Found the error Not allowed to load local resource: file:///etc/passwd while looking at infosec.pub’s communities page. There’s a community called “ignore me” that adds a few image tags trying to steal your passwd file.

You have to be extremely poorly configured for this to work, but the red flags you see should keep you on your toes for the red flags you don’t.

  • honestly, this feels more like a proof of concept than an actual hack. passwords are almost universally encrypted and stored in /etc/shadow nowadays and when I was on the security CoP at my old job cat’ing /etc/passwd was how we proved basic read access to a system but nothing more.

    It is possible that something like this could exfil the file as well, which might leak info about what daemons a given system is running. An attacker could possibly then do some research to find vulnerabilities for a given service version and try the real attack later. Generally complex kill chains like this aren’t viable for mass scanning though, much more likely that they would just automate an attempt at a few common exploits than force themselves to do actual recon.