Exploiting /etc/passwd

author: Nathan Acks
date: 2022-08-19

If /etc/passwd has weak permissions, then passwords in it can be replaced (since Linux systems still use the password hashes in /etc/passwd preferentially to those in /etc/shadow). This means that we can just directly add root-equivalent users directly there (remember that the UID and primary GID can be duplicated!).

To generate a password acceptable for inclusion in /etc/passwd:

openssl passwd -1 -salt $SALT $PASSWORD

• 2022-04-20 - ITPro.TV: CompTIA Security+ (SY0-601) & TryHackMe: Jr. Penetration Tester
• 2022-08-19 - OffSec Live: PEN-200 & AWS Deep Dive