README: Added instructions to gain root access on kali.boysbrigade.au server
- Added tutorial for gaining root access on the kali.boysbrigade.au server. - Included a new file H1.md with instructions on how to change shell using su command. - Renamed README.md to OPTIONAL-keylogger.md and updated its content to reflect the changes in task description.
This commit is contained in:
parent
f78d7461ab
commit
0047e5d83c
4
H1.md
Normal file
4
H1.md
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
You can use the `su --help` command to see how to use it.
|
||||||
|
Look for any option to change shell.
|
||||||
|
|
||||||
|
The command to use is `su bob -s /bin/bash`
|
47
OPTIONAL-keylogger.md
Normal file
47
OPTIONAL-keylogger.md
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
# OPTIONAL BB-Pen-2
|
||||||
|
|
||||||
|
The task this week is to create a simple keylogger that will log all the keys pressed on the keyboard and save them to a file.
|
||||||
|
The program should run in the background and not be visible to the user.
|
||||||
|
|
||||||
|
## Requirements
|
||||||
|
- Access to the kali.boysbrigade.au server (or another linux machine) (This will be provided)
|
||||||
|
|
||||||
|
## Instructions
|
||||||
|
1. SSH into the server using the provided credentials following the instructions from last week.
|
||||||
|
2. Create a new directory for your project and navigate into it. (Put your name in the directory name to avoid conflicts between other members)
|
||||||
|
3. In that directory create a new executable file to run the keylogger.
|
||||||
|
4. Write a script (file that ends in .sh) that will log all the keys pressed on the keyboard and save them to a file.
|
||||||
|
5. Try to make the keylogger look like it is not running (Hint: show the user a fake command prompt)
|
||||||
|
|
||||||
|
## Running the keylogger
|
||||||
|
```sh
|
||||||
|
# Run normally
|
||||||
|
./keylogger.sh
|
||||||
|
# Run so that it will close the SSH session when you close the logger
|
||||||
|
exec ./keylogger.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
## Hints
|
||||||
|
1. Infinite loop:
|
||||||
|
```sh
|
||||||
|
while true
|
||||||
|
do
|
||||||
|
# Your code here
|
||||||
|
# Will run forever
|
||||||
|
done
|
||||||
|
```
|
||||||
|
2. Get an input from the user:
|
||||||
|
```sh
|
||||||
|
read -p "Enter something: " input
|
||||||
|
echo "You inputed $input"
|
||||||
|
```
|
||||||
|
3. Get the message of the day (Screen that appears when you login):
|
||||||
|
```sh
|
||||||
|
cat /etc/motd
|
||||||
|
```
|
||||||
|
4. Run a variable as a command:
|
||||||
|
```sh
|
||||||
|
command="ls"
|
||||||
|
$command
|
||||||
|
# This will run the 'ls' command
|
||||||
|
```
|
63
README.md
63
README.md
@ -1,47 +1,28 @@
|
|||||||
# BB-Pen-2
|
# BB-Pen-2
|
||||||
|
|
||||||
The task this week is to create a simple keylogger that will log all the keys pressed on the keyboard and save them to a file.
|
The task this week is to get root access on the kali.boysbrigade.au server.
|
||||||
The program should run in the background and not be visible to the user.
|
You have been given a user account on the server (from BB-Pen-1).
|
||||||
|
Use this account to gain access to the admin account.
|
||||||
|
|
||||||
## Requirements
|
## Tutorial
|
||||||
- Access to the kali.boysbrigade.au server (or another linux machine) (This will be provided)
|
1. Login as `bob` (password in seconduser.pass from `gituser`).
|
||||||
|
2. See if you can change directory to test
|
||||||
|
You probably get this message`-rbash: cd: restricted`.
|
||||||
|
This means that you are in a restricted shell. Try to login to a normal shell (`/bin/bash`).
|
||||||
|
Hint `su` is the command to switch user (switch to yourself).
|
||||||
|
Need help? Look in [H1.md](H1.md) for help.
|
||||||
|
|
||||||
## Instructions
|
3. Once you have a normal shell, try to change directory to test again.
|
||||||
1. SSH into the server using the provided credentials following the instructions from last week.
|
If you are able to change directory, go back to the home directory (just run `cd`).
|
||||||
2. Create a new directory for your project and navigate into it. (Put your name in the directory name to avoid conflicts between other members)
|
|
||||||
3. In that directory create a new executable file to run the keylogger.
|
|
||||||
4. Write a script (file that ends in .sh) that will log all the keys pressed on the keyboard and save them to a file.
|
|
||||||
5. Try to make the keylogger look like it is not running (Hint: show the user a fake command prompt)
|
|
||||||
|
|
||||||
## Running the keylogger
|
4. One of the best ways to get root access is to find a program that is running as root, and exploit it.
|
||||||
```sh
|
Run `cat /etc/crontab` to see all the commands that are run on a schedule by the admin.
|
||||||
# Run normally
|
Notice anything you can exploit?
|
||||||
./keylogger.sh
|
|
||||||
# Run so that it will close the SSH session when you close the logger
|
5. If you found something, try to exploit it.
|
||||||
exec ./keylogger.sh
|
Something you can try is running this to add yourself to the sudo (admin) group.
|
||||||
|
```bash
|
||||||
|
echo 'bob ALL=(ALL:ALL) ALL' >> /etc/sudoers
|
||||||
```
|
```
|
||||||
|
See if you are able to run `sudo whoami`. This should print `root` if you have admin access.
|
||||||
## Hints
|
(You might need to wait a minute for the cron job to run)
|
||||||
1. Infinite loop:
|
|
||||||
```sh
|
|
||||||
while true
|
|
||||||
do
|
|
||||||
# Your code here
|
|
||||||
# Will run forever
|
|
||||||
done
|
|
||||||
```
|
|
||||||
2. Get an input from the user:
|
|
||||||
```sh
|
|
||||||
read -p "Enter something: " input
|
|
||||||
echo "You inputed $input"
|
|
||||||
```
|
|
||||||
3. Get the message of the day (Screen that appears when you login):
|
|
||||||
```sh
|
|
||||||
cat /etc/motd
|
|
||||||
```
|
|
||||||
4. Run a variable as a command:
|
|
||||||
```sh
|
|
||||||
command="ls"
|
|
||||||
$command
|
|
||||||
# This will run the 'ls' command
|
|
||||||
```
|
|
||||||
|
Loading…
Reference in New Issue
Block a user