Ze'ev Maor said >Consider the following... > Almost 99% of ftpd's installed around the net enable anonymous >logins to d/l the /etc/passwd file. Just get the file This only works if the target site is stupid enough to have the real /etc/passwd file in the anonymous FTP area. Don't forget that any decent ftpd will put anonymous logins into a chroot()ed area[1]. This means that you don't actually need much of a password file. It is generally only used to map UIDs to usernames by things like ls. Not only that, but such an ftpd will also log the fact that you've downloaded the password file. We see 3 or 4 people a week download /etc/passwd from our ftp server. This doesn't really worry us as its a bogus password file with just enough entries to make the output of dir sensible. Even though we have Solaris 2.x (ie shadowed passwords) we do have passwords in the file; its just that they happen to give a message to the wannbe-cracker when crack is run :) [1]: We've altered our ftpd so that users in certain groups are also put into chroot()ed areas of our choice. -- Simon Burr | SysAdmin and Programmer, TCP Ltd simes@tcp.net.uk/simes@bofh.org.uk | http://www.tcp.co.uk/staff/simes/ I *don't* speak for my company, my boss does that cd /pub/lunch || dd if=/dev/zero of=/dev/mem