it doesn't have to be a program written in C to exploit a security bug....also most OSs do not allow you to see the passwords no matter what privs you have, so "cracking" the password file will probably need to be cracked....also buffer overflow are not normally used to slow down or crash a system, they are normally used to execute code... Just thought I would point this out...:P