CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/post/linux/manage/adduser.md
Views: 1904
Vulnerable Application
This module creates a new user using the standard (or non-standard) means of creating a new user on the victim OS. This module requires root privileges in order to run as it needs access to /etc/shadow.
Tested Versions
Debian 11.7
Alpine 3.17
Fedora 37
Verification Steps
Start msfconsole
Get a Meterpreter session
use post/linux/manage/adduserset session <id>attempt to log in with account
Options
USERNAME
Provide the username that can be used. Linux has a standardization that means that password have to follow this regex to be able to be used as a username ^[a-z][a-z0-9_-]{0,31}$
PASSWORD
Provides a password for your new user.
SHELL
Define the shell that is to be used. Defaults to /bin/sh but can be changed to a shell that exists.
HOME
Speficy the home directory of the new user. An empty value specifies that the home directory does not exist.
GROUPS
Specify what groups the new user should be under. Takes one or multiple values to provide what groups the new user will have.
Advanced Options
SudoMethod
Sets the method that the new user will get root access. This can be done through multiple methods provided below:
GROUP - Put the new user in the sudo group (is added automatically to the groups option)
SUDO_FILE - Adds user directly to
/etc/sudoersfile in order to prevent being removed from sudoers groupNONE - No sudo methods are provided. New user is a unprivileged user
UseraddMethod
Set the method used to create new user.
AUTO - The default option. The module will figure out how to add in the user by itself.
MANUAL - Instead of using a binary on the system, add in the new user directly into the FileSystem. This can be preferred if the binary can be inconsistent or tracked.
CUSTOM - Set the custom binary to add in a user. Can be used to pipe auto detection towards a preferred binary such as debians dual choice of useradd and adduser, or alpines busybox.
UseraddBinary
Set the binary used to add the user. The two main binaries concerned with are useradd and adduser. If you want to overwrite which binary is used or give an absolute path rather than a relative path, you can override it here.
MissingGroups
This option decides how to manage groups requested that are missing on the victim. The possible options are provided as such:
ERROR - If a group is missing, fail the module with a given error
IGNORE - If the group doesnt exist, continue to add the user, but dont add them to the missing groups
CREATE - If the group doesnt exist, then make them first then add the user to them
PasswordHashType
Allows the user to decide how their password will be encrypted on the system. The options are between DES, MD5, SHA256, and SHA512. This can be advantageous to blend in with the main system by using the same password encryption scheme as the rest of the users. Or if one encryption type isn't compatible with a given target.