日本综合一区二区|亚洲中文天堂综合|日韩欧美自拍一区|男女精品天堂一区|欧美自拍第6页亚洲成人精品一区|亚洲黄色天堂一区二区成人|超碰91偷拍第一页|日韩av夜夜嗨中文字幕|久久蜜综合视频官网|精美人妻一区二区三区

RELATEED CONSULTING
相關(guān)咨詢
選擇下列產(chǎn)品馬上在線溝通
服務(wù)時間:8:30-17:00
你可能遇到了下面的問題
關(guān)閉右側(cè)工具欄

新聞中心

這里有您想知道的互聯(lián)網(wǎng)營銷解決方案
linux本地提權(quán)

Linux中本地提權(quán)

1、1 什么是本地提權(quán)?

建網(wǎng)站原本是網(wǎng)站策劃師、網(wǎng)絡(luò)程序員、網(wǎng)頁設(shè)計師等,應(yīng)用各種網(wǎng)絡(luò)程序開發(fā)技術(shù)和網(wǎng)頁設(shè)計技術(shù)配合操作的協(xié)同工作。創(chuàng)新互聯(lián)專業(yè)提供網(wǎng)站設(shè)計、成都網(wǎng)站制作,網(wǎng)頁設(shè)計,網(wǎng)站制作(企業(yè)站、成都響應(yīng)式網(wǎng)站建設(shè)、電商門戶網(wǎng)站)等服務(wù),從網(wǎng)站深度策劃、搜索引擎友好度優(yōu)化到用戶體驗的提升,我們力求做到極致!

本地提權(quán)是指攻擊者在已經(jīng)取得文件訪問權(quán)限的進(jìn)程上下文中,利用該進(jìn)程的權(quán)限來提升自己的權(quán)限,這種攻擊方式通常發(fā)生在具有較高權(quán)限的進(jìn)程中,例如root用戶。

1、2 本地提權(quán)的原理

本地提權(quán)的原理是利用進(jìn)程間的信息傳遞,將攻擊者的代碼注入到目標(biāo)進(jìn)程中,從而實現(xiàn)對目標(biāo)進(jìn)程的控制,這種攻擊方式通常利用了程序運行時的環(huán)境,例如系統(tǒng)調(diào)用、庫函數(shù)等。

1、3 本地提權(quán)的方法

常見的本地提權(quán)方法有:

使用C庫函數(shù)setuid和setgid實現(xiàn)權(quán)限提升;

利用系統(tǒng)調(diào)用如open、read、write等實現(xiàn)代碼注入;

利用動態(tài)鏈接庫加載技術(shù)實現(xiàn)代碼注入;

利用內(nèi)存共享技術(shù)實現(xiàn)代碼注入。

EXP(Execute and Read)利用

2、1 什么是EXP?

EXP是一種基于Linux內(nèi)核漏洞的攻擊手段,通過執(zhí)行惡意代碼并讀取受影響的進(jìn)程內(nèi)存來實現(xiàn)對系統(tǒng)的控制,EXP利用了Linux內(nèi)核中的一個設(shè)計缺陷,即某些系統(tǒng)調(diào)用允許任意進(jìn)程執(zhí)行任意代碼。

2、2 EXP利用的原理

EXP利用的原理是利用Linux內(nèi)核中的EXP(Execute and Read)漏洞,通過發(fā)送特制的系統(tǒng)調(diào)用參數(shù),使目標(biāo)進(jìn)程執(zhí)行惡意代碼,一旦惡意代碼成功執(zhí)行,攻擊者就可以進(jìn)一步利用目標(biāo)進(jìn)程的權(quán)限進(jìn)行其他操作。

2、3 EXP利用的方法

常見的EXP利用方法有:

構(gòu)造特制的系統(tǒng)調(diào)用參數(shù),使目標(biāo)進(jìn)程執(zhí)行惡意代碼;

