The admin was tasked to create a replica of an existing Linux system. He copied the entire filesystem to his computer, made modifications to some files and then copied it onto the newly provisioned system. Unfortunately, in his haste to set the new system up, he forgot to take care of permission sets.
Your mission is to get a root shell on the box!
Level difficulty: Easy
Category: Privilege Escalation > Linux
On this challenge, I got the web interface of a Linux terminal and I was authenticated as an unprivileged user named
First of all, I checked If I had access to both
Funny enough I had access to the
shadow file but I see no password hash within that.
I decided to check if I had write access to the
passwd file in order to place a password hash for the root user (some legacy systems accept password hashes in
As you can see in the above image, I have both read and write permissions for the
shadow file. Generating the password hash as such:
student@attackdefense:~$ openssl passwd -1 -salt root pass123 $1$root$quimBCDAqK3JX3mbeqrrD1 student@attackdefense:~$
Placing the password hash for root user in the
Authenticating as root on the target server: