File Permissions

find / -not -type l -perm -o+w
# Search the entire filesystem (/) for files that are not symbolic links (-not -type l) and are world-writable (-perm -o+w).

openssl passwd -1 -salt abc password
# Generate an MD5 hashed password using OpenSSL, with the salt abc and the plaintext password password. The -1 flag specifies the MD5 hash algorithm.
# We switch to the root user using our ‘password’

I first ran a find command to search the entire filesystem for files that are not symbolic links and are world-writable, which could make them potentially vulnerable to modification by unauthorized users. Afterward, I generated a password hash for the plaintext password password using OpenSSL, with a salt value of abc. The hash was created using the MD5 algorithm. Finally, I added a comment noting that the hashed password would be used to switch to the root user, likely for privilege escalation, either by replacing the root password or using it in a context where the hashed password is needed for authentication.

Previousshells NextPost Exploitation

Last updated 11 months ago