forked from gajos112/OSCP
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Sudoers.txt
110 lines (74 loc) · 4.86 KB
/
Sudoers.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
The sudo command is used to run commands as another user. Most of the time, it's used to give unpriviliged users the right to run command as root.
The first thing to do is to check what you can do by running the following command:
$ sudo -l
sudo will most likely ask you for the password of the current user.
Once you executed sudo -l, you should see something similar to the following:
$ sudo -l
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for pentesterlab:
Matching Defaults entries for pentesterlab on 4d451a0aa68f:
env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
User pentesterlab may run the following commands on 4d451a0aa68f:
(victim) /bin/bash
The key information is located in the final lines: you're allowed to run the command /bin/bash as victim.
Since you can run /bin/bash, you can run any command after that. First, you can run:
sudo -u victim /bin/bash
After running this command, you're actually running all the following commands as the user victim:
$ id
uid=1001(victim) gid=1001(victim) groups=1001(victim)
-------------------------------------------------------------------------------------------------------------------------------------
SUDOERS
Privilege separation is one of the fundamental security concepts implemented in Linux. Normal users works as limited privileges to reduce the scope of their permission.
Account called "ROOT" is "super-user" privileges. This is an administrative account without the restrictions that are present on normal users.Users can execute commands with "super-user" or "root" privileges in a number of different ways.
Users can works as root and use speccial permission if they are added to sudoers.
To become root performs commands listed below:
1. SU
- su (substitute user)
Put root users' password. After all needed action exit root shell.
- exit
2. SUDO
SUDO command allows us to execute command as root.
- sudo command_to_execute
Unlike SU, the SUDO command will reqiure password for user which is calling the command, not the ROOT password.
File which contains permission acording to SUDO are stored in /etc/sudoers
VISUDO is file editor whcih should be used to change /etc/sudoers file, it validates the syntax of sudo file to make sure that we will not crash the file. In situation when we will broke the file we can blocked whole sudo access.
////////////////////////////////////etc/sudoers//////////////////////////////////////////
root$: cat /etc/sudoers
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
root ALL=(ALL:ALL) ALL
%admin ALL=(ALL) ALL
%sudo ALL=(ALL:ALL) ALL
#includedir /etc/sudoers.d
/////////////////////////////////////////////////////////////////////////////////////////
- root ALL=(ALL:ALL) ALL (The first field indicates the username that the rule will apply to (root))
- root ALL=(ALL:ALL) ALL (The first "ALL" indicates that this rule applies to all hosts)
- root ALL=(ALL:ALL) ALL (This "ALL" indicates that the root user can run commands as all users)
- root ALL=(ALL:ALL) ALL (This "ALL" indicates that the root user can run commands as all groups)
- root ALL=(ALL:ALL) ALL (The last "ALL" indicates these rules apply to all commands)
Names beginning with a "%" indicate group names. Here, we see the "admin" group can execute any command as any user on any host. Similarly, the sudo group can has the same privileges, but can execute as any group as well.
Files in /etc/sudoers.d directory follow the same rules as the /etc/sudoers file itself. Any file that does not end in ~ and that does not have a . in it will be read and applied to the sudo configuration.
3. HOW TO GICE SUDO PRIVILEGES
- sudo usermod -aG sudo username
- sudo gpasswd -a username sudo
4. ALIASES
////////////////////////////////////etc/sudoers//////////////////////////////////////////
...
User_Alias GROUPONE = abby, brent, carl
User_Alias GROUPTWO = brent, doris, eric,
User_Alias GROUPTHREE = doris, felicia, grant
...
GROUPTWO ALL = /usr/bin/apt-get update
...
#includedir /etc/sudoers.d
/////////////////////////////////////////////////////////////////////////////////////////
5. Additional information
- sudo -k (after we type password for sudo, system will not ask to type it again for certain amount of time, we can clear it with that command)
- sudo -v (it show sudo version, then we can check for exploit)
- sudo -l (it will list rules for current user which are allwoed in /etc/sudoers
- sudo !! (it will repeat last command with sudo previx)