Module 2 · Lesson 3 · 30 minutes

🔐 Access Rights and Root

What does "root" mean, where passwords live, what is chmod 755. The basis for attacks on Linux servers.

📖 Story Hook

In 2024, a hacker named NCSC hacked a large company's mail server. The method was simple: they found a file /etc/shadow with permissions 644 instead of 600.

This means - an ordinary user could read it. Inside - hashes of all passwords. After 2 hours, hashcat decrypted 80% of the passwords.

One digit in the access rights cost the company millions. This lesson is about that digit.

🧠 Main Point: Linux is a Multi-User System

In Windows, you're usually the only user. In Linux - there are dozens. root, kali, www-data, mysql, postgres. Each has their own files and permissions.

Command to see all users:

cat /etc/passwd

Will show lines like:

root:x:0:0:root:/root:/bin/bash
kali:x:1000:1000:Kali Linux User:/home/kali:/bin/bash
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin

Each line is a user. UID 0 = root (all-powerful admin). All others are ordinary users.

👑 Who is Root

⚠️ Main Linux Security Rule

Root can DO ANYTHING. Delete system files. Read any data. Install any software. Run any program.

If a hacker gets root - the game is over. The server is theirs. That's why the entire pentest comes down to one thing: how to get from an ordinary user to root.

This process is called Privilege Escalation (privilege escalation). We'll learn about it in Module 8.

📁 Where Passwords Live

In Linux, passwords are stored in two files:

📄 /etc/passwd

User list. Anyone can read (permissions 644). In modern systems, passwords are not stored here - there's an x placeholder instead.

🔐 /etc/shadow

Real password hashes. Only root can read (permissions 640). If a hacker gets it - they can try to crack the hashes with hashcat.

Check your /etc/shadow:

ls -l /etc/shadow

Should be:

-rw-r----- 1 root shadow 1234 May 22 09:00 /etc/shadow

These letters -rw-r----- - are the permissions. Now let's figure out what they mean.

🎯 Decoding Permissions: rwx and Numbers

Each file in Linux has permissions for 3 categories:

Owner (User, u)
Group (Group, g)
Others (Others, o)

And 3 types of permissions:

r (Read) - read the contents
w (Write) - modify
x (Execute) - run (for files) / enter (for directories)

When you see -rw-r--r--:

-  rw-  r--  r--
↑   ↑    ↑    ↑
file type Owner Group Others

It turns out:

Owner: rw- = read + write (not execute)
Group: r-- = read only
Others: r-- = read only

🔢 Numeric Notation (Most Important)

It's more convenient to write permissions in numbers:

Number	Binary	Permissions	Means
`0`	000	---	nothing
`1`	001	--x	only execute
`2`	010	-w-	only write
`3`	011	-wx	write + execute
`4`	100	r--	only read
`5`	101	r-x	read + execute
`6`	110	rw-	read + write
`7`	111	rwx	EVERYTHING

Remember as a sum: r=4, w=2, x=1.

r+w+x = 4+2+1 = 7 (full permissions)
r+x = 4+1 = 5 (read + execute, no write)
r+w = 4+2 = 6 (read + write, not executable)

🎯 Standard Permissions

chmod	Letters	When to Use
`755`	rwxr-xr-x	Executable files and directories (standard)
`644`	rw-r--r--	Regular files (documents, configs)
`600`	rw-------	Private files (SSH keys, passwords)
`700`	rwx------	Private directories and scripts
`777`	rwxrwxrwx	NEVER in production - this is a hole

🛠 Commands in Practice

Create a test file:

cd ~
echo "test" > myfile.txt
ls -l myfile.txt

You'll see something like:

-rw-r--r-- 1 kali kali 5 May 22 09:00 myfile.txt

Change permissions:

chmod 700 myfile.txt   # only owner can do everything
ls -l myfile.txt
# -rwx------ 1 kali kali 5 ...

chmod 755 myfile.txt   # standard for script
chmod +x myfile.txt    # alternative syntax: add execute
chmod -w myfile.txt    # remove write from everyone

🔓 sudo - Your Key to Root

In everyday life, you're kali. To temporarily become root - use sudo.

sudo apt update           # update packages (needs root)
sudo cat /etc/shadow      # read protected file
sudo -i                   # become root completely (exit: exit)
sudo whoami               # root

How it works:

You enter sudo ...
Linux checks - are you in the /etc/sudoers file
Asks for your password (not root's)
Executes the command as root
Remembers for 15 minutes - next sudo without password

⚠️ Privilege Escalation 101

If you find a way to execute ONE command as root (e.g. through a hole in a web application) - you've already won. The first command is usually:

sudo -i        # or
sudo /bin/bash # give yourself a root shell

This will be in Module 8.

🎯 Final Exercise

cd ~ - go to your directory
echo "secret data" > secrets.txt - create a file
chmod 600 secrets.txt - private mode
ls -l secrets.txt - check permissions (-rw-------)
su - www-data -c "cat /home/kali/secrets.txt" - try to read as another user
Get Permission denied - permissions work!
sudo cat /etc/shadow - and root can read (nothing is hidden from them)
chmod 644 secrets.txt - open reading to everyone (counterexample: don't do this)

🤖 Vibe-task: Ask Claude

Open Claude and ask:

Explain in simple terms how the SUID bit works in Linux
and why it's important for privilege escalation attacks.
Give 3 examples of commands that help find SUID files on the training VM:
"find / -perm -4000 ..." and decode each.

SUID is a special case of chmod. In Module 8, it will be our main tool for escalating privileges.

💡 Main Conclusion of Module 2

🎓 What You Can Do Now

1. You have a working Kali Linux in a virtual machine

2. You're not afraid of the terminal - you know 10 basic commands

3. You understand permissions, root, sudo

4. You can read most pentest tutorials (90% of work is in Linux)

This is the foundation. Next - we'll learn how the NETWORK is arranged.

🎬 What's Next

Module 3: How the Internet Works. IP addresses, ports, protocols (TCP/UDP, HTTP, DNS). In simple terms. Without jargon. By the end of the module, you'll understand how a data packet flies from you to Google and back.

← Lesson 2.2 Module 3: How the Internet Works →