ComputerSecurityStudent (CSS) [Login] [Join Now]

|UNIX >> SUDO >> Current Page |Views: 56254

(Ethical Hacking: sudo)

{ sudo vi exploit}

Background Information
  • Background
    • If the /etc/sudoers file is misconfigured for a particular user, then that specific user can use sudo command to gain root access.


  1. Login to your TargetUbuntu01 VM, as username adminstrator
    • For those of you that do not have access to my class, the TargetUbuntu01 VM is a Linux Ubuntu Operating System.


Section 1: Exploit sudo with vi
  1. Command: sudo vi hackme.txt (See Below)
    • sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file.


    • The vi editor (short for visual editor) is a screen editor which is available on almost all Unix systems.


    • hackme.txt - is just a name of a file you are opening with the vi command.  Note, the file hackme.txt can be called anything.



  2. Press the return key.
    • Then type the administrator password.


  3. You will see the below screen after hitting the return key in the previous step.


  4. Command:  :!/bin/sh
    • After you type ":!/bin/sh" press the enter key.


  5. After enter was pressed in the previous step, you will see the "#" or "$" prompt.


  6. Command: id
    • The id command prints the real and effective user and group IDs.
    • Notice your uid is now equal to 0 which is the uid for the root user.


Section 2: Exiting the root shell
  1. Command: exit
    • Press Enter
    • By typing exit, you will exit the current shell of user root, which will drop you back into the administrator shell.


  2. After pressing enter in the previous step you will see the below screen.
    • Notice you are in vi's shell.
    • Press the enter key


  3. After pressing enter in the previous step, will place you back in vi's editor.


  4. Press the Esc key.
    • Command:  :q!
    • Hit the enter key.


  5. Now you will be placed back at the administrator command line prompt.
    • .


Proof of Lab
  1. Command: grep sudo /var/log/auth.log | tail -1
    • Do a screen print similar to the picture below and paste picture into a word document.
    • Submit to moodle.

























Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth