We leaks the /etc/shadow file by repeatedly trying to authenticate a user with the passwd utility. The animation is sped up for the latter part of the video, the total process takes about 24 hours at the moment. A similar attack can leak the /etc/shadow of a cloud co-tenant by repeatedly opening an SSH connection.