Password and file permission

Stored Passwords

  • history or cat .bash_history will show previous command and will sometines leak password

  • find . -type f -exec grep -i -I "PASSWORD" {} /dev/null \;

  • Sometimes a simple ls or ls -la will give interesting files

Weak File permission

  • Do we have access to file that we shouldn't?

  • ls -la /etc/passwd

    • This used to store password

    • If we can modify the file we can remove the x, we could change the num of the group of our user to become part of root group

  • ls -la /etc/shadow

  • We can copy the content of /etc/passwd in a file in our attacking machine

  • We can now look for the hash on our hashes start with $6$ so we can ctrl+F this and this will give us the mode number to use.

SSH keys

  • find / -name authorized_keys 2> /dev/null

  • find / -name id_rsa 2> /dev/null

  • If we find an id_rsa key, we can copy it in our machine and use it to log in

  • Before using it we have to change the right chmod 600 id_rsa

  • And then we can just ssh -i id_rsa root@

Last updated