level 1 ps查看进程
ps aux #查看所有进程信息
首先利用重定向将输出写入文件,然后从文件中查找需要重启的程序。
1.1 首先,我们将学习使用命令列出正在运行的进程。 根据您询问的对象,要么代表“进程快照”,要么代表“进程状态”,它列出了进程。 默认情况下,只列出在终端中运行的进程,老实说,这并不是很有用:ps
hacker@dojo:~$ ps PID TTY TIME CMD 329 pts/0 00:00:00 bash 349 pts/0 00:00:00 ps hacker@dojo:~$
在上面的例子中,我们有 shell() 和进程本身,这就是在该特定终端上运行的全部内容。 我们还看到,每个进程都有一个数字标识符(进程 ID 或 PID),这是一个唯一标识 Linux 环境中每个正在运行的进程的数字。 我们还可以看到运行命令的终端(在本例中为 指定 ),以及到目前为止该进程消耗的总 CPU 时间(由于这些进程的要求非常低,它们甚至还没有消耗 1 秒!
在大多数情况下,这就是您将看到的默认 . 为了使它有+用,我们需要传递一些参数。ps
作为一个非常古老的实用程序,它的使用有点混乱。 有两种方法可以指定参数。
“标准”语法:**在此语法中,您可以使用列出“每个”进程和“完整格式”输出,包括参数。 这些可以组合成一个参数。-e-f-ef
“BSD”语法:**在此语法中,可用于列出所有用户的进程、未在终端中运行的进程以及“用户可读”输出。 这些可以组合成一个参数。
这两种方法,并导致略有不同但可交叉识别的输出。ps -efps aux
让我们在道场中尝试一下:
hacker@dojo:~$ ps -ef UID PID PPID C STIME TTY TIME CMD hacker 1 0 0 05:34 ? 00:00:00 /sbin/docker-init -- /bin/sleep 6h hacker 7 1 0 05:34 ? 00:00:00 /bin/sleep 6h hacker 102 1 1 05:34 ? 00:00:00 /usr/lib/code-server/lib/node /usr/lib/code-server --auth=none - hacker 138 102 11 05:34 ? 00:00:07 /usr/lib/code-server/lib/node /usr/lib/code-server/out/node/entr hacker 287 138 0 05:34 ? 00:00:00 /usr/lib/code-server/lib/node /usr/lib/code-server/lib/vscode/ou hacker 318 138 6 05:34 ? 00:00:03 /usr/lib/code-server/lib/node --dns-result-order=ipv4first /usr/ hacker 554 138 3 05:35 ? 00:00:00 /usr/lib/code-server/lib/node /usr/lib/code-server/lib/vscode/ou hacker 571 554 0 05:35 pts/0 00:00:00 /usr/bin/bash --init-file /usr/lib/code-server/lib/vscode/out/vs hacker 695 571 0 05:35 pts/0 00:00:00 ps -ef hacker@dojo:~$
您可以在此处看到,有一些进程正在运行,用于初始化质询环境 ()、质询自动终止之前的超时以保留计算资源( 在 6 小时后超时)、VSCode 环境(多个辅助进程)、shell () 和 my 命令。 这与以下基本相同:docker-initsleep 6hcode-serverbashps -efps aux
hacker@dojo:~$ ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND hacker 1 0.0 0.0 1128 4 ? Ss 05:34 0:00 /sbin/docker-init -- /bin/sleep 6h hacker 7 0.0 0.0 2736 580 ? S 05:34 0:00 /bin/sleep 6h hacker 102 0.4 0.0 723944 64660 ? Sl 05:34 0:00 /usr/lib/code-server/lib/node /usr/lib/code-serve hacker 138 3.3 0.0 968792 106272 ? Sl 05:34 0:07 /usr/lib/code-server/lib/node /usr/lib/code-serve hacker 287 0.0 0.0 717648 53136 ? Sl 05:34 0:00 /usr/lib/code-server/lib/node /usr/lib/code-serve hacker 318 3.3 0.0 977472 98256 ? Sl 05:34 0:06 /usr/lib/code-server/lib/node --dns-result-order= hacker 554 0.4 0.0 650560 55360 ? Rl 05:35 0:00 /usr/lib/code-server/lib/node /usr/lib/code-serve hacker 571 0.0 0.0 4600 4032 pts/0 Ss 05:35 0:00 /usr/bin/bash --init-file /usr/lib/code-server/li hacker 1172 0.0 0.0 5892 2924 pts/0 R+ 05:38 0:00 ps aux hacker@dojo:~$
之间有许多共同点:两者都显示用户(列)、PID、TTY、进程的开始时间 (/)、总使用的 CPU 时间 () 和命令 (/)。 此外,输出_父进程 ID_ (),这是启动相关进程的进程的 PID,同时输出进程正在使用的总系统 CPU 和内存的百分比。 另外,还有一堆我们现在不会涉及的其他东西。
无论如何! 让我们练习一下。 在这个关卡中,我再次重命名为一个随机的文件名,这次做到了你不能目录! 但是我也启动了它,所以可以在运行进程列表中找到它,找出文件名,然后直接为标志重新启动它! 祝你好运!
