File inclusion vulnerabilities
What good would a remote file inclusion(web application that has the vuln) vulnerability(on the hackers side) be to breaking into a computer?
If he had access to /etc/passwd or /etc/shadow he would only have listed the users that exist on the system, not there passwords. Anyone help me with this? |
If a remote (or local attacker) can get access to the password hashes in /etc/shadow, they can then perform a offline bruteforce against them using tools like John the Ripper and extract the admin/user passwords from the hashes. These are generally more effective than trying to bruteforce guess username/passwords combos online.
|
All times are GMT -5. The time now is 02:15 AM. |