Home Operating System Security
Post
Cancel

Operating System Security

This room introduces users to operating system security and demonstrates SSH authentication on Linux.

THM Room https://tryhackme.com/room/operatingsystemsecurity

TASK 1 : Introduction to Operating System Security

Which of the following is not an operating system?

1
2
3
4
5
    AIX
    Android
    Chrome OS
    Solaris
    Thunderbird

Thunderbird is an email application.

Answer : Thunderbird

TASK 2 : Common Examples of OS Security

Which of the following is a strong password, in your opinion?

1
2
3
4
    iloveyou
    1q2w3e4r5t
    LearnM00r
    qwertyuiop

The passwords 1, 2 and 4 are in the list of top 20 most common passwords.

Answer : LearnM00r

TASK 3 : Practical Example of OS Security

Based on the top 7 passwords, let’s try to find Johnny’s password. What is the password for the user johnny?

Lest connect in SSH, then tried the top 7 common passwords to find Johnny’s password :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
root@ip-10-10-224-97:~# ssh sammie@10.10.47.189
The authenticity of host '10.10.47.189 (10.10.47.189)' can't be established.
ECDSA key fingerprint is SHA256:IFP+sTfHTDm72Ta2zfK9XjKASr30+ya4ic/ApEIziio.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.10.47.189' (ECDSA) to the list of known hosts.
sammie@10.10.47.189's password: 
Welcome to Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-100-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Tue  3 May 18:28:03 UTC 2022

  System load:  0.33              Processes:             113
  Usage of /:   54.2% of 6.53GB   Users logged in:       0
  Memory usage: 22%               IPv4 address for eth0: 10.10.47.189
  Swap usage:   0%

 * Super-optimized for small spaces - read how we shrank the memory
   footprint of MicroK8s to make it the smallest full K8s around.

   https://ubuntu.com/blog/microk8s-memory-optimisation

0 updates can be applied immediately.


The list of available updates is more than a week old.
To check for new updates run: sudo apt update

Last login: Wed Mar  2 08:00:25 2022 from 10.20.30.1
sammie@beginner-os-security:~$ ls
country.txt  draft.md  icon.png  password.txt  profile.jpg
sammie@beginner-os-security:~$ cat password.txt 
sammie
dragon
sammie@beginner-os-security:~$ cat country.txt 
UK
sammie@beginner-os-security:~$ su johnny
Password: 
su: Authentication failure
sammie@beginner-os-security:~$ su johnny
Password: 
su: Authentication failure
sammie@beginner-os-security:~$ su johnny
Password: 
su: Authentication failure
sammie@beginner-os-security:~$ su johnny
Password: 
su: Authentication failure
sammie@beginner-os-security:~$ su johnny
Password: 
su: Authentication failure
sammie@beginner-os-security:~$ su johnny
Password: 
su: Authentication failure
sammie@beginner-os-security:~$ su johnny
Password: 
johnny@beginner-os-security:/home/sammie$ 

The last one, “abc123”, works !

Answer : abc123

Once you are logged in as Johnny, use the command history to check the commands that Johnny has typed. We expect Johnny to have mistakenly typed the root password instead of a command. What is the root password?

using the history command for Johnny :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
johnny@beginner-os-security:/home/sammie$ history
    1  ls
    2  vi notes.txt
    3  mv notes.txt coffee.txt
    4  vi cheese.txt
    5  wget -c https://upload.wikimedia.org/wikipedia/commons/a/af/Tux.png
    6  ls
    7  su - root
    8  happyHack!NG
    9  su - root
   10  whoami
   11  ls
   12  cat coffee.txt 
   13  whoami
   14  pwd
   15  date
   16  exit
   17  clear
   18  history

Answer : happyHack!NG

While logged in as Johnny, use the command su - root to switch to the root account. Display the contents of the file flag.txt in the root directory. What is the content of the file?

Using the root password to find the flag :

1
2
3
4
5
6
johnny@beginner-os-security:/home/sammie$ su - root
Password: 
root@beginner-os-security:~# ls
flag.txt  snap
root@beginner-os-security:~# cat flag.txt 
THM{YouGotRoot}

Answer : THM{YouGotRoot}

This post is licensed under CC BY 4.0 by the author.