Date: Wed, 8 Apr 98 18:22:36 +0200 From: THIERRY.HERBELOT@telspace.alcatel.fr To: panda@peace.com.my Cc: questions@FreeBSD.ORG Subject: =?ISO-8859-1?Q?R=E9p_:_Crack_on_FBSD_-_how_to_make_it_more_thorough_??= Message-ID: <H000057c014e0839@MHS> In-Reply-To: <3.0.32.19980408235052.0117f9e8@peace.com.my>
next in thread | previous in thread | raw e-mail | index | archive | help
You could check it on the mailing llist archive : passwords beginning
with $1$ are crypted with the MD5 library. Crack tries to discover
passwords crypted with the (standard) DES library : it's completely
normal that you can't find back HELLO.
AFAIK, there is no method to automatically convert your password
database from MD5 crypting to DES crypting (you would need a tool to
automatically discover the source passwords "in the clear" first, and
all crypting methods try hard making such tolls impossible to have -
except if your name is NSA)
good luck
TfH
____________________________ Séparateur Réponse ________________________________
Objet : Crack on FBSD - how to make it more thorough ?
Auteur : panda@peace.com.my
Date : 08/04/98 17:28
I installed Crack-5.0 using the package (not the port) and
it seems to function, but I'm not sure it's working properly.
I changed the shadmrg script to merge the /etc/passwd and
/etc/master.passwd and ran Crack on the output.
Crack was finished in less than 10 seconds.
OK, so I only have 100 users on this system but I thought
that this would be still quite an intensive task to run.
Before this, I'd added a 'dummy' userid with passwd "HELLO"
so that I could check that crack was actually doing
something but strangely, Crack didn't find that (and
I wouldn't have thought "HELLO" was a particularly
intelligent passwd). Fortunately, Crack did discover
2 users with ridiculously easy passwds (since corrected).
so I knew it was doing something.
Looking at conf/dictrun.conf, I see that nearly all the
rules were employed. Should it really have run so fast ?
the Reporter also showed the following errors for all user :
E:0:bad format: output.txt: username:$1$NTG2CU1tFICN2VX20:1029:1006:U
ser &:/home/username:/bin/sh
I was running Crack on a file output.txt, which was the output
of running scripts/shadmrg.fbsd, based on the supplied shadmrg.sv :
SHADOW=/etc/master.passwd
PASSWD=/etc/passwd
(
sed -e 's/^/STAG:/' < $SHADOW
sed -e 's/^/PTAG:/' < $PASSWD
) |
awk -F: '
BEGIN {
OFS=":";
$1 == "STAG" {
pw[$2] = $3;
next;
}
$1 == "PTAG"{
$3 = pw[$2];
print $0;
}' |
I'm afraid I'm not an awk guy so if I just swapped the variable
names at the top.
Anyway, if there are any other changes that need to be done
to get crack to work perform a more thorough check on FBSD ?
chas
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?H000057c014e0839>