[CentOS] an actual hacked machine, in a preserved state

Tue Jan 3 09:14:41 UTC 2012
Rudi Ahlers <Rudi at SoftDux.com>

On Tue, Jan 3, 2012 at 11:08 AM, Leonard den Ottolander
<leonard at den.ottolander.nl> wrote:
> Hello Craig,
>
> On Mon, 2012-01-02 at 01:04 -0700, Craig White wrote:
>> Very often, a single user with a
>> weak password has his account cracked and then a hacker can get a copy
>> of /etc/shadow and brute force the root password.
>
> This is incorrect. The whole reasoning behind /etc/shadow is to hide the
> actual hashes from normal system users. /etc/shadow is chown root.root
> and chmod 0400. Without root access /etc/shadow is not accessible.
>
> Regards,
> Leonard.
>
> --
> mount -t life -o ro /dev/dna /genetic/research
>



So, explain this then:


How does something like c99shell allow a local user (not root) to read
the /etc/shadow file?


-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532