in POSIX.1-2008 */ /* removed in POSIX.1-2008 */ /* replaced by AT_SYMLINK_NOFOLLOW (since Linux 2.6.24) */ /* added in POSIX.1-2008 */ /* removed in POSIX.1-2008 */ /* replaced by AT_REMOVEDIR (since Linux 2.6.24) */ /* added in POSIX.1-2008 */ /* removed in POSIX.1-2008 */ /* replaced by AT_SYMLINK_NOFOLLOW (since Linux 2.6.24) */ /* added in POSIX.1-2008 */ /* removed in POSIX.1-2008 */ /* replaced by AT_REMOVEDIR (since Linux 2.6.24) */ /* added in POSIX.1-2008 */ /* removed in POSIX.1-2008 */ /* replaced by AT_SYMLINK_NOFOLLOW (since Linux 2.6.24) */ /* added in POSIX.1-2008 */ /* removed in POSIX.1-2008 */ /* replaced by AT_REMOVEDIR (since Linux 2.6.24) */ /* added in POSIX.1-2008 */ /* removed in POSIX.1-2008 */ /* replaced by AT_REMOVEDIR (since Linux 2.6.24) */ /* added in POSIX.1-2008 */ /* removed in POSIX.1-2008 */ /* replaced by AT_REMOVEDIR (since Linux 2.6.24) */ /* added in POSIX.1-2008 */ /* removed in POSIX.1-2008 */ /* replaced by AT_REMOVEDIR (since Linux 2.6.24) */ /* added in POSIX.1-2008 */ /* removed in POSIX.1-2008 */ /* replaced by AT_REMOVEDIR (since Linux 2.6.24) */ /* added in POSIX.1-2008 */ /* removed in POSIX.1-2008 */ /* replaced by AT_REMOVEDIR (since Linux 2.6.24) */ /* added in POSIX.1-2008 */ /* removed in POSIX.1-2008 */ /* replaced by AT_REMOVEDIR (since Linux 2.6.24) */ /* added in POSIX.1-2008 */ /* removed in POSIX.1-2008 */ /* replaced by AT_REMOVEDIR (since Linux 2.6.24) */ /* added in POSIX.1-2008 */ /* removed in POSIX
名称栏目:linux本地提权
本文URL:http://www.stwzsj.com/qtweb/news18/7168.html
网站建设、网络推广公司-创新互联,是专注品牌与效果的网站制作,网络营销seo公司;服务项目有等
声明:本网站发布的内容(图片、视频和文字)以用户投稿、用户转载内容为主,如果涉及侵权请尽快告知,我们将会在第一时间删除。文章观点不代表本网站立场,如需处理请联系客服。电话:028-86922220;邮箱:631063699@qq.com。内容未经允许不得转载,或转载时需注明来源: 创新互联