So what I'm trying to do here is to start a binary under a PHP script I am trying to Apache has pseudo access, this work works fine when it runs through a logged-in screen as a "test".
Pastor ('Bash-C' pseudo-o test CD / home / test / cs /; / hlls_r un ''); I can also add
past ('Bash-C' pseudo-o test. / Home / test / cs / hlds_run "') ; How the binary is written, will not work because of this (unless you test it on the terminal, it will not get the resource)
If everyone has access to / home / test / cs :
Pastra ('CD / Home / Test / CS & SUUDO-U Test ./hlds_run'); If only user test has access to the directory:
passhtru ('sudo -u test sh -c' cd / home / test / cs & amp; / hlds_run ''); To arrive at the second allocation, you should already be familiar with the system vs execve ( passthru and sudo Respectively).
-
This is the shell string we set to run as a specific user:
CD / Home / Test / CS & amp; ./hlds_run -
We can make sure that it always runs with
sudoas a specific user, butsudoUses Exotic Semantics We need to convert our Shell string to aexecvearray, and because this command is a shell functionality such ascdIs dependent on and does not include dynamic values in B, the best way to do this is simply to interpret verbatim To open a shell is:{
sh,-c,cd / home / test / cs & amp;,Now we can implement
sudoto run as our specific user:{< Code> pseudo
-u,test,sh,-c,cd / Home / test / cs & amp; Amp; ./hlds_run} -
passthru runsin the form of a shell, so now let us see theexecveshell The above array in the string, quoting to ensure the shell, will be parsed in the exact logic list above with extreme caution. Fortunately this is a relatively simple matter:
< / Li>pseudo-o test sh -c "cd / home / test / cs and ./ hlds_run" -
Now let us give it to
passthru:passthru ('sudo -u test sh -c) for CD / Home / Test Can / cs & amp; ./hlds_run "');
No comments:
Post a Comment