相关阅读
在网络安全入门的探讨中,推荐了Pico ctf
data-postsbox="{"id":13208,"title":"2022年网络安全学习路线——如何入门、就业","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":9720,"comment_count":26,"category":"cybersecurity","is_forum_post":false}">{"id":13208,"title":"2022年网络安全学习路线——如何入门、就业","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":9720,"comment_count":26,"category":"cybersecurity","is_forum_post":false}
在上期视频中,我们分享了CTF中的图片取证类型题目
data-postsbox="{"id":18037,"title":"【视频讲解】PicoCTF 2022 取证篇 svg图片隐藏信息","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":2989,"comment_count":1,"category":"cybersecurity","is_forum_post":false}">{"id":18037,"title":"【视频讲解】PicoCTF 2022 取证篇 svg图片隐藏信息","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":2989,"comment_count":1,"category":"cybersecurity","is_forum_post":false}
今天我们将为大家带来一道简单的可执行文件的题目,我们由此将会引出BASH脚本的玩法!
更多阅读
data-postsbox="{"id":17214,"title":"BASH脚本如何让你变成亿万富翁?随机变量学一下!","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":1968,"comment_count":2,"category":"knowledge","is_forum_post":false}">{"id":17214,"title":"BASH脚本如何让你变成亿万富翁?随机变量学一下!","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":1968,"comment_count":2,"category":"knowledge","is_forum_post":false}
data-postsbox="{"id":17186,"title":"【视频讲解】BASH脚本如何定义变量玩出花样?变量与参数篇","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":1298,"comment_count":1,"category":"knowledge","is_forum_post":false}">{"id":17186,"title":"【视频讲解】BASH脚本如何定义变量玩出花样?变量与参数篇","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":1298,"comment_count":1,"category":"knowledge","is_forum_post":false}
data-postsbox="{"id":17164,"title":"【视频讲解】BASH脚本,学一下,黑客自动化必备技能!","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":2051,"comment_count":4,"category":"knowledge","is_forum_post":false}">{"id":17164,"title":"【视频讲解】BASH脚本,学一下,黑客自动化必备技能!","author":"FancyPig","author_id":1,"cover_image":"","cover_video":"","views":2051,"comment_count":4,"category":"knowledge","is_forum_post":false}
视频讲解
本期的CTF挑战题目依旧非常简单,注意进度条警告,我们会在这15分钟里为大家讲解如何编写bash脚本,并使用alias别名将其封装,这样以后我们在解决完CTF挑战后,可以快捷使用命令保存flag,并将其文件后缀添加_COMPLETED已完成的标志,快来看一看咯!
图文讲解
bash脚本示例一:移动至上一级目录,并添加文件后缀
用途:下面代码主要是在完成CTF后,返回上一级,并在文件后缀添加_COMPLETED标志
finish.sh
#!/bin/bash
original_directory = $(pwd)
echo $original_directory
cd ..
mv $original_directory ${original_directory}_COMPLETED
我们使用下面命令运行finish.sh
source finish.sh
可以发现我们输出了一开始在的路径,并返回了上一级
同时,我们可以看到我们之前的文件已经命名为了带_COMPLETED标志的,代表我们已经完成的题目
将脚本与alias别名融合
我们可以在~/.bashrc或~/.zshrc文件中,自己添加别名
上面的两个文件根据操作系统不同,有的是前者,有的是后者
比如,我们的kali linux是Debian的操作系统,就采用的是后者,我们编辑~/.zshrc文件
作者这里使用的是这个命令编辑
subl ~/.zshrc
当然,你如果不习惯,也可以使用mousepad,这个编辑器看自己个人习惯,还有很多(vi、nano、gedit等等)
mousepad ~/.zshrc
我们只需要将刚才的finish.sh脚本拷入/opt/目录下,然后在~/.zshrc文件中输入下面的命令
alias finish="source /opt/finish.sh"
然后使~/.zshrc文件生效
source ~/.zshrc
你就可以愉快的使用finish命令了!与之类似的,你还可以编写其他BASH脚本,譬如保存我们完成的CTF的flag。
bash脚本示例二:保存flag
save.sh
#!/bin/bash
winning_command=$(history | tail -n 1 | cut -b 8-)
cat <<EOF >./get_flag.sh
#!/bin/bash
${winning_command}
EOF
chmod +x get_flag.sh
./get_flag.sh > flag.txt
同样方式可以设置别名
这样的效果就是,你通常获取完flag,下一步我们就运行save命令,BASH脚本将帮我们完成的是先读取历史命令的上一行
history | tail -n 1 | cut -b 8-
将其赋值到${winning_command}变量中,同时我们有生成了一个新的脚本get_flag.sh,如果我们手动执行
./get_flag.sh > flag.txt
它会将其存到flag.txt里,因此一套下来,完整的过程
- 我们正常获取到flag
- 然后运行save
- 之后在flag.txt就可以看到我们保存的flag了
你可以通过cat命令来进行验证,看下flag.txt是否保存了我们的flag
cat flag.txt
