因爲基於Android類設備的滲透測試都是經過各種終端實現。因此掌握Shell相關操做就顯得尤其重要。Bash是一個爲GNU計劃編寫的Unix Shell本文選自基於Android設備的Kali Linux滲透測試教程。node
它是許多Linux平臺內定Shell,還有許多傳統UNIX上用的Shell,如tcsh、csh、ash、bsh、ksh等。Bash是大多數Linux系統上默認的Shell,本章將介紹Bash的基礎知識。android
Linux man中的man就是manual的縮寫,中文說法是手冊。在Linux中,man手冊就是用來查看系統中自帶的各類參考手冊。經過查看man手冊,能夠從中獲取到各類命令、文件、庫函數等幫助信息。本節將介紹從man手冊。app
使用man文件是很容易的,這裏首先介紹下它的語法格式及相關參數。man命令的語法格式以下所示:less
man [SECTION NUMBER] MAN PAGE NAMEide
以上命令中,兩個選項的含義以下所示:函數
q SECTION NUMBER:表示man手冊頁的章節號。工具
q MAN PAGE NAME:表示man手冊名稱,一般是命令、系統或庫自己的名稱。例如,若是查找man命令的手冊頁,執行命令以下所示:佈局
man 1 man測試
在以上命令中,1表示告訴man命令爲第1節,而man參數後面的命令就man手冊頁的名稱。ui
Man手冊頁章節號是根據它們本身的規範定義的,主要分爲幾個部分。以下所示:
q 1:普通命令用這個段查找使用在命令行的命令信息。在上面這個命令中,使用它來查找關於man文件的信息。
q 2:系統調用:即由內核提供的函數。
q 3:C庫函數。對於C語言開發,該文檔是很是有用的,而且開發者使用開發語言做爲C延伸工具,如Python。它將顯示參數相關的信息,頭文件的定義、行爲和基本C庫函數調用的目的。
q 4:特殊文件,也就是各類設備文件。這些文件一般保存在/dev/目錄中,如字符設備、僞終端等。
q 5:文件格式和轉化。該文檔包含了Linux系統中文件的格式。如密碼文件passwd,該手冊頁將會說明這個文件中各個字段的含義。
q 6:遊戲和屏幕保護。該文檔中包含關於遊戲和屏幕保護程序信息。
q 7:雜集。該文檔中包括各類命令信息和其它信息。
q 8:系統管理員命令和守護進程。該文檔中命令和系統守護進程只能由管理員使用。
man手冊的頁面佈局是標準化的,包含一個特定部分的集合。man手冊頁的每一個部分都包含了描述、系統調用或庫函數。下面分別介紹一下在man文件中目的相同的部分,以下所示:
q Name:表示命令、函數、系統調用或文件格式的名稱。
q Synopsis:表示命令、函數、系統調用、文件格式等語法格式。
q Description:對命令功能的描述
q Examples:表示對命令如何使用給出的例子。
q See also:表示參考文檔、Web頁面及與該程序有關的其它程序。
爲了驗證man手冊的語法格式及內容格式等,下面舉幾個例子做爲驗證。
【實例2-1】查看本機僞終端的man手冊頁。執行命令以下所示:
android@localhost :~$ man 4 pts
執行以上命令後,將顯示以下所示的信息:
PTS(4) Linux Programmer's Manual PTS(4)
NAME
ptmx, pts - pseudoterminal master and slave
DESCRIPTION
The file /dev/ptmx is a character file with major number 5 and minor
number 2, usually of mode 0666 and owner.group of root.root. It is
used to create a pseudoterminal master and slave pair.
When a process opens /dev/ptmx, it gets a file descriptor for a pseu‐
doterminal master (PTM), and a pseudoterminal slave (PTS) device is
created in the /dev/pts directory. Each file descriptor obtained by
opening /dev/ptmx is an independent PTM with its own associated PTS,
whose path can be found by passing the descriptor to ptsname(3).
Before opening the pseudoterminal slave, you must pass the master's
file descriptor to grantpt(3) and unlockpt(3).
Once both the pseudoterminal master and slave are open, the slave pro‐
vides processes with an interface that is identical to that of a real
terminal.
……
FILES
/dev/ptmx, /dev/pts/*
NOTES
The Linux support for the above (known as UNIX 98 pseudoterminal nam‐
ing) is done using the devpts file system, that should be mounted on
/dev/pts.
Before this UNIX 98 scheme, master pseudoterminals were called
/dev/ptyp0, ... and slave pseudoterminals /dev/ttyp0, ... and one
needed lots of preallocated device nodes.
SEE ALSO
getpt(3), grantpt(3), ptsname(3), unlockpt(3), pty(7)
COLOPHON
This page is part of release 3.44 of the Linux man-pages project. A
description of the project, and information about reporting bugs, can
be found at http://www.kernel.org/doc/man-pages/.
