Last time we visited this topic, we made use of a large buffer to place our shellcode in the process' memory. This time, we don't have such a large buffer, and so won't be able to simply inject the code we want to execute via the program's input. Instead, we'll place our shellcode in an environment variable.
When working on the command line, it's often useful to be able to take the output of one command, and use it as the input to another. All command line work is really data manipulation (what work isn't?) and commands and programs are the means of manipulation. A particularly quick and practical way to control those means are pipelines! Geertz, if he'd been feeling particularly digital, might well have commented that we are creatures bobbing in floods of data we ourselves have produced.
One very common command line activity is process control. Linux, and other *nix operating systems come with a host of programs designed to assist with this, and when combined with features of Bash, and other Bash-like shells, the command line provides a comprehensive process control interface. In this tutorial, we'll cover some of the basics of process control from the command line. We'll use signals to interact with processes, and cover how to run processes in both the foreground, and background of a single terminal.
When working with the command line it is often useful to be able to programatically create and pass arguments. For instance, you may want to create files or folders with names from a list, or do something with each result from a program (i.e. find results). While there is almost always more than one way to do things, xargs
is a good choice, and a useful tool to have in the arsenal!
Many websites use a system of user verification that requires everyone who signs up to provide an email address, and then click a link sent to them to 'activate' their account. Though simple, this is an effective way to limit bogus account creation, and provide some security for your user-based web service. In this tutorial we'll cover how to set up such a registration process using PHP and MySQL. It's simple! We'll write just a little bit of HTML to create forms, and then use PHP to code for the logic of what we want to happen. A basic understanding of PHP, HTML and MySQL is all that's needed to follow along.