get shadow password file entry on Linux

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: get shadow password file entry on Linux
    namespace: collection
    authors:
      - jonathanlepore@google.com
    scopes:
      static: instruction
      dynamic: call
    references:
      - https://manpages.ubuntu.com/manpages/noble/man3/getspent.3.html
  features:
    - and:
      - os: linux
      - or:
        - api: getspent
        - api: getspent_r
        - api: fgetspent
        - api: fgetspent_r
        - api: getspnam
        - api: getspnam_r

last edited: 2024-10-30 15:19:22