Rootkits IRLEdit

Root refers to the "root" account on Unix and Linux systems. It comes from the idea of directory "trees", the root
Fullsize got-root

Got Root?

being the most basic level of the tree from which all other branches grow. A root user would have access to everything.

"Getting root" on a system refers to the act of getting admin access.

Rootkits exist in real life, and often do more than just give the user root access. Many involve infesting malware into the system files. Real rootkits are srs bsns. (Actually, they are.)

Root in Telehack Edit

In Telehack, having a root account on a host will allow you to run certain commands not accessible to regular users. It's important to note that only one user can have root access on a host. To access these special commands you use one of the following commands:

Command Description
su Elevates the user to a root shell allowing direct access to root commands
sudo [command] Allows execution of a root command from a user shell

Getting Root Edit

Claiming root on a system where no user currently has root is a fairly simple two step process.

  1. Run the oskit corresponding to the desired host's operating system
  2. Run rootkit.exe

If you are unable to run either the oskit or the rootkit that means someone else currently has root on that host.

Stealing Root from Someone ElseEdit

There are currently programs that can be used to steal root on Telehack.

Filename Description
pdebug.exe Crashes a process running on the host
killproc.exe Requires root. Kills a process on a remote host in listed in the netstat

Use either of these programs to kill the oskit and rootkit running on the target host. Then simply follow the instructions listed above.

Keeping RootEdit

In order to get root a user must kill your oskit and then your rootkit on a host then run their own oskit and rootkit. To avoid this several programs have been provided to make accessing a host more difficult.

Filename Description
portblock.exe Blocks porthack attacks on a host
ghostports.exe Increases the difficulty of a porthack attack on a host

Additionally, you can actively prevent a user from stealing your root by forcefully disconnecting them via killing their shell. This can be accomplished by doing the following:

  1. Run the ps command and look for the pid of user's shell session
  2. Run the kill command as root and enter the pid from step 1

You can monitor activity on hosts you control by using the netlog.exe program.

Community content is available under CC-BY-SA unless otherwise noted.