Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 19 Jan 2007 13:38:44 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: OpenUnix 8 hash format is not the normal DES?

On Thu, Jan 18, 2007 at 11:44:33PM -0300, Danett song wrote:
>   So now, nothing make sense, it appear to have other password file  (/etc/defaults/ia/master) however it have a own format, the shadow have  only DES format hashs, the program using getpwent() and getspnam()  return hash exactly as in shadow file (DES format), and the system in  some fashion is able to recoganize passwords with 8, 9, 10, 11  characters long via /bin/login, /bin/su, ... 

Well, all it means is that programs such as /bin/login and /bin/su use
proprietary interfaces rather than getspnam().  Here are some ideas for
what we may do:

1. Find out what those interfaces are and use them from our own program,
similar to the one I had posted.

2. Learn the /etc/defaults/ia/master file format - just to the extent
necessary to extract the usernames and full hashes - and parse this file
with our own program, similar to unafs.

3. Intercept password hashes as /bin/su (or another native program)
reads or uses them.  For example, we may construct a preloadable library
that would override crypt() or bigcrypt() and print out the second
argument (the salt, assuming that the program actually passes the entire
hash, which is a common practice).  We may also create a script that
would invoke /bin/su for all usernames found in /etc/passwd and pass
some wrong password in response to the prompt, just to trigger crypt()
or bigcrypt() calls with all hashes.

P.S. Please try to avoid quoting my entire messages below your signature.
Also, there's no need to CC me on your replies - sending them to the
list posting address is sufficient.

Thanks,

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