I have gain access to a server via ftp which is showing me the passwd file with 2 users via ftp://1.2.3.4/../etc/passwd
output is:
root:*:0:0:root::
ftp:*:109:117:Anonymous FTP::
As such the shadow file is not available and doesn't give the same response changing the url to X/../etc/shadow
Is it possible to obtain the shadow file, or might it not exist meaning that no root access is possible?
On typical systems, the file /etc/passwd doesn't actually have passwords in it, but rather shows the mapping between usernames and user IDs. In order to see usernames in any directory listing or other context, you must have access to that file. Otherwise you can't tell which username a given UID matches to.
In your case, the server isn't giving you access to anything even remotely important. Instead, you've been stuck in a chroot environment where your process can't see out of its own little sandbox. Nothing in there is security-sensitive.
But as mentioned, without access to the passwd file, you can't tell which user owns a given file, right? So they make up a passwd file just for you. It lists "root" at UID 0, and you "Anonymous FTP" at UID 109. And nothing else.
There are other users on the system, of course. You're not seeing the real passwd file. And there are other files and processes and all sorts of interesting stuff. But that's outside your sandbox. As far as FTP is concerned, all of that stuff doesn't even exist.
See: chroot.
