[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Password decrypting ? Sendmail problems ?



Oliver Schoenknecht <oschoenknecht@kapa.de> writes:

> Hello everyone,
> 
> first of all I need to tell you that I have some kind of bet running -
> a friend of mine has put up a SuSE 6.3 linux-proxy and mail server and
> claims it to be safe although you can reach it via telnet and ftp from
> outside... Recently he dared me to try to crack his password file so
> that he may think about new ways of protecting his system... After
> some search I got his password file which you see below ... I for
> myself can make out the different users but the passwords are
> encrypted.... does anyone of you know how to decrypt those strange
> letters into clear text ? Your help is appreciated very well as I am
> about to win some gallons of beer if I succeed ;-) !
> 
> 
> root:nfDtfW1jlCDo.:0:0:Der Systemverwalter:/root:/bin/bash bin:*:1:1:bin:/bin: daemon:*:2:2:daemon:/sbin:
> adm:*:3:4:adm:/var/adm: lp:*:4:7:lp:/var/spool/lpd: sync:*:5:0:sync:/sbin:/bin/sync 
> shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown halt:*:7:0:halt:/sbin:/sbin/halt mail:*:8:12:mail:/var/spool/mail: 
> news:*:9:13:news:/var/spool/news: uucp:*:10:0:uucp:/var/spool/uucp: operator:*:11:0:operator:/root: 
> games:*:12:100:games:/usr/games: gopher:*:13:30:gopher:/usr/lib/gopher-data: ftp:*:14:50:FTP User:/home/ftp: 
> nwserv:*:98:98:Novell-Server-Administrator:/home/nwserv: nobody:*:99:99:Nobody:/home/ftp: 
> users:*:100:100:Users:/: xmail:*:101:101:Automatischer Mail-Austausch:/: ips:OYpr4MrkKRtfg:102:0:Das 
> IPS-Wartungsteam:/home/ips:/bin/bash gast:nNeuxHMzMuJ9s:400:400:Generic STZ 
> User:/home/gast:/usr/local/bin/menue client01:T3S4y0uqUDiOc:401:400:Gast-Benutzer 

If the file you got is /etc/passwd, tell your friend to use shadow
passwords to begin with.  If he already is, tell him he has a problem
with permissions on /etc/shadow.  I have

  -rw-r--r--    1 root     root         1583 Jul 16 17:28 /etc/passwd
  -rw-r-----    1 root     shadow        992 Jul 16 17:28 /etc/shadow

which requires root access or shadow group membership to just see the
encrypted passwords.

Next, if you want to try crack the passwords you got, there are a few
programs that will do that for you.  See the Security HOWTO chapter 6
for details on password encryption and cracking.
-- 
Olaf Meeuwissen       Epson Kowa Corporation, Research and Development



Reply to: