An administrator has enabled salting for users’ passwords on a UNIX box. A penetration tester must attempt to retrieve password hashes. Which of the following files must the penetration tester use to eventually obtain passwords on the system? (Select TWO).
A . /etc/passwd
B . /etc/shadow
C . /etc/security
D . /etc/password
E . /sbin/logon
F . /bin/bash
Answer: A, B
Explanation:
In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes a password or passphrase. In this question, enabling salting for users’ passwords means to store the passwords in an encrypted format.
Traditional Unix systems keep user account information, including one-way encrypted passwords, in a text file called "/etc/passwd". As this file is used by many tools (such as " Is") to display file ownerships, etc. by matching user id #’s with the user’s names, the file needs to be world-readable.
Consequentially, this can be somewhat of a security risk.
Another method of storing account information is with the shadow password format. As with the traditional method, this method stores account information in the /etc/passwd file in a compatible format. However, the password is stored as a single "x" character (ie. not actually stored in this file).
A second file, called "/etc/shadow", contains encrypted password as well as other information such as account or password expiration values, etc.
Incorrect Answers:
C: The /etc/security file contains group information. It does not contain usernames or passwords.
D: There is no /etc/password file. Usernames are stored in the /etc/passwd file.
E: There is no /sbin/logon file. Usernames are stored in the /etc/passwd file.
F: /bin/bash is a UNIX shell used to run a script. It is not where usernames or passwords are stored.
References:
http://www.tldp.org/LDP/lame/LAME/linux-admin-made-easy/shadow-file-formats.html