Penetration Testing with Kali Linux OffSec
|
|
./find_employee_names.py
zsh: permission denied: ./find_employee_names.py kali@kali:~$ chmod +x find_employee_names.py zsh: permission denied: chmod Listing 16 - Something isn’t quite right here. In this initial case, our simple script wouldn’t run. This is the same problem we ran into previously. We tried the solution that worked before, but this time we got a new error message. We could try running chmod on the chmod file, but we will run into the same problem. Let’s run it on /usr/bin/chmod, since this is the specific location of the file. kali@kali:~$ chmod +x /usr/bin/chmod zsh: permission denied: chmod Listing 17 - Trying to chmod our chmod binary. Once again our permission is denied, but we’re not stuck yet. A particularly observant student might reasonably ask why we needed to use “./” for our own Python script, but not for chmod. The answer, which is beyond the scope of this Module, has to do with the PATH environment variable. Interested or curious students can learn more about this with external study. For the most part, we’ve been checking for permission by simply attempting to execute the program. Let’s recall the method we used earlier to check for this permission - using the ls command with the -l option. If we run ls -l without anything at the end, we’ll be able to observe information for every file in the current directory. Since we are only interested in one file, we will follow our command with a specific file name. Let’s run this command for two different files. kali@kali:~$ ls -l find_employee_names.py -rw-r--r-- 1 kali kali 206 Jun 7 12:31 find_employee_names.py kali@kali:~$ ls -l /usr/bin/ls -rwxr-xr-x 1 root root 147176 Sep 24 2020 /usr/bin/ls Listing 18 - Running ls -l on different files. In this example, we checked some of the information on two different files. We’ve run this on our Python script before and the output, missing the “x” character, is expected. The second time, we ran ls on the ls file. This time we’ll notice the output includes the “x” character. This explains why we can’t run find_employee_names.py, but we can run ls. Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 73 4.4.3 One Potential Solution There are a number of ways to fix our chmod problem. The simplest solutions involve finding a “clean” version of the chmod file and replacing it. The more complicated solutions include running one binary in the context of another binary that has the correct permissions. Let’s explore one Yüklə Dostları ilə paylaş:
|