從以上輸出的信息中,能夠看到該手冊頁共有七部分,如主題、文件名稱、文件保存位置、參考資料等。在輸出信息的左上角能夠看到顯示了PTS(4)。其中,PTS表示手冊名稱,(4)表示手冊位於第四章節。最後,按下q鍵退出man手冊頁本文選自基於Android設備的Kali Linux滲透測試教程。
【實例2-2】查看passwd文件的man手冊頁。執行命令以下所示:
android@localhost :~$ man 5 passwd
執行以上命令後,將輸出以下所示的信息:
PASSWD(5) File Formats and Conversions PASSWD(5)
NAME
passwd - the password file
DESCRIPTION
/etc/passwd contains one line for each user account, with seven fields
delimited by colons (「:」). These fields are:
· login name
· optional encrypted password
· numerical user ID
· numerical group ID
· user name or comment field
· user home directory
· optional user command interpreter
The encrypted password field may be blank, in which case no password is
required to authenticate as the specified login name. However, some
applications which read the /etc/passwd file may decide not to permit
any access at all if the password field is blank. If the password field
is a lower-case 「x」, then the encrypted password is actually stored in
the shadow(5) file instead; there must be a corresponding line in the
/etc/shadow file, or else the user account is invalid. If the password
field is any other string, then it will be treated as an encrypted
password, as specified by crypt(3).
The comment field is used by various system utilities, such as
finger(1).
The home directory field provides the name of the initial working
directory. The login program uses this information to set the value of
the $HOME environmental variable.
The command interpreter field provides the name of the user's command
language interpreter, or the name of the initial program to execute.
The login program uses this information to set the value of the $SHELL
environmental variable. If this field is empty, it defaults to the
value /bin/sh.
FILES
/etc/passwd
User account information.
/etc/shadow
optional encrypted password file
/etc/passwd-
Backup file for /etc/passwd.
Note that this file is used by the tools of the shadow toolsuite,
but not by all user and password management tools.
SEE ALSO
crypt(3), getent(1), getpwnam(3), login(1), passwd(1), pwck(8),
pwconv(8), pwunconv(8), shadow(5), su(1), sulogin(8).
shadow-utils 4.1.5.1 05/25/2012 PASSWD(5)
從以上輸出信息中,能夠看到passwd文件中共有七個字段,而且每一個字段使用「冒號:」分割。具體每一個字段的做用,在該文檔中都有詳細介紹。在Linux系統中也有passwd命令,若是查看該命令的幫助信息,執行命令以下所示:
android@localhost :~$ man 1 passwd
輸出信息以下所示:
PASSWD(1) User Commands PASSWD(1)
NAME
passwd - change user password
SYNOPSIS
passwd [options] [LOGIN]
DESCRIPTION
The passwd command changes passwords for user accounts. A normal user
may only change the password for his/her own account, while the
superuser may change the password for any account. passwd also changes
the account or associated password validity period.
……
OPTIONS
The options which apply to the passwd command are:
-a, --all
This option can be used only with -S and causes show status for all
users.
-d, --delete
Delete a user's password (make it empty). This is a quick way to
disable a password for an account. It will set the named account
passwordless.
-e, --expire
Immediately expire an account's password. This in effect can force
a user to change his/her password at the user's next login.
-h, --help
Display help message and exit.
-i, --inactive INACTIVE
This option is used to disable an account after the password has
been expired for a number of days. After a user account has had an
expired password for INACTIVE days, the user may no longer sign on
to the account.
……
CAVEATS
Password complexity checking may vary from site to site. The user is
urged to select a password as complex as he or she feels comfortable
with.
Users may not be able to change their password on a system if NIS is
enabled and they are not logged into the NIS server.
passwd uses PAM to authenticate users and to change their passwords.
FILES
/etc/passwd
User account information.
/etc/shadow
Secure user account information.
/etc/pam.d/passwd
PAM configuration for passwd.
EXIT VALUES
The passwd command exits with the following values:
0
success
1
permission denied
2
invalid combination of options
3
unexpected failure, nothing done
4
unexpected failure, passwd file missing
5
passwd file busy, try again
6
invalid argument to option
SEE ALSO
chpasswd(8), passwd(5), shadow(5), usermod(8).
shadow-utils 4.1.5.1 05/25/2012 PASSWD(1)
在以上輸出信息中,顯示了passwd命令的語法格式、選項、描述等信息。從以上的輸出信息中,能夠發現使用的章節編號不一樣,顯示的幫助文檔內容也不一樣。在以上命令中,也能夠不輸入章節號1的。由於,man命令默認是從數字較小的手冊中尋找相關命令和函數。
注意:man命令是按照手冊的章節號順序進行搜索的。例如查看sleep命令的手冊,執行man sleep命令。若是想要查看庫函數sleep,則須要執行man 3 sleep命令。這裏的章節號,就必須輸入本文選自基於Android設備的Kali Linux滲透測試教程。