|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 44
Members: 0
Total: 44
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
.passwd file contents |
|
Posted: Mon Feb 18, 2008 2:48 pm |
|
|
F4r4Zm0In |
Active user |
|
|
Joined: Feb 17, 2008 |
Posts: 30 |
|
|
|
|
|
|
|
***********************************
[[Removed by waraxe]]
[[don't post private information!!]]
***********************************
how to use this file,
i mean where is the password of administrator ? |
|
|
|
|
Posted: Mon Feb 18, 2008 7:49 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Password hashes are in "etc/shadow" and this file is readable only for root user. But "etc/password" file can be useful as source of all usernames, so you can next try pop3/imap/ftp/ssh/etc service bruteforce or wordlist attack. Basically - this password file gives you half of the information, needed for authentication ... |
|
|
|
|
Posted: Mon Feb 18, 2008 9:42 pm |
|
|
F4r4Zm0In |
Active user |
|
|
Joined: Feb 17, 2008 |
Posts: 30 |
|
|
|
|
|
|
|
Thanks for your reply.
what i understand from your reply is:
i have got half of the information i needed, means
i have got the usernames from this file but no passwords
now i can use bruteforcer to get those passwords.
tell me if am wrong! |
|
|
|
|
|
|
|
|
Posted: Mon Feb 18, 2008 10:59 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
F4r4Zm0In wrote: | Thanks for your reply.
what i understand from your reply is:
i have got half of the information i needed, means
i have got the usernames from this file but no passwords
now i can use bruteforcer to get those passwords.
tell me if am wrong! |
Bruteforce via some remote servive (ftp/pop3/imap,...) is ONE of the many options. If you get contents of "etc/passwd" file, then it's just one piece of puzzle! It's up to you to find other pieces and put them together.
And optimal patch for "getting in" or "pwning" the target will depend on server specifics. Be creative ... and read whitepapers and books about various attack methods! |
|
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|