From owner-freebsd-questions Thu Nov 13 10:10:47 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id KAA03821 for questions-outgoing; Thu, 13 Nov 1997 10:10:47 -0800 (PST) (envelope-from owner-freebsd-questions) Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id KAA03816 for ; Thu, 13 Nov 1997 10:10:42 -0800 (PST) (envelope-from julian@whistle.com) Received: (from daemon@localhost) by alpo.whistle.com (8.8.5/8.8.5) id KAA10465; Thu, 13 Nov 1997 10:07:53 -0800 (PST) Received: from UNKNOWN(), claiming to be "current1.whistle.com" via SMTP by alpo.whistle.com, id smtpd010462; Thu Nov 13 10:07:47 1997 Message-ID: <346B417F.794BDF32@whistle.com> Date: Thu, 13 Nov 1997 10:05:51 -0800 From: Julian Elischer Organization: Whistle Communications X-Mailer: Mozilla 3.0Gold (X11; I; FreeBSD 2.2-CURRENT i386) MIME-Version: 1.0 To: "Randy A. Katz" CC: Steve Hovey , questions@FreeBSD.ORG Subject: Re: ARE THEY ABLE TO CRACK UNIX PASSWORDS??? References: <3.0.5.32.19971113081706.00c0a960@ccsales.com> <3.0.5.32.19971113085135.00a3ce20@ccsales.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Randy A. Katz wrote: > > OK. > > We're using master.passwd, it seems they can just pull down this file and > crack it. They got my root passwd and logged in and created other users > which have root access. The password they got is something like 5693k. Did > they actually get it from sniffing? > > I just can't believe they guessed that password!???! > > This guys' driving me nuts! Help! > > Thanx, > Randy Katz > > > > >You cannot decrypt a unix password - however you can guess them, and there > >are utilities that look at the salt part of the password field of the > >password file, then encrypt a dictionary - and or common permutations of > >userid and gecos field info. > > > >If you use the master.passwd scheme and do not use NIS then they cant do > >much of anything unless they gain root access or via some trick get a copy > >of master.passwd - even then they gotta run guess software per above. > > > > are you keeping up with revisions? there are ways of getting in that bypass the passowrds.. we fix them as we find them.. so you need to keep up. what version are you running? are /etc/master.passwd and /etc/spwd.db only readable by root? check the sanity of all suid binaries... get the 2.2.5 CD and run the upgrade option. julian