10. Passwords & Keys
Introduction
While the root userβs account password is hashed and stored securely in /etc/shadow, other passwords, such as those for services may be stored in plaintext in config files.
If the root user re-used their password for a service, that password may be found and used to switch to the root user.
History Files
History files record commands issued by users while they are using certain programs.
If a user types a password as part of a command, this password may get stored in a history file.
It is always a good idea to try switching to the root user with a discovered password.
View the contents of all the hidden history files in the user's home directory:
cat ~/.*history | less
Config Files
Many services and programs use configuration (config) files to store settings.
If a service needs to authenticate to something, it might store the credentials in a config file.
If these config files are accessible, and the passwords they store are reused by privileged users, we may be able to use it to log in as that user.
e.g are openvpn files
SSH-Keys
SSH keys can be used instead of passwords to authenticate users using SSH.
SSH keys come in pairs: one private key, and one public key.
The private key should always be kept secret. If a user has stored their private key insecurely, anyone who can read the key may be able to log into their account using it.***
Last updated