Security :: Privilege Escalation - Getting 'root' Privilege?
Dec 1, 2010
Currently as a part of an assignment I need to implement a reverse shell on a linux system. The system details are -Quote:Linux Kernal Version - 2.6Database - MySQLUsing web-server I could upload a php file which could execute the command on behalf of me. Now, I want to get root access so that I can get access to system's core files.My sample php file -
PHP Code:
<?php
if((!empty($_GET['cmd']) && isSet($_GET['cmd'])))
[code]....
View 2 Replies
ADVERTISEMENT
Jul 24, 2011
I have been wondering if a guest user could compromise a machine which is set in the following way: they are not able to open the computer case, to boot from either an USB flash drive or an optical-disc drive, nor have any knowledge of the administrator-user password. Thus, they are landing on their guess account, and have to work their privilege escalation from there.
Therefore, what can they do to gain it? Could they download or otherwise install or run from a thumb drive an application that could be used to crack the administrator-user password? Because, it seems to me, could they enter into the system such a password-cracking application, the whole system could be compromised given the administrator-user password contains less than 9-or-so characters. What do you think? Can I lend my computer to anybody without them having beforehand gained my trust in them? Is the reasoning reasonable?
View 9 Replies
View Related
Apr 8, 2011
When I started using Fedora (with Gnome) a week ago, I noticed a key symbol in the system tray, or however you call that in the linux world ;-). I can't remember what it was called, but it appeared after I loaded a program or administrative function that required root privileges. If I understand correctly there's a certain timeout after you put in the root password that allows you to run more than one program with elevated privileges so you don't have to put in the root password all the time. I remember reading somewhere that you can change that timeout. This key symbol basically was a "screw the timeout, i'm done being root".
This key symbol doesn't appear anymore though and I'd really like it back.
I'm pretty sure, I didn't do anything to make it go away, as I didn't play around with any security settings.
It was a little tricky to search for this as I can't recall the actual name of this... key thingy..
View 14 Replies
View Related
Dec 10, 2010
I am traying to install an application on ubuntu, it asks me that I have to get root access. How can I get this previlige?
View 9 Replies
View Related
Jul 7, 2009
I want to give root privilege to the command rm for only a directory Dir inside /local/home. How I can do that?
View 9 Replies
View Related
Feb 28, 2011
I'm new to Linux (had some basic Unix experience in 1995 era). (Teenager) gave me HP2133 mini notebook running SUSE Linux Enterprise Desktop 10. Everything checks good (hardware and software), even wireless networking. Problem is she apparently created Admin/root password but says cannot remember. I cannot even set correct date time... yast is asking for root privilege:
Command: /sbin/yast2 time
Is there anything I can do to re-establish administrator privilege?
View 6 Replies
View Related
Sep 18, 2010
This is my first thread ever to make on the linux forum, and I just began using linux Ubuntu Lucid for my server. Please bare with me because I think I am questioning such a basic question. How do you give sftp root privilege to user? I've made group "admin" and made 2 users under that group. Trying to upload a file onto a server using SFTP with one of the user and it fails and says "Permission denied."
I gave full sudo/root permission to the group "admin" from /usr/sbin/visudo I mainly use Tranmit4 but I also have filezilla. Or is there a way to run sudo command on either ftp client application?
View 14 Replies
View Related
Nov 16, 2010
Users of Lacie's 4L which is used to burn labels for your Lightscribe disks, are required to have the app run with sudo privileges, (the command being: gksudo 4L-gui). On an older version of an Ubuntu install, I had it set up so that it did this automatically, without it, (or me), being asked for a password. I thought it was something I added to the sudoers file, to give 4l-gui automatic authority, but I forgot how i did it.
View 2 Replies
View Related
Sep 28, 2010
On Linux, is root privilege required to send a wake-on-lan magic packet? If it depends on how you send the magic packet, please let me know under what situation root is required.
View 1 Replies
View Related
Jan 18, 2010
I'm under linux . by default, other user can't read anything under my home directory. let's see my home directory is /home/superman , and I tried to use
chmod +r /home/superman
to let others can acess files under my home directory , but it does not work .
View 1 Replies
View Related
Mar 14, 2011
I adjusted some settings in the desktop settings folder in KDE. I had only one user account on the machine. Next time I rebooted I could not log into KDE (it kept bombing out). I had to log into the console. Finally I managed to create a new account with useradd but this user cannot sudo
My problem is that my home directory is encrypted, so I need a new user with sudo privileges to delete all the kde files and folders in my original users home directory so that I can start with a new KDE setup (which won�t be a bad thing since I tinkered a lot).
How can I add sudo privileges to the new account (I presume I can do it by logging in with my sudo account in a terminal login?
View 9 Replies
View Related
May 1, 2010
due to an exercise in Operating Systems I have to do the following: There are 6 users, user1, user2 ... user6 with home directories /users/user1 ... users/user6. User1 to user3 belong to group1, user4 to user6 belong to group2. The System Administrator wants to change the privilege* only to users 1, 2 and 3 to execute the file /bin/xxx. Which are the commands he has to type in order to achieve the previous?*I'm not sure if this is the right translation.What I have come till now is: Code: $ chgrp group1 <name_of_file> but it seems too simple to be right.
View 1 Replies
View Related
Mar 23, 2010
I am looking to create a user to be able to do WinSCP or SSH into the system and only be able to see /var/www/html/joomla/ and that is it. I don't want them to be able to start or stop service but be able to upload and download files to the specific directory or change privileges of the mentioned directory. Is that possible? what commands should I run.
View 1 Replies
View Related
Jan 20, 2011
want to run VirtualBox with root permissions. Trouble is that only when run as root i can access attached USB devices inside of a virtual machine, otherwise, these a greyed out).Now running VirtualBox as a root user also changes the configuration folders, making all my virtual machines already defined disappear. I also don't want to copy all to the root configuration folders. Is there a way to give the VirtualBox root permissions but without actually running the application as a root user. Is it possible to do without changing the permissions of the non-root user, i.e. i don't want my user to have all root permissions, due to security considerations.
View 1 Replies
View Related
Apr 12, 2010
I run ProFTPd with TLS authentication on my Debian Lenny server. My problem is that despite of the fact that my users connect chrooted, one of my friends had root privileges after logging in form a Macintosh and could browse the root directory, too.
View 1 Replies
View Related
Mar 25, 2010
Having read on the forums about some of the dangers of running Wireshark as root, I would like to know if anyone can suggest some alternative packet sniffers/network analyzers which will offer similar results but without the security issues. I am using Karmic Koala on a Fujitsu Siemens laptop with wireless router (firewall enabled)
View 7 Replies
View Related
Sep 8, 2010
Whenever I login as root, an e-mail with the subject "Security information" is sent outwhere the e-mail address for this message is configured? I need to change it (or perhaps disable it).
View 9 Replies
View Related
Oct 20, 2010
I found this on Bee's website. For more info on this exploit there are links there:[URl]..All you have to do in Fedora 13 is enter the following lines in a shell as normal user:
[Code]...
I don't think this can be considered solely an "upstream" problem, because I first tried it in Arch using the same version of glibc, and the final command causes both gnome-terminal and xterm windows to disappear.
View 14 Replies
View Related
Aug 19, 2009
I have a fedora 10 server to which I can ssh as the root user using RSA.
However for any user other than root a password is always requested.
I have made changes to PAM and check the rights to all the files and read pages upon pages. I can mess it up completely so no one can login but cant get it so that anyone other than root can use a public key.
Another interesting and may be related item is that when any user logs in, with a password, via ssh then they get the error:
Could not chdir to home directory /home/xxxx: Permission denied
But they can cd to their home directory and have no problems.
I am thinking that this may be to do with the mount. The home directory is on a HDD but the system dive is an SSD.
I have gone over everything so many times I am now lost, I must be overlooking something so simple and obvious its just not coming to mind.
View 4 Replies
View Related
Mar 7, 2011
When I try to issue "su -", I get "su: Authentication failure", and I'm 100% sure password I enter is ok.
