> > Before he gets in, he still has to run a brute-force/dictionary-att. on > > all users. He wouldn't have much time if the admins have done their > > jobs. > > Well no. Think about sysadmins who have to allow users to run crappy > PHP code on a shared server (so glad I'm not one of those people at > the moment). An attacker can execute commands as a web user, > probably far easier than brute-forcing an initial login. If they can > then just copy a world readable /etc/passwd, they can do all the > hash cracking offline. Which isn't possible if there's a /etc/shadow
This reminds me this document [1], which explains how some guys defeated apache.org server long, long time ago. Very good. Regards, [1] http://archives.neohapsis.com/archives/php/2000-05/att-0030/51-how_defaced_apache_org.txt -- Roberto E. Vargas Caballero
