Wanna Be The King of the Hill?
Get Root and let’s see if you can keep it.
The purpose of Telehack is to explore. When you explore and try new things you learn more about how systems can be integrated or interconnected together and even dependent upon one another.
The ultimate goal in Telehack is to learn a little bit about programming, cybersecurity, computer archaeology, hacker culture, and computer history all at the same time. One of the things that you will have the ability to do is to move from host to host and attempt to gain access. The access component is easy. Think about the hacker attack cycle. First you must do recon. That is where you learn about the environment as well as the network that is attached to that environment. The next step is to gain initial access. In Telehack, this is accomplished by the simplified use of a buffer overflow attack and using the file porthack.exe. Porthack.exe simulates a buffer overflow and what you don’t see is that the executable actually runs a script to add you as a user of the system. I will often demonstrate the buffer overflow attack in my classes and we will watch a command that will run as root at our discretion.
In real life having a root account means that I have full read/write/execute permissions at the most basic level of the filesystem. If the filesystem is described as a tree of files, the root user would have access to the root of the tree. Think about it like this: as a root user you could chop the tree down if you wanted. “rm -rf *” is a command that would do exactly what you tell it to: descend through every level of the directory tree and delete every file regardless of location or owner. “rm -rf *” is the most dangerous command that could ever be done on a system. As the root user if you want to wield an axe, you can wield that axe.
But do you Got Root?
So in our game scenario, getting a user account isn’t enough. You need to try to get root. In Telehack, just like in real life, having a root account on a host will allow you to run certain commands not accessible to regular users. It’s important to note that in the game only one user can have root access on a host. To access these special commands you have to elevate your regular user access to that of the superuser. There are two commands that will allow you to do this: su and sudo.
“su” is the command that means superuser. The su command will give you a shell that means that…