file permissions (passwd shadow and group) are not properly set .

file permissions (passwd shadow and group) are not properly set .

passwd: It is a human-readable text file which stores information of user account.

group: It is also a human-readable text file which stores group information as well as user belongs to which group can be identified through this file.

shadow: It is a file that contains encrypted password and information of the account expire for any user.


passwd file format:

cybersploit:x:1000:1000:,,,:/home/cybersploit:/bin/bash

cybersploit= username
x=encrypted password
1000:user id
1000:group id
,,,=gecos field.
/home/cybersploit= home directory
/bin/bash= shell/command.



privilage escalation using openssl passwd

systax: openssl passwd -1 -salt username password
in my case userneme :test
password: pass123



script:

mkpasswd is similar to OpenSSL passwd which will generate a hash of given password string.
Syntax: mkpasswd  -m [hash type] {password}

mkpasswd -m SHA-512 pass


Using python; we can import crypt library and add salt to our password which will create encrypted password including that salt value.
 python -c 'import crypt; print crypt.crypt("pass", "$6$salt")'

Similarly, we can use Perl along with crypt to generate a hash value for our password using salt value.

perl -le 'print crypt("shailendra123", "abc")'
Similarly, we can use PHP along with crypt to generate the hash for our password using salt value.



php -r "print(crypt('shailendra5678','1234') . \"\n\");"

Similarly, we can use ruby along with crypt to generate a hash value for our password using salt value.

ruby -r 'digest' -e 'puts ''shailendra890".crypt("$6$salt")'





Post a Comment

0 Comments