nerdexam
Exams312-50V10Questions#45
EC-Council

312-50V10 · Question #45

312-50V10 Question #45: Real Exam Question with Answer & Explanation

The correct answer is B: The password file does not contain the passwords themselves.. On modern Linux systems, /etc/passwd stores account metadata but not actual password hashes - those are stored in /etc/shadow, making the passwd file far less useful for credential theft.

System Hacking

Question

A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd. How can he use it?

Options

  • AThe file reveals the passwords to the root user only.
  • BThe password file does not contain the passwords themselves.
  • CHe cannot read it because it is encrypted.
  • DHe can open it and read the user ids and corresponding passwords.

Explanation

On modern Linux systems, /etc/passwd stores account metadata but not actual password hashes - those are stored in /etc/shadow, making the passwd file far less useful for credential theft.

Common mistakes.

  • A. The file does not reveal any passwords, not even for root - root's hash is also stored in /etc/shadow, not /etc/passwd.
  • C. The file is not encrypted and is world-readable by design; the reason it is not useful for password cracking is that it lacks the actual hashes, not because it is inaccessible.
  • D. The file does not contain corresponding passwords; it contains UIDs, GIDs, home directories, and shells, but password hashes moved to /etc/shadow decades ago.

Concept tested. Linux shadow password file separation

Reference. https://man7.org/linux/man-pages/man5/shadow.5.html

Topics

#password file#/etc/passwd#Linux credentials#shadow passwords

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V10 Practice