Re: an actual hacked machine, in a preserved state

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, Jan 3, 2012 at 11:08 AM, Leonard den Ottolander
<leonard@xxxxxxxxxxxxxxxxx> wrote:
> Hello Craig,
>
> On Mon, 2012-01-02 at 01:04 -0700, Craig White wrote:
>> Very often, a single user with a
>> weak password has his account cracked and then a hacker can get a copy
>> of /etc/shadow and brute force the root password.
>
> This is incorrect. The whole reasoning behind /etc/shadow is to hide the
> actual hashes from normal system users. /etc/shadow is chown root.root
> and chmod 0400. Without root access /etc/shadow is not accessible.
>
> Regards,
> Leonard.
>
> --
> mount -t life -o ro /dev/dna /genetic/research
>



So, explain this then:


How does something like c99shell allow a local user (not root) to read
the /etc/shadow file?


-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux