More How to Explore
the Insides of Internet Computers -- from your Browser!
Now you finally get to read about /etc/passwd.
Figure 13. The file /etc/passwd shown in
Netscape under Windows 98.
Don't get too excited! This is just
a shadowed password file.
Newbie note: "/etc/password"
is the name of the password file under many Unix-type operating
systems such as Linux or Solaris. When you login to a shell
account on this type of computer, when you give your user name
and password, the operating system goes to /etc/passwd to find
out whether you are allowed to login.
Evil Genius Tip: If you get a password
file that includes encrypted passwords, you can use a program
such as Crack to extract passwords. However, if the passwords
have been chosen well, no program will be able to crack their
encryption. An uncrackacble password would typically be
at least 8 characters long, include both upper case and lower
case letters of the alphabet, numbers, and other characters such
as !@#$%^&*()<>?.
You can go to jail warning!
If you crack a password file, mere possession of the cracked
passwords can get you into trouble with the law. To see
what "Club Fed" (the destination for so many crackers)
is all about, click here.
Evil genius tip: Even a shadowed
/etc/passwd file can sometimes be used to break into a computer.
With a list of all user names and the knowledge of which of these
can spawn a shell, one may use password guessing. This
is often far slower than running the encrypted passwords though
a program such as crack, but works surprisingly often.
What else can you do once you are inside
your victim? You can download programs! For example:
Figure 14. Downloading the program "ls" (list
files) from a victim computer.
What is this good for? If you are an evil genius type,
you could analyze programs on victim.com for ways to break in.
In the example above, downloading "ls" won't do much
good.
More amazing web browser exploits--->>
