GCIH · Question #676
Which file would an attacker need to read in order to crack passwords on a modern Linux system?
The correct answer is D. /etc/shadow. Modern Linux systems store hashed passwords in /etc/shadow, not /etc/passwd, making /etc/shadow the target for offline password cracking.
Question
Which file would an attacker need to read in order to crack passwords on a modern Linux system?
Options
- A/etc/passwd
- B/usr/sbin/adduser
- C%systemroot%\NTDS\NTDS.dit
- D/etc/shadow
How the community answered
(28 responses)- A7% (2)
- B4% (1)
- D89% (25)
Why each option
Modern Linux systems store hashed passwords in /etc/shadow, not /etc/passwd, making /etc/shadow the target for offline password cracking.
/etc/passwd is world-readable but on modern Linux systems it stores only account metadata such as UID, GID, home directory, and shell, with an 'x' placeholder where password hashes used to reside.
/usr/sbin/adduser is a utility binary used to create user accounts and contains no password hashes or credential data.
%systemroot%\NTDS\NTDS.dit is the Active Directory database file on Windows Domain Controllers and is not a Linux file or path.
/etc/shadow stores the actual hashed passwords (and salts) for all user accounts on modern Linux systems. Unlike /etc/passwd, which is world-readable, /etc/shadow is restricted to root access only. An attacker who gains read access to /etc/shadow can extract the hashes and perform offline brute-force or dictionary attacks to recover plaintext passwords.
Concept tested: Linux shadow password file and credential storage
Source: https://www.man7.org/linux/man-pages/man5/shadow.5.html
Topics
Community Discussion
No community discussion yet for this question.