【pwn.college笔记】Processes and Jobs

简介: 【pwn.college笔记】Processes and Jobs

level 1 ps查看进程

ps aux #查看所有进程信息

首先利用重定向将输出写入文件,然后从文件中查找需要重启的程序。

1.1 首先,我们将学习使用命令列出正在运行的进程。 根据您询问的对象,要么代表“进程快照”,要么代表“进程状态”,它列出了进程。 默认情况下,只列出在终端中运行的进程,老实说,这并不是很有用:ps

hacker@dojo:~$ ps
    PID TTY          TIME CMD
    329 pts/0    00:00:00 bash
    349 pts/0    00:00:00 ps
hacker@dojo:~$

在上面的例子中,我们有 shell() 和进程本身,这就是在该特定终端上运行的全部内容。 我们还看到,每个进程都有一个数字标识符(进程 ID 或 PID),这是一个唯一标识 Linux 环境中每个正在运行的进程的数字。 我们还可以看到运行命令的终端(在本例中为 指定 ),以及到目前为止该进程消耗的总 CPU 时间(由于这些进程的要求非常低,它们甚至还没有消耗 1 秒!

在大多数情况下,这就是您将看到的默认 . 为了使它有+用,我们需要传递一些参数。ps

作为一个非常古老的实用程序,它的使用有点混乱。 有两种方法可以指定参数。

“标准”语法:**在此语法中,您可以使用列出“每个”进程和“完整格式”输出,包括参数。 这些可以组合成一个参数。-e-f-ef

“BSD”语法:**在此语法中,可用于列出所有用户的进程、未在终端中运行的进程以及“用户可读”输出。 这些可以组合成一个参数。

这两种方法,并导致略有不同但可交叉识别的输出。ps -efps aux

让我们在道场中尝试一下:

hacker@dojo:~$ ps -ef
UID          PID    PPID  C STIME TTY          TIME CMD
hacker         1       0  0 05:34 ?        00:00:00 /sbin/docker-init -- /bin/sleep 6h
hacker         7       1  0 05:34 ?        00:00:00 /bin/sleep 6h
hacker       102       1  1 05:34 ?        00:00:00 /usr/lib/code-server/lib/node /usr/lib/code-server --auth=none -
hacker       138     102 11 05:34 ?        00:00:07 /usr/lib/code-server/lib/node /usr/lib/code-server/out/node/entr
hacker       287     138  0 05:34 ?        00:00:00 /usr/lib/code-server/lib/node /usr/lib/code-server/lib/vscode/ou
hacker       318     138  6 05:34 ?        00:00:03 /usr/lib/code-server/lib/node --dns-result-order=ipv4first /usr/
hacker       554     138  3 05:35 ?        00:00:00 /usr/lib/code-server/lib/node /usr/lib/code-server/lib/vscode/ou
hacker       571     554  0 05:35 pts/0    00:00:00 /usr/bin/bash --init-file /usr/lib/code-server/lib/vscode/out/vs
hacker       695     571  0 05:35 pts/0    00:00:00 ps -ef
hacker@dojo:~$

您可以在此处看到,有一些进程正在运行,用于初始化质询环境 ()、质询自动终止之前的超时以保留计算资源( 在 6 小时后超时)、VSCode 环境(多个辅助进程)、shell () 和 my 命令。 这与以下基本相同:docker-initsleep 6hcode-serverbashps -efps aux

hacker@dojo:~$ ps aux
USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
hacker         1  0.0  0.0   1128     4 ?        Ss   05:34   0:00 /sbin/docker-init -- /bin/sleep 6h
hacker         7  0.0  0.0   2736   580 ?        S    05:34   0:00 /bin/sleep 6h
hacker       102  0.4  0.0 723944 64660 ?        Sl   05:34   0:00 /usr/lib/code-server/lib/node /usr/lib/code-serve
hacker       138  3.3  0.0 968792 106272 ?       Sl   05:34   0:07 /usr/lib/code-server/lib/node /usr/lib/code-serve
hacker       287  0.0  0.0 717648 53136 ?        Sl   05:34   0:00 /usr/lib/code-server/lib/node /usr/lib/code-serve
hacker       318  3.3  0.0 977472 98256 ?        Sl   05:34   0:06 /usr/lib/code-server/lib/node --dns-result-order=
hacker       554  0.4  0.0 650560 55360 ?        Rl   05:35   0:00 /usr/lib/code-server/lib/node /usr/lib/code-serve
hacker       571  0.0  0.0   4600  4032 pts/0    Ss   05:35   0:00 /usr/bin/bash --init-file /usr/lib/code-server/li
hacker      1172  0.0  0.0   5892  2924 pts/0    R+   05:38   0:00 ps aux
hacker@dojo:~$

之间有许多共同点:两者都显示用户(列)、PID、TTY、进程的开始时间 (/)、总使用的 CPU 时间 () 和命令 (/)。 此外,输出_父进程 ID_ (),这是启动相关进程的进程的 PID,同时输出进程正在使用的总系统 CPU 和内存的百分比。 另外,还有一堆我们现在不会涉及的其他东西。

无论如何! 让我们练习一下。 在这个关卡中,我再次重命名为一个随机的文件名,这次做到了你不能目录! 但是我也启动了它,所以可以在运行进程列表中找到它,找出文件名,然后直接为标志重新启动它! 祝你好运!

注意:两者都将命令列表截断到终端的宽度(这就是为什么上面的示例在屏幕右侧排列得如此漂亮。 如果您无法读取整个进程的路径,则可能需要放大终端(或将输出重定向到某个地方以避免这种截断行为)!ps -efps aux

level 2 kill 终止进程

hacker@dojo:~$ ps -e | grep sleep
 342 pts/0    00:00:00 sleep
hacker@dojo:~$ kill 342
hacker@dojo:~$ ps -e | grep sleep
hacker@dojo:~$
hacker@processes~killing-processes:/challenge$ ps aux
USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
hacker         1  0.0  0.0   1128     4 ?        Ss   06:21   0:00 /sbin/docker-init -- /bin/sleep 6h
hacker         7  0.0  0.0   2736   584 ?        S    06:21   0:00 /bin/sleep 6h
root          63  0.0  0.0   5196  3012 ?        S    06:21   0:00 su -c /challenge/.launcher hacker
hacker        65  0.0  0.0   4124  2968 ?        Ss   06:21   0:00 /challenge/dont_run
hacker        66  0.0  0.0   2736   576 ?        S    06:21   0:00 sleep 6h
hacker       128  0.7  0.0 723688 64840 ?        Sl   06:21   0:00 /usr/lib/code-server/lib/node /usr/lib/code-server --auth=none --bind-addr=dojo-user:6080 --extensions-dir=/op
hacker       164  6.2  0.0 967416 120508 ?       Sl   06:21   0:07 /usr/lib/code-server/lib/node /usr/lib/code-server/out/node/entry
hacker       265  0.2  0.0 717920 53264 ?        Sl   06:21   0:00 /usr/lib/code-server/lib/node /usr/lib/code-server/lib/vscode/out/bootstrap-fork --type=fileWatcher
hacker       296  4.9  0.0 975532 96152 ?        Sl   06:21   0:04 /usr/lib/code-server/lib/node --dns-result-order=ipv4first /usr/lib/code-server/lib/vscode/out/bootstrap-fork 
hacker       327  0.8  0.0 724812 56144 ?        Rl   06:21   0:00 /usr/lib/code-server/lib/node /usr/lib/code-server/lib/vscode/out/bootstrap-fork --type=ptyHost --logsPath /ho
hacker       387  0.0  0.0   4596  4084 pts/1    Ss   06:21   0:00 /bin/bash --init-file /usr/lib/code-server/lib/vscode/out/vs/workbench/contrib/terminal/browser/media/shellInt
hacker       794  0.0  0.0   5892  2980 pts/1    R+   06:23   0:00 ps aux
hacker@processes~killing-processes:/challenge$ kill 65
hacker@processes~killing-processes:/challenge$ ./run
Great job! Here is your payment:
pwn.college{0mJkm6Ar0cvesSZvXx44azwPSWJ.dJDN4QDLwYTM2QzW}

level 3 Ctrl-C 中断程序

按下Ctrl^C中断即可。

linux命令参考文档

level 4 Ctrl-Z 挂起进程

Ctrl-Z命令可以将当前进程挂起,后续再次执行相同程序会唤醒直接调用。

level 5 fg 恢复进程放入终端前台

fg直接恢复挂起的进程。【fg:恢复到前台;bg:恢复在后台。】

hacker@processes~resuming-processes:/challenge$ ./run
Let us practice resuming processes! Suspend me with Ctrl-Z, then resume me with 
the 'fg' command! Or just press Enter to quit me!
^Z
[1]+  Stopped                 ./run
hacker@processes~resuming-processes:/challenge$ fg
./run
I am back! Here is your flag:
pwn.college{8nTrErBEjP9AvmG0PvI3kPxj4ce.dZDN4QDLwYTM2QzW}
Don not forget to press Enter to quit me!
Goodbye!

level 6 前台挂起进程[sleep],同时后台运行一个相同进程副本[unsleep]

使用bg命令,会需要输入一个时间【运行时间??】…

hacker@processes~backgrounding-processes:/challenge$ ./run
I will only give you the flag if there is already another copy of me running *and 
not suspended* in this terminal... Let us check!
UID          PID STAT CMD
root         526 S+   bash /challenge/run
root         528 R+   ps -o user=UID,pid,stat,cmd
I don not see a second me!
To pass this level, you need to suspend me, resume the suspended process in the 
background, and then launch a new version of me! You can background me with 
Ctrl-Z (and resume me in the background with 'bg') or, if you are not ready to 
do that for whatever reason, just hit Enter and I will exit!
^Z
[1]+  Stopped                 ./run
hacker@processes~backgrounding-processes:/challenge$ ./run
I will only give you the flag if there is already another copy of me running *and 
not suspended* in this terminal... Let us check!
UID          PID STAT CMD
root         526 T    bash /challenge/run
root         691 S+   bash /challenge/run
root         693 R+   ps -o user=UID,pid,stat,cmd
I found a second version of me, but it is suspended! Please resume it in the 
background with the 'bg' command, then run me again.
hacker@processes~backgrounding-processes:/challenge$ bg
[1]+ ./run &
hacker@processes~backgrounding-processes:/challenge$ 
Yay, I am now running the background! Because of that, this text will probably 
overlap weirdly with the shell prompt. Do not panic; just hit Enter a few times 
to scroll this text out.
12
bash: 12: command not found
hacker@processes~backgrounding-processes:/challenge$ ./run
I will only give you the flag if there is already another copy of me running *and 
not suspended* in this terminal... Let us check!
UID          PID STAT CMD
root         526 S    bash /challenge/run
root         765 S    sleep 6h
root         914 S+   bash /challenge/run
root         916 R+   ps -o user=UID,pid,stat,cmd
Yay, I found another version of me running in the background! Here is the flag:
pwn.college{AEJuBRe_NX4zplekpMMNF5U0NPq.ddDN4QDLwYTM2QzW}

level 7 前后台进程切换

hacker@processes~foregrounding-processes:/challenge$ ./run
To pass this level, you need to suspend me, resume the suspended process in the 
background, and *then* foreground it without re-suspending it! You can 
background me with Ctrl-Z (and resume me in the background with 'bg') or, if 
you're not ready to do that for whatever reason, just hit Enter and I'll exit!
^Z
[1]+  Stopped                 ./run
hacker@processes~foregrounding-processes:/challenge$ bg
[1]+ ./run &
hacker@processes~foregrounding-processes:/challenge$ 
Yay, I'm now running the background! Because of that, this text will probably 
overlap weirdly with the shell prompt. Don't panic; just hit Enter a few times 
to scroll this text out. After that, resume me into the foreground with 'fg'; 
I'll wait.
12
bash: 12: command not found
hacker@processes~foregrounding-processes:/challenge$ fg
./run
YES! Great job! I'm now running in the foreground. Hit Enter for your flag!
pwn.college{o4jCGYwvl3eH_8haDM77IRGAYjs.dhDN4QDLwYTM2QzW}

level 8 附加符号&,直接在后台启动进程

hacker@processes~starting-backgrounded-processes:/challenge$ ./run (time) &
[1] 501  # 进程号
hacker@processes~starting-backgrounded-processes:/challenge$ 
Yay, you started me in the background! Because of that, this text will probably 
overlap weirdly with the shell prompt, but you're used to that by now...
Anyways! Here is your flag!
pwn.college{A-5a3Z3hDEZl0a2uvWQZMRgrXSp.dlDN4QDLwYTM2QzW}
^C
[1]+  Done                    ./run
目录
相关文章
|
4月前
|
安全 前端开发 rax
PWN练习---Stack_2
PWN练习---Stack_2
74 0
|
6月前
|
安全 算法 Shell
PWN练习---Heap_1
PWN练习---Heap_1
77 7
|
6月前
|
网络协议 安全 Ubuntu
PWN练习---Stack_1
PWN练习---Stack_1
114 3
|
6月前
|
安全 Shell
ISCC2024--pwn
ISCC2024--pwn
46 0
|
Java
jps查看进程出现process information unavailable
jps查看进程出现process information unavailable
306 0
jps查看进程出现process information unavailable