EvilZone

Community => General discussion => : Sgt.Moody June 24, 2014, 04:11:40 AM

: Is the etc/passwd file useful
: Sgt.Moody June 24, 2014, 04:11:40 AM

Well , I have been trying to hack a website but all what I got is the etc/passwd file . Is it useful ?
I heard that you can brute force the cpanel using it .

: Re: Is the etc/passwd file useful
: ande June 24, 2014, 04:16:51 AM

The passwd file is informational but not really useful for getting into user accounts. Passwords are (no longer?) not stored in the passwd file but the shadow file. The shadow file contains a hashed version of the password which could be brute forced.

: Re: Is the etc/passwd file useful
: Sgt.Moody June 24, 2014, 04:22:03 AM

Thank you Ande that's great .


another question :  if the website is vulnerable to LFI , can I read the shadow file ?

: Re: Is the etc/passwd file useful
: ande June 24, 2014, 04:31:15 AM

: Sgt.Moody  June 24, 2014, 04:22:03 AM

Thank you Ande that's great .


another question :  if the website is vulnerable to LFI , can I read the shadow file ?

You will most likely not be able to read the shadow file. The only scenario this would be possible is if the web server is running as root or the shadow file permissions are messed up.

: Re: Is the etc/passwd file useful
: Sgt.Moody June 24, 2014, 04:34:22 AM

: ande  June 24, 2014, 04:31:15 AM

You will most likely not be able to read the shadow file. The only scenario this would be possible is if the web server is running as root or the shadow file permissions are messed up.

Thank you this really helped