I think it started to happen after I issued
chmod +s /usr/bin/screen
chmod 755 /usr/bin/screen
which I believe is unrelated to this problem, and,
chmod -s /bin/su (-s by mistake)
chmod 755 /bin/su
which most probably made the whole mess...
this is not the part of the problem I believe but here's some background why I did that... when trying to make possible for screen sessions to be started automatically on boot under non-root account, I entered something like "su - username -c "/usr/bin/screen -dmS screenname ./executable-file"" in bootmisc.sh, but I was getting "must run suid root for multiuser support", so I tried to fix it, and now I can't login to root account no way.
View 5 Replies
View Related
Jan 8, 2011
Running Debian lenny.Is there any way to run
Code:
$ chage --expiredate some_date user1
chage: Permission denied.
[code]....
View 3 Replies
View Related
Mar 4, 2010
I need to launch a bash file in Linux from an unprivileged user session, file that will run bash commands as root. But I do not want to create an user with root privileges to do that also the process must be silent (no password asked).
How can I do this without adding a user in sudoers and without giving rights to all users to execute the commands from that bash file?
I have tried SUID option witch would had been good as functionality but I understand that SUID doesn't work for script bash files.
View 14 Replies
View Related
May 8, 2009
i still can't see quite well the security reason for not allowing one logging in as root on Fedora, but anyway...how to become the root on my system, Fedora 10, please?i did open a terminal and typed s - root then my password, now im the root, but only on the terminal, as CLI, but what if i want to change the munu.lst inside grub i.e.? and some other files or settings that there's no option to just type in the root password, how to overcome that please?
View 9 Replies
View Related
Aug 9, 2010
I've recently installed 64bit version of ubuntu 9.10 but the GDMsetup doesn't seem to be working as it was in 9.04 i mean to say when you type gdmsetup at console the login window pops up where i can check the check-box "Allow local administrator log in" under security tab. to enable login as root. since it is not working i've to type password every time when i install a package or create a folder in root directory or mount a drive which is quite irritating how can i login as root in gui mode etc... also is there some syntax which i can put into /etc/gdm/custom.conf so i can log in as root....
View 2 Replies
View Related
Nov 7, 2010
The Wireshark website specifically warns against running WireShark as Root....
Quote:
Administrator/root account not required!
Many Wireshark users think that Wireshark requires a root/Administrator account to work with.
That's not a good idea, as using a root account makes any exploit far more dangerous: a successful exploit will have immediate control of the whole system, compromising it completely.
First of all, most Wireshark functions can always be used with a (probably very limited) user account. In particular, the protocol dissectors which have shown most of the security related bugs do not need a root account!
Only capturing (and gathering capture interface information) may require a root account, but even that can usually be "circumvented", see CaptureSetup/CapturePrivileges for details how to do so.
View 3 Replies
View Related
Apr 22, 2011
Having trouble adding a regular user with ssh access on Hardy 8.04. I can ssh into root, but not into the newly created regular user with the same ~/.ssh/authorized_keys
Code:
sshd_config has:
AllowGroups sshlogin
AllowUsers user root
[code]....
what could be preventing ssh login to ~user? And yes I would like to disable root ssh access, but it would be nice to be able to ssh into user first
View 4 Replies
View Related
Jun 5, 2010
How do I add root permissions to my user account?
I want full permissions for all computers in my house, without having to get up and go to the other room and change permissions for the file, folder, drive, directory, computer, etc., then go back to the other room again.
I just created a partition, as THIS user, THIS machine, rebooted, and cannot create a folder on the partition I just created. UGH. No more of this stuff... I guess at the very least, I'll still have to log onto each machine for this?
View 12 Replies
View Related
Aug 11, 2010
I want to get a of log all the commands executed by the root user with the following details :
incoming ip
username (thru which su was executed)
time and date
all the commands executed as mentioned above.
Also if user has managed to login as root, he should not be able to disable / delete the above info. Can this info be collected at some other physical server ?
View 5 Replies
View Related
Apr 5, 2011
Consider: [URL]
In security terms, would using sudo instead of root be safer? I'd actually prefer to use this if so; I like sudo an awful lot. (It's Mark Shuttleworth's fault)
View 10 Replies
View Related
Feb 17, 2010
When creating 10 samba users I also created Linux users. I do not want these Samba users to be able to use putty, winscp etc to access the server.
Do you know how I can restrict ssh access to specific users?
View 6 Replies
View Related
