Hi Jow Forums, my computer networks professor has us students use a Linux server in which we write and run C programs. I found out about a vulnerability in one of the programs installed on the server which allows me to create a user and add it to sudoers. This would be useful as it would allow me to copy other students' homework and their programs during the exam. The problem is that I don't want the professor to find an unknown user in the sudoers list, so I was thinking about changing the uid of my account (and of some of my classmates too, for plausible deniability) to 0, in order to get root privileges while making it harder for the professor to notice. Another option would be giving my account read and write access to all directories and files on the server, but I don't know how to do that. I know that with chmod you can change permissions for owner, owner's group and all users, but not a single user specifically. How could I do this? Is there any other more "hidden" way to get read and write access to everything on the server?
Hi Jow Forums, my computer networks professor has us students use a Linux server in which we write and run C programs...
hahah fuckin based *HONK*
Fuck off Jow Forumstard
Add your user to sudo. Use linux capabilities to give yourself a static copy of bash in your home directory that has its caps set to full admin permissions. Then, remove your user from the sudo file. ezpz.
If they are even remotely competent they will fuck you up the ass if you do anything but report it to them.
"I CAN DO THE WORK, I JUST DON'T WANT TO!"
You should report the vulnerability and do your goddamn work faggot. If you really want to cheat, why are you wasting your time going to school? You should just start scamming credit cards right now. Stop wasting time, loser.
>If you really want to cheat, why are you wasting your time going to school?
He's Chinese.
> "I CAN DO THE WORK, I JUST DON'T WANT TO!"
OP here, where did I say this? I've always done my homework and all my programs were functioning. It's just that it would be nice to make my final exam easier.
> If you really want to cheat, why are you wasting your time going to school?
I'm at my last year and it would be stupid to quit now, the piece of paper I'll get will make it easier to get a job.
Smelly dumb Chinese cheating scum
Tiananmen Square Massacre Winnie the Pooh
If your college has any prestige at all, they'll most likely fail you out of the class, possibly erasing any hope you of how getting your degree on time and your professor will tell other professors in other colleges
By all means, feel free to cheat for one class but you'll be punished
It's also possible a honeytrap too - the smart thing would be to tell your professor
Dude, you're there to do the work and learn things.
I mean you can full commit to cheating if you want and risk expulsion, but just because you can doesn't mean you should.
Also, maybe you could get bonus credit if you show them the vulnerability?
What? I thought only Windoze was insecure?? Muh loonix. This can't be happening!
Crossing my fingers that this is trolling.
First of all, you can't change your uid to 0. Second, basically every *nix system logs all logins, and usually if sudo is used, if it's a multiuser system, it's logged. If he watches the logs (which he might not) then you probably would learn more by pulling off this bs, than you would have anyway, but chances are you make a mark and the flaw gets fixed, and/or you get punished.
If you really want to fuck around with shit like this anyway, here's pretty much the two pointers you need:
Any executable can be setuid root
Logs can be modified or deleted
What do you really gain though? The ability to be yet another idiot with a degree that can't write code?
Also, he probably doesn't really care about the vulnerability because you're probably sandboxed on that server. It sounds like all you could do with the vulnerability is cheat, and he probably expects people coughing up money for school to want to learn instead of cheating.
Just don't, if you're smart enough to hack the class you can get an A, retard.
Could he see which commands I ran even if I delete my bash history?
you should just report the bug to the creators of the software and ask for money, dont give the exploit over until you get payed though
>if you're smart enough to hack the class you can get an A
based retard
Just delete the user afterwards
I was able to do the same thing. Only I became friends with the brainy loser and had them do my work for me. I got good scores on everything and to this day use the same method to run a company. I really only took the courses in order to learn how nerd culture works and how to best control them. With highly autistic nerd power at your disposal, there's nothing you can't have other people do for you.
Of course you dense idiot.Google "bash forensics".
It would be less effort to just do your fucking homework. If anything, telling your prof about the vulnerability would net you brownie points with him.
I would say kys tranny
But you\ve already taken yourself out of the gene pool
Just tell the professor about the vulnerability or enjoy being expelled.
I didn't discover the bug, it's just that the server uses an outdated version of the program
This is probably the best solution if you actually want to gain something with the exploit. Imagine that the server gets hacked by an idiot ten years later and a forensic examiner called by the school finds out what you did.
Why not just change the file after the exam and then clear the logs?
LULZ nice meme, fuck the Jow Forums fag.
If you withhold the pertinent infomation wouldn't they just threaten you with expulsion or failing? Seems counterintuitive.
I reported vulnerabilities in high school and college. I think the best thing to do is to shut the fuck up about it. I didn't get in trouble for reporting them but I gained nothing at a lot of risk to my future because I didn't think about it much until later. It takes one psychopath IT person to fuck you over and blame you for anything that happens to the computers they're responsible for. Also, don't even bother trying to exploit the server. A forensic examiner will find out what you did someday.
What if I edit my normal account history with the sudoer account and delete from bash_history the command which ran the python script used to create that account? How would my professor find out about it? Are there any other logs of commands and programs ran by users in default installs of Ubuntu 16.04? He doesn't seem to care that much about this server since he hasn't updated the programs on it since about January
Yeah I agree with this. Stay the fuck out of it. There's nothing to be gained from sticking your head out, especially with the time and money you waste at college. You won't get jack shit for it; best case scenario, a pat on the back or a nod of approval.
>im on my last year it’d be stupid to quit now
it’d also be fucking stupid to risk getting kicked out by breaking your uni’s terms and the law you absolute brainlet
Imagine being such an ass blasted discord tranny that you make this image and post it on a Mongolian basket weaving IRC.
>hurr durr durr hurr ass blasted libtard btfod by facts and logic hurrrr
If you’re serious about this, which you’re not, hypothetically you would replicate the environment you will be working in, test it and automate the exploit with a script that will get root perms, and auto clear the logs of what you do with your root permissions as you go, but none of the other logs, that way the only way your prof will know about root access is by looking at tty connections which he probably isn’t.
Better to just remove the related info from any logs. They won't be looking for you if you don't give them a reason to. If you do it correctly, worst case is the server appears compromised so they wipe it and reconfigure it. Your pay off is a negative though, you're just hurting yourself by doing this. If it were me I'd play a prank with the exploit maybe, but never anything even close to as serious as cheating. If you need to cheat in computer science you're in the wrong field dude, it'll be an uphill battle forever. Most CS people like it on some level and have some amount of curiosity and wishes to excel. On the job market you'll be competing with people that are learning more and improving constantly because they enjoy it. If you're gonna be in the lower earning tier you might as well do something you enjoy. You won't end up as a high earning developer if you can't even make it thru your course without cheating