exploit is successful but the created account is blocked

[jaifi]

Hello Sleepya,

I've been using your successful exploits for long time and i noticed something that in some servers the created account "gg" is blocked after the exploit is implemented successfully using exploit_userspec.py when I execute su gg , I get this msg

su gg Password: gg

Account locked due to 5835 failed logins su: Authentication failure I think if we have the ability to make an old passwd file by changing the current user info inside the passwd file and then replace it , this problem will be solved, since we will not need to execute the su command because we are already inside the account. I tried to do so, but I could not find something like an old passwd file in the exploit_userspec.py.

Thank you

[worawit]

Bascially, exploit_userspec.py executes "sudoedit /etc/passwd" by bypassing authentication with vulnerability. sudoedit will execute editor from SUDO_EDITOR enviroment (or default it not set) with temporary filename. After the editor program exits, sudo will copy content of temporary file to the target one (/etc/passwd)

Currently, the exploit set SUDO_EDITOR environment to tee command ("tee -a") to append gg user to /etc/passwd. You can change SUDO_EDITOR environment to be any command.