File Permissions - 5huckle/OFFICIALTECHJOURNAL GitHub Wiki
File Permissions
File permissions are a big part of security.
Passwd (command) has access to /etc/passwd
Accessing Rocky
Accessing rocky was easy. I tested what accounts were on the system and which weren't. Eventually I figured out I had access via my cyber.local account and used that to sign on.
Finding files
find (the command is called find) is a great tool for finding things on a computer.
find / -perm /4000 #how to find suid programs on linux find / -perm /2000 # sgid programs
Finding files on rocky
find / -perm /002 2>/dev/null | grep -Ev 'proc|sys|cock|locale|' | grep '/s'
I used ‘find’ to search through files on the computer. I used 2>/dev/null to essentially throw away all the error codes. I used grep -Ev to exclude a lot of things I did not need in my code such as sys or proc. I eventually just narrowed it down enough to the thing that looked most out of place, which was solitaire. This was globally writable, I’m not sure if it was the correct file but it did meet all the criteria.