|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 69
Members: 0
Total: 69
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
ect/passwd/ |
|
Posted: Tue Jan 27, 2009 6:20 am |
|
|
Cablekid |
Advanced user |
|
|
Joined: Jul 14, 2007 |
Posts: 85 |
|
|
|
|
|
|
|
If i got this file but it in this format
root:x:0:0:root:/root:/bin/bash
The password is a X so is that hackable? or no.. its a lcoal file exploit. |
|
|
|
|
Posted: Tue Jan 27, 2009 6:37 am |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
Password for server are stored in /etc/shadow NOT in /etc/passwd. |
|
|
|
|
Posted: Tue Jan 27, 2009 12:37 pm |
|
|
Cablekid |
Advanced user |
|
|
Joined: Jul 14, 2007 |
Posts: 85 |
|
|
|
|
|
|
|
Ah but /etc/shadow is only viewable by admin..
Local file exploit cant view that. |
|
|
|
|
Posted: Tue Jan 27, 2009 1:39 pm |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
Cablekid wrote: | Ah but /etc/shadow is only viewable by admin..
Local file exploit cant view that. |
Exactly my frend.If evrebody can read this file hack world is dead. |
|
|
|
|
Posted: Tue Jan 27, 2009 7:48 pm |
|
|
one23 |
Advanced user |
|
|
Joined: Dec 12, 2008 |
Posts: 98 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Wed Jan 28, 2009 11:02 am |
|
|
Rastlin |
Regular user |
|
|
Joined: Jan 03, 2009 |
Posts: 21 |
|
|
|
|
|
|
|
The usernames are half way there .... |
|
|
|
|
Posted: Wed Jan 28, 2009 11:53 am |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
Exactly, the reason /etc/passwd is useful is because it has the usernames of everyone on the system. Makes bruteforcing alot easier as you have potentially weak passwords to try, instead of only trying root password which is usually strong(er). |
|
|
|
|
Posted: Wed Jan 28, 2009 6:39 pm |
|
|
one23 |
Advanced user |
|
|
Joined: Dec 12, 2008 |
Posts: 98 |
|
|
|
|
|
|
|
gibbocool wrote: | Exactly, the reason /etc/passwd is useful is because it has the usernames of everyone on the system. Makes bruteforcing alot easier as you have potentially weak passwords to try, instead of only trying root password which is usually strong(er). |
EGGZACTLY ! xD
Last Weak , some Attacker Got Access On My Friend's
Server , He Just Told Me About His Problem And I Helped Him !
They Got Access on 20 Sites On The Server and The Method
Was BruteForcing Users With a Simple Php script :p [Cpanel + Ftp]
Nice Method :p |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|