![\"\"](\"https:\/\/blog.byzhb.top\/wp-content\/uploads\/2023\/02\/64_Q9F4HZ1@O@41GGGNH5.png\")
<\/div><\/p>\n\u5728\u547d\u4ee4\u884c\u8f93\u5165whoami\u7b49\u547d\u4ee4\uff0c\u786e\u8ba4\u81ea\u5df1\u4e3a\u666e\u901a\u7528\u6237\uff08\u5176\u5b9e\u8fd9\u4e00\u90e8\u53ef\u4ee5\u7701\u7565\uff0c\u5927\u591a\u6570\u60c5\u51b5\u4e0b\u90fd\u662f\u666e\u901a\u7528\u6237\uff0c\u4e0d\u7136\u4e5f\u4e0d\u9700\u8981\u63d0\u6743\uff09<\/p>\n
2\u3001find\u547d\u4ee4\u5bfb\u627e\u5177\u6709SUID\u6743\u9650\u7684\u6587\u4ef6\uff1a<\/h2>\n
\u547d\u4ee4\u4e3a\uff1a<\/p>\n
find <\/span>\/<\/span> -user root -perm -4000<\/span> -print 2<\/span>><\/span>\/<\/span>dev\/<\/span>null<\/span><\/pre>\n<\/div>\n<\/div>\nfind\u547d\u4ee4\u7684\u683c\u5f0f\u4e3a find [\u8def\u5f84]<\/span> [\u53c2\u6570]<\/span><\/div>\n\u547d\u4ee4\u89e3\u91ca\uff1a<\/strong><\/div>\n\n- \n
\/ :\u4ee3\u8868\u6839\u76ee\u5f55\uff0c\u4e5f\u5c31\u662f\u8bf4\u4ece\u6839\u76ee\u5f55\u5f00\u59cb\u67e5\u627e<\/p><\/blockquote>\n<\/li>\n
- \n
-user \uff1a\u6309\u6587\u4ef6\u5c5e\u4e3b\u7c7b\u578b\u67e5\u627e<\/p><\/blockquote>\n<\/li>\n
- \n
-perm\uff1a\u6309\u6587\u4ef6\u6743\u9650\u6765\u67e5\u627e\uff0c4000\uff0c2000,1000\u4e3a\u5206\u522b\u8868\u793aSUID,SGID,SBIT<\/p><\/blockquote>\n<\/li>\n
- \n
-print\uff1a\u5c06\u5339\u914d\u5230\u7684\u6587\u4ef6\u8fdb\u884c\u6807\u51c6\u8f93\u51fa<\/p><\/blockquote>\n<\/li>\n
- \n
2<\/span>><\/span>\/<\/span>dev\/<\/span>null : 2\u4ee3\u8868\u6807\u51c6\u9519\u8bef\u8f93\u51fa\uff08\u6587\u4ef6\u63cf\u8ff0\u7b26\u7684\u4e00\u79cd\uff09\uff0c>\u4ee3\u8868\u8f93\u51fa\u91cd\u5b9a\u5411\uff0c\/<\/span>dev\/<\/span>null\u662f\u4e00\u4e2a\u7279\u6b8a\u7684\u6587\u4ef6\uff0c\u8f93\u51fa\u5230\u6b64\u6587\u4ef6\u7684\u4e1c\u897f\u90fd\u4f1a\u88ab\u4e22\u5f03\uff0c\u4f60\u4e3a\u53ef\u4ee5\u7406\u89e3\u4e3a\u5783\u573e\u6876<\/span><\/p><\/blockquote>\n<\/li>\n<\/ul>\n\u6267\u884c\u7ed3\u679c\u4e3a\uff1a<\/p>\n
![\"\"](\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\")
<\/div><\/p>\n <\/p>\n
\u6211\u4eec\u53ef\u4ee5\u770b\u5230\u7ed3\u679c\u5927\u591a\u4e3a\/bin\u6587\u4ef6\u5939\u91cc\u9762\u7684\u6587\u4ef6\uff0c\u8fd9\u91cc\u8981\u8bf4\u4e00\u4e0b\uff1a\/bin\u76ee\u5f55\u4e0b\u5305\u542b\u4e86\u7528\u6237\u547d\u4ee4\u6587\u4ef6<\/span>\uff0c\u4e5f\u5c31\u662f\u8bf4find\u7684\u547d\u4ee4\u5339\u914d\u5230\u7684\/bin\u76ee\u5f55\u91cc\u7684\u547d\u4ee4\u5927\u591a\u90fd\u53ef\u4ee5\u8fdb\u884c\u63d0\u6743\u64cd\u4f5c\uff0c\u5728\u6267\u884c\u76f8\u5173\u547d\u4ee4\u7684\u540c\u65f6\u62e5\u6709root\u6743\u9650<\/p>\n3\u3001find\u547d\u4ee4\u63d0\u6743\uff1a<\/h2>\n
\u901a\u8fc7\u641c\u7d22\u7ed3\u679c\u6211\u4eec\u53ef\u4ee5\u770b\u5230\uff0cfind\u547d\u4ee4\u662f\u62e5\u6709SUID\u6743\u9650\u7684\uff0c\u63a5\u4e0b\u6765\u6211\u4eec\u4fbf\u5229\u7528find\u547d\u4ee4\u8fdb\u884c\u63d0\u6743<\/p>\n
