1. Home
  2. Course Calendar
  3. Technical 04: The UNIX User Privilege Model

Technical 04: The UNIX User Privilege Model

What security mechanisms does the UNIX operating system provide?

In your quest to become a knowledgeable hacker, you have learned some computer programming, modified a computer game, surfed some Internet ports, and encrypted information using strong algorithms. And from our lectures, you even know a thing or two about the history of operating systems, including UNIX. Now it is time for you to get some hands-on experience with the UNIX operating itself. This is important, because UNIX powers the backend of the Internet, thus making it subject to attack from a variety of outsiders attempting to gain unauthorized access. As a virtuous hacker, of course, you simply intend to explore networks and systems without doing any harm. In-line with this, we'll perform some perfectly legal exploration in this homework by setting up a local Linux virtual machine that you will have full access to. 

Getting up and running with the Linux operating system

Ubuntu2004 Desktop

Linux is a free and open source clone of the UNIX operating system. In the mid- to late- 1990s, it was adopted by many computer hackers as their primary operating system because it gave them access to all of the powerful features of commercial UNIX on a cheap home PC platform. This meant that they could experiment with new exploits and other security tools without fear of breaking the law. Today, Linux still serves as a good sandbox environment for a significant amount of computer security work. Thus the first set of activities will have you download a virtual machine environment and get a virtual machine up and running.

*Note that if you run Linux natively as your primary operating system, you can skip these first two activities and move on to the ones below using your existing system. If you are a CSE student, you *cannot* use the student machines to complete this assignment (you'll see why in the next set of activities). 

Activity #1: Install VirtualBox. VirtualBox is a virtual machine environment that runs on all major operating systems, including Windows and MacOS. Visit this page and select the installer download that is appropriate for your computer. Take note of where you saved the file. The installer is an executable file that you simply need to run to set up the virtual machine environment (follow the on-screen instructions). If everything worked as expected during the installation, you can proceed to the next activity.

Activity #2: Download and import an Ubuntu Linux virtual machine into Virtual Box, and then log in to add a new user. This activity is slightly more involved than the first. To begin, download the the virtual machine file from this link. Take note of where you saved the file. It is a compressed version of the full virtual machine. You will now need to uncompress it. It is in 7z compressed format. If you don't have a tool to decompress this file format, you can grab one for Windows or MacOS. Once you have a decompression tool installed, you should be able to simply double click the 64bit.7z file to extract a directory called 64bit, containing the file "Ubuntu 22.04 (64bit).vdi".

Next, start the VirtualBox application that you installed to begin the virtual machine import process:

1. Click the "New" button at the top of the application. When the "Create Virtual Machine" Window opens, click "Guided Mode" if that option is available (if you only see "Expert Mode" then you are already in Guided Mode). Name your new virtual machine "Technical Homework 04". The "Type" should be set to "Linux" and the version to "Ubuntu 22.04 LTS (Jammy Jellyfish) (64 bit)". The other fields in this window you can leave as-is. Then click "Next".

2. You can leave the hardware settings as-is. Click "Next" again.

3. In the virtual hard disk window, click the button for "Using an Existing Virtual Hard Disk File" and then click the folder icon to the right of it. This will let you select the virtual machine file that we downloaded. Click the "Add" button at the top of the existing virtual machine selection window, and then browse to the location of the "Ubuntu 22.04 (64bit).vdi" file you downloaded earlier. To select it, make sure that the selected file type at the bottom is set to "VDI (*.vdi)". Then click "Open". The downloaded virtual machine should now be visible. Click "Choose" to proceed. And then click "Next".

4. If everything has gone according to plan, you should be at the "Summary" window at this point. Verify that all of the settings are what we specified and then click "Finish". 

