Date: Thu, 7 Dec 2006 10:59:53 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: OpenUnix 8 hash format is not the normal DES? On Tue, Dec 05, 2006 at 09:12:36PM +0000, Danett song wrote: > # cat /etc/shadow|grep test > test:B1x0F/cug2meE:13487:::::: > > The password is "test1234567". If I use john (including my password at wordlist) it found my password as a DES (only showing the first 8 characters, since in DES the rest is truncated). > > # john -wordfile:wordlist.txt pwd > Loaded 1 password (Standard DES [48/64 4K]) > test1234 (test) > guesses: 1 time: 0:00:00:00 100% c/s: 512 trying: amor - amux > > Perfect, however if I try log in the OpenUnix 8 with user test and password test1234 it always fail. This was briefly discussed in here before: http://www.openwall.com/lists/john-users/2005/07/05/1 Basically, there must be another file where the "real" password hash is stored. In fact, it is likely that there's a file per user or even a directory per user. > I also looked system for possible alternate password file in /etc/default/password and /etc/security/ but I can't find. I also tryed locate in /etc files having the string "root:" which can indicate a alternate password file. Well, I think that you did not search hard enough. I don't think that the alternate file will contain a colon after "root", or it might not contain "root" at all (rather, "root" might be in the file or directory name rather than inside the file). Do you have a directory called "tcb" anywhere on the system - inside /etc or not? P.S. I notice that you're using the obsolete John the Ripper 1.6, released 8 years ago. You should want to upgrade to 1.7+ and build it with MMX or SSE2 support (if you're on x86). Also, you did not need to use "cat" in your "grep" commands; instead you can pass the filenames right on grep's command line. -- Alexander Peslyak <solar at openwall.com> GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15 http://www.openwall.com - bringing security into open computing environments Was I helpful? Please give your feedback here: http://rate.affero.net/solar -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