系统相关
首页 > 系统相关> > 『CTF Tricks』Ruby-利用File.open()执行shell命令

『CTF Tricks』Ruby-利用File.open()执行shell命令

作者:互联网

文章目录

前言

测试环境为

利用

file = '|whoami'
puts open(file).read()  # ubuntu
puts open(file).gets    # ubuntu

原理

查看核心文件Kernel.rb,在2800行左右:

  # open(path [, mode [, perm]] [, opt])                -> io or nil
  # open(path [, mode [, perm]] [, opt]) {|io| block }  -> obj
  # 
  # Creates an IO object connected to the given stream, file, or subprocess.
 
  # If +path+ starts with a pipe character (<code>"|"</code>), a subprocess is
  # created, connected to the caller by a pair of pipes.  The returned IO
  # object may be used to write to the standard input and read from the
  # standard output of this subprocess.

  # === Examples
  # 
  # Open a subprocess and read its output:
  # 
  #    cmd = open("|date")
  #    print cmd.gets
  #    cmd.close
  # 
  # Produces:
  # 
  #    Wed Apr  9 08:56:31 CDT 2003

如果+path+以一个管道字符(|)开头,就会创建一个子进程,通过一对管道连接到调用者。 返回的IO对象可用于向该子进程的标准输入写入和从标准输出读取。

因此可以利用open函数的特性通过管道符执行shell

在这里插入图片描述

实战例题

欢迎在评论区留言

标签:shell,read,Ruby,Tricks,cmd,subprocess,file,path,open
来源: https://blog.csdn.net/Xxy605/article/details/120373095