Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Mar 2008 15:56:40 -0400
From: "Travis Altman" <>
Subject: Re: How to determine # users with a shadow file


thanks for the good feedback.  i'm trying to crack passwords for my
organization (both Linux and Solaris) and I wanted to keep statistics about
weak passwords.  For example 5 out of 200 users had weak passwords in the
first quarter and so on.  i think i've got it figured out but someone tell
me if i'm wrong, below is what i know about the shadow file (still need some
help on items i put a "?" beside).

Solaris: *LK* = locked account, NP = no password, *LK*NP=?, *LK*$1$.... =
locked with password
Linux: !! = locked account, !* = no password, *= ?, !!$1$.... = locked with

I'm also pretty sure that *LK*$1$... was introduced with Solaris 10, before
that it would just say *LK* with no hash after.  Therefore you could not
unlock only reassign a new password in older version of Solaris.  so i
tweaked my awk script seen below.

awk -F: 'length($2)==13 || length($2)==34 {print $0}' inputFile.txt | wc -l

this script essentially says use ":" as a delimiter and if the 2nd field is
13 (DES) or 34 (MD5) characters then count that as a user.  so it will not
count what some people call a pseudo user or system user (e.g. ftp, nobody,
sshd, ...).  i also noticed that John will not try and crack a locked
account (e.g. !!$1$xTyU.....) correct?

so this script now matches the number of accounts John is trying to crack.
so i guess this script is also counting the number of active accounts?

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.