rule:
meta:
name: get password database entry on Linux
namespace: host-interaction/session
authors:
- michael.hunhoff@mandiant.com
- jonathanlepore@google.com
scopes:
static: instruction
dynamic: call
features:
- and:
- or:
- os: linux
- os: android
- or:
- api: getpwuid
- api: getpwuid_r
- api: getpwnam
- api: getpwnam_r
- api: getpwent
- api: fgetpwent
- api: getpwent_r
- api: fgetpwent_r
last edited: 2024-10-30 15:19:22