<aside> đź’ˇ /tmp folder have rwx permissions throughout, we can use this place in Pentesting to drop malware and execute without having to worry about too many permissions.

</aside>

Untitled

Untitled

Basics

(kali@kali)-[~]

Users

# To view all users (system (mysql, ssh) as well as regular)
cat /etc/passwd

# To view all the passwords
cat /etc/shadow

The * means that the password has not been set for the root account which is a good security practice. we do not want anyone to just login with a root account, because that eliminates accountability. If anyone needs to run something with elevated privileges they should do that with their own account only by using .

The * means that the password has not been set for the root account which is a good security practice. we do not want anyone to just login with a root account, because that eliminates accountability. If anyone needs to run something with elevated privileges they should do that with their own account only by using sudo.

This is password hash for the user kali.

This is password hash for the user kali.

<aside> đź’ˇ Unlike windows, in linux even if the two users have same passwords they will have different hashes.

</aside>

Switching between users

su quitehacker

To add a new user

#Syntax
adduser username

#Example
adduser quitehacker

Superuser (root)

In addition to the two user types, there is the superuser, or root user, that has the ability to override any file ownership and permission restrictions. In practice, this means that the superuser has the rights to access anything on its own server. This user is used to make system-wide changes, and must be kept secure. It is also possible to configure other user accounts with the ability to assume “superuser rights”. In fact, creating a normal user that has sudo privileges for system administration tasks is considered to be best practice.

User Types