Add User to Passwd File
One of the simplest methods to privilege escalation in Linux is to add a new user with root privileges to the passwd file.
The passwd file contains a bunch of info about every user,
user1:❌:1000:1000:,,,:/home/user1:/bin/bash
user1 - Username
x - Indicates encrypted password stored in shadow file
1000 - User ID
1000 - Group ID
/home/user1 - Home directory of user
/bin/bash - Shell
Now we can also include the password of the user in this file instead of the shadown file as Linux will look in this file first before moving to the shadown file.
The password can be generated using the following command,
1 - MD5 hash
5 - Sha256 hash
6 - Sha512 hash (recommended)
Once you have the line ready, it can be inserted into the passwd file using the echo command,
Last updated