312-50V10 · Question #45
A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd. How can he use it?
The correct answer is B. The password file does not contain the passwords themselves.. On modern Linux systems, /etc/passwd stores account metadata but not actual password hashes - those are stored in /etc/shadow, making the passwd file far less useful for credential theft.
Question
A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd. How can he use it?
Options
- AThe file reveals the passwords to the root user only.
- BThe password file does not contain the passwords themselves.
- CHe cannot read it because it is encrypted.
- DHe can open it and read the user ids and corresponding passwords.
How the community answered
(53 responses)- A4% (2)
- B87% (46)
- C8% (4)
- D2% (1)
Why each option
On modern Linux systems, /etc/passwd stores account metadata but not actual password hashes - those are stored in /etc/shadow, making the passwd file far less useful for credential theft.
The file does not reveal any passwords, not even for root - root's hash is also stored in /etc/shadow, not /etc/passwd.
Modern Linux systems use shadow password storage, meaning /etc/passwd contains only a placeholder 'x' in the password field. The actual hashed passwords reside in /etc/shadow, which is readable only by root. An attacker with access to /etc/passwd gains usernames and UIDs but not usable credentials.
The file is not encrypted and is world-readable by design; the reason it is not useful for password cracking is that it lacks the actual hashes, not because it is inaccessible.
The file does not contain corresponding passwords; it contains UIDs, GIDs, home directories, and shells, but password hashes moved to /etc/shadow decades ago.
Concept tested: Linux shadow password file separation
Source: https://man7.org/linux/man-pages/man5/shadow.5.html
Topics
Community Discussion
No community discussion yet for this question.