Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 5 Dec 2006 21:12:36 +0000 (GMT)
From: Danett song <danett18@...oo.com.br>
To: john-users@...ts.openwall.com
Subject: OpenUnix 8 hash format is not the normal DES?

Hi there,
  
  I got a new machine, it's a OpenUnix 8 running in ia32, so I solved to  check how it the password format. At first look it appear like a Linux  system which use /etc/passwd and /etc/shadow.
  
  A example entry is:
  
  # cat /etc/passwd|grep test
  test:x:155:1::/home/test:/bin/sh
  
  # cat /etc/shadow|grep test
  test:B1x0F/cug2meE:13487::::::
  
  The password is "test1234567". If I use john (including my password at  wordlist) it  found my password as a DES (only showing the first 8  characters, since in DES the rest is truncated).
  
  # john -wordfile:wordlist.txt  pwd
  Loaded 1 password (Standard DES [48/64 4K])
  test1234         (test)
  guesses: 1  time: 0:00:00:00 100%  c/s: 512  trying: amor - amux
  
  Perfect, however if I try log in the OpenUnix 8 with user test and  password test1234 it always fail. I tryed via telnet, with su (and  typing the password manualy, copying it from clipboard, etc). So in  short it's not a mistake mine in the type process.
  
  I also looked system for possible alternate password file in  /etc/default/password and /etc/security/ but I can't find. I also tryed  locate in /etc files having the string "root:" which can indicate a  alternate password file.
  
  # find /etc -type f -mount |xargs fgrep -le "root:"
  /etc/conf/cf.d/unix
  /etc/conf/pack.d/fs/Driver_atup.o
  /etc/conf/pack.d/fs/Driver_mp.o
  /etc/conf/pack.d/fs/_drv.o
  /etc/group
  /etc/init.d/RFC1006init
  /etc/mail/cf/README
  /etc/shadow
  /etc/ogroup
  /etc/oshadow
  /etc/passwd
  /etc/rc0.d/K69rfc1006
  /etc/rc1.d/K69rfc1006
  /etc/rc2.d/S69rfc1006
  /etc/saf/nbcots/_pmtab
  /etc/saf/tcp/_pmtab
  /etc/security/seclevel/high/script
  /etc/security/seclevel/improved/script
  /etc/security/seclevel/low/script
  /etc/security/seclevel/traditional/script
  /etc/opasswd
  
  I checked each file and the unique that have password entrys are:
  
  /etc/shadow
  /etc/oshadow
    /etc/passwd
  /etc/opasswd
  
  However looking at documentation, this opasswd and oshadow are copys of  original files (equivalento to passwd- and shadow- in Linux).
  
  In the man passwd I found a intersting text:
  
  "Passwords must be constructed to meet the following requirements:
       * Each password must have at least PASSLENGTH characters as defined
         in /etc/default/passwd. PASSLENGTH must be at least 3. The first
         80 characters of a password are treated as significant (this is
         the value of PASS_MAX in /usr/include/limits.h)."
  
  It say it's able to TRAT UP TO 80 characters? How can it be possible using DES?
  
  So my doubt goes, how OpenUnix 8 appear to use DES and is able to store and compare password bigger than 8 characters?
  
  Also, is there a way to crack the full password using John in wordlist mode?
  
  Ideas and solutions are welcome.
  
  Thank you and cheers,
  
 		
---------------------------------
 Yahoo! Search
 Música para ver e ouvir: You're Beautiful, do James Blunt

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