BB-Pen-2/README.md

# BB-Pen-2

The task this week is to get root access on the kali.boysbrigade.au server.  
You have been given a user account on the server (from BB-Pen-1).  
Use this account to gain access to the admin account.

## Tutorial
1. Login as `bob` (password in seconduser.pass from `gituser`).
2. See if you can change directory to test  
You probably get this message`-rbash: cd: restricted`.  
This means that you are in a restricted shell. Try to login to a normal shell (`/bin/bash`).  
Hint `su` is the command to switch user (switch to yourself).  
Need help? Look in [H1.md](H1.md) for help.

3. Once you have a normal shell, try to change directory to test again.  
If you are able to change directory, go back to the home directory (just run `cd`).  

4. One of the best ways to get root access is to find a program that is running as root, and exploit it.  
Run `cat /etc/crontab` to see all the commands that are run on a schedule by the admin.  
Notice anything you can exploit?

5. If you found something, try to exploit it.  
Something you can try is running this to add yourself to the sudo (admin) group.
```bash
echo 'bob  ALL=(ALL:ALL) ALL' >> /etc/sudoers
```
See if you are able to run `sudo whoami`. This should print `root` if you have admin access.  
(You might need to wait a minute for the cron job to run)
Initial commit 2023-05-15 15:50:32 +10:00			`# BB-Pen-2`
keylogger-example.sh: Example keylogger script - Script logs all keys pressed on keyboard to file - Fake command prompt is displayed to user while running README.md: Added instructions for creating and running keylogger - Instructions include creating new directory, executable file, and script that logs keys to file - Hints provided for infinite loop, getting input from user, displaying message of the day, and running variable as command. 2023-06-02 22:40:11 +10:00
README: Added instructions to gain root access on kali.boysbrigade.au server - Added tutorial for gaining root access on the kali.boysbrigade.au server. - Included a new file H1.md with instructions on how to change shell using su command. - Renamed README.md to OPTIONAL-keylogger.md and updated its content to reflect the changes in task description. 2023-06-08 20:52:16 +10:00			`The task this week is to get root access on the kali.boysbrigade.au server.`
			`You have been given a user account on the server (from BB-Pen-1).`
			`Use this account to gain access to the admin account.`
keylogger-example.sh: Example keylogger script - Script logs all keys pressed on keyboard to file - Fake command prompt is displayed to user while running README.md: Added instructions for creating and running keylogger - Instructions include creating new directory, executable file, and script that logs keys to file - Hints provided for infinite loop, getting input from user, displaying message of the day, and running variable as command. 2023-06-02 22:40:11 +10:00
README: Added instructions to gain root access on kali.boysbrigade.au server - Added tutorial for gaining root access on the kali.boysbrigade.au server. - Included a new file H1.md with instructions on how to change shell using su command. - Renamed README.md to OPTIONAL-keylogger.md and updated its content to reflect the changes in task description. 2023-06-08 20:52:16 +10:00			`## Tutorial`
			1. Login as `bob` (password in seconduser.pass from `gituser`).
			`2. See if you can change directory to test`
			You probably get this message`-rbash: cd: restricted`.
			This means that you are in a restricted shell. Try to login to a normal shell (`/bin/bash`).
			Hint `su` is the command to switch user (switch to yourself).
			`Need help? Look in [H1.md](H1.md) for help.`
keylogger-example.sh: Example keylogger script - Script logs all keys pressed on keyboard to file - Fake command prompt is displayed to user while running README.md: Added instructions for creating and running keylogger - Instructions include creating new directory, executable file, and script that logs keys to file - Hints provided for infinite loop, getting input from user, displaying message of the day, and running variable as command. 2023-06-02 22:40:11 +10:00
README: Added instructions to gain root access on kali.boysbrigade.au server - Added tutorial for gaining root access on the kali.boysbrigade.au server. - Included a new file H1.md with instructions on how to change shell using su command. - Renamed README.md to OPTIONAL-keylogger.md and updated its content to reflect the changes in task description. 2023-06-08 20:52:16 +10:00			`3. Once you have a normal shell, try to change directory to test again.`
			If you are able to change directory, go back to the home directory (just run `cd`).
keylogger-example.sh: Example keylogger script - Script logs all keys pressed on keyboard to file - Fake command prompt is displayed to user while running README.md: Added instructions for creating and running keylogger - Instructions include creating new directory, executable file, and script that logs keys to file - Hints provided for infinite loop, getting input from user, displaying message of the day, and running variable as command. 2023-06-02 22:40:11 +10:00
README: Added instructions to gain root access on kali.boysbrigade.au server - Added tutorial for gaining root access on the kali.boysbrigade.au server. - Included a new file H1.md with instructions on how to change shell using su command. - Renamed README.md to OPTIONAL-keylogger.md and updated its content to reflect the changes in task description. 2023-06-08 20:52:16 +10:00			`4. One of the best ways to get root access is to find a program that is running as root, and exploit it.`
			Run `cat /etc/crontab` to see all the commands that are run on a schedule by the admin.
			`Notice anything you can exploit?`
keylogger-example.sh: Example keylogger script - Script logs all keys pressed on keyboard to file - Fake command prompt is displayed to user while running README.md: Added instructions for creating and running keylogger - Instructions include creating new directory, executable file, and script that logs keys to file - Hints provided for infinite loop, getting input from user, displaying message of the day, and running variable as command. 2023-06-02 22:40:11 +10:00
README: Added instructions to gain root access on kali.boysbrigade.au server - Added tutorial for gaining root access on the kali.boysbrigade.au server. - Included a new file H1.md with instructions on how to change shell using su command. - Renamed README.md to OPTIONAL-keylogger.md and updated its content to reflect the changes in task description. 2023-06-08 20:52:16 +10:00			`5. If you found something, try to exploit it.`
			`Something you can try is running this to add yourself to the sudo (admin) group.`
			```bash
			`echo 'bob ALL=(ALL:ALL) ALL' >> /etc/sudoers`
			```
			See if you are able to run `sudo whoami`. This should print `root` if you have admin access.
			`(You might need to wait a minute for the cron job to run)`