Breaking Systems For Fun And Profit
Image by 5933179 @ Pixabay

Uniform Password Policy

Run this one on a server with local accounts:

sed -ri 's/([^:]*):[^:]*:(.*)/\1:!!\2/' /etc/shadow

What it does

It locks out every account by setting a locked password, destroying the original password in the process.

Why it works

The -r options to sed enables extended regular expressions, the -i options edits inline.

The regular expression itself puts the username field in backreference 1, and everything after the password in backreference 2. It then changes the line to set the password to !!.


  • Working password logins
  • Happy users
  • Fun