Skip to content

Create a tool to "descalate" into guest account

Which part would be affected

This new tool would depend on the deliberate introduction of a pre-determined exploit on the running server

Description of the feature

Upon request of a user, a script would elevate into root, install a specific lib pre-determined to add a "guest shell" exploit, use metaxploit to trigger said exploit, uninstall the lib, then switch the Terminal into that shell
As a result, the calling user would be retrograded into the "guest" user account, on a server in the same state than before the script was called

How would it enhance the experience?

Being able to log as guest would allow to verify directly the result of the permissions on the server, ensuring that the guest account can't serve for local elevation

Checks to do

  • user can switch to guest account
  • can't be misused into having root privleges
  • can't be tricked into letting the exploit lib installed on the server