/etc/passwd writable - Privilege Escalation

ID: writable-etc-passwd

Severity: high

Author: daffainfo

Tags: code,linux,privesc,local

Description

YAML Source

id: writable-etc-passwd

info:
  name: /etc/passwd writable - Privilege Escalation
  author: daffainfo
  severity: high
  reference:
    - https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-etc-passwd
  metadata:
    verified: true
  tags: code,linux,privesc,local

self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
        [ -w "/etc/passwd" ] && echo "Writable" || echo "Not writable"

    matchers:
      - type: word
        part: code_1_response
        words:
          - "Writable"

      - type: word
        part: code_1_response
        words:
          - "Not writable"
        negative: true
# digest: 4a0a0047304502202a84729e697bff2f8aaf482cfe72f81d230d56c185f9f05365bed72563035d61022100b5682ab9d4331a9d97563cd593b7f3b752ad3c4a99dc5c0287b9eb9f18db9ede:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "code/privilege-escalation/linux/writable-etc-passwd.yaml"

View on Github