An administrator has enabled salting for users’ passwords on a UNIX box. A penetration tester must attempt to retrieve password hashes. Which of the following files must the penetration tester use to eventually obtain passwords on the system? (Select TWO).
An administrator has enabled salting for users’ passwords on a UNIX box. A penetration tester must attempt to retrieve password hashes. Which of the following files must the penetration tester use to eventually obtain passwords on the system? (Select TWO).
A . /etc/passwd
B . /etc/shadow
C . /etc/security
D . /etc/password
E . /sbin/logon
F . /bin/bash
Answer: A, B
Explanation:
In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes a password or passphrase. In this question, enabling salting for users’ passwords means to store the passwords in an encrypted format.
Traditional Unix systems keep user account information, including one-way encrypted passwords, in a text file called "/etc/passwd". As this file is used by many tools (such as " Is") to display file ownerships, etc. by matching user id #’s with the user’s names, the file needs to be world-readable.
Consequentially, this can be somewhat of a security risk.
Another method of storing account information is with the shadow password format. As with the traditional method, this method stores account information in the /etc/passwd file in a compatible format. However, the password is stored as a single "x" character (ie. not actually stored in this file).
A second file, called "/etc/shadow", contains encrypted password as well as other information such as account or password expiration values, etc.
Incorrect Answers:
C: The /etc/security file contains group information. It does not contain usernames or passwords.
D: There is no /etc/password file. Usernames are stored in the /etc/passwd file.
E: There is no /sbin/logon file. Usernames are stored in the /etc/passwd file.
F: /bin/bash is a UNIX shell used to run a script. It is not where usernames or passwords are stored.
References:
http://www.tldp.org/LDP/lame/LAME/linux-admin-made-easy/shadow-file-formats.html