Our great sponsors
-
john
John the Ripper jumbo - advanced offline password cracker, which supports hundreds of hash and cipher types, and runs on many operating systems, CPUs, GPUs, and even some FPGAs
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
With the root hash you can crack the root password using tools like John The Ripper[0]. More generally, I assume, this exploit can be used to read any arbitrary files on the system, bypassing regular access control, and plenty of other stuff you aren't supposed to be able to do as a non-privileged user.
0: https://www.openwall.com/john/
when you look properly at the end of the video the root hash starts with $y$ implying its yescrypt
more info here https://manpages.debian.org/unstable/libcrypt-dev/crypt.5.en...
https://www.openwall.com/yescrypt/
once you have the hash you have to use some rainbow tables if they exist for that hash function or bruteforce it
the authors of yescrypt claim: "Technically, yescrypt is the most scalable password hashing scheme so far, providing near-optimal security from offline password cracking across the whole range from kilobytes to terabytes and beyond. "
in any way, this is a local attack, someone / some software on your local machine would need to execute it so i am not overly stressed, password hashes leak all the time from all different sources
yet, it does worry me because my AMD stock is dropping on value because of this today :D
Related posts
- Wordlists ,Crunch, John and Hash Cat - All Kali Word List Tools Explained.
- password decryption help
- command zip2john not found help
- How to pass this captcha?
- ELI5: why is a password that uses numbers and letters stronger than one with only letters? the attackers don't know that you didn't use numbers, so they must include numbers in their brute force either way.