You can now start the virtual machine by selecting "Technical Homework 04" from the VirtualBox Manager and clicking "Start". This will bring you to the login screen. Since we're using a pre-configured virtual machine, you just need to enter the password for the osboxes.org account that is enabled by default to get into the system. Click that user name and then enter the following password: osboxes.org

Understanding the UNIX privilege model

Now that you have a working Linux system to play with, we can turn to our core lesson in this homework: understanding the UNIX privilege model. We'll run through three brief activities to highlight how different user roles allow for different levels of access. This will help us appreciate why hackers try to elevate their privilege when attacking an operating system. 

Activity #3: Add a new user that matches your Notre Dame netid. The primary interface between the hacker and a UNIX system is the command line prompt. To open up a terminal, click the grid icon in lower-left of the desktop. In the search box, type "terminal", and then click the terminal icon that appears. Let's demonstrate how privilege separation works in Unix by attempting to add a new user to the system.   

1. Type the following command into the terminal to add a user with a user name that matches your Notre Dame netid: adduser netid

2. Record the output of the system to the above command in a plaintext file.

3. It turns out to add a user, root (i.e., system administrator) level privilege is needed. This is because in a multi-user setting, the ability of any user to add a new user can pose a security risk. Do some research (i.e., search the web) to identify a legitimate way to elevate your privileges to add a new user to the system. Create a new user with a user name that matches your Notre Dame netid and a password of you own choosing (don't use a password that you use for a real account though!).

4. Verify that the account was added by running the following command without privilege escalation: tail /etc/passwd

/etc/passwd is the system's password file. Note that you can't actually find any passwords in this file. That's because it's accessible to all users, making it a potential security vulnerability. Thus in this form, it is known as "shadowed", because the passwords are hidden from the ordinary users. Copy the line containing the information for the user account you just added into the plaintext file with your answers. 

Activity #4: Access the password hashes in /etc/shadow. As pointed out in textfiles on hacking UNIX systems, the /etc/shadow system configuration file is a savory target. This is because it contains the shadowed passwords. But one further security mechanism exists to protect them: each password is protected via a one-way hash function, such that it appears to be a random string in /etc/shadow. When a user authenticates to the system, their provided password is hashed (i.e., tranformed into a random-looking string) using the same function, and compared to the stored hash via a protected system process. This last layer of protection does not stop hackers however, because they can attempt to guess the password over and over, comparing hashes the same way the system does using a password cracking tool. 

1. Run the following command without privilege escalation: tail /etc/shadow

2. Record the output of the system to the above command into the plaintext file with your answers.

3. It turns out to access /etc/shadow, root (i.e., system administrator) level privilege is needed. Elevate your privileges in the same manner that you did for adding a new user above and re-run the command to access /etc/shadow. Copy the line containing the information for the user account you just added into the plaintext file with your answers. Note that it should look different from that which was found in /etc/passwd, with the password hash clearly visible.  

Activity #5: Identify the hashing algorithm used to protect your user password. Hackers need to spend some time studying the data they capture. It turns out that the line you copied from /etc/shadow contains an indicator of the hashing algorithm used to protect the password. Find it and look it up. Which algorithm is it? Do some research (i.e., search the web) to locate this information. Record the algorithm you've identified in your plaintext file with your answers.

Extra Credit

Find a password cracking tool that will work with your copy of /etc/shadow. No need to actually crack any passwords (since you already know them!), but explain why the cracking tool you found will work with the file at hand.

Grading

You must submit answers for activities 3-5 in this assignment (the first two are environment setup exercises). Activities 3 and 4 are worth 15 points, while Activity 5 is worth 20 points. Activities will be graded in terms of the following criteria:

  • Does the output of the programs / files match the expected output for Activity 3 and 4?
  • Is the hashing algorithm used to protect the system passwords correctly identified in Activity 5?

The extra credit activity is worth an additional 10 points. 

Submission Instructions

  • Place your output / answers for each of the four questions into a plaintext file that will be saved in the Google drive folder that you previously shared with our TA Ellen for the first writing reflection

  • Name your plaintext file using this convention: lastname_firstname_duedate. Example: Joyce_Ellen_040224.txt

  • Ellen will collect each assignment directly from your drive after it is due