試験PT0-003 トピック4 問題119 スレッド

The attacker's goal is to create an account entry in /etc/passwd that grants root privileges. In Unix/Linux, the UID and GID determine privileges; UID 0 is the root account. The line the tester appended sets UID/GID to
1001:1001, which does not grant root privileges. Changing those numeric fields to 0:0 (UID 0, GID 0) will cause the new account to be treated as root when the entry is parsed by the system, enabling a root-level login with the supplied hash.
Additional correctness notes (non-exploitating guidance):
* The appended line must match the exact /etc/passwd format (no stray spaces or malformed punctuation).
* The password hash must match the system's expected scheme; openssl passwd produced an MD5-style hash ($1$...) - ensure the hash is correctly copied (case/character fidelity matters).
* Modifying /etc/passwd in this way is destructive and illegal without explicit authorization; in an authorized testing engagement, these details are taught to illustrate how misconfigurations lead to privilege escalation.
Why other choices are incorrect:
* A: The redirect > > /etc/passwd (append) is appropriate for adding a line; switching to a single redirect is not the central issue.
* B: md5sum would produce a raw MD5 digest, not the salted hash format expected by /etc/shadow//etc
/passwd entries.
* C: Logging in via SSH does not enable the exploit; creating the user with UID 0 is the required change.
CompTIA PT0-003 Mapping:
* Domain 3.0 Attacks and Exploits - local privilege escalation techniques and understanding of OS account mechanics.