[CentOS] an actual hacked machine, in a preserved state

Leonard den Ottolander leonard at den.ottolander.nl
Tue Jan 3 09:08:40 UTC 2012


Hello Craig,

On Mon, 2012-01-02 at 01:04 -0700, Craig White wrote:
> Very often, a single user with a
> weak password has his account cracked and then a hacker can get a copy
> of /etc/shadow and brute force the root password.

This is incorrect. The whole reasoning behind /etc/shadow is to hide the
actual hashes from normal system users. /etc/shadow is chown root.root
and chmod 0400. Without root access /etc/shadow is not accessible.

Regards,
Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research





More information about the CentOS mailing list