Author Topic: Is the etc/passwd file useful  (Read 414 times)

0 Members and 1 Guest are viewing this topic.

Offline Sgt.Moody

  • /dev/null
  • *
  • Posts: 7
  • Cookies: -7
  • Just a Breaking bad FAN
    • View Profile
Is the etc/passwd file useful
« on: June 24, 2014, 04:11:40 am »
Well , I have been trying to hack a website but all what I got is the etc/passwd file . Is it useful ?
I heard that you can brute force the cpanel using it .
« Last Edit: June 24, 2014, 04:12:48 am by Sgt.Moody »
Tools don't make hackers , Hackers make tools .

Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: Is the etc/passwd file useful
« Reply #1 on: June 24, 2014, 04:16:51 am »
The passwd file is informational but not really useful for getting into user accounts. Passwords are (no longer?) not stored in the passwd file but the shadow file. The shadow file contains a hashed version of the password which could be brute forced.
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true

Offline Sgt.Moody

  • /dev/null
  • *
  • Posts: 7
  • Cookies: -7
  • Just a Breaking bad FAN
    • View Profile
Re: Is the etc/passwd file useful
« Reply #2 on: June 24, 2014, 04:22:03 am »
Thank you Ande that's great .


another question :  if the website is vulnerable to LFI , can I read the shadow file ?
Tools don't make hackers , Hackers make tools .

Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: Is the etc/passwd file useful
« Reply #3 on: June 24, 2014, 04:31:15 am »
Thank you Ande that's great .


another question :  if the website is vulnerable to LFI , can I read the shadow file ?

You will most likely not be able to read the shadow file. The only scenario this would be possible is if the web server is running as root or the shadow file permissions are messed up.
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true

Offline Sgt.Moody

  • /dev/null
  • *
  • Posts: 7
  • Cookies: -7
  • Just a Breaking bad FAN
    • View Profile
Re: Is the etc/passwd file useful
« Reply #4 on: June 24, 2014, 04:34:22 am »
You will most likely not be able to read the shadow file. The only scenario this would be possible is if the web server is running as root or the shadow file permissions are messed up.


Thank you this really helped
Tools don't make hackers , Hackers make tools .