On Tue, Jan 3, 2012 at 11:08 AM, Leonard den Ottolander leonard@den.ottolander.nl wrote:
Hello Craig,
On Mon, 2012-01-02 at 01:04 -0700, Craig White wrote:
Very often, a single user with a weak password has his account cracked and then a hacker can get a copy of /etc/shadow and brute force the root password.
This is incorrect. The whole reasoning behind /etc/shadow is to hide the actual hashes from normal system users. /etc/shadow is chown root.root and chmod 0400. Without root access /etc/shadow is not accessible.
Regards, Leonard.
-- mount -t life -o ro /dev/dna /genetic/research
So, explain this then:
How does something like c99shell allow a local user (not root) to read the /etc/shadow file?