[ Hacking 101 ] :: Unit 9 :: Learn Linux 4 :: sudo, nano, users and groups

This entry is part 10 of 11 in the series [ Hacking 101 ]


Hi, this is Glenn with School for Hackers and unit 8 of Hacking 101, part 3 of the Learn Linux room at TryHackMe.com. This is a cool part of this room, because it introduces a lot of concepts beyond simple commands. I’ve got several Linux courses over on my GNorman.org site, so if I get requests in the comments I can continue with Linux videos, or keep doing rooms here at TryHackMe. Let me know.

So once again, we’re going to need to get logged into TryHackMe, and go to My Rooms on the left so that we can get into the Learn Linux room. And once again, we need to go to task one and deploy our machine. Notice this small icon on the tab: it shows you where the button to deploy the machine is.

Let’s connect openVPN and copy the IP address for that machine when it shows up.

Now fire up putty so that we can shell into this machine remotely. We actually have several valid accounts at this point, so I’m going to use the shiba4 account with the password test1234.

Okay: back on TryHackMe, go down to task 34, section 6, Miscellaneous, which is a lot more important section than the name implies. Actually these are some of the most important skills you can develop in Linux.

Remember the su command from back in task 12? Think of it as “switch user” or “super user”. It lets you switch to any user, as long as you have the password, including root (the super user). It’s one thing to be a system admin and be able to run commands with higher privileges, but it’s something completely different to be able to become root. In most cases (outside hacking scenarios) you will not have the root password. And you shouldn’t.

Now click back down to task 35, the sudo command. This command is similar to su, but with some critical differences. Think of it as something like “do a command as the super user”. You put the sudo command in front of a command you want to run as a super user. it will ask for a password, but not root’s password; it wants your user password. This is a much safer arrangement. You don’t have to have that dangerous root password like you do with su, you just need your own – and you need to be set up as a super user, or “sudoer”. Do keep in mind that you’ll be able to run sudo commands without entering your password again for five minutes.

Why does it even ask for a password then? Because it’s doing a check to make sure it’s you, not somebody that walked up to your workstation. And guess what: you can sudo to other users than root, if you need specific permissions. Think about the kind of permissions you’d get if you were a user named “backup”. This is the point of question 1: how do you specify which user to run a command as? Now is a good time to start thinking like a Unix admin: the user switch is u. Makes sense, doesn’t it? You’ll see similar logic with a lot of switches or options.

H ow do you run the whoami command as the user jen?

sudo u jen whoami

Now take note that a lot of Unix and Linux users use the word “tack” to mean the dash before a command option. This may seem silly, but it’s actually a way of saying, “Use the dash character on your keyboard, not a hyphen or em dash.” If you don’t know the difference between these three, your assignment is to Google them.

And question 3 is one to really memorize: how to list your sudo privileges with the tack ell switch. This matters. It’ll be critical when you’ve hacked your way into a machine and managed to become a user on that system. Check your sudo privileges. Then try to become a more privileged user, and check their sudo privileges. We’ll look at the configuration file for all of this in a few minutes.

Depending on how much sys admin work you’ve done, you may be familiar with the concept of system users and groups. Users are easy: they are accounts for people who can log in. Actually, user accounts can also be accounts for system services, or what we call in Unix daemons – d a e m o n s – which stands for (I am not making this up) disk access and execution monitors. In Windows we just call them services.

Groups are the main way you get system privileges. If you’re going to be doing backups, depending on the system, you might be added to the Backup group and voila, you have the permissions you need. Are you working on a project called Banner? You could be added to a Banner group that has permission to access the project files. You might be added to quite a few groups, depending on your job.

But you have one primary group, and that one is important for you, because any files or folders you create or own will also be owned by your primary group. You might want that to be a tiny group, consisting of just you, and that’s a common way Linux users are set up.

Let’s move over to putty and log in as shiba4, and use the password test1234. Try out this command: groups. It’ll show you what groups you are a member of. In our case, we’re only a member of our own group, shiba4.

Run another command:

echo /etc/group

Look down this list of groups, and note that groups, like users, have numbers. Groups and users that come built into the OS have low numbers; root is user number 0. Users added after installation have numbers starting at 1000 (which is the norm for Debian-based distros like Ubuntu and Kali). Other distros can start at other numbers, but always “high” numbers.

When you are created as a user – by someone using the root account and running the command adduser – you get a user number, and a group with the same name and number is also created, for the privacy I mentioned above. This group will be your primary group, and this group will automatically have some permissions on the files and folders you create.

You can also be added to other, secondary groups, which will give you their permissions, but won’t change anything else. Look down that listing of the /etc/group file: notice how many groups nootnoot is a member of. If you were hacking this machine, nootnoot would be an attractive target user for you to try to become.

While we’re here, run the command

echo /etc/passwd

This file used to be used to hold passwords, but these days it’s too dangerous to do things that way. Instead, passwords are hashed – a form of encryption – and stored in the file /etc/shadow. Try to cat this file. What happens?
To create a new group, an admin, again who has root privileges, runs the command

addgroup hackers

to create the group named hackers. At this point, no one is a member of it.
So if I’m the user glenn, and my primary group is the glenn group, how do I get added to the hackers group? I need the usermod command to modify my user account. The command would be

usermod -a -G hackers glenn

Translated, that means modify the user glenn, add him to a group, that group is called hackers. But be careful about that capital G. Be sure you use it! Because if you use the lower-case g, you just changed the user’s PRIMARY group! And you probably don’t want to do that – yet.

So usermod, add, group, hackers, to the user glenn. It’s almost like a sentence. This is Unix-think, and it’ll help you find your way around lots of unfamiliar operations.

Okay, next up let’s got to task 37, nano. Like all the other commands we’ve seen, they typed this in lowercase on purpose, because you have to type the actual command in lowercase. Nano is a friendly little text editor you’ll find on almost all Unix and Linux systems. Be aware that using nano lets you dodge an old Unix religious war, between the vi users and the Emacs users. Snooty people will sneer at you if you don’t know how to use vi, but for practical purposes you don’t need it. And Emacs is like a text editor that’s trying to become an entire operating system. Cool if you like that stuff, but too big of a side trip for this training.

Open nano using the name of a text file as the argument. And get used to that word: argument. Like a switch, an argument goes after a command. But it supplies more information, like the file name you’d use here.

If you supply a naked file name, like myfile.txt, you’ll create a new file in your current working directory. If the file exists, now you’re editing it. If you supply a full path, like /etc/passwd, that’s an absolute path. Any path that doesn’t start with a slash (meaning that it’s at the root of the file system) is a relative path.
In the example back on THM, the file is named test – check out the header. So they opened it with the command nano space test enter. You can type directly into the text file.

When you’ve entered or edited whatever you need to, check out the menu at the bottom of the terminal. You won’t find “save”, but there is a “write out” option. The way you type it is to hold the control key and type the letter o. You don’t have to hold down Shift to get a capital O, even though that’s what they show. The symbol before the o is called the “hat”, and it./s meaning is “Control” or “hold down the control key”. So press Control o, confirm with a y, and you’ve saved your file.

Press Control x to exit. Done. Now you know how to edit files in Linux.
Okay, that’s all for this lesson. As always, let me know in the Youtube comments if you have questions, or requests for videos on particular topics. I’ll put the transcript of this lesson on my gray-hat site, SchoolforHackers.com, if you need it. Have fun and hack safely.