Modifications

LaplongeJunior · 954c72d4
--- a/Securing-a-server.md
+++ b/Securing-a-server.md
 Threats against a rented service server:  
-0) Someone on the router is able to block the port  
-Fix : all following security measures must be applied on the router too.  
-0b) Anybody on the LAN can contact the router  
-Fix : non-root users must *never* have execute rights to Browser.exe, *for all machines on the LAN*  

-1) Someone with read-write access can scp a binary with the X permission (/libs/ permission is not required to execute an exploit)  
-Fix : delete all user folders and remove "u" perms for "everyone"  
-2)  
- find service libs without either "root shell" or "root password nuke" exploits
- delete the passwd file (is this even normal?)
- make sure Browser.exe isn't available to normal users
+Threat 1 : Root access  
+1a) Any service can allow to log or lock root with the good vulnerability  
+Fix : find service libs without either "root shell" or "root password nuke" exploits  
+1b) Root can read its own password  
+Fix : delete the /etc/passwd file  
+
+Threat 2 : Privilege escalation  
+2a) metaxploit doesn't need /libs/ permissions to execute an exploit  
+Fix : non-root users must *never* be able to run their own scripts    
+2b) Someone with write access in one folder can scp a binary with the X permission  
+Fix : non-root users must *never* have write permissions (o-w, g-w, u-w)  
+2c) There's no way to delete "guest"  
+Fix : a group-less user should have *absolutely* no permissions (u-r, u-w, u-x)  
+
+Threat 3 : Service availability  
+3a) Anybody on the LAN can contact the router as an admin  
+Fix : non-root users must *never* have execute rights to Browser.exe, *for all machines on the LAN*  
+3b) Someone on the router is able to block the port  
+Fix : all those security measures must be applied on the router too  

 Copy from issue 9
-THIS MODEL IS NOT SECURE TO THE WAY USERS CAN USE ESCALATION SCRIPTS
+THIS MODEL IS NOT SECURE TO THE WAY USERS CAN USE ESCALATION SCRIPTS DON'T USE THIS TEXT AS-IS!  

 For my understanding, I identified 4 types of (legitimate) users (besides root and guest)  
 Note that the two last ones are *player* usecases and not GuildHack mission requirements