- author:: Nathan Acks
- date:: 2022-08-19
/etc/passwd has weak permissions, then passwords in it can be replaced (since Linux systems still use the password hashes in
/etc/passwd preferentially to those in
/etc/shadow). This means that we can just directly add root-equivalent users directly there (remember that the UID and primary GID can be duplicated!).
To generate a password acceptable for inclusion in
openssl passwd -1 -salt $SALT $PASSWORD