注意:两者都将命令列表截断到终端的宽度(这就是为什么上面的示例在屏幕右侧排列得如此漂亮。 如果您无法读取整个进程的路径,则可能需要放大终端(或将输出重定向到某个地方以避免这种截断行为)!ps -efps aux
level 2 kill 终止进程
hacker@dojo:~$ ps -e | grep sleep 342 pts/0 00:00:00 sleep hacker@dojo:~$ kill 342 hacker@dojo:~$ ps -e | grep sleep hacker@dojo:~$
hacker@processes~killing-processes:/challenge$ ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND hacker 1 0.0 0.0 1128 4 ? Ss 06:21 0:00 /sbin/docker-init -- /bin/sleep 6h hacker 7 0.0 0.0 2736 584 ? S 06:21 0:00 /bin/sleep 6h root 63 0.0 0.0 5196 3012 ? S 06:21 0:00 su -c /challenge/.launcher hacker hacker 65 0.0 0.0 4124 2968 ? Ss 06:21 0:00 /challenge/dont_run hacker 66 0.0 0.0 2736 576 ? S 06:21 0:00 sleep 6h hacker 128 0.7 0.0 723688 64840 ? Sl 06:21 0:00 /usr/lib/code-server/lib/node /usr/lib/code-server --auth=none --bind-addr=dojo-user:6080 --extensions-dir=/op hacker 164 6.2 0.0 967416 120508 ? Sl 06:21 0:07 /usr/lib/code-server/lib/node /usr/lib/code-server/out/node/entry hacker 265 0.2 0.0 717920 53264 ? Sl 06:21 0:00 /usr/lib/code-server/lib/node /usr/lib/code-server/lib/vscode/out/bootstrap-fork --type=fileWatcher hacker 296 4.9 0.0 975532 96152 ? Sl 06:21 0:04 /usr/lib/code-server/lib/node --dns-result-order=ipv4first /usr/lib/code-server/lib/vscode/out/bootstrap-fork hacker 327 0.8 0.0 724812 56144 ? Rl 06:21 0:00 /usr/lib/code-server/lib/node /usr/lib/code-server/lib/vscode/out/bootstrap-fork --type=ptyHost --logsPath /ho hacker 387 0.0 0.0 4596 4084 pts/1 Ss 06:21 0:00 /bin/bash --init-file /usr/lib/code-server/lib/vscode/out/vs/workbench/contrib/terminal/browser/media/shellInt hacker 794 0.0 0.0 5892 2980 pts/1 R+ 06:23 0:00 ps aux hacker@processes~killing-processes:/challenge$ kill 65 hacker@processes~killing-processes:/challenge$ ./run Great job! Here is your payment: pwn.college{0mJkm6Ar0cvesSZvXx44azwPSWJ.dJDN4QDLwYTM2QzW}
level 3 Ctrl-C 中断程序
按下Ctrl^C中断即可。
linux命令参考文档
level 4 Ctrl-Z 挂起进程
Ctrl-Z命令可以将当前进程挂起,后续再次执行相同程序会唤醒直接调用。
level 5 fg 恢复进程放入终端前台
fg直接恢复挂起的进程。【fg:恢复到前台;bg:恢复在后台。】
hacker@processes~resuming-processes:/challenge$ ./run Let us practice resuming processes! Suspend me with Ctrl-Z, then resume me with the 'fg' command! Or just press Enter to quit me! ^Z [1]+ Stopped ./run hacker@processes~resuming-processes:/challenge$ fg ./run I am back! Here is your flag: pwn.college{8nTrErBEjP9AvmG0PvI3kPxj4ce.dZDN4QDLwYTM2QzW} Don not forget to press Enter to quit me! Goodbye!
