file permissions (passwd shadow and group) are not properly set .
passwd: It is a human-readable text file which stores information of user account.group: It is also a human-readable text file which stores group information as well as user belongs to which group can be identified through this file.
shadow: It is a file that contains encrypted password and information of the account expire for any user.
passwd file format:
cybersploit:x:1000:1000:,,,:/home/cybersploit:/bin/bash
cybersploit= username
x=encrypted password
1000:user id
1000:group id
,,,=gecos field.
/home/cybersploit= home directory
/bin/bash= shell/command.
privilage escalation using openssl passwd
systax: openssl passwd -1 -salt username password
in my case userneme :test
password: pass123
script:
mkpasswd is similar to OpenSSL passwd which will generate a hash of given password string.
Syntax: mkpasswd -m [hash type] {password}
mkpasswd -m SHA-512 pass
Using python; we can import crypt library and add salt to our password which will create encrypted password including that salt value.
python -c 'import crypt; print crypt.crypt("pass", "$6$salt")'
Similarly, we can use Perl along with crypt to generate a hash value for our password using salt value.
perl -le 'print crypt("shailendra123", "abc")'
Similarly, we can use PHP along with crypt to generate the hash for our password using salt value.
php -r "print(crypt('shailendra5678','1234') . \"\n\");"
Similarly, we can use ruby along with crypt to generate a hash value for our password using salt value.
ruby -r 'digest' -e 'puts ''shailendra890".crypt("$6$salt")'
0 Comments