nerdexam
GIAC

GCIH · Question #710

Where would salted hashes be found on a Linux machine?

The correct answer is D. /etc/shadow. On Linux systems, salted password hashes are stored in /etc/shadow, a file with restricted permissions accessible only by root.

Vulnerability Exploitation & Privilege Escalation

Question

Where would salted hashes be found on a Linux machine?

Options

  • AIn the LSASS process
  • B%SYSTEMROOT%\ntds.dit
  • C/etc/passwd
  • D/etc/shadow

How the community answered

(53 responses)
  • A
    8% (4)
  • B
    4% (2)
  • C
    2% (1)
  • D
    87% (46)

Why each option

On Linux systems, salted password hashes are stored in /etc/shadow, a file with restricted permissions accessible only by root.

AIn the LSASS process

LSASS (Local Security Authority Subsystem Service) is a Windows process responsible for credential management - it does not exist on Linux systems.

B%SYSTEMROOT%\ntds.dit

%SYSTEMROOT%\ntds.dit is the Active Directory Domain Services database found on Windows Domain Controllers and has no equivalent or presence on Linux.

C/etc/passwd

/etc/passwd historically stored password hashes but modern Linux distributions store only an 'x' placeholder there, with the actual hashes relocated to /etc/shadow for security.

D/etc/shadowCorrect

The /etc/shadow file stores salted, hashed passwords for all local Linux user accounts along with password aging metadata. Unlike /etc/passwd, which is world-readable, /etc/shadow is restricted to root access only, providing a security boundary around the stored credential hashes. The salt is included as part of the stored hash string in modular crypt format.

Concept tested: Linux salted password hash storage location

Source: https://man7.org/linux/man-pages/man5/shadow.5.html

Topics

#/etc/shadow#Linux password#salted hashes#credential storage

Community Discussion

No community discussion yet for this question.

Full GCIH Practice