What's New!

Chat with
Hackers

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front


More How to Explore the Insides of Internet Computers -- from your Browser!

Now you finally get to read about /etc/passwd.  


Figure 13. The file /etc/passwd shown in Netscape under Windows 98.

Don't get too excited! This is just a shadowed password file.  

Newbie note: "/etc/password" is the name of the password file under many Unix-type operating systems such as Linux or Solaris.  When you login to a shell account on this type of computer, when you give your user name and password, the operating system goes to /etc/passwd to find out whether you are allowed to login. 

Evil Genius Tip: If you get a password file that includes encrypted passwords, you can use a program such as Crack to extract passwords.  However, if the passwords have been chosen well, no program will be able to crack their encryption.  An uncrackacble password would typically be at least 8 characters long, include both upper case and lower case letters of the alphabet, numbers, and other characters such as !@#$%^&*()<>?.

You can go to jail warning!  If you crack a password file, mere possession of the cracked passwords can get you into trouble with the law.  To see what "Club Fed" (the destination for so many crackers) is all about, click here.

Evil genius tip: Even a shadowed /etc/passwd file can sometimes be used to break into a computer. With a list of all user names and the knowledge of which of these can spawn a shell, one may use password guessing.  This is often far slower than running the encrypted passwords though a program such as crack, but works surprisingly often.

What else can you do once you are inside your victim?  You can download programs!  For example:


Figure 14.  Downloading the program "ls" (list files) from a victim computer.

What is this good for?  If you are an evil genius type, you could analyze programs on victim.com for ways to break in.  In the example above, downloading "ls" won't do much good.  

More amazing web browser exploits--->>


Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group

 
 © 2013 Happy Hacker All rights reserved.