root@graywq:~#
MODE: READ-ONLY

School Report

2025-12-06 // 469 WORDS

Executive Summary

This project is the culmination of my Bachelor of Applied Science capstone project at Clark College. The objective was to perform a vulnerability assessment on a target Linux environment and achieve privilege escalation to root. The engagement required utilizing the full scope of my degree training: from reconnaissance and exploitation tools to documenting the attack vector in a formal technical report.

Objectives

  • Reconnisance: Using recon techniques learned through the program, identify potential ways to gain access to a Linux machine
  • Once a technique to gain root access has been discovered, use said technique to elevate student-user to root-level privileges
  • After student-user has been given root access
  • Document the technical findings, making sure to explain the technical findings in a way non-technical audience can easily understand

Methodology

The assessment followed a standard penetration testing lifecycle:

  • Reconnaissance: I began by enumerating the system kernel (Ubuntu 6.5.0-14-generic) and checking user permissions. Initial checks involved browsing accessible directories and verifying the current user’s level of access.
  • Enumeration: I utilized the sudo -l command to audit the sudoers configuration for the ‘student’ user. This revealed a critical misconfiguration: the user was granted NOPASSWD access to run /usr/bin/vi as root.
  • Exploitation: Leveraging the vi text editor with root privileges, I bypassed standard authentication restrictions. I accessed the /etc/shadow file (which stores password hashes) and replaced the root user’s password hash with the known hash of the ‘student’ user.
  • Verification: I verified the exploit by executing su root and entering the ‘student’ password, successfully gaining a root shell.

Key Findings

The assessment identified a Critical severity vulnerability:

  • Insecure Sudo Configuration: The student user was explicitly granted permission to execute vi with root privileges without requiring a password.
  • Impact: This allowed for trivial privilege escalation. Since vi allows for shell escapes and file editing, gaining root access to this binary is functionally equivalent to having full root access to the operating system.
  • Risk Analysis: If left unpatched, any actor who compromised the ‘student’ account could immediately take full control of the server, access confidential files, or install persistence mechanisms.

Results & Impact

  • Root Access Achieved: I successfully demonstrated the kill chain from a standard user to full system administrator.
  • Documentation: A comprehensive report was generated detailing the exact commands used, screenshots of the exploit, and CVSS scoring for the vulnerability.
  • Remediation Plan: The report concluded with a recommendation to apply the Principle of Least Privilege (PoLP) by removing the ‘student’ user’s ability to run vi via sudo.

Conclusion

This capstone project reinforced the critical importance of secure configuration management. While the system was patched against kernel exploits, a simple administrative oversight in the sudoers file completely undermined the system’s security posture. The project demonstrated my ability not just to find exploits, but to document them in a way that helps organizations understand and mitigate risk.