Weak File Permissions

Reading the file is allowed by "other" users who aren't the owner or in the owning group

It is possible to just change the x for the root user in the passwd file, then su using no password

Or we can change our users user and group id to 0 to become the root user

Copy contents of passwd and shadow into new files on your machine

Use unshadow to turn into a easier crackable format ad fill in the blank

unshadow passwd shadow > unshadow

Find hash type

hashcat --example-hashes | grep -i '\$6\$'

Crack

hashcat -m 1800 unshadow ~/rockyou.txt -O

Last updated 1 year ago