Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Mon, 15 Jan 2007 14:26:07 -0300 (ART)
From: Danett song <danett18@...oo.com.br>
To: john-users@...ts.openwall.com
Cc: solar@...nwall.com
Subject: Re: OpenUnix 8 hash format is not the normal DES?

Hi Solar Designer,
  
  >Sure it does, however it appears that you've replaced some characters
  >before posting in here.  Also, the asterisk before this string is not a
  >part of the hash.  It may mean a locked account or it may be a part of
  >the binary file format.
  
  You are right in both afirmations. I changed some characters of the  hash, also the * is part of the original hash (and yes, this account is  looked).... but the output is only like that, very similar to the  output I pasted in last e-mail...
  
  
  >It might be the easiest to have the system do this for you.  Please try
  >this Perl one-liner (invoke it as root):
  
  >perl -e 'print "$n:$p:$u:$g:$f:$d:$s\n" while ($n,$p,$u,$g,$q,$c,$f,$d,$s) = >getpwent()'
  
  Unhapply it doesn't work as expected, it show all informations, expect the hashs...
  
  root:x:0:3:0000-Admin(0000):/:/sbin/sh
  daemon:x:1:12:0000-Admin(0000):/:
  bin:x:2:2:0000-Admin(0000):/usr/bin:
  sys:x:3:3:0000-Admin(0000):/:
  adm:x:4:4:0000-Admin(0000):/var/adm:
  uucp:x:5:5:0000-uucp(0000):/usr/lib/uucp:
  mail:x:6:6:Mail Processes:/etc/mail:
  nuucp:x:10:10:0000-uucp(0000):/var/spool/uucppublic:/usr/lib/uucp/uucico
  nobody:x:60001:60001:uid no body:/:
  noaccess:x:60002:60002:uid no access:/:
  .....
  ...
  
  Or it open the wrong file (/etc/passwd instead of master/shadow), or it  use a different format ($n, $p, $u, ....) in perl for openunix 8, ....
  
  The second one (format problem) isn't the case, since when i call  directly getpwent() from perl, it show all output less the hashs....
  
  So hard to get the real hashs from this Unix, lollll :(
  
  Any more ideas Solar? The more hard ones now (or do you have a trick for the perl one)? hehe
  
  Thank you
  
  Cheers
  

Solar Designer <solar@...nwall.com> escreveu:  On Sat, Jan 13, 2007 at 11:27:44AM +0300, Danett song wrote:
> Solar, for you the entire string (*5v21dw01yuPiGDVreR5kDDvT) looks like  some algorithm ?

Sure it does, however it appears that you've replaced some characters
before posting in here.  Also, the asterisk before this string is not a
part of the hash.  It may mean a locked account or it may be a part of
the binary file format.

> Any idea how to convert this file to text file, like the /etc/shadow (in a fashion we can read this)?

It might be the easiest to have the system do this for you.  Please try
this Perl one-liner (invoke it as root):

 perl -e 'print "$n:$p:$u:$g:$f:$d:$s\n" while ($n,$p,$u,$g,$q,$c,$f,$d,$s) = getpwent()'

-- 
Alexander Peslyak 
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.



 __________________________________________________
Fale com seus amigos  de graça com o novo Yahoo! Messenger 
http://br.messenger.yahoo.com/ 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