ETHICAL HACKING Questions and Answers

What is password shadowing?

Password shadowing is a security system where the encrypted password field of /etc/password is replaced with a special token and the encrypted password is stored in a seperate file which is not readable by normal system users.

To defeat password shadowing on many systems, write a program that uses successive calls to getpwent() to obtain the password file.

Example:
#include <pwd.h>
main()
{
struct passwd *p;
while(p=getpwent())
printf(“%s:%s:%d:%d:%s:%s:%sn”, p->pw_name, p->pw_passwd,
p->pw_uid, p->pw_gid, p->pw_gecos, p->pw_dir, p->pw_shell);
}