home *** CD-ROM | disk | FTP | other *** search
- Chapter 2: Passwords
-
- Cracking Unix passwords:
- Contrary to popular belief, UNIX passwords cannot be decrypted. UNIX
- passwords are encrypted with a one way function. The login program encrypts
- the text you enter at the "Password:" prompt and compares that encrypted
- string against the encrypted form of your password.
-
- Password cracking software uses wordlists. Each word in the wordlist is
- encrypted and the results are compared to the encrypted form of the target
- password.
-
- The best cracking program for UNIX passwords is currently Crack by Alec
- Muffett. For PC-DOS, the best package to use is currently CrackerJack.
-
- Password Shadowing:
- Password shadowing is a security system where the encrypted password field
- of /etc/passwd is replaced with a special token and the encrypted password
- is stored in a separate file which is not readable by normal system users.
-
- To defeat password shadowing on many (but not all) systems, write a program
- that uses successive calls to getpwent() to obtain the password file.
-
- Finding the shadowed password:
- UNIX Path Token
- -----------------------------------------------------------------
- AIX 3 /etc/security/passwd !
- /tcb/auth/files/[first letter #
- of username]/[username]
- A/UX 3.0s /tcb/files/auth/?/*
- BSD4.3-Reno /etc/master.passwd *
- ConvexOS 10 /etc/shadpw *
- ConvexOS 11 /etc/shadow *
- DG/UX /etc/tcb/aa/user/ *
- EP/IX /etc/shadow x
- HP-UX /.secure/etc/passwd *
- IRIX 5 /etc/shadow x
- Linux 1.1 /etc/shadow *
- OSF/1 /etc/passwd[.dir|.pag] *
- SCO UNIX #.2.x /tcb/auth/files/[first letter *
- of username]/[username]
- SunOS4.1+c2 /etc/security/passwd.adjunct ##username
- SunOS 5.0 /etc/shadow
- [optional NIS+ private secure maps/tables/whatever]
- System V Release 4.0 /etc/shadow x
- System V Release 4.2 /etc/security/* database
- Ultrix 4 /etc/auth[.dir|.pag] *
- UNICOS /etc/udb *
-
-
