There are many ways in which security can be compromised even if the user doesn't have direct shell access. Some ways include:
1) php/sql injections which in certain cases can trick a php file (f.e.) to disclose system information or execute a certain command. (This should be included in 2) )
2) user-space application vulnerability which can also be tricked in certain cases to behave differently than you expect. Let's create a very simple and
vulnerable C program:
Now, I could create another program (exploit) to overflow buf char array until a point in which strcpy()'s eip register is overflown with the start address of a certain
shellcode (machine instructions) of mine. PS: there are very ways in which this can be prevented, but there are other exploitation techniques.
3) kernel-space vulnerability in which we can go out virtual mode and access hardware directly (enter kernel space) or simply freeze your system. Same examples include
the famous integer overflows, NULL pointer dereferences, etc..
4) dummy administrators: https://www.unix.com/shell-programmin...directory.html
5) physical access with/without encryption (with encryption only if the machine is turned on -- cold boot attack)
So, if you're not careful there are many ways in which your system can be compromised, but don't let this allow any script kiddiot to trick you into think he has access to your machines (that's very unlikely).
Suppose I have a script named "sc.sh"
in the script how to print out its name "sc.sh"? (3 Replies)
Discussion started by: meili100
3 Replies
LEARN ABOUT SUSE
strcpy
STRCPY(3) Linux Programmer's Manual STRCPY(3)NAME
strcpy, strncpy - copy a string
SYNOPSIS
#include <string.h>
char *strcpy(char *dest, const char *src);
char *strncpy(char *dest, const char *src, size_t n);
DESCRIPTION
The strcpy() function copies the string pointed to by src, including the terminating null byte ('