Wanna Be The King of the Hill?

Get Root and let’s see if you can keep it.

Danny Darden
Nerd For Tech

--

The purpose of Telehack is to explore. When you explore and try new things you learn more about how systems can be integrated or interconnected together and even dependent upon one another.

The ultimate goal in Telehack is to learn a little bit about programming, cybersecurity, computer archaeology, hacker culture, and computer history all at the same time. One of the things that you will have the ability to do is to move from host to host and attempt to gain access. The access component is easy. Think about the hacker attack cycle. First you must do recon. That is where you learn about the environment as well as the network that is attached to that environment. The next step is to gain initial access. In Telehack, this is accomplished by the simplified use of a buffer overflow attack and using the file porthack.exe. Porthack.exe simulates a buffer overflow and what you don’t see is that the executable actually runs a script to add you as a user of the system. I will often demonstrate the buffer overflow attack in my classes and we will watch a command that will run as root at our discretion.

In real life having a root account means that I have full read/write/execute permissions at the most basic level of the filesystem. If the filesystem is described as a tree of files, the root user would have access to the root of the tree. Think about it like this: as a root user you could chop the tree down if you wanted. “rm -rf *” is a command…

--

--

Responses (1)