pwn.college - Linux Luminarium

These notes do not have the full course's content. They only contain what I thought was necessary to be written down for later checks.

Untangling Users

The nobody user on a Linux system is used to ensure that some programs run without any special privileges.

Perceiving Permissions

ACLs -> map multiple processes to their rights on a specific file

Capability List -> map all the files and the rights a specific process has on them

Relations -> Multiple 3-element tuples -> (process, right, file)

change a file's group

chgrp <group-name> <target-file>

join a group using its password

newgrp <group-name>

example usages of chmod

  • u+r, as above, adds read access to the user's permissions
  • g+wx adds write and execute access to the group's permissions
  • o-w removes write access for other users
  • a-rwx removes all permissions for the user, group, and world
  • u=rw sets read and write permissions for the user, and wipes the execute permission
  • o=x sets only executable permissions for the world, wiping read and write
  • a=rwx sets read, write, and executable permissions for the user, group, and world!
  • u=rw,g=r,o=- will set the user permissions to read and write, the group permissions to read-only, and the world permissions to nothing at all
  • u+s will set "Set User ID" (SUID) bit on a file

Terminal Multiplexing

screen is a program that creates virtual terminals inside your terminal. It's somewhat like having multiple browser tabs, but for your command line!

  • exit - terminate a screen
  • Ctrl+A, d - detach from a screen
  • screen -r <session-name> - reattach to a screen
  • Ctrl-A c - Create a new window
  • Ctrl-A n - Next window
  • Ctrl-A p - Previous window
  • Ctrl-A 0 through Ctrl-A 9 - Jump directly to window 0-9
  • Ctrl-A " - bring up a selection menu of all of the windows

tmux

tmux is screen's modern alternative. Instead of Ctrl-A, it uses Ctrl-B as its prefix

sessions

persistent workspaces that survive disconnects

  • tmux ls - List sessions
  • Ctrl-b d - detach from session
  • tmux attach or tmux a - Reattach to session
  • Ctrl-b s - session selector
  • Ctrl-b $ - rename current session

windows

tabs within a session for organizing tasks

  • Ctrl-b c - Create a new window
  • Ctrl-b n - Next window
  • Ctrl-b p - Previous window
  • Ctrl-b l - toggle last window
  • Ctrl-b 0 through Ctrl-B 9 - Jump directly to window 0-9
  • Ctrl-b w - bring up a selection menu of all of the windows
  • Ctrl-b & - kill a window
  • Ctrl-b , - rename a window

panes

split regions within a window

  • Ctrl-b % - split horizontally
  • Ctrl-b " - split vertically
  • Ctrl-b up-down-left-right - navigates through panes
  • Ctrl-b o - cycle through panes
  • Ctrl-b ; - jump to last active pane
  • Ctrl-b ; - show pane numbers and type to jump to it
  • Ctrl-b z - toggle pane fullscreen
  • Ctrl-b Space - cycle through pane layouts
  • Ctrl-b Ctrl-(up-down-left-right) - resize window by 1 cell
  • Ctrl-b x - kill pane

general commands

  • Ctrl-b ? - show all keybinds
  • Ctrl-b : - command mode
  • Ctrl-b t - show clock
  • Ctrl-b ~ - show command message history

Silly Shenanigans

Writing into a file that we do not have rights to, but we do have rights to the file's directory:

hacker@dojo:~$ ls -l /tmp/collab/todo-list
-rw-r--r-- 1 zardus zardus 15 Jun  6 13:12 /tmp/collab/todo-list
hacker@dojo:~$ rm /tmp/collab/todo-list
rm: remove write-protected regular file '/tmp/collab/todo-list'? y
hacker@dojo:~$ echo "send hacker money" > /tmp/collab/todo-list
hacker@dojo:~$ ls -l /tmp/collab/todo-list
-rw-r--r-- 1 hacker hacker 18 Jun  6 13:12 /tmp/collab/todo-list
hacker@dojo:~$