\u8fd9\u91cc\u9700\u8981\u7528\u5230find\u547d\u4ee4\u91cc\u9762\u7684\u4e00\u4e2a\u53c2\u6570: -exec (\u5bf9\u5339\u914d\u7684\u6587\u4ef6\u6267\u884c\u8be5\u53c2\u6570\u6240\u7ed9\u51fa\u7684shell\u547d\u4ee4)<\/p>\n
shell\u547d\u4ee4\u683c\u5f0f\u5e94\u4e3a\uff1a\u547d\u4ee4\u00a0{ } ;<\/p>\n
exec\u540e\u9762\u7684\u547d\u4ee4\u662f\u4ee5\u5206\u53f7\u4e3a\u7ed3\u5c3e\u7684\uff0c\u6545 ; \u4e0d\u53ef\u7701\u7565<\/p>\n
\u63d0\u6743\u547d\u4ee4\uff1a<\/p>\n
find \u4efb\u610f\u5df2\u6709\u6587\u4ef6\u540d -exec whoami \\;<\/pre>\n\uff08\\\u4e3a\u8f6c\u4e49\u5b57\u7b26\uff0c\u5c06\u5f15\u53f7\u8f6c\u4e49\u4e3a\u6700\u521d\u7684\u5f15\u53f7\uff0c\u56e0\u4e3a;\u5728\u4e0d\u540c\u7cfb\u7edf\u4e0d\u540c\u547d\u4ee4\u4e2d\u6709\u7740\u4e0d\u540c\u7684\u542b\u4e49\uff0c\u6240\u4ee5\u9700\u8981\u8f6c\u4e49\uff09<\/span><\/p>\n\u7ed3\u679c\u4e3a\uff1a<\/p>\n
<\/div><\/p>\n\u6211\u4eec\u53ef\u4ee5\u770b\u5230\u5f53\u524d\u7528\u6237\u4e3aroot<\/p>\n
\u5230\u6b64find\u63d0\u6743\u7ed3\u675f\uff0c\u4f60\u53ef\u4ee5\u4ee4-exec\u540e\u4e3a\u4efb\u4f55shell\u547d\u4ee4\uff0c\u5b83\u90fd\u5c06\u4ee5root\u7684\u6743\u9650\u8fdb\u884c<\/p>\n
\u5176\u4ed6\u547d\u4ee4\u7684\u63d0\u6743\u4ee5\u540e\u518d\u66f4\u65b0<\/p>\n","protected":false},"excerpt":{"rendered":"
\u7b80\u5355\u6613\u61c2\u7684SUID\u63d0\u6743<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22,36],"tags":[24,23],"class_list":["post-154","post","type-post","status-publish","format-standard","hentry","category-webs","category-36","tag-linux","tag-23"],"_links":{"self":[{"href":"https:\/\/blog.byzhb.top\/index.php\/wp-json\/wp\/v2\/posts\/154","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.byzhb.top\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.byzhb.top\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.byzhb.top\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.byzhb.top\/index.php\/wp-json\/wp\/v2\/comments?post=154"}],"version-history":[{"count":7,"href":"https:\/\/blog.byzhb.top\/index.php\/wp-json\/wp\/v2\/posts\/154\/revisions"}],"predecessor-version":[{"id":415,"href":"https:\/\/blog.byzhb.top\/index.php\/wp-json\/wp\/v2\/posts\/154\/revisions\/415"}],"wp:attachment":[{"href":"https:\/\/blog.byzhb.top\/index.php\/wp-json\/wp\/v2\/media?parent=154"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.byzhb.top\/index.php\/wp-json\/wp\/v2\/categories?post=154"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.byzhb.top\/index.php\/wp-json\/wp\/v2\/tags?post=154"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"\"](\"https:\/\/blog.byzhb.top\/wp-content\/uploads\/2023\/02\/PNCK0SDPRKTI7AG2CXP.png\")
<\/div><\/p>\n![\"\"](\"https:\/\/blog.byzhb.top\/wp-content\/uploads\/2023\/02\/ST5591Z8K2BHO4PL7DUGD.png\")
<\/div><\/p>\n