[CentOS] an actual hacked machine, in a preserved state

Ljubomir Ljubojevic office at plnet.rs
Wed Jan 4 22:34:02 UTC 2012

On 01/04/2012 10:59 PM, Lamar Owen wrote:
> [Distilling to the core matter; everything else is peripheral.]
> It is a safe assumption that there are httpd exploits in the wild, that
> are not known by the apache project, that specifically attempt to grab
> /etc/shadow and send to the attacker. It's also a safe assumption that
> the attacker will have sufficient horsepower to crack your password from
> /etc/shadow in a 'reasonable' timeframe for an MD5 hash. So you don't
> allow password authentication and you're not vulnerable to a remote
> /etc/shadow brute-forcing attack regardless of how much horsepower the
> attacker can throw your way, and regardless of how the attacker got your
> /etc/shadow (you could even post it publicly and it wouldn't help them
> any!).

Excellent text. This should be published on some Blog, or CentOS wiki maybe.

Thank you for this. Concise and practical. Wow. Thanks again!


Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe

Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant

More information about the CentOS mailing list