Introduction to Operating System Security

Which of the following is not an operating system?

Thunderbird

Common Examples of OS Security

Which of the following is a strong password, in your opinion?

LearnM00r

Practical Example of OS Security

Based on the top 7 passwords, let’s try to find Johnny’s password. What is the password for the user johnny?

Connect to the machine using ssh sammie@IP and the password "dragon". Checking for sudo-rights or SUID-flags does not yield any results that are usable, but you can run ls -la .. to get all infos of all users besided Sammie. To find the password for johnny we can run hydra -l johnny -P /Path/to/wordlist.txt IP ssh.

abc123

Once you are logged in as Johnny, use the command history to check the commands that Johnny has typed. We expect Johnny to have mistakenly typed the root password instead of a command. What is the root password?

happyHack!NG

While logged in as Johnny, use the command su - root to switch to the root account. Display the contents of the file flag.txt in the root directory. What is the content of the file?

THM{YouGotRoot}