在惡意代碼中添加后門,以便在后續(xù)攻擊中繼續(xù)控制目標(biāo)進(jìn)程;

利用目標(biāo)進(jìn)程的內(nèi)存空間存儲敏感數(shù)據(jù),以便后續(xù)攻擊。

示例分析

3、1 示例一:使用setuid和setgid實現(xiàn)本地提權(quán)

include 
include 
include 
include 
include 
include 
include 
include 
include 
include 
include 
include 
include 
include 
include 
include 
include 
include 
include 
include 
include 
include 
include 
include 
include 
include 
include 
include 
include 
include 
include 
define AT_FDCWD (-100)     /* file descriptor for current working directory */    /* see fcntl(2) */    /* POSIX.1-2001 */    /* removed in POSIX.1-2008 */    /* replaced by AT_SYMLINK_NOFOLLOW (since Linux 2.6.24) */    /* added in POSIX.1-2008 */                           /* removed in POSIX.1-2008 */                                /* replaced by AT_REMOVEDIR (since Linux 2.6.24) */                                                        /* added in POSIX.1-2008 */                                                       /* removed in POSIX.1-2008 */                                                                          /* replaced by AT_SYMLINK_NOFOLLOW (since Linux 2.6.24) */                                                                /* added in POSIX.1-2008 */                                                                                 /* removed in POSIX.1-2008 */                                                                                                   /* replaced by AT_REMOVEDIR (since Linux 2.6.24) */                                                             /* added in POSIX.1-2008 */                                                                                     /* removed in POSIX.1-2008 */                                                                                                                        /* replaced by AT_SYMLINK_NOFOLLOW (since Linux 2.6.24) */                                                                                                      /* added in POSIX.1-2008 */                                                                                                     /* removed in POSIX.1-2008 */                                                                                                      /* replaced by AT_REMOVEDIR (since Linux 2.6.24) */                                                                                                         /* added in POSIX.1-2008 */                                                                      /* removed in POSIX.1-2008 */                                                                                          /* replaced by AT_SYMLINK_NOFOLLOW (since Linux 2.6.24) */                                                                                                 /* added in POSIX.1-2008 */                                                                      /* removed in POSIX.1-2008 */                                                                                          /* replaced by AT_REMOVEDIR (since Linux 2.6.24) */                                                                                             /* added in POSIX.1-2008 */                                                                      /* removed in POSIX.1-2008 */                                                                                          /* replaced by AT_REMOVEDIR (since Linux 2.6.24) */                                                                                                                /* added in POSIX.1-2008 */                                                                      /* removed in POSIX.1-2008 */                                                                                          /* replaced by AT_REMOVEDIR (since Linux 2.6.24) */                                                                                                                /* added in POSIX.1-2008 */                                                                      /* removed in POSIX.1-2008 */                                                                                          /* replaced by AT_REMOVEDIR (since Linux 2.6.24) */                                                                                              /* added in POSIX.1-2008 */                                                                      /* removed in POSIX.1-2008 */                                                                                          /* replaced by AT_REMOVEDIR (since Linux 2.6.24) */                                                                                                                /* added in POSIX.1-2008 */                                                                      /* removed in POSIX.1-2008 */                                                                                          /* replaced by AT_REMOVEDIR (since Linux 2.6.24) */                                                                                             /* added in POSIX.1-2008 */                                                                      /* removed in POSIX.1-2008 */                                                                                          /* replaced by AT_REMOVEDIR (since Linux 2.6.24) */                                                                                                                /* added in POSIX.1-2008 */                                                                      /* removed in POSIX.1-2008 */                                                                                          /* replaced by AT_REMOVEDIR (since Linux 2.6.24) */                                                                                                                /* added in POSIX.1-2008 */                                                                      /* removed in POSIX

文章標(biāo)題:linux本地提權(quán)
轉(zhuǎn)載來源:http://www.dlmjj.cn/article/cohcsso.html