Author Topic: Is the etc/passwd file useful (Read 416 times)

Sgt.Moody · « **on:** June 24, 2014, 04:11:40 am »

Well , I have been trying to hack a website but all what I got is the etc/passwd file . Is it useful ?
I heard that you can brute force the cpanel using it .

ande · « **Reply #1 on:** June 24, 2014, 04:16:51 am »

The passwd file is informational but not really useful for getting into user accounts. Passwords are (no longer?) not stored in the passwd file but the shadow file. The shadow file contains a hashed version of the password which could be brute forced.

Sgt.Moody · « **Reply #2 on:** June 24, 2014, 04:22:03 am »

Thank you Ande that's great .

another question : if the website is vulnerable to LFI , can I read the shadow file ?

ande · « **Reply #3 on:** June 24, 2014, 04:31:15 am »

Quote from: Sgt.Moody on June 24, 2014, 04:22:03 am

Thank you Ande that's great .

another question : if the website is vulnerable to LFI , can I read the shadow file ?

You will most likely not be able to read the shadow file. The only scenario this would be possible is if the web server is running as root or the shadow file permissions are messed up.

Sgt.Moody · « **Reply #4 on:** June 24, 2014, 04:34:22 am »

Quote from: ande on June 24, 2014, 04:31:15 am

You will most likely not be able to read the shadow file. The only scenario this would be possible is if the web server is running as root or the shadow file permissions are messed up.

Thank you this really helped

EvilZone

News:

Author Topic: Is the etc/passwd file useful (Read 416 times)

Sgt.Moody

Is the etc/passwd file useful

ande

Re: Is the etc/passwd file useful

Sgt.Moody

Re: Is the etc/passwd file useful

ande

Re: Is the etc/passwd file useful

Sgt.Moody

Re: Is the etc/passwd file useful