90 % of all Americans don't even know what "root access" is.
root access - system level or highest administration level on a system.
So I'm looking through a friends nixbox and he has no idea what "root" is, I tried to explain it to him, that root = admin. I told him that running Linux without knowing what "root" is, will mean ssh just became a playground.
I explained that I didn't even need a root password to become root.
Using the command:
sudo su
I was able to enter root using his password, from there I created my own username.
useradd divider
gave it admin permissions:
usermod -G admin divider
created a password
passwd divider
setup my own home area
mkdir /home/divider
and finally gave me the only rights to it besides root.
chown divider /home/divider
After all this I logged out of ssh and entered as divider, using the command:
ps -u hisusername
I found out that he was physically logging in, I proceeded to find his xserver
and preformed the harshest version of kill on the xserver.
divider@nixbox: sudo kill -9 2489
his system logged him out and closed his x session.
I explained how in Linux, if you have root access you can do anything, and that setting a root password that is by far unhackable by today's dictionary standards would decrease the likely hood of his system getting rooted.
His comment
"holy shit, you could have destroyed my system in like 3 minutes if you wanted."
I replied, "It's scarier than you think, "sudo rm -fr ./ " will delete your entire hard drive. "
His jaw dropped and I showed him on a VM system what actually happens.
The morale of the story, don't get involved with an Operating System you obviously can't handle, just because you run Linux, doesn't mean your any more secure to rooting than any other system.
No comments:
Post a Comment