Shulou(Shulou.com)06/02 Report--

Preface

In this article, I will introduce a line-oriented text editor command "ed", which is mainly used to generate, display, change and manipulate text files. All ed commands operate on or within the line range; for example, the "d" command deletes the line, the "m" command moves the line, the "t" command copies the line, and so on. Now, what we need to do is to use these "ed" commands to enhance our user privileges on the Linux system.

Ed Summary

The ed command in Linux is used to launch the ed text Editor, a line-based text editor. It is the simplest text editor in Linux, which can only edit one line at a time instead of full-screen operation. It can help users perform many operations, such as creating, editing, displaying and manipulating files.

It has two different working modes, command mode (command mode) and input mode (input mode). In command mode, "ed" reads commands from standard input and executes to manipulate the contents of the editor buffer, while ed enters its input mode when entering commands such as "m" (move), "d" (delete), "t" (copy), or "c" (change).

Type the help command to learn more about "ed".

Ed-help

Initialize the file with ed: the terminal space is shown in the following figure when the command is run in the initial phase. By default, the editor creates an empty buffer to write, similar to how other command-line-based editors work when called without a file name.

Ed

Now, let's create a text file that contains text content. First, we enter a to enter the input mode, then enter a dot (.) after editing, and then enter to return to the command mode. Press the wq file name to save the new file, and then press Q to exit the editor.

Eda.w info.txtqcat info.txt

You can use the "cat" command to confirm that the file has been created successfully.

Edit the file using ed: if you want to edit the same file again now, you can do this by passing the file name as an argument to the ed command and following the same procedure above.

In the following figure, I added a line to my file "info.txt" and created it in the same way.

Ed info.txt

Note: whenever you use any option of the ed command, you need to use the 'await,'., 'wicked,' Q' command.

Now we have learned the basic editing methods of using ed. So if we want to change a specific line, how can we use ed to do so?

In the following figure, I show you how to print any specific line using the'p' and'n' parameters

When we type'p' (lowercase) to print the current line, for example, enter', p' (without quotation marks) to display the full text;'n' is used to display the line number and content of the last line, enter a number to select the line to edit

Ed info.txtp

Therefore, we just need to enter the corresponding line number.

N25

After navigating to the appropriate line, you can change the line by entering the "c" command. For example, here I changed line 5, which is the last line in my file, I added some additional content to it, and used the 'cat' command to see if my content had been added successfully, and finally followed the same procedure above to save the file.

Ccat info.txt

Display an error message by using ed: a question mark is displayed when you type something that ed cannot understand. To learn more about error editing, simply type'h'.

Ed info.txtbh

As you can see from the screenshot below, when I entered a'b 'option, it returned (?), which is the symbol that indicates the error. I typed'h' ed to further explain to me the cause of the error, that is, option b is an unknown command.

Ed copy and move operations: in addition to the functions discussed above, ed provides the option to copy and paste lines in other locations, in which case we use the't 'command to copy the line and the' m 'command to move the line. You need to add the line number of the line you want to copy and add before the t command. For example, as shown below, I have copied line 5 to location 0 and saved it.

Ed info.txt5t0cat info.txt

In the above command, 5 indicates the line to be copied, and 0 indicates the line number of the paste location.

Ed search operation: we can also search any row by keyword. First, we use the "- p%" option after ed, which will further prompt you to search for tasks. We just need to search for keywords after% and press the Enter key.

Ed-p% info.txt%/misconfiguration%/Linux

In the following figure, ed prints only those lines that include the search keywords misconfiguration and Linux.

Abuse of ed command

Now, we will use the ed command to perform the escalation operation. To do this, we need to set up an ed command lab with administrative privileges. Then we'll look at the impact of obtaining sudo permissions on it and how we can use it more to elevate rights.

As shown in the figure below, I created a local user (test) with all sudo privileges.

To add sudo permissions, open the / sudoers file and enter the following line as the user rights specification.

Test All= (root) NOPASSWD: / bin/ed

Take advantage of Sudo permissions

We need the session of the victim machine, which will help us give local users access to the target system and elevate it to root privileges.

First, we use ssh to connect to the target machine. Type the following command to gain access through local user login.

Ssh test@192.168.1.31

Then we look for the "test" user with sudo privileges and find that the user "test" can execute ed commands with "root" privileges without a password.

Sudo-l

After knowing the fact that the test user has sudo privileges, we can use the ed command to access the empty buffer to call bash / sh shell. As shown below, our user rights have been promoted to root.

Summary

The above is the whole content of this article. I hope the content of this article has a certain reference and learning value for everyone's study or work. Thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.