Weak File Permissions

Check permissions of the shadow file

Reading the file is allowed by "other" users who aren't the owner or in the owning group

It is possible to just change the x for the root user in the passwd file, then su using no password

Or we can change our users user and group id to 0 to become the root user

LogoLinux Privilege Escalation: Weak File Permissions – Writable /etc/shadowInfinite Logins

Cracking shadow passwords

Copy contents of passwd and shadow into new files on your machine

Use unshadow to turn into a easier crackable format ad fill in the blank

unshadow passwd shadow > unshadow

Find hash type

hashcat --example-hashes | grep -i '\$6\$'

Crack

hashcat -m 1800 unshadow ~/rockyou.txt -O
PreviousPasswordsNextSSH Keys