Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 7 Dec 2006 10:59:53 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: OpenUnix 8 hash format is not the normal DES?

On Tue, Dec 05, 2006 at 09:12:36PM +0000, Danett song wrote:
>   # cat /etc/shadow|grep test
>   test:B1x0F/cug2meE:13487::::::
>   
>   The password is "test1234567". If I use john (including my password at  wordlist) it  found my password as a DES (only showing the first 8  characters, since in DES the rest is truncated).
>   
>   # john -wordfile:wordlist.txt  pwd
>   Loaded 1 password (Standard DES [48/64 4K])
>   test1234         (test)
>   guesses: 1  time: 0:00:00:00 100%  c/s: 512  trying: amor - amux
>   
>   Perfect, however if I try log in the OpenUnix 8 with user test and  password test1234 it always fail.

This was briefly discussed in here before:

	http://www.openwall.com/lists/john-users/2005/07/05/1

Basically, there must be another file where the "real" password hash is
stored.  In fact, it is likely that there's a file per user or even a
directory per user.

>   I also looked system for possible alternate password file in  /etc/default/password and /etc/security/ but I can't find. I also tryed  locate in /etc files having the string "root:" which can indicate a  alternate password file.

Well, I think that you did not search hard enough.  I don't think that
the alternate file will contain a colon after "root", or it might not
contain "root" at all (rather, "root" might be in the file or directory
name rather than inside the file).

Do you have a directory called "tcb" anywhere on the system - inside
/etc or not?

P.S. I notice that you're using the obsolete John the Ripper 1.6,
released 8 years ago.  You should want to upgrade to 1.7+ and build it
with MMX or SSE2 support (if you're on x86).

Also, you did not need to use "cat" in your "grep" commands; instead you
can pass the filenames right on grep's command line.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