[lug] Re: Backdoor Root

Atkinson, Chip CAtkinson at Circadence.com
Wed Oct 4 08:30:23 MDT 2000 

The two ways that I've used are adduser and vi.  Right now, I'd just copy
the root entry and change the password as root to whatever you fancy.

Chip

-----Original Message-----
From: SoloCDM [mailto:deedsmis at aculink.net]
Sent: Wednesday, October 04, 2000 2:55 AM
To: lug at lug.boulder.co.us
Subject: Re: [lug] Re: Backdoor Root


Hugh Brown wrote:
> 
> I think the problem may be that su goes by the first occurrence of the
> uid in question (so su will want the passwd for root and not your
> pseudo-root (typically known as toor).  Assuming that your second uid 0
> user is named toor, what happens when you do `su toor` from a mortal
> user account?

I found the problem.  My new super-user doesn't have an entry in the
/etc/shadow file.  I don't know how to make it happen.

> SoloCDM wrote:
> >
> > Alan Robertson wrote:
> > >
> > > SoloCDM wrote:
> > > >
> > > > Prior to my server update, when I made a backdoor root access, I
would
> > > > place a username at the end of the line for root after a comma in
> > > > /etc/group, then I made a user in /etc/passwd with 0 uid, 0 gid, and
> > > > /root as the account.  No matter where I was or what I did, I could
> > > > act as root with all the same privileges.  Now it won't work with
> > > > Mandrake 7.0.
> > > >
> > > > The error for a user account is:
> > > >
> > > >         su: incorrect password
> > > >
> > > > when I use su - [super-user] or su [super-user].  Although, it does
> > > > work when I'm logged in as root and I invoke su - [super-user].  It
> > > > also shows the [super-user] name in the prompt.
> > >
> > > The short answer is "use sudo".  You can make it do the same thing (if
you
> > > want), or you can make it more secure, and it logs what you did, so
you can
> > > figure out "Now, how did I do *that*?"
> >
> > I'm going to go for what's behind door number 2.  How do I get su to
> > work?  Also, isn't sudo an application not on the normal distribution?

*********************************************************************
Signed,
SoloCDM


_______________________________________________
Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list