nerdexam
EC-Council

312-50V10 · Question #45

A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd. How can he use it?

The correct answer is B. The password file does not contain the passwords themselves.. On modern Linux systems, /etc/passwd stores account metadata but not actual password hashes - those are stored in /etc/shadow, making the passwd file far less useful for credential theft.

System Hacking

Question

A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd. How can he use it?

Options

  • AThe file reveals the passwords to the root user only.
  • BThe password file does not contain the passwords themselves.
  • CHe cannot read it because it is encrypted.
  • DHe can open it and read the user ids and corresponding passwords.

How the community answered

(53 responses)
  • A
    4% (2)
  • B
    87% (46)
  • C
    8% (4)
  • D
    2% (1)

Why each option

On modern Linux systems, /etc/passwd stores account metadata but not actual password hashes - those are stored in /etc/shadow, making the passwd file far less useful for credential theft.

AThe file reveals the passwords to the root user only.

The file does not reveal any passwords, not even for root - root's hash is also stored in /etc/shadow, not /etc/passwd.

BThe password file does not contain the passwords themselves.Correct

Modern Linux systems use shadow password storage, meaning /etc/passwd contains only a placeholder 'x' in the password field. The actual hashed passwords reside in /etc/shadow, which is readable only by root. An attacker with access to /etc/passwd gains usernames and UIDs but not usable credentials.

CHe cannot read it because it is encrypted.

The file is not encrypted and is world-readable by design; the reason it is not useful for password cracking is that it lacks the actual hashes, not because it is inaccessible.

DHe can open it and read the user ids and corresponding passwords.

The file does not contain corresponding passwords; it contains UIDs, GIDs, home directories, and shells, but password hashes moved to /etc/shadow decades ago.

Concept tested: Linux shadow password file separation

Source: https://man7.org/linux/man-pages/man5/shadow.5.html

Topics

#password file#/etc/passwd#Linux credentials#shadow passwords

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice