Saya telah menghabiskan berjam-jam pada tugas "sederhana dan menyenangkan" pada platform pembelajaran online.
Menurut situs:
Ketika Bash (shell Linux populer) dimulai, ia mengeksekusi perintah di berbagai skrip yang berbeda. Ketika Bash dipanggil sebagai interaktif shell login, pertama kali membaca dan mengeksekusi '/ etc / profile' dari file, jika file itu ada.
Setelah membaca file itu, ia mencari '~ / .bash_profile, ~ / .bash_login' dan '~ / .profile', dalam urutan itu kemudian membaca dan mengeksekusi perintah dari yang pertama yang ada dan dapat dibaca.
Ketika shell login keluar, Bash membaca dan mengeksekusi perintah dari file '~ / .bash_logout', jika ada. Ketika shell interaktif itu bukan shell login yang dimulai, Bash membaca dan mengeksekusi perintah dari '~ / .bashrc', jika file itu ada. Ini dapat dihambat dengan menggunakan –Barang opsi. Opsi file-rcfile akan memaksa Bash untuk membaca dan jalankan perintah dari file alih-alih '~ / .bashrc'.
Dalam beberapa kasus pemilik sistem menegakkan keamanan melalui skrip ini. Latihan yang sesuai untuk bidang keterampilan ini perlu Anda lakukan pahami apa yang bisa dijalankan skrip dan coba sadap beberapa mode.
Ini adalah latihan yang menyenangkan dengan solusi sederhana.
Masuk ke server setelah mulai menggunakan 'pengguna' sebagai nama pengguna dan 'Uncr4ckable1!' sebagai kata sandi, menggunakan SSH pada port 22.
Anda harus mendapatkan token setelah berhasil masuk.
Server terhubung, tetapi kemudian menjatuhkan saya menyatakan:
Hai
Maaf harus memberi tahu Anda tetapi server ini tidak memungkinkan Anda untuk masuk
Anda sekarang akan keluar secara otomatis.
Terima kasih
Koneksi Admin Server ditutup oleh host jarak jauh. Koneksi ke ditutup.
Sejauh yang saya tahu semua orang di internet mengatakan ...
$ ssh nama host "bash --noprofile"
atau
$ ssh -t hostname "bash --noprofile"
atau
$ ssh -t hostname "bash --noprofile --norc"
atau
$ ssh user @ hostname / bin / bash
harus bekerja - namun paling-paling log masuk dan tidak mengusir saya, tetapi tampaknya tidak memiliki shell - saya dapat mengetik perintah, tetapi tidak melihat reaksi apa pun (juga tidak memiliki opsi untuk lihat server secara langsung ... jadi tidak dapat memeriksa apa yang ada dalam skrip ...)
Dengan -vvv diaktifkan, ssh memberikan output berikut:
> OpenSSH_7.6p1 Debian-2, OpenSSL 1.0.2m 2 Nov 2017 debug1: Reading
> configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config
> line 19: Applying options for * debug2: resolving "<ip>" port
> 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to
> <ip> [<ip>] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: key_load_public: No such file
> or directory debug1: identity file /root/.ssh/id_rsa type -1 debug1:
> key_load_public: No such file or directory debug1: identity file
> /root/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file
> or directory debug1: identity file /root/.ssh/id_dsa type -1 debug1:
> key_load_public: No such file or directory debug1: identity file
> /root/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file
> or directory debug1: identity file /root/.ssh/id_ecdsa type -1 debug1:
> key_load_public: No such file or directory debug1: identity file
> /root/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file
> or directory debug1: identity file /root/.ssh/id_ed25519 type -1
> debug1: key_load_public: No such file or directory debug1: identity
> file /root/.ssh/id_ed25519-cert type -1 debug1: Local version string
> SSH-2.0-OpenSSH_7.6p1 Debian-2 debug1: Remote protocol version 2.0,
> remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: match:
> OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 pat OpenSSH* compat 0x04000000 debug2:
> fd 3 setting O_NONBLOCK debug1: Authenticating to <ip> as
> 'user' debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
> debug3: record_hostkey: found key type ECDSA in file
> /root/.ssh/known_hosts:4 debug3: load_hostkeys: loaded 1 keys from
> <ip> debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
> debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3:
> receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2:
> local client KEXINIT proposal debug2: KEX algorithms:
> curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
> debug2: host key algorithms:
> ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
> debug2: ciphers ctos:
> chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
> debug2: ciphers stoc:
> chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
> debug2: MACs ctos:
> umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
> debug2: MACs stoc:
> umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
> debug2: compression ctos: none,zlib@openssh.com,zlib debug2:
> compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos:
> debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved
> 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms:
> curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
> debug2: host key algorithms:
> ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
> debug2: ciphers ctos:
> chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
> debug2: ciphers stoc:
> chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
> debug2: MACs ctos:
> umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
> debug2: MACs stoc:
> umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
> debug2: compression ctos: none,zlib@openssh.com debug2: compression
> stoc: none,zlib@openssh.com debug2: languages ctos: debug2: languages
> stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex:
> algorithm: curve25519-sha256@libssh.org debug1: kex: host key
> algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher:
> chacha20-poly1305@openssh.com MAC: <implicit> compression: none
> debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC:
> <implicit> compression: none debug3: send packet: type 30 debug1:
> expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31
> debug1: Server host key: ecdsa-sha2-nistp256
> SHA256:6O6B8ub+hwfuf607NjA85cersGNi6MrV/+1XQtv5ovU debug3:
> hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3:
> record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:4
> debug3: load_hostkeys: loaded 1 keys from <ip> debug1: Host
> '<ip>' is known and matches the ECDSA host key. debug1: Found
> key in /root/.ssh/known_hosts:4 debug3: send packet: type 21 debug2:
> set_newkeys: mode 1 debug1: rekey after 134217728 blocks debug1:
> SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3:
> receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2:
> set_newkeys: mode 0 debug1: rekey after 134217728 blocks debug2: key:
> /root/.ssh/id_rsa ((nil)) debug2: key: /root/.ssh/id_dsa ((nil))
> debug2: key: /root/.ssh/id_ecdsa ((nil)) debug2: key:
> /root/.ssh/id_ed25519 ((nil)) debug3: send packet: type 5 debug3:
> receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1:
> kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50
> debug3: receive packet: type 51 debug1: Authentications that can
> continue: publickey,password debug3: start over, passed a different
> list publickey,password debug3: preferred
> gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey debug3: remaining preferred:
> keyboard-interactive,password debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey debug1: Trying private
> key: /root/.ssh/id_rsa debug3: no such identity: /root/.ssh/id_rsa: No
> such file or directory debug1: Trying private key: /root/.ssh/id_dsa
> debug3: no such identity: /root/.ssh/id_dsa: No such file or directory
> debug1: Trying private key: /root/.ssh/id_ecdsa debug3: no such
> identity: /root/.ssh/id_ecdsa: No such file or directory debug1:
> Trying private key: /root/.ssh/id_ed25519 debug3: no such identity:
> /root/.ssh/id_ed25519: No such file or directory debug2: we did not
> send a packet, disable method debug3: authmethod_lookup password
> debug3: remaining preferred: ,password debug3: authmethod_is_enabled
> password debug1: Next authentication method: password
> user@<ip>'s password: debug3: send packet: type 50 debug2:
> we sent a password packet, wait for reply debug3: receive packet: type
> 52 debug1: Authentication succeeded (password). Authenticated to
> <ip> ([<ip>]:22). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2:
> channel 0: send open debug3: send packet: type 90 debug1: Requesting
> no-more-sessions@openssh.com debug3: send packet: type 80 debug1:
> Entering interactive session. debug1: pledge: network debug3: receive
> packet: type 80 debug1: client_input_global_request: rtype
> hostkeys-00@openssh.com want_reply 0 debug3: receive packet: type 91
> debug2: channel_input_open_confirmation: channel 0: callback start
> debug2: fd 3 setting TCP_NODELAY debug3: ssh_packet_set_tos: set
> IP_TOS 0x08 debug2: client_session2_setup: id 0 debug1: Sending
> environment. debug3: Ignored env LS_COLORS debug3: Ignored env
> XDG_MENU_PREFIX debug1: Sending env LANG = en_GB.UTF-8 debug2: channel
> 0: request env confirm 0 debug3: send packet: type 98 debug3: Ignored
> env GDM_LANG debug3: Ignored env DISPLAY debug3: Ignored env COLORTERM
> debug3: Ignored env USERNAME debug3: Ignored env XDG_VTNR debug3:
> Ignored env SSH_AUTH_SOCK debug3: Ignored env S_COLORS debug3: Ignored
> env XDG_SESSION_ID debug3: Ignored env USER debug3: Ignored env
> DESKTOP_SESSION debug3: Ignored env PWD debug3: Ignored env HOME
> debug3: Ignored env JOURNAL_STREAM debug3: Ignored env SSH_AGENT_PID
> debug3: Ignored env QT_ACCESSIBILITY debug3: Ignored env
> XDG_SESSION_TYPE debug3: Ignored env XDG_DATA_DIRS debug3: Ignored env
> XDG_SESSION_DESKTOP debug3: Ignored env GJS_DEBUG_OUTPUT debug3:
> Ignored env GTK_MODULES debug3: Ignored env WINDOWPATH debug3: Ignored
> env TERM debug3: Ignored env SHELL debug3: Ignored env VTE_VERSION
> debug3: Ignored env XDG_CURRENT_DESKTOP debug3: Ignored env
> GPG_AGENT_INFO debug3: Ignored env SHLVL debug3: Ignored env XDG_SEAT
> debug3: Ignored env WINDOWID debug3: Ignored env GDMSESSION debug3:
> Ignored env GNOME_DESKTOP_SESSION_ID debug3: Ignored env LOGNAME
> debug3: Ignored env DBUS_SESSION_BUS_ADDRESS debug3: Ignored env
> XDG_RUNTIME_DIR debug3: Ignored env XAUTHORITY debug3: Ignored env
> PATH debug3: Ignored env GJS_DEBUG_TOPICS debug3: Ignored env
> SESSION_MANAGER debug3: Ignored env _ debug3: Ignored env OLDPWD
> debug1: Sending command: /bin/bash -vvv debug2: channel 0: request
> exec confirm 1 debug3: send packet: type 98 debug2:
> channel_input_open_confirmation: channel 0: callback done debug2:
> channel 0: open confirm rwindow 0 rmax 32768 debug2: channel 0: rcvd
> adjust 2097152 debug3: receive packet: type 99 debug2:
> channel_input_status_confirm: type 99 id 0 debug2: exec request
> accepted on channel 0
Apa yang saya lewatkan? tugas ini seharusnya memakan waktu 30 menit, dan saya merasa sudah menjelajahi internet tanpa hasil
ssh user@hostname ls -la
untuk melihat file profil apa yang ada di sana, lalu ssh user@hostname cat <filename>
masing-masing untuk melihat bagian apa yang perlu dilewati. Anda juga bisa ssh user@hostname ls -la /bin
untuk melihat apakah ada shell lain yang bisa Anda gunakan.
ssh user@host bash --noprofile --norc
dan saya mendapat koneksi tanpa prompt di mana saya bisa menjalankan perintah bash.