Giter Site home page Giter Site logo

bb-pen-2's Introduction

BB-Pen-2

The task this week is to get root access on the kali.boysbrigade.au server.
You have been given a user account on the server (from BB-Pen-1).
Use this account to gain access to the admin account.

Tutorial

  1. Login as bob (password in seconduser.pass from gituser).

  2. See if you can change directory to test
    You probably get this message-rbash: cd: restricted.
    This means that you are in a restricted shell. Try to login to a normal shell (/bin/bash).
    Hint su is the command to switch user (switch to yourself).
    Need help? Look in H1.md for help.

  3. Once you have a normal shell, try to change directory to test again.
    If you are able to change directory, go back to the home directory (just run cd).

  4. One of the best ways to get root access is to find a program that is running as root, and exploit it.
    Run cat /etc/crontab to see all the commands that are run on a schedule by the admin.
    Notice anything you can exploit?

  5. If you found something, try to exploit it.
    Something you can try is running this to add yourself to the sudo (admin) group.

echo 'bob  ALL=(ALL:ALL) ALL' >> /etc/sudoers

See if you are able to run sudo whoami. This should print root if you have admin access.
(You might need to wait a minute for the cron job to run)

bb-pen-2's People

Contributors

nathanwoodburn avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.