Skip to main content

Understanding Privilege Escalation in CentOS

Hands-On Lab

 

Photo of Rob Marti

Rob Marti

Linux Training Architect I in Content

Length

00:15:00

Difficulty

Beginner

As a system administrator, most of your work can be done as your specific user. There are many tasks, however, that need to be done as the root user to work correctly. In this hands-on lab, you'll be able to practice different methods of privilege escalation.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Understanding Privilege Escalation in CentOS

Introduction

As a system administrator, most of your work can be done as your specific user. There are many tasks, however, that need to be done as the root user to work correctly. In this hands-on lab, you'll be able to practice different methods of privilege escalation.

Solution

Log in to the server using the credentials provided:

ssh cloud_user@<PUBLIC_IP_ADDRESS>

Add bob to sudoers File

  1. Become root:

    [cloud_user@Server1]$ sudo -i

    Enter the cloud_user password.

  2. Open the sudoers file:

    [root@Server1]# visudo
  3. Add the following somewhere after the root permissions are defined:

    bob  ALL=(ALL)  NOPASSWD: ALL

Allow adam to Use the journalctl Command as root

  1. Add the following beneath the bob line we just added:

    adam  ALL=(root)  NOPASSWD: /bin/journalctl
  2. Save and exit the file by pressing Escape followed by :wq.

  3. Switch to bob:

    [root@Server1]# su - bob
  4. Try to install PHP:

    [bob@Server1]$ yum install php

    We should get an error message saying it needs to be run as root.

  5. Try it again with root:

    [bob@Server1]$ sudo yum install php

    This time, it should work.

  6. Enter n at the prompt.

  7. Log out:

    [bob@Server1]$ logout
  8. Switch to adam:

    [root@Server1]# su - adam
  9. Run the following:

    [adam@Server1]$ sudo journalctl

    We should see it works.

  10. Try to install PHP:

    [adam@Server1]$ sudo yum install php

    When we enter the cloud_user password, it will fail. (This is what should happen, so we're good.)

Conclusion

Congratulations on successfully completing this hands-on lab!