Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 9 Dec 2006 01:02:01 -0300 (ART)
From: Danett song <danett18@...oo.com.br>
To: john-users@...ts.openwall.com
Subject: Re: OpenUnix 8 hash format is not the normal DES?

Solar Designer,
  
  Thank you for reply, I'm very happy to exchange a e-mail with you that in my opinion is a hacker legend. :)

  >This was briefly discussed in here before:

>http://www.openwall.com/lists/john-users/2005/07/05/1
    
  I looked at it before post, but not sure....

>Basically, there must be another file where the "real" password hash is
>stored.  In fact, it is likely that there's a file per user or even a directory >per user.
    
  Hummm... documentation from SCO OpenUnix say that the password files are /etc/passwd and /etc/shadow using DES. :(

>Well, I think that you did not search hard enough.  I don't think that
>the alternate file will contain a colon after "root", or it might not
>contain "root" at all (rather, "root" might be in the file or directory
>name rather than inside the file).
    
  Files having the string root I looked without sucess. Any other trick for what look?

>Do you have a directory called "tcb" anywhere on the system - inside
>/etc or not?
    
  Yes, the /etc/security/tcb which contains the files  .prv.lock, oprivs and privs. 
    
  - The .prv.lock is a empity file.
    
  - The oprivs have some lines like:
  19428:4010:1101314868:%inher,macread,macwrite,dacread,dacwrite,owner,compat,fsysrange,filesys:/usr/bin/ln
  90960:3967:1101314720:%inher,macread,macwrite,dacread,dacwrite,owner,compat,fsysrange,filesys:/sbin/ln
  19428:4010:1101314868:%inher,macread,macwrite,dacread,dacwrite,owner,compat,fsysrange,filesys:/usr/bin/cp
  90960:3967:1101314720:%inher,macread,macwrite,dacread,dacwrite,owner,compat,fsysrange,filesys:/sbin/cp
    
  - The privs have some lines like:
  19428:4010:1101314868:%inher,macread,macwrite,dacread,dacwrite,owner,compat,fsysrange,filesys:/usr/bin/ln
  90960:3967:1101314720:%inher,macread,macwrite,dacread,dacwrite,owner,compat,fsysrange,filesys:/sbin/ln
  19428:4010:1101314868:%inher,macread,macwrite,dacread,dacwrite,owner,compat,fsysrange,filesys:/usr/bin/cp
  90960:3967:1101314720:%inher,macread,macwrite,dacread,dacwrite,owner,compat,fsysrange,filesys:/sbin/cp
    
  For me it doesn't appear to be realted with password encryption.
    
  >P.S. I notice that you're using the obsolete John the Ripper 1.6,
>released 8 years ago.  You should want to upgrade to 1.7+ and build it
>with MMX or SSE2 support (if you're on x86).
    
  Ok, I will make it, thank you for the suggestion.

>Also, you  did not need to use "cat" in your "grep" commands; instead >you can  pass the filenames right on grep's command line.

  It's a old custom...hehe
  
>-- 
>Alexander Peslyak 
>GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC >027C 5B34 1F15
>http://www.openwall.com - bringing security into open computing >environments

  Cheers,
  
  Daniel

 		
---------------------------------
 O Yahoo! está de cara nova. Venha conferir!

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.