get password database entry on Linux

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: get password database entry on Linux
    namespace: host-interaction/session
    authors:
      - michael.hunhoff@mandiant.com
    scopes:
      static: basic block
      dynamic: call
  features:
    - and:
      - or:
        - os: linux
        - os: android
      - or:
        - api: getpwuid
        - api: getpwuid_r
        - api: getpwnam
        - api: getpwnam_r

last edited: 2024-04-23 11:49:05