Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 9 Dec 2006 01:02:01 -0300 (ART)
From: Danett song <danett18@...oo.com.br>
To: john-users@...ts.openwall.com
Subject: Re: OpenUnix 8 hash format is not the normal DES?

Solar Designer,
  
  Thank you for reply, I'm very happy to exchange a e-mail with you that in my opinion is a hacker legend. :)

  >This was briefly discussed in here before:

>http://www.openwall.com/lists/john-users/2005/07/05/1
    
  I looked at it before post, but not sure....

>Basically, there must be another file where the "real" password hash is
>stored.  In fact, it is likely that there's a file per user or even a directory >per user.
    
  Hummm... documentation from SCO OpenUnix say that the password files are /etc/passwd and /etc/shadow using DES. :(

>Well, I think that you did not search hard enough.  I don't think that
>the alternate file will contain a colon after "root", or it might not
>contain "root" at all (rather, "root" might be in the file or directory
>name rather than inside the file).
    
  Files having the string root I looked without sucess. Any other trick for what look?

>Do you have a directory called "tcb" anywhere on the system - inside
>/etc or not?
    
  Yes, the /etc/security/tcb which contains the files  .prv.lock, oprivs and privs. 
    
  - The .prv.lock is a empity file.
    
  - The oprivs have some lines like:
  19428:4010:1101314868:%inher,macread,macwrite,dacread,dacwrite,owner,compat,fsysrange,filesys:/usr/bin/ln
  90960:3967:1101314720:%inher,macread,macwrite,dacread,dacwrite,owner,compat,fsysrange,filesys:/sbin/ln
  19428:4010:1101314868:%inher,macread,macwrite,dacread,dacwrite,owner,compat,fsysrange,filesys:/usr/bin/cp
  90960:3967:1101314720:%inher,macread,macwrite,dacread,dacwrite,owner,compat,fsysrange,filesys:/sbin/cp
    
  - The privs have some lines like:
  19428:4010:1101314868:%inher,macread,macwrite,dacread,dacwrite,owner,compat,fsysrange,filesys:/usr/bin/ln
  90960:3967:1101314720:%inher,macread,macwrite,dacread,dacwrite,owner,compat,fsysrange,filesys:/sbin/ln
  19428:4010:1101314868:%inher,macread,macwrite,dacread,dacwrite,owner,compat,fsysrange,filesys:/usr/bin/cp
  90960:3967:1101314720:%inher,macread,macwrite,dacread,dacwrite,owner,compat,fsysrange,filesys:/sbin/cp
    
  For me it doesn't appear to be realted with password encryption.
    
  >P.S. I notice that you're using the obsolete John the Ripper 1.6,
>released 8 years ago.  You should want to upgrade to 1.7+ and build it
>with MMX or SSE2 support (if you're on x86).
    
  Ok, I will make it, thank you for the suggestion.

>Also, you  did not need to use "cat" in your "grep" commands; instead >you can  pass the filenames right on grep's command line.

  It's a old custom...hehe
  
>-- 
>Alexander Peslyak 
>GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC >027C 5B34 1F15
>http://www.openwall.com - bringing security into open computing >environments

  Cheers,
  
  Daniel

 		
---------------------------------
 O Yahoo! está de cara nova. Venha conferir!

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