Security Basics mailing list archives
Re: Security issues in publishing content of /etc ?
From: lemieuxs () ca inter net
Date: Mon, 9 Aug 2004 13:14:10 US/Eastern
You could use a brute force attack to get weak passwords. You may find software installed in the machine or other hosts information.
Brute force means trying every possibilities? Using a dictionnary most possibly, what if the password have a scrict policy, like no more than 3 same kind of characters in a suite and must contain lower- case, upper-case, numbers and punctuation. This would definately slow down the brute force I guess.
Too few changes you get a readable shadow password file nowadays. You cant do password cracking with /etc/passwd. The host IP or 'dns ip' is public avalible and It is not a risk by itself.
There was a program called `crack` which I think would just encrypt words in a dictionnary using the same hashing algorythm as the one seen in /etc/passwd and compare its results with the ones in that file. Isn't how it works?
You can chroot a filesystem to prevent users to view systems files. A server can do the sharing and other just authenticate users.
For a linux system, but here I'm thinking on devellopping a software that will mimic the inner working of linux (in a very light way), and all files will be stored on every computer who uses the software (containing the big /etc/passwd of all users). Therefore, all files are on the system, with the user's privilieges when he installed it. A malicious user will be able to read that sort of /etc/passwd. Thanks, Simon --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Security issues in publishing content of /etc ? lemieuxs (Aug 09)
- Re: Security issues in publishing content of /etc ? Lukasz Sztachanski (Aug 09)
- Re: Security issues in publishing content of /etc ? Fabio Miranda Hamburger (Aug 09)
- <Possible follow-ups>
- Re: Security issues in publishing content of /etc ? lemieuxs (Aug 09)
- Re: Security issues in publishing content of /etc ? Fabio Miranda Hamburger (Aug 09)
- *sigh* Re: Security issues in publishing content of /etc ? Evaldo Gardenali (Aug 10)
- Re: Security issues in publishing content of /etc ? Fabio Miranda Hamburger (Aug 09)