hi there
I was working with one of my servers that has directadmin and I mistakenly typed "chsh" instead "chsh [user]" as root... since my intention was to disable shell, I set the "users" shell to /sbin/nologin, which actually setted the root's shell to it
so now I can't login as root anymore
I can, though, login on directadmin, or to shell as "admin" or as another use that has the same group as root
This is a freebsd 7.3 server, which doesn't have sudo/sudoexec
I noticed that I can kill process through directadmin somehow if I give root's password... so I guess there might be some kind of "backdoor" that can allow me to run command as root?
any ideas?
I was working with one of my servers that has directadmin and I mistakenly typed "chsh" instead "chsh [user]" as root... since my intention was to disable shell, I set the "users" shell to /sbin/nologin, which actually setted the root's shell to it
so now I can't login as root anymore
I can, though, login on directadmin, or to shell as "admin" or as another use that has the same group as root
This is a freebsd 7.3 server, which doesn't have sudo/sudoexec
I noticed that I can kill process through directadmin somehow if I give root's password... so I guess there might be some kind of "backdoor" that can allow me to run command as root?
any ideas?
Code:
$ su -l root
Password:
This account is currently not available.
$ su root
Password:
This account is currently not available.
$ suexec
suexec policy violation: see suexec log for more details
$ find / -perm -u+s -print 2>/dev/null
/bin/rcp
/sbin/mksnap_ffs
/sbin/ping
/sbin/ping6
/sbin/shutdown
/usr/bin/at
/usr/bin/atq
/usr/bin/atrm
/usr/bin/batch
/usr/bin/chpass
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/ypchpass
/usr/bin/ypchfn
/usr/bin/ypchsh
/usr/bin/lock
/usr/bin/login
/usr/bin/opieinfo
/usr/bin/opiepasswd
/usr/bin/passwd
/usr/bin/yppasswd
/usr/bin/rlogin
/usr/bin/rsh
/usr/bin/su
/usr/bin/crontab
/usr/bin/lpq
/usr/bin/lpr
/usr/bin/lprm
/usr/libexec/pt_chown
/usr/local/bin/Xorg
/usr/local/bin/xterm
/usr/local/bin/pkexec
/usr/local/bin/procmail
/usr/local/libexec/dbus-daemon-launch-helper
/usr/local/libexec/polkit-resolve-exe-helper
/usr/local/libexec/polkit-set-default-helper
/usr/local/libexec/polkit-grant-helper-pam
/usr/local/libexec/nagios/check_dhcp
/usr/local/libexec/nagios/check_icmp
/usr/local/libexec/utempter/utempter
/usr/local/libexec/polkit-agent-helper-1
/usr/local/sbin/exim-4.71-0
/usr/local/sbin/exim
/usr/local/directadmin/plugins/installatron/admin/index.raw
/usr/local/directadmin/plugins/installatron/reseller/index.raw
/usr/local/directadmin/plugins/installatron/user/index.raw
/usr/sbin/authpf
/usr/sbin/ppp
/usr/sbin/pppd
/usr/sbin/sliplogin
/usr/sbin/timedc
/usr/sbin/traceroute
/usr/sbin/traceroute6
/usr/sbin/suexec