Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 18 Feb 2012 01:09:04 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Cc: Salazar Aleman Pablo Cesar <pablo.salazar@...o.com>
Subject: Re: Run john on HP-UX 11i v2 Trusted System

Hi,

On Wed, Feb 15, 2012 at 10:55:10AM -0600, Salazar Aleman Pablo Cesar wrote:
> I need to run John on a System HP-Ux 11i v2 on Trusted.
> 
> What is the command line?

Please note that you don't actually have to run John on HP-UX - you may
instead take the password hashes from your HP-UX system and run John on
them on another machine (easier to use and/or faster).  Of course, this
may be a security risk (if that other machine is compromised).

To compile John on HP-UX, use one of these commands (in the "src"
directory):

make clean hpux-pa-risc-gcc
make clean hpux-pa-risc-cc
make clean generic

Normally, the first or/and the second one of these should work,
depending on which C compiler you have installed (yes, you'll need to
install one if you want to run John on HP-UX - which you don't have to
as I explained above).  "generic" is an alternative in case the above
commands fail; it uses gcc.  Please report any failures in here in case
there's a portability issue for us to fix.

These hpux* targets have been tested on much older HP-UX systems,
though (e.g., I only have 10.20 on a 712/80, and I haven't powered that
machine on in some years now).  They're 32-bit only (better performance
may be achieved with 64-bit, but someone will need to define a proper
make target; I don't have access to a 64-bit PA-RISC machine).

Since your system is "trusted", it probably keeps password hashes in
separate files.  I have the following commands written down:

umask 077
cat /tcb/files/auth/?/* > shadow

Then you'll need to run JtR's "unshadow" program on /etc/passwd and the
shadow file obtained above.  "unshadow" is HP-UX aware, it contains
these checks:

	/* DU / Tru64 C2, HP-UX tcb */
	if (!strncmp(passwd, "u_name=", 7)) {
		if ((passwd = strstr(passwd, ":u_pwd=")))
			passwd += 7;
	} else
	/* HP-UX tcb */
	if (!strncmp(passwd, "u_pwd=", 6) && entry) {
		passwd += 6;
		if ((tail = strchr(passwd, ':')))
			*tail = 0;
		(*entry)->passwd = str_alloc_copy(passwd);
		return;
	}

which I hope is still right for recent HP-UX systems.

Note that you don't have to run "unshadow" right on the HP-UX system.
You may as well run it e.g. on a Linux system where you'll be running
John itself.  This will avoid the need for having a C compiler installed
on HP-UX.

Please let us (the john-users list) know of your results.  BTW, you
don't appear to be subscribed, and on john-users replies are normally
sent to the list only - so you might miss some.

I hope this helps.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