PwnKata
Start drilling free
Home Linux Privilege Escalation Writable /etc/passwd
medium Live now Linux · Privilege Escalation

Writable /etc/passwd

A writable account database is root if you preserve the format and authenticate correctly.

Confirm whether the active /etc/passwd file is writable, generate a valid password hash, append a root-equivalent account, and use it to prove impact.

Seeded variants change the permission shape and include backups or shadow-file distractions, forcing you to edit the active account database.

What you'll practice

/etc/passwdlinux privilege escalationpassword hashOSCP
drill workspace · session live
medium

Writable /etc/passwd

A writable account database is root if you preserve the format and authenticate correctly.

Objective

Recover the flag at /root/flag.txt and submit it.

Drill this now

Spin up a live isolated target and start practicing in seconds — free.

Start drilling

Related linux privilege escalation techniques

Linux · Privilege Escalation Live

File Capability Privilege Escalation

Linux file capabilities can grant one binary more power than intended. Drill finding and abusing that mistake.

easy
Linux · Privilege Escalation Live

sudo -l Privilege Escalation

A misconfigured sudo rule is one of the most common real-world Linux privesc paths. Drill it until `sudo -l` is the first thing your fingers type.

easy
Linux · Privilege Escalation Live

SUID Binary Privilege Escalation

A stray SUID bit on the wrong binary is an instant root. Drill enumerating and abusing SUID binaries until it's automatic.

easy