|
L in u X ba sics for h acke rs g e t t I n g s t a r t e d w I t hBog'liq linuxbasicsforhackersfind / -user root -perm -4000
With this command, we ask Kali to start looking at the top of the file-
system with the
/
syntax. It then looks everywhere below / for files that are
owned by root, specified with
user root
, and that have the
SUID
permission
bit set (
-perm -4000
).
When we run this command, we get the output shown in Listing 5-2.
/usr/bin/chsh
/usr/bin/gpasswd
/usr/bin/pkexec
/usr/bin/sudo
/usr/bin/passwd
/usr/bin/kismet_capture
--
snip
--
Listing 5-2: Finding files with the
SUID
bit set
The output reveals numerous files that have the
SUID
bit set. Let’s navi-
gate to the /usr/bin directory, where many of these files reside, and then run
a long listing on that directory and scroll down to the sudo file, as shown in
Listing 5-3.
kali >
cd /usr/bin
kali >
ls -l
--
snip
--
-rwxr-xr-x 1 root root 176272 Jul 18 2018 stunnel4
-rwxr-xr-x 1 root root 26696 Mar 17 2018 sucrack
u
-rwsr-xr-x 1 root root 140944 Jul 5 2018 sudo
--
snip
--
Listing 5-3: Identifying files with the
SUID
bit set
Note that at
u
, the first set of permissions—for the owner—has an
s
in place of the
x
. This is how Linux represents that the
SUID
bit is set. This
means that anyone who runs the sudo file has the privileges of the root user,
which can be a security concern for the sysadmin and a potential attack vec-
tor for the hacker. For instance, some applications need to access the /etc/
shadow file to successfully complete their tasks. If the attacker can gain con-
trol of that application, they can use that application’s access to the pass-
words on a Linux system.
Linux has a well-developed system of security that protects files and
directories from unauthorized access. The aspiring hacker needs to have a
basic understanding of this system not only to protect their files but also to
execute new tools and files. In some cases, hackers can exploit the
SUID
and
SGID
permissions to escalate privileges from a regular user to a root user.
|
| |
