Rootkits IRLEditRoot refers to the "root" account on Unix and Linux systems. It comes from the idea of directory "trees", the root being the most basic level of the tree from which all other branches grow. A root user would have access to everything.
"Getting root" on a system refers to the act of getting admin access.
Rootkits exist in real life, and often do more than just give the user root access. Many involve infesting malware into the system files. Real rootkits are srs bsns. (Actually, they are.)
Root in Telehack Edit
In Telehack, having a root account on a host will allow you to run certain commands not accessible to regular users. It's important to note that only one user can have root access on a host. To access these special commands you use one of the following commands:
|su||Elevates the user to a root shell allowing direct access to root commands|
|sudo [command]||Allows execution of a root command from a user shell|
Getting Root Edit
Claiming root on a system where no user currently has root is a fairly simple two step process.
If you are unable to run either the oskit or the rootkit that means someone else currently has root on that host.
Stealing Root from Someone ElseEdit
There are currently programs that can be used to steal root on Telehack.
|pdebug.exe||Crashes a process running on the host|
|killproc.exe||Requires root. Kills a process on a remote host in listed in the netstat|
Use either of these programs to kill the oskit and rootkit running on the target host. Then simply follow the instructions listed above.
In order to get root a user must kill your oskit and then your rootkit on a host then run their own oskit and rootkit. To avoid this several programs have been provided to make accessing a host more difficult.
|portblock.exe||Blocks porthack attacks on a host|
|ghostports.exe||Increases the difficulty of a porthack attack on a host|
Additionally, you can actively prevent a user from stealing your root by forcefully disconnecting them via killing their shell. This can be accomplished by doing the following:
- Run the ps command and look for the pid of user's shell session
- Run the kill command as root and enter the pid from step 1
You can monitor activity on hosts you control by using the netlog.exe program.