Common Information
| Type | Value |
|---|---|
| Value |
/etc/passwd and /etc/shadow - T1003.008 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may attempt to dump the contents of <code>/etc/passwd</code> and <code>/etc/shadow</code> to enable offline password cracking. Most modern Linux operating systems use a combination of <code>/etc/passwd</code> and <code>/etc/shadow</code> to store user account information including password hashes in <code>/etc/shadow</code>. By default, <code>/etc/shadow</code> is only readable by the root user.(Citation: Linux Password and Shadow File Formats) The Linux utility, unshadow, can be used to combine the two files in a format suited for password cracking utilities such as John the Ripper:(Citation: nixCraft - John the Ripper) <code># /usr/bin/unshadow /etc/passwd /etc/shadow > /tmp/crack.password.db</code> |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-10-26 | 1 | When PAM Goes Rogue: Malware Uses Authentication Modules for Mischief | ||
| Details | Website | 2023-09-20 | 86 | GOLD MELODY: Profile of an Initial Access Broker | ||
| Details | Website | 2023-06-22 | 17 | IoT devices and Linux-based systems targeted by OpenSSH trojan campaign | Microsoft Security Blog | ||
| Details | Website | 2023-04-17 | 4 | The Planets: Mercury Walkthrough | ||
| Details | Website | 2023-04-10 | 6 | Vulnhub Earth Walkthrough | ||
| Details | Website | 2023-03-28 | 24 | CVE Advisory - Full Disclosure Cisco ISE Path Traversal - Yoroi | ||
| Details | Website | 2023-03-13 | 4 | Interview Preparation for Security Engineer Roles | ||
| Details | Website | 2023-03-11 | 3 | Simple Linux Privilege Escalation Techniques | ||
| Details | Website | 2023-03-02 | 199 | Russia/Ukraine Update - February 2023 | ||
| Details | Website | 2023-02-21 | 20 | Network Attack and Defense Confrontation of “Left and Right Combat Techniques” | ||
| Details | Website | 2022-12-20 | 133 | Russia/Ukraine Update - December 2022 | ||
| Details | Website | 2022-11-29 | 132 | Russia/Ukraine Update - November 2022 | ||
| Details | Website | 2022-10-14 | 52 | Ransom Cartel Ransomware: A Possible Connection With REvil | ||
| Details | Website | 2022-10-14 | 55 | Ransom Cartel Ransomware: A Possible Connection With REvil | ||
| Details | Website | 2022-09-08 | 7 | How Malicious Actors Abuse Native Linux Tools in Their Attacks | ||
| Details | Website | 2022-09-08 | 7 | How Malicious Actors Abuse Native Linux Tools in Their Attacks | ||
| Details | Website | 2022-08-11 | 13 | The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors | Wiz Blog | ||
| Details | Website | 2022-04-28 | 128 | Tracking APT29 Phishing Campaigns | Atlassian Trello | ||
| Details | Website | 2022-04-27 | 57 | UNC2452 Merged into APT29 | Russia-Based Espionage Group | ||
| Details | Website | 2022-03-16 | 53 | Have Your Cake and Eat it Too? An Overview of UNC2891 | Mandiant | ||
| Details | Website | 2018-11-30 | 3 | With IoT, Common Devices Pose New Threats | ||
| Details | Website | 2018-06-05 | 4 | Beginners Guide for John the Ripper (Part 1) - Hacking Articles | ||
| Details | Website | 2018-05-24 | 4 | Linux Privilege Escalation using Sudo Rights - Hacking Articles | ||
| Details | Website | 2016-04-20 | 11 | Multiple vulnerabilities affecting several ASUS Routers | ||
| Details | Website | 2015-11-10 | 6 | Cracking password in Kali Linux using John the Ripper |