LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-20-2006, 07:12 AM   #1
coolb
Member
 
Registered: Apr 2006
Location: Cape Town, South Africa
Distribution: Gentoo 2006.1(2.6.17-gentoo-r7)
Posts: 222

Rep: Reputation: 30
File inclusion vulnerabilities


What good would a remote file inclusion(web application that has the vuln) vulnerability(on the hackers side) be to breaking into a computer?
If he had access to /etc/passwd or /etc/shadow he would only have listed the users that exist on the system, not there passwords.

Anyone help me with this?
 
Old 05-20-2006, 08:51 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
If a remote (or local attacker) can get access to the password hashes in /etc/shadow, they can then perform a offline bruteforce against them using tools like John the Ripper and extract the admin/user passwords from the hashes. These are generally more effective than trying to bruteforce guess username/passwords combos online.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
is the ipw3945 driver due for inclusion into upcoming kernel? steve1401 Linux - Wireless Networking 4 04-06-2006 10:58 AM
.h File Inclusion in C++ Hady Programming 6 05-31-2005 08:24 PM
New ATI driver inclusion ryox03 Linux - Distributions 1 01-29-2005 07:09 PM
Odd kernel 2.6.6 inclusion vs. module support in Debian TemplaraPheonix Linux - Software 0 06-03-2004 08:25 PM
automatic header inclusion rajorshi Programming 2 11-02-2003 02:29 PM


All times are GMT -5. The time now is 08:48 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration