Penetration Testing with Kali Linux OffSec
|
- Bu səhifədəki naviqasiya:
- ./find_employee_names.py zsh: permission denied: ./find_employee_names.py kali@kali:$ ls -l find_employee_names.py
|
touch newfilename.txt
kali@kali:~$ ls -l newfilename.txt -rw-r--r-- 1 kali kali 0 Jun 6 12:31 newfilename.txt Listing 12 - Checking file permissions In some situations, our touch command may fail because of directory permissions. 160 Although this is beyond the scope of this introduction, for now it’s worth knowing that directory permissions apply to all files and directories within a directory. If the directory permissions don’t allow us to create files in this location, the touch command will obviously fail. The touch command produced no output. This is normal. The output of the ls command includes information about the permissions as indicated by the letters rwx , where the “r” is for read, the “w” is for write, and the “x” is for execute. A dash (-) indicates that the user class doesn’t have the corresponding permissions. In this case, we have permission to read and write to our new file, but there is no “x” character in the output, meaning no class has permission to execute. As the owner of a particular file, we were granted read and write permissions by default when we created it, but we aren’t granted executable permissions. In other words, if newfilename.txt was a program, we would not be able to execute it. This is a small but useful security feature that prevents us from accidentally running something we might not want to. Let’s keep going. In this scenario, let’s say we have a simple program that will give us a complete list of employee names. This program is a Python script we’ve created named find_employee_names.py . Let’s try to run the script. kali@kali:~$ ./find_employee_names.py zsh: permission denied: ./find_employee_names.py kali@kali:~$ ls -l find_employee_names.py -rw-r--r-- 1 kali kali 206 Jun 7 12:31 find_employee_names.py Listing 13 - First attempt at running our script. We try running the script by simply entering the name of the file, find_employee_names.py, in the terminal. The ./ part of the command simply instructs the system where to find the file. This should work, but the output is not what we expected. The “zsh: permission denied” error message indicates that for some reason, we’re not able to execute (or run) our script. We also ran the same ls command as before. As with our newly created file, there’s no “x” character in the output, which means that we don’t have permission to execute. This explains the “permission denied” output. Let’s change the executable permission for this file and give ourselves permission to execute the file (put another way, to run it as a program). We can use chmod +x to add the executable permission to our script file. Let’s do so and try running the script again. 160 (Linux Foundation, 2022), https://www.linuxfoundation.org/blog/blog/classic-sysadmin-understanding-linux-file-permissions Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 71 kali@kali:~$ Yüklə Dostları ilə paylaş:
|