Found the error Not allowed to load local resource: file:///etc/passwd while looking at infosec.pub’s communities page. There’s a community called “ignore me” that adds a few image tags trying to steal your passwd file.

  • Rooster@infosec.pubOP
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    If you ran your browser as root and configured your browser to load local resources on non-local domains maybe. I think you can do that in chrome://flags but you have to explicitly list the domains allowed to do it.

    I’m hoping this is just a bad joke.

      • Greg Clarke@lemmy.ca
        cake
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        1 year ago

        Are you sure? What do you get when you run $ cat /etc/passwd in terminal? Just paste the results here 😇

        Edit: to anyone reading this on the future, don’t actually do this, it was a joke

        • fox@vlemmy.net
          link
          fedilink
          English
          arrow-up
          6
          ·
          1 year ago

          yup pretty sure

          $ cat /etc/passwd
          fox:hunter2:1000:1000::/home/fox:/usr/bin/zsh
          

          😉

        • delial@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          Since you told me not to. There isn’t a risk on most linux systems; passwords were moved to /etc/shadow a long time ago. It only leaks the names of your users and largely useless info for most attackers:

          root:x:0:0:root:/root:/bin/bash
          daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
          bin:x:2:2:bin:/bin:/usr/sbin/nologin
          sys:x:3:3:sys:/dev:/usr/sbin/nologin
          sync:x:4:65534:sync:/bin:/bin/sync
          games:x:5:60:games:/usr/games:/usr/sbin/nologin
          man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
          lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
          mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
          news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
          uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
          proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
          www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
          backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
          list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
          irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
          gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
          nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
          _apt:x:100:65534::/nonexistent:/usr/sbin/nologin
          systemd-network:x:101:102:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
          systemd-resolve:x:102:103:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
          messagebus:x:999:999:System Message Bus:/:/usr/sbin/nologin
          systemd-timesync:x:998:998:systemd Time Synchronization:/:/usr/sbin/nologin
          systemd-coredump:x:997:997:systemd Core Dumper:/:/usr/sbin/nologin
          delial:x:1000:1000:,,,:/home/delial:/bin/bash
          sshd:x:103:65534::/run/sshd:/usr/sbin/nologin
          xrdp:x:104:110::/run/xrdp:/usr/sbin/nologin
          dictd:x:105:111:Dictd Server,,,:/var/lib/dictd:/usr/sbin/nologin
          nm-openvpn:x:106:112:NetworkManager OpenVPN,,,:/var/lib/openvpn/chroot:/usr/sbin/nologin
          sssd:x:107:113:SSSD system user,,,:/var/lib/sss:/usr/sbin/nologin