[Nohbdy]

I've implemented a method to log in as root even in server's that have root access disabled. Pro's: It's automatic (so to speak); Con's: It requires two passwords and a bit of funky code.

So, first step is to create your backup login and an appropriate root login. You can use root, however, considering the audience I have on this site, I'll assume you probably don't know the primary root's password and don't want to change it in order to avoid detection.

What you want to do is create two users. Do so as such.

Code:

adduser nohbdy
adduser nohbdy_root
passwd nohbdy
passwd nohbdy_root

Of course, replace nohbdy with whatever you please. Just make sure that you add both accounts and set the password.

After that, you need to edit the /etc/passwd file so that the alternate root user is UID=0 and GID=0. Look for the line that defines your new root user, and make the 500/1000 like numbers both 0's.

Make a file in the proxy user's directory (in my case /home/nohbdy) with the following code:

Code:

#!/bin/sh
su -l nohbdy_root

Make the file executable to the user you created, and edit the /etc/passwd to replace the /bin/sh or /bin/bash on the proxy users line to point to this file (ie, change the shell to /home/nohbdy/root.sh).

Log into the proxy user and test that it works. A common issue is that you pointed the su -l part to your proxy user as opposed to the root user.

There you have it. You have a root user that works even when ssh blocks root login.

[Dismas]

Neat tutorial.
I think it's the first you've made too, right?

[Antics]

Very simple and easy to read Tutorial.
Great work!

[Nohbdy]

Neat tutorial.
I think it's the first you've made too, right?

Is it that obvious?

Nah, I've got one or two on my blog.

[Nohbdy]

Hi! :blackhat:
I finally registered myself
I have some question to ask because i don't understand this tut.

1) Do you already have the root access on the machine? to create 2 user account i think you must have the password of root
2) when is better to use this tut? in what context?
3) why not simply ssh simpleuser@machine and than su root? To create user and change /etc/* files i think that you own or you have all access to that machine.
4) why not simply add nohbdy_root to root group ?
thats all folks

1. Yeah. This can be used when you have a root exploit of sorts.
2. When you want your root access to be relatively invisible.
3. What if you don't know the root password?
4. Because nohbdy_root needs uid=0 else it can't do root things.

[Bannedshee]

Nice tutorial, and yeah i have never actually seen you make a tutorial on AF

[Nohbdy]

1. Yeah. This can be used when you have a root exploit of sorts.

ok, i will explot the machine, and have a root access

2. When you want your root access to be relatively invisible.

ok I will create 2 users. I will use ssh and login with normal user

3. What if you don't know the root password?

OK, i can do root activity either without pass because i use exploits, and i am a noob if i reset root pass.

4. Because nohbdy_root needs uid=0 else it can't do root things.

so if the administrator do id nohbdy_root he not see the user in the root group?

But isn't better if i exploit the machin to use a reverce shel, or a php/ajax shell, without doing a new user?
what is better?

This tutorial was intended to be a tool in your toolbox, not an exclusive use.

I have more question, but not related to this tut
1) what about ssh logs? you are clearly using a new user, any admn that read the log, can see that you own the machine

SSH logs are stored in /var/log/auth.log (debian-based) or /var/log/secure (rhel-based). You can eliminate single lines from this file.

2) what to do with , bash_history? the file in the nohbdy folder? is there a way to hide them?

Realistically, you can edit the .bash_history file, and the nohbdy folder you can prepend a . and most people won't notice. Just make sure if you prepend a . to the nohbdy folder (so like /home/.nohbdy) you update /etc/passwd.

thanks
:blackhat: