Download the following virtual machine with Ubuntu Server and run the computer in Virtual Box on your computer.
You have just joined the cybersecurity team at 4Geeks Academy. The team is currently setting up a web server with Ubuntu for the E-Learning platform. This team consists of:
- Alejandro
- Daniela
- Vanessa
- Chema
- Analista (You)
Your username and password are:
username: analista
password: analistaEach user has their own directories and files, as well as some shared ones, with different permissions on the shared files. One of these users has permissions they shouldn't have and seems to be up to something. Can you discover who it is?
- Identify the malicious user
- Analyze their actions and explain what they were attempting to do
- Determine what permissions they had and on which directories that allowed them to execute this action
- Propose a solution to this problem
⚠️ The Sticky bit permission (rwx-t) is often used to grant selective access to files and directories.
- The Ubuntu machine we've designed for you doesn't have a graphical interface because, in addition to testing your hacking skills, we also want to test your command-line skills.
- The main directory system where you'll be actively investigating is as follows:
|- home
|-alejandro
|-analista
|-chema
|-daniela
|-vanessa
|-vboxuser
⚠️ Upon logging in, you will be positioned in the ./analista directory.
- The first instructions can be found in the ./home directory.