nerdexam
ExamsGCIHQuestions#710
GIAC

GCIH · Question #710

GCIH Question #710: Real Exam Question with Answer & Explanation

The correct answer is D: /etc/shadow. On Linux systems, salted password hashes are stored in /etc/shadow, a file with restricted permissions accessible only by root.

Vulnerability Exploitation & Privilege Escalation

Question

Where would salted hashes be found on a Linux machine?

Options

  • AIn the LSASS process
  • B%SYSTEMROOT%\ntds.dit
  • C/etc/passwd
  • D/etc/shadow

Explanation

On Linux systems, salted password hashes are stored in /etc/shadow, a file with restricted permissions accessible only by root.

Common mistakes.

  • A. LSASS (Local Security Authority Subsystem Service) is a Windows process responsible for credential management - it does not exist on Linux systems.
  • B. %SYSTEMROOT%\ntds.dit is the Active Directory Domain Services database found on Windows Domain Controllers and has no equivalent or presence on Linux.
  • C. /etc/passwd historically stored password hashes but modern Linux distributions store only an 'x' placeholder there, with the actual hashes relocated to /etc/shadow for security.

Concept tested. Linux salted password hash storage location

Reference. https://man7.org/linux/man-pages/man5/shadow.5.html

Topics

#/etc/shadow#Linux password#salted hashes#credential storage

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice