home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: alt.hackers
- Path: sparky!uunet!super!adamfox
- From: adamfox@super.super.org (Adam Fox)
- Subject: Re: cracking login?
- Message-ID: <1992Nov22.215621.8985@super.org>
- Keywords: cracking loign
- Sender: adamfox@super (Adam Fox)
- Nntp-Posting-Host: super
- Organization: Supercomputing Research Center, Bowie, MD USA
- References: <1eorh6INN684@dixie.cs.ubc.ca>
- Date: Sun, 22 Nov 1992 21:56:21 GMT
- Approved: of course, you foolish mortal
- Lines: 28
-
- In article <1eorh6INN684@dixie.cs.ubc.ca>, hassan@cs.ubc.ca (Moustafa Hassan) writes:
- |> I've thought of a scheme for logging in as any user in a given file system.
- |> The only problem is that it's too easy. I must be under some illusion.
- |> I'd appreciate it if someone pointed out the flaw in my algorithm:
- |>
- |> 1. Obtain the code for login.c. I've done this. I'm having some trouble
- |> compiling it, because some constants are defined differently on my
- |> system. I should be able to fix this within a month's work.
- |> 2. Change the call to getpass to a function that reads in an arbitrary number
- |> of characters up to the newline. This is trivial.
- |> 3. Remove the encryption step where the password is encrypted.
- |> 4. Recompile.
- |> 5. When executing login, give it (the publically available) user id and
- |> encrypted password of any user on the system, and you're in.
- |>
- |> As I said, this scheme is too easy, and I refuse to believe that unix systems
- |> lack security to such a degree. Would someone take the time to disillusion
- |> me?
-
- I don't believe this will work because if I am not mistaken, the password
- is sent PLAINTEXT and is then encrypted on the remote host, then compared
- with the encrypted string in the password database. Therefore, sending an
- encrypted hash would not help as that hash would be hashed.
-
- -- Adam Fox
- adamfox@super.org
-
-
-
