HomeworkLib
Question

An attacker has acquired root privileges on a Linux system. His/her primary goal was to obtain...

An attacker has acquired root privileges on a Linux system. His/her primary goal was to obtain one hundred userid-password combinations (in clear text). A secondary goal was to do this without being noticed. How will you verify that this attack has happened? How will you discover files that were changed, and perhaps later replaced with originals? Give your answers first (i) in English prose, then (ii) as a bash script.

engineering   Computer-Science   
0 0
Add a comment Improve this question Transcribed image text
Next > < Previous
Sort answers by oldest

Homework Answers

Answer #1

Ans (i)

The attacker has acquired the root privileges on a linux system, this has happened because of the Privilege Escalation Attack. In this type of attack the attacker or the user receives privileges that they are not entitled to, which means that they are not allowed to access those privileges which are given to them by mistake. The privileges can be used to delete files, see confidential data, passwords,etc. Privilege Escalation occurs when the attacker exploites the bug, design flaw, etc. When the attacker gets the privilege escalation, then he can access anything because he has the access or privilege. Since he has the privilege or access so, it would not be noticed by others.

Now, there is a question that how we will discover that files are changed, or replaced with originals.

Unix uses /etc/passwd file which contain username, basic identification information and basic account information for each user. When Unix requests our passwords, then it needs some way of determining that the password typed is correct or not, it compares it. Unix does not keep the actual or original password on the system, instead it stores the value which is generated using the password to encrypt the block of zero bit with one way crypt() function.

The Unix crypt() function takes the user password as encryption key and use it to encrypt 64 bit block of zeros. The resulting ciphertext is then encrypted again with the user's password, this process is done again or repeated 25 times and the final bits are stored in a shadow file.

Ans (ii)

sudo -l

./testfile.sh

cat testfile.sh

echo "Welcom Roy"

/bin/bash -l

sudo ./testfile.sh

uid=0 (root ) gid=0 (root) groups=0(root)

We get the privilege access of root.

0 0
Add a comment
Know the answer?
Add Answer to:
An attacker has acquired root privileges on a Linux system. His/her primary goal was to obtain...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Log In

Sign Up

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions
ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT