Practical Example of OS Security: Gaining Access Through Weak Passwords

During my journey through TryHackMe’s Operating System Security room, I got a deeper understanding of how critical it is to secure our operating systems, be it on a smartphone or a laptop. Every day, we interact with operating systems like Windows, macOS, Linux, iOS, and Android, without realizing how vulnerable they can be if left unprotected. This room taught me not only the theory but also gave me hands-on experience in exploiting weaknesses that exist in operating systems.

In this article, I’ll walk you through what I learned about operating system security and, more importantly, the practical exercise I completed?—?gaining access to a target system by exploiting weak passwords and then escalating privileges to root.

Understanding Operating System?Security

Before I dive into the practical example, it’s important to explain the basic security principles surrounding operating systems. Operating System Security (OS Security) ensures that the data on our devices remains private, accurate, and accessible. This is typically referred to as the CIA Triad:

1. Confidentiality: Only authorized users should have access to private information.
2. Integrity: The data should remain accurate and untampered with.
3. Availability: The system should be available whenever you need it.

These security concerns become even more critical when we consider the vast amount of personal and professional information stored on our devices?—?whether it’s private photos, work documents, or saved passwords in our browsers.

Common OS Security Vulnerabilities

One of the key things I learned from the room is how attackers exploit vulnerabilities in operating systems to compromise the CIA Triad. Some of the most common vulnerabilities include:

1. Weak Passwords: Many users choose weak or easily guessable passwords, making brute-force attacks much easier.
2. Weak File Permissions: Without proper file permissions, attackers can access, modify, or even delete sensitive files.
3. Malicious Programs: Malware like Trojans or ransomware can compromise a system’s confidentiality, integrity, and availability.

Practical Example: Gaining Access Through Weak Passwords

In this exercise, I played the role of an attacker trying to gain access to a Linux machine by exploiting a weak password. This hands-on example gave me an understanding of just how vulnerable a system can be if simple security best practices aren’t followed.

Step 1: Connecting to the Target?Machine

I started by launching the AttackBox and the target machine in the TryHackMe room. Once both were up, I opened the terminal on the AttackBox and initiated an SSH connection to the target machine, where the user “sammie” was my target.

Based on a clue I found in the scenario, the password for “sammie” was found on a sticky note in the office, which read: dragon. This highlights how common bad password practices can compromise an entire system.

Here’s the command I used to connect:

ssh [email protected]        

After entering the password dragon, I was in!

• What I Learned: Weak passwords or passwords left out in the open (like sticky notes) are a significant vulnerability. This part of the exercise really drove home the importance of using strong passwords and not relying on easily guessable information.

Step 2: Elevating Privileges to?Root

Once I gained access as “sammie,” my next objective was to escalate my privileges to root (the administrator account on Linux). Having root access means complete control over the system, allowing me to view or modify any file.

To do this, I needed to figure out the password for another user, “johnny.” The TryHackMe room provided a list of the most commonly used weak passwords, and I started systematically trying them out. By the time I reached the seventh password, abc123, I successfully logged in as johnny:

su - johnny        

After logging in as Johnny, I ran the history command to see if Johnny had carelessly typed the root password in the terminal before, and sure enough, there it was:

The password happyHack!NG appeared in Johnny’s history, and using this password, I switched to the root account:

su - root        

Once I had root access, I confirmed it by using the whoami command, which returned root.

• What I Learned: I learned that poor password management can extend beyond weak passwords. Not using proper security hygiene (like cleaning up command history or using password managers) can expose critical information. History can often reveal previously typed commands, including sensitive information like passwords.

Step 3: Retrieving the Final?Flag

With root access, I had full control over the system. The final task was to retrieve a file called flag.txt located in the root directory. I used the ls command to list the files and cat to display the content of the flag file.

ls
cat flag.txt        

I successfully captured the flag: THM{YouGotRoot}.

• What I Learned: The exercise ended with me realizing how critical privilege escalation is. If an attacker gains root access, they essentially control the entire system. This shows why limiting root access and enforcing strong authentication mechanisms are essential.

Conclusion

This exercise reinforced just how vulnerable operating systems can be if they aren’t properly secured. The use of weak passwords, poor file permissions, and leaving command history exposed are all mistakes that open the door for attackers. Through this TryHackMe room, I’ve seen firsthand how these vulnerabilities can be exploited in real-world scenarios.

As a takeaway, here are some key lessons I learned:

1. Use strong passwords: Never rely on easy-to-guess passwords like abc123 or information that could be easily found (e.g., birthdays or pet names).
2. Limit privileges: Only give users the permissions they absolutely need. Minimizing root access reduces the risk of complete system compromise.
3. Clear command history: Ensure sensitive information, such as passwords, doesn’t linger in the history command for an attacker to find.
4. Always check for weak points: From sticky notes to weak file permissions, small oversights can lead to significant breaches.

By improving basic security hygiene, we can make operating systems much harder for attackers to exploit. Whether it’s my smartphone or my laptop, I now understand how important it is to secure the operating systems running on these devices.

#Cybersecurity #OSSecurity #OperatingSystemSecurity #TryHackMe #BlueTeam #PrivilegeEscalation #LinuxSecurity #SSH #WeakPasswords #PasswordSecurity #RootAccess #Infosec #SystemSecurity #CyberThreats #SecurityAwareness #PenetrationTesting #SecurityBestPractices #CyberHygiene #PrivilegeManagement #DigitalSecurity