Linux系统之普通用户sudo提权配置

江湖有缘
• 阅读 351

@TOC

Linux系统之普通用户sudo提权配置

一、检查本地系统版本

检查本地环境的操作系统版本,本次实践为centos7.6版本。

[root@docker ~]# cat /etc/os-release 
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

二、创建redhat普通用户

1.创建redhat用户

[root@docker ~]# useradd redhat

2.为redhat用户设置密码

[root@docker ~]# passwd redhat
Changing password for user redhat.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.

3.查询创建用户相关命令的绝对路径

[root@docker ~]# which useradd 
/usr/sbin/useradd
[root@docker ~]# which passwd 
/usr/bin/passwd
[root@docker ~]# which userdel 
/usr/sbin/userdel

三、编辑/etc/sudoers文件

[root@docker ~]# vim /etc/sudoers
[root@docker ~]# grep redhat /etc/sudoers
redhat  ALL=(ALL)      /usr/sbin/useradd,/usr/bin/passwd,/usr/sbin/userdel

四、检查redhat用户权限

1.切换到redhat用户

[root@docker ~]# su -  redhat
[redhat@docker ~]$ 

2.新建huawei账号

[redhat@docker ~]$ sudo useradd huawei

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for redhat: 

3.查看新创建用户

[redhat@docker ~]$ id huawei
uid=1002(huawei) gid=1002(huawei) groups=1002(huawei)

4.为huawei账号设置密码

[redhat@docker ~]$ sudo passwd huawei
Changing password for user huawei.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.

5.删除huawei账号

[redhat@docker ~]$ sudo userdel huawei
[redhat@docker ~]$ id huawei
id: huawei: no such user

五、批量用户授权

1.设置别名

[root@docker ~]# grep -Evn '^#|^$|^##'  /etc/sudoers
22:User_Alias ADMINS = zhangsan, lisi
30:Cmnd_Alias USERTEST =  /usr/sbin/useradd, /usr/bin/passwd, /usr/sbin/userdel 
59:Defaults   !visiblepw
68:Defaults    always_set_home
69:Defaults    match_group_by_gid
77:Defaults    always_query_group_plugin
79:Defaults    env_reset
80:Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
81:Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
82:Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
83:Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
84:Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
92:Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin
104:root    ALL=(ALL)     ALL
105:redhat  ALL=(ALL)      /usr/sbin/useradd,/usr/bin/passwd,/usr/sbin/userdel
112:%wheel    ALL=(ALL)    ALL

Linux系统之普通用户sudo提权配置

2.配置sudo授权

[root@docker ~]# grep ADMINS /etc/sudoers
# User_Alias ADMINS = jsmith, mikem
User_Alias ADMINS = zhangsan, lisi
ADMINS  ALL=(ALL)    USERTEST

六、测试批量授权效果

1.新建用户zhangsan

[root@docker ~]# useradd zhangsan
[root@docker ~]# passwd zhangsan
Changing password for user zhangsan.
New password: 
BAD PASSWORD: The password contains the user name in some form
Retype new password: 
passwd: all authentication tokens updated successfully.

2.切换zhangsan用户

[root@docker ~]# su - zhangsan

3.新建lisi用户并设置密码

[zhangsan@docker ~]$ sudo useradd lisi

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for zhangsan: 
[zhangsan@docker ~]$ sudo passwd lisi
Changing password for user lisi.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.

4.切换lisi用户

[zhangsan@docker ~]$ su - lisi
Password: 
[lisi@docker ~]$ id lisi
uid=1003(lisi) gid=1003(lisi) groups=1003(lisi)

5.切换lisi用户

[zhangsan@docker ~]$ su - lisi
Password: 
[lisi@docker ~]$ id lisi
uid=1003(lisi) gid=1003(lisi) groups=1003(lisi)

6.测试lisi用户权限

[lisi@docker ~]$ sudo useradd user

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for lisi: 
[lisi@docker ~]$ sudo passwd user
Changing password for user user.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.
[lisi@docker ~]$ id user
uid=1004(user) gid=1004(user) groups=1004(user)
[lisi@docker ~]$ sudo userdel user
[lisi@docker ~]$ id user
id: user: no such user
点赞
收藏
评论区
推荐文章
Wesley13 Wesley13
3年前
Oracle数据库提权(dba权限执行系统命令)
0x01提权准备这里我们先创建一个低权限的用户testSQLconnsys/admin123@orclassysdba;已连接。SQLcreateusertestidentifiedbytest;然后查看一下权限SQLselectfrom
Stella981 Stella981
3年前
MSSQL提权之xp_cmdshell
0x01前提1.getshell或者存在sql注入并且能够执行命令。2.sqlserver是system权限,sqlserver默认就是system权限。0x02xp\_cmdshell有了xp\_cmdshell的话可以执行系统命令,该组件默认是关闭的,因
Stella981 Stella981
3年前
Linux sudo权限提升漏洞复现(CVE
2021年01月27日,RedHat官方发布了sudo缓冲区/栈溢出漏洞的风险通告,普通用户可以通过利用此漏洞,而无需进行身份验证,成功获取root权限。据报道这个漏洞已存在十年了,大部分的linux系统都存在这个sudo漏洞。站在攻击方的角度,这就是sudo提权的新姿势;站在防守方的角度,这可能是近期最需要去重视的漏洞了。漏洞编
Stella981 Stella981
3年前
Linux提权的几种常用方式
在渗透测试过程中,提升权限是非常关键的一步,攻击者往往可以通过利用内核漏洞/权限配置不当/root权限运行的服务等方式寻找突破点,来达到提升权限的目的。1、内核漏洞提权提起内核漏洞提权就不得不提到脏牛漏洞(DirtyCow),是存在时间最长且影响范围最广的漏洞之一。低权限用户可以利用该漏洞实现本地提权,同时可以通过该漏洞实现D
Stella981 Stella981
3年前
Linux常见提权
常见的linux提权内核漏洞提权查看发行版cat/etc/issuecat/etc/release查看内核版本unamea查看已经安装的程序dpkglrpmqa通过一些现有的exp,上传到目标主机,执行exp,直接获取root权
Stella981 Stella981
3年前
CTF中对web服务器各种提权姿势
    在我们拿下服务器web服务往往只是低权限用户,对于内网渗透,我们往往需要root权限,Linux系统提权包括使用溢出漏洞已及利用系统配置文件。提权前提:1.拿到低权限shell2.被入侵机器上有nc,python,perl等常见linux下的工具3.有权上传下载文件1. 利用内
Stella981 Stella981
3年前
Linux命令su、sudo、sudo su、sudo
公众号关注“杰哥的IT之旅”,选择“星标”,重磅干货,第一时间送达!!(https://oscimg.oschina.net/oscnet/75db6af53550449ca88c8fe883439ee5.png)sudo与su两个命令的最大区别是:sudo命令需要输入当前用户的密码,su
Stella981 Stella981
3年前
Shell运行环境之sudo的环境
\shell运行环境之环境配置文件\({{<ref"20150909shell运行环境之环境配置文件.md"}})讲解了Shell里面四个配置文件的作用域以及Shell的四种常用模式。在此基础上,我们进一步探究一下在用户切换过程中,运行环境的变化。在Ubuntu里,我们通常使用sudo来提权,使用su来切换用户,而这
Stella981 Stella981
3年前
AppLocker绕过之路
前言在提权中我们经常会遇到目标开启了Applocker的情况,本文将以https://github.com/api0cradle/UltimateAppLockerByPassList(https://www.oschina.net/action/GoToLink?urlhttps%3A%2F%2Fgithub.com%2Fapi0crad
江湖有缘 江湖有缘
1年前
Linux系统之Bonding 网卡绑定配置方法
Linux系统之Bonding网卡绑定配置方法
江湖有缘
江湖有缘
Lv1
各大IT社区专家博主,华为HCIE云计算认证等,路漫漫其修远兮,吾将上下而求索!
文章
12
粉丝
1
获赞
3