On 14/11/18 9:28 pm, Corey Manshack wrote: > If they have /etc/shadow why would they need to brute force :) I can’t think of a vuln that would give that up without them already having root. A website file uploader tool, apparantly there has been one there for about 10 years using jquery. Once the file is uploaded, it can be leveraged to steel other files that the website shouldn't have access to. That's just one example. I'm sure there are many others. A.