Retrieving the
Encrypted Password File
¨find an exploit that
will perform a stack-based buffer
overflow of an SUID root program to gain root
access
¨Force a process that
reads the encrypted password file to
generate a core dump (memory dump of a dying
process)
–Crash one instance of
a FTP server
–Use another instance
of the FTP server to transfer the core file to
look for passwords to crack