由于基于Android类设备的渗透测试都是通过各类终端实现。所以掌握Shell相关操作就显得尤为重要。Bash是一个为GNU计划编写的Unix Shell本文选自基于Android设备的Kali Linux渗透测试教程。
它是许多Linux平台内定Shell,还有许多传统UNIX上用的Shell,如tcsh、csh、ash、bsh、ksh等。Bash是大多数Linux系统上默认的Shell,本章将介绍Bash的基础知识。
Linux man中的man就是manual的缩写,中文说法是手册。在Linux中,man手册就是用来查看系统中自带的各种参考手册。通过查看man手册,可以从中获取到各种命令、文件、库函数等帮助信息。本节将介绍从man手册。
使用man文件是很容易的,这里首先介绍下它的语法格式及相关参数。man命令的语法格式如下所示:
man [SECTION NUMBER] MAN PAGE NAME
以上命令中,两个选项的含义如下所示:
q SECTION NUMBER:表示man手册页的章节号。
q MAN PAGE NAME:表示man手册名称,通常是命令、系统或库本身的名称。例如,如果查找man命令的手册页,执行命令如下所示:
man 1 man
在以上命令中,1表示告诉man命令为第1节,而man参数后面的命令就man手册页的名称。
Man手册页章节号是根据它们自己的规范定义的,主要分为几个部分。如下所示:
q 1:普通命令用这个段查找使用在命令行的命令信息。在上面这个命令中,使用它来查找关于man文件的信息。
q 2:系统调用:即由内核提供的函数。
q 3:C库函数。对于C语言开发,该文档是非常有用的,并且开发者使用开发语言作为C延伸工具,如Python。它将显示参数相关的信息,头文件的定义、行为和基本C库函数调用的目的。
q 4:特殊文件,也就是各种设备文件。这些文件通常保存在/dev/目录中,如字符设备、伪终端等。
q 5:文件格式和转化。该文档包含了Linux系统中文件的格式。如密码文件passwd,该手册页将会说明这个文件中各个字段的含义。
q 6:游戏和屏幕保护。该文档中包含关于游戏和屏幕保护程序信息。
q 7:杂集。该文档中包括各种命令信息和其它信息。
q 8:系统管理员命令和守护进程。该文档中命令和系统守护进程只能由管理员使用。
man手册的页面布局是标准化的,包含一个特定部分的集合。man手册页的每个部分都包含了描述、系统调用或库函数。下面分别介绍一下在man文件中目的相同的部分,如下所示:
q Name:表示命令、函数、系统调用或文件格式的名称。
q Synopsis:表示命令、函数、系统调用、文件格式等语法格式。
q Description:对命令功能的描述
q Examples:表示对命令如何使用给出的例子。
q See also:表示参考文档、Web页面及与该程序有关的其它程序。
为了验证man手册的语法格式及内容格式等,下面举几个例子作为验证。
【实例2-1】查看本机伪终端的man手册页。执行命令如下所示:
android@localhost :~$ man 4 pts
执行以上命令后,将显示如下所示的信息:
PTS(4) Linux Programmer's Manual PTS(4)
NAME
ptmx, pts - pseudoterminal master and slave
DESCRIPTION
The file /dev/ptmx is a character file with major number 5 and minor
number 2, usually of mode 0666 and owner.group of root.root. It is
used to create a pseudoterminal master and slave pair.
When a process opens /dev/ptmx, it gets a file descriptor for a pseu‐
doterminal master (PTM), and a pseudoterminal slave (PTS) device is
created in the /dev/pts directory. Each file descriptor obtained by
opening /dev/ptmx is an independent PTM with its own associated PTS,
whose path can be found by passing the descriptor to ptsname(3).
Before opening the pseudoterminal slave, you must pass the master's
file descriptor to grantpt(3) and unlockpt(3).
Once both the pseudoterminal master and slave are open, the slave pro‐
vides processes with an interface that is identical to that of a real
terminal.
……
FILES
/dev/ptmx, /dev/pts/*
NOTES
The Linux support for the above (known as UNIX 98 pseudoterminal nam‐
ing) is done using the devpts file system, that should be mounted on
/dev/pts.
Before this UNIX 98 scheme, master pseudoterminals were called
/dev/ptyp0, ... and slave pseudoterminals /dev/ttyp0, ... and one
needed lots of preallocated device nodes.
SEE ALSO
getpt(3), grantpt(3), ptsname(3), unlockpt(3), pty(7)
COLOPHON
This page is part of release 3.44 of the Linux man-pages project. A
description of the project, and information about reporting bugs, can
be found at http://www.kernel.org/doc/man-pages/.
