在管道的第二个过程中打开一个shell
[英]Open a shell in the second process of a pipe
问题描述
I'm having problems understanding what's going on in the following situation. 
我在解决以下情况发生的情况时遇到了问题。 I'm not familiar with UNIX pipes and UNIX at all but have read documentation and still can't understand this behaviour. 我根本不熟悉UNIX管道和UNIX,但是有读取文档但仍然无法理解这种行为。
./shellcode is an executable that successfully opens a shell: ./shellcode是一个成功打开shell的可执行文件:
seclab$ ./shellcode
$ exit
seclab$
Now imagine that I need to pass data to ./shellcode via stdin , because this reads some string from the console and then prints "hello " plus that string. 现在假设我需要通过stdin将数据传递给./shellcode ,因为这会从控制台读取一些字符串然后打印“hello”加上该字符串。 I do it in the following way (using a pipe ) and the read and write works: 我通过以下方式(使用管道 )和读写工作:
seclab$ printf "world" | ./shellcode
seclab$ hello world
seclab$
However, a new shell is not opened (or at least I can't see it and iteract with it), and if I run exit I'm out of the system, so I'm not in a new shell. 然而,一个新的shell没有被打开(或者至少我看不到它并且用它迭代),如果我运行exit我不在系统中,所以我不在新的shell中。
Can someone give some advice on how to solve this? 有人可以就如何解决这个问题提出一些建议吗? I need to use printf because I need to input binary data to the second process and I can do it like this: printf "\\x01\\x02..." 我需要使用printf,因为我需要将二进制数据输入到第二个进程,我可以这样做: printf "\\x01\\x02..."
1 个解决方案
解决方案1
2 已采纳 2012-12-02 20:29:51
When you use a pipe, you are telling Unix that the output of the command before the pipe should be used as the input to the command after the pipe. 当您使用管道时,您告诉Unix管道之前的命令输出应该用作管道之后命令的输入。 This replaces the default output (screen) and default input (keyboard). 这将替换默认输出(屏幕)和默认输入(键盘)。 Your shellcode command doesn't really know or care where its input is coming from. 您的shellcode命令并不真正了解或关注其输入的来源。 It just reads the input until it reaches the EOF (end of file). 它只是读取输入,直到它到达EOF(文件结束)。
Try running shellcode and pressing Control-D. 尝试运行shellcode并按Control-D。 That will also exit the shell, because Control-D sends an EOF (your shell might be configured to say "type exit to quit", but it's still responding to the EOF). 这也将退出shell,因为Control-D发送了一个EOF(你的shell可能被配置为说“键入exit to quit”,但它仍然响应EOF)。
There are two solutions you can use: 您可以使用两种解决方案:
Solution 1: 解决方案1:
Have shellcode accept command-line arguments: 让shellcode接受命令行参数:
#!/bin/sh
echo "Arguments: $*"
exec sh
Running: 运行:
outer$ ./shellcode foo
Arguments: foo
$ echo "inner shell"
inner shell
$ exit
outer$
To feed the argument in from another program, instead of using a pipe, you could: 要从另一个程序中输入参数,而不是使用管道,您可以:
$ ./shellcode `echo "something"`
This is probably the best approach, unless you need to pass in multi-line data. 这可能是最好的方法,除非您需要传入多行数据。 In that case, you may want to pass in a filename on the command line and read it that way. 在这种情况下,您可能希望在命令行上传入文件名并以此方式读取。
Solution 2: 解决方案2:
Have shellcode explicitly redirect its input from the terminal after it's processed your piped input: 在处理管道输入后, shellcode明确地重定向其输入:
#!/bin/sh
while read input; do
echo "Input: $input"
done
exec sh </dev/tty
Running: 运行:
outer$ echo "something" | ./shellcode
Input: something
$ echo "inner shell"
inner shell
$ exit
outer$
If you see an error like this after exiting the inner shell: 如果在退出内壳后看到如下错误:
sh: 1: Cannot set tty process group (No such process)
Then try changing the last line to: 然后尝试将最后一行更改为:
exec bash -i </dev/tty
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.