Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Mar 2008 15:19:27 -0600
From: RB <>
Subject: Re: How to determine # users with a shadow file

>  Solaris: *LK* = locked account, NP = no password, *LK*NP=?, *LK*$1$.... =
>  locked with password
>  Linux: !! = locked account, !* = no password, *= ?, !!$1$.... = locked with
>  password
I'm not sure about all the semantics of locking accounts and such, but
you can pretty much say that if the hash field does not start with '$'
and a digit, they are unable to log in with a local password.

>  awk -F: 'length($2)==13 || length($2)==34 {print $0}' inputFile.txt | wc -l
That should work, but IMO is rather brittle.  Better to do a regex
match like '~ /^\$/', which should continue to work with most
UNIX-used hash types.

>  account (e.g. !!$1$xTyU.....) correct?
>  so i guess this script is also counting the number of active accounts?
It seems so.  It would also be trivial to have a short sed script
modify your offline shadow file to crack *everybody*, not just the
unlocked users.

If you're interested in precisely how JTR checks whether a hash is of
a given type, look at 'static int valid' in *_fmt.c in the source.
Spoiler: for the most part, each format tries with an initial
~3-character signature, most of which start with '$'.

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.