level 6 前台挂起进程[sleep],同时后台运行一个相同进程副本[unsleep]
使用bg命令,会需要输入一个时间【运行时间??】…
hacker@processes~backgrounding-processes:/challenge$ ./run I will only give you the flag if there is already another copy of me running *and not suspended* in this terminal... Let us check! UID PID STAT CMD root 526 S+ bash /challenge/run root 528 R+ ps -o user=UID,pid,stat,cmd I don not see a second me! To pass this level, you need to suspend me, resume the suspended process in the background, and then launch a new version of me! You can background me with Ctrl-Z (and resume me in the background with 'bg') or, if you are not ready to do that for whatever reason, just hit Enter and I will exit! ^Z [1]+ Stopped ./run hacker@processes~backgrounding-processes:/challenge$ ./run I will only give you the flag if there is already another copy of me running *and not suspended* in this terminal... Let us check! UID PID STAT CMD root 526 T bash /challenge/run root 691 S+ bash /challenge/run root 693 R+ ps -o user=UID,pid,stat,cmd I found a second version of me, but it is suspended! Please resume it in the background with the 'bg' command, then run me again. hacker@processes~backgrounding-processes:/challenge$ bg [1]+ ./run & hacker@processes~backgrounding-processes:/challenge$ Yay, I am now running the background! Because of that, this text will probably overlap weirdly with the shell prompt. Do not panic; just hit Enter a few times to scroll this text out. 12 bash: 12: command not found hacker@processes~backgrounding-processes:/challenge$ ./run I will only give you the flag if there is already another copy of me running *and not suspended* in this terminal... Let us check! UID PID STAT CMD root 526 S bash /challenge/run root 765 S sleep 6h root 914 S+ bash /challenge/run root 916 R+ ps -o user=UID,pid,stat,cmd Yay, I found another version of me running in the background! Here is the flag: pwn.college{AEJuBRe_NX4zplekpMMNF5U0NPq.ddDN4QDLwYTM2QzW}
level 7 前后台进程切换
hacker@processes~foregrounding-processes:/challenge$ ./run To pass this level, you need to suspend me, resume the suspended process in the background, and *then* foreground it without re-suspending it! You can background me with Ctrl-Z (and resume me in the background with 'bg') or, if you're not ready to do that for whatever reason, just hit Enter and I'll exit! ^Z [1]+ Stopped ./run hacker@processes~foregrounding-processes:/challenge$ bg [1]+ ./run & hacker@processes~foregrounding-processes:/challenge$ Yay, I'm now running the background! Because of that, this text will probably overlap weirdly with the shell prompt. Don't panic; just hit Enter a few times to scroll this text out. After that, resume me into the foreground with 'fg'; I'll wait. 12 bash: 12: command not found hacker@processes~foregrounding-processes:/challenge$ fg ./run YES! Great job! I'm now running in the foreground. Hit Enter for your flag! pwn.college{o4jCGYwvl3eH_8haDM77IRGAYjs.dhDN4QDLwYTM2QzW}
level 8 附加符号&,直接在后台启动进程
hacker@processes~starting-backgrounded-processes:/challenge$ ./run (time) & [1] 501 # 进程号 hacker@processes~starting-backgrounded-processes:/challenge$ Yay, you started me in the background! Because of that, this text will probably overlap weirdly with the shell prompt, but you're used to that by now... Anyways! Here is your flag! pwn.college{A-5a3Z3hDEZl0a2uvWQZMRgrXSp.dlDN4QDLwYTM2QzW} ^C [1]+ Done ./run