从以上输出的信息中,可以看到该手册页共有七部分,如主题、文件名称、文件保存位置、参考资料等。在输出信息的左上角可以看到显示了PTS(4)。其中,PTS表示手册名称,(4)表示手册位于第四章节。最后,按下q键退出man手册页本文选自基于Android设备的Kali Linux渗透测试教程。
【实例2-2】查看passwd文件的man手册页。执行命令如下所示:
android@localhost :~$ man 5 passwd
执行以上命令后,将输出如下所示的信息:
PASSWD(5) File Formats and Conversions PASSWD(5)
NAME
passwd - the password file
DESCRIPTION
/etc/passwd contains one line for each user account, with seven fields
delimited by colons (“:”). These fields are:
· login name
· optional encrypted password
· numerical user ID
· numerical group ID
· user name or comment field
· user home directory
· optional user command interpreter
The encrypted password field may be blank, in which case no password is
required to authenticate as the specified login name. However, some
applications which read the /etc/passwd file may decide not to permit
any access at all if the password field is blank. If the password field
is a lower-case “x”, then the encrypted password is actually stored in
the shadow(5) file instead; there must be a corresponding line in the
/etc/shadow file, or else the user account is invalid. If the password
field is any other string, then it will be treated as an encrypted
password, as specified by crypt(3).
The comment field is used by various system utilities, such as
finger(1).
The home directory field provides the name of the initial working
directory. The login program uses this information to set the value of
the $HOME environmental variable.
The command interpreter field provides the name of the user's command
language interpreter, or the name of the initial program to execute.
The login program uses this information to set the value of the $SHELL
environmental variable. If this field is empty, it defaults to the
value /bin/sh.
FILES
/etc/passwd
User account information.
/etc/shadow
optional encrypted password file
/etc/passwd-
Backup file for /etc/passwd.
Note that this file is used by the tools of the shadow toolsuite,
but not by all user and password management tools.
SEE ALSO
crypt(3), getent(1), getpwnam(3), login(1), passwd(1), pwck(8),
pwconv(8), pwunconv(8), shadow(5), su(1), sulogin(8).
shadow-utils 4.1.5.1 05/25/2012 PASSWD(5)
从以上输出信息中,可以看到passwd文件中共有七个字段,并且每个字段使用“冒号:”分割。具体每个字段的作用,在该文档中都有详细介绍。在Linux系统中也有passwd命令,如果查看该命令的帮助信息,执行命令如下所示:
android@localhost :~$ man 1 passwd
输出信息如下所示:
PASSWD(1) User Commands PASSWD(1)
NAME
passwd - change user password
SYNOPSIS
passwd [options] [LOGIN]
DESCRIPTION
The passwd command changes passwords for user accounts. A normal user
may only change the password for his/her own account, while the
superuser may change the password for any account. passwd also changes
the account or associated password validity period.
……
OPTIONS
The options which apply to the passwd command are:
-a, --all
This option can be used only with -S and causes show status for all
users.
-d, --delete
Delete a user's password (make it empty). This is a quick way to
disable a password for an account. It will set the named account
passwordless.
-e, --expire
Immediately expire an account's password. This in effect can force
a user to change his/her password at the user's next login.
-h, --help
Display help message and exit.
-i, --inactive INACTIVE
This option is used to disable an account after the password has
been expired for a number of days. After a user account has had an
expired password for INACTIVE days, the user may no longer sign on
to the account.
……
CAVEATS
Password complexity checking may vary from site to site. The user is
urged to select a password as complex as he or she feels comfortable
with.
Users may not be able to change their password on a system if NIS is
enabled and they are not logged into the NIS server.
passwd uses PAM to authenticate users and to change their passwords.
FILES
/etc/passwd
User account information.
/etc/shadow
Secure user account information.
/etc/pam.d/passwd
PAM configuration for passwd.
EXIT VALUES
The passwd command exits with the following values:
0
success
1
permission denied
2
invalid combination of options
3
unexpected failure, nothing done
4
unexpected failure, passwd file missing
5
passwd file busy, try again
6
invalid argument to option
SEE ALSO
chpasswd(8), passwd(5), shadow(5), usermod(8).
shadow-utils 4.1.5.1 05/25/2012 PASSWD(1)
在以上输出信息中,显示了passwd命令的语法格式、选项、描述等信息。从以上的输出信息中,可以发现使用的章节编号不同,显示的帮助文档内容也不同。在以上命令中,也可以不输入章节号1的。因为,man命令默认是从数字较小的手册中寻找相关命令和函数。
注意:man命令是按照手册的章节号顺序进行搜索的。例如查看sleep命令的手册,执行man sleep命令。如果想要查看库函数sleep,则需要执行man 3 sleep命令。这里的章节号,就必须输入本文选自基于Android设备的Kali Linux渗透测试教程。