So a professor of my Computer Security course, together with the campus IT director, have offered my class a challenge. They've placed a file (aptly named secret.txt) with a secret word/phrase/something in a protected folder, and are offering extra credit if we can figure out what that word is. We aren't allowed to destroy anything or inhibit use of the server to other students, but past that anything (sans physical coercion and blackmail) goes.
The server is running SunOS 5.9. The folder, and all files within it that I know of, have 700 permissions, and both accounts I have access to are in the students group, whereas he's in the faculty group. We can print the shadowed /etc/passwd, but permission is denied to read or copy /etc/shadow.
We'll get credit whether we get caught or not, but ideas that get the secret word without alerting anybody are preferable. I'm familiar with unix/linux, but not so much with penetrating it. I come to you asking for advice and guidance in things to learn about that would aid me in this endeavor.
Oh my goodness!
........now we've been downgraded to a homework forum
Sorry, let me rephrase then. I have some proprietary information stored in a private folder on a sun server. What are the most common attacks that I need to start working on defending against?
privilege escalation is the way to go but to do it you will need to exploit the system , iam not sure if you allowed to do so
just give a gold handshake to your teacher.
Privilege escalation isn't a problem. For the sake of ideas, assume nothing is a problem. I'm interested in learning about this for more than just the sake of the class. The only methods of privilege escalation I know of require physical access though (single user mode, livecds, etc), and neither account I have access to has any sudo privileges.
that's why its called "escalation"
Do you have physical access to it?
What is with all these "computer security" course posts flooding the BT forums lately. If you're taking a course surely the professors are teaching you the skills to figure out these "challenges" yourself. If they aren't, the course isn't very good. Or if students feel they need to come to a 3rd party site and get others to spoon feed ideas. If one can't research, google & learn on your own. You likely won't get very far in the field. I would talk to the professor, if you lack the basic knowledge to attempt the challenge. As the concepts to attempt it, or arming you to research on your own should certainly be covered. You may want to form a student group to share ideas to help each other out. If you spent time on Google, all the information and methodology are out there. Someone really needs to talk to these teachers. It appears these security courses are sorely lacking
@mortis: No physical access to the server, just to machines the professor uses (we're working on a hardware keylogger).
@MosGuy, I understand what you mean and wish the course were more specific like that, but as it is, this class is covering the abstract concepts of computer security and infosec. He talks more about how you have to think about the various forms of protection (personnel, physical, emissions, etc) than about specific ways to exploit a system. Researching/googling on my own is generally how I've done this, but asking on a forum full of people who already understand the concepts seems like a reasonable way to get pointed in the right direction (when they're willing to point). Often times I understand a concept but googling it becomes largely a waste of time until I know the common terminology used (i.e. Evil Twin networks).
All of that said, I'm more familiar with with network exploitation than system exploitation. I've dabbled in exploits such as buffer/stack overflows, but never anything enough to get a grasp on the best way to go about this. I've also gone through and tried all the Solaris 9 exploits from milworm without success (sans a memory dump one which I have running periodically in a perl script and checking for the filename). If anyone is willing, what would you pursue next?
I second MosGuy : if you know and understand how to prevent attacks (what you are supposed to be taught), you also know how to perform those attacks... If you are not able to figure out what you can do and how, I hardly see how you can even call it a "Computer Security course"...
By the way, you don't give any interesting information.Would we want to write something to help you, we couldn't.