sudoers exploit the backdoor

The backdoor is used to regain the root identity when the root user identity is lost

The sudo command can enable users to temporarily obtain administrator privileges to execute commands. The control of sudo is based on the sudoers file, which limits the user name, user group, and what to execute.

The general format of /etc/sudoers is: user host runas command user: one or several users, which can be replaced by a % in /etc/group, and the name of the group object must start with the percent sign %.

host: one or several host names; runas: as which user to run, the common options are root and ALL command: one or several root-level commands that you want the user or group to run.

For example: hans ALL=(root) useradd, userdel authorizes the hans user to run useradd and userdel commands as root on all computers.

In this way, we use one sentence to add the built-in/or our own added normal authority users to the sudoer list, so that we can secretly execute administrator authority commands. Use the original low-privilege user as a backdoor.

First we have to edit the /etc/sudoers.d/README file

vim /etc/sudoers.d/README

insert image description here
Execute the following command to add content to the file

sudo su -c "echo 'xiaowang ALL = NOPASSWD: ALL' >> /etc/sudoers.d/README"
这里的 xiaowang是你丢失root权限后用来取回root权限的普通用户
cat /etc/sudoers.d/README

insert image description here

At this point we switch to ordinary user xiaowang to imitate that we lost our root identity in actual combat

Then we execute

sudo -i

regain root status

insert image description here

Operating system authority maintenance (12) Linux system - sudoers use backdoor

series of articles

sudoers exploit the backdoor

Guess you like