Click here to find books related to 'unix security'.


Chapter 2: Passwords

Cracking Unix passwords:
Contrary to popular belief, UNIX passwords cannot be decrypted. UNIX
passwords are encrypted with a one way function. The login program encrypts
the text you enter at the "Password:" prompt and compares that encrypted
string against the encrypted form of your password.

Password cracking software uses wordlists. Each word in the wordlist is
encrypted and the results are compared to the encrypted form of the target
password.

The best cracking program for UNIX passwords is currently Crack by Alec
Muffett. For PC-DOS, the best package to use is currently CrackerJack.

Password Shadowing:
Password shadowing is a security system where the encrypted password field
of /etc/passwd is replaced with a special token and the encrypted password
is stored in a separate file which is not readable by normal system users. 

To defeat password shadowing on many (but not all) systems, write a program
that uses successive calls to getpwent() to obtain the password file.

Finding the shadowed password:
UNIX                  Path                            Token
-----------------------------------------------------------------
AIX 3                 /etc/security/passwd            !
                      /tcb/auth/files/[first letter   #
                            of username]/[username]
A/UX 3.0s             /tcb/files/auth/?/*
BSD4.3-Reno           /etc/master.passwd              *
ConvexOS 10           /etc/shadpw                     *
ConvexOS 11           /etc/shadow                     *
DG/UX                 /etc/tcb/aa/user/               *
EP/IX                 /etc/shadow                     x
HP-UX                 /.secure/etc/passwd             *
IRIX 5                /etc/shadow                     x
Linux 1.1             /etc/shadow                     *
OSF/1                 /etc/passwd[.dir|.pag]          *
SCO UNIX #.2.x        /tcb/auth/files/[first letter   *
                            of username]/[username]
SunOS4.1+c2           /etc/security/passwd.adjunct    ##username
SunOS 5.0             /etc/shadow
                      [optional NIS+ private secure maps/tables/whatever]
System V Release 4.0  /etc/shadow                     x
System V Release 4.2  /etc/security/* database
Ultrix 4              /etc/auth[.dir|.pag]            *
UNICOS                /etc/udb                        *



This page was created Wed Aug 11 23:16:52 EDT 1999
Using Linux version 2.0.32 on an i586

Main Page @ Matarese.com The Myth of the 2600Hz Detector @ Matarese.com       Acquiring Account Information @ Matarese.com      

Act2! by Symantec @ Matarese.com       All hacks / Annoyance @ Matarese.com      

Alt 2600 Group FAQ @ Matarese.com       Hacking Angelfire @ Matarese.com      

Anonymous E-Mail @ Matarese.com       Anonymous FTP: Frequently Asked Questions (FAQ) @ Matarese.com      

Maintaining Access - Implementing Backdoors @ Matarese.com       How to Receive Banned Newsgroups FAQ @ Matarese.com      

Hacking BBS's @ Matarese.com       phreaking tutorial @ Matarese.com      

The Bluebox @ Matarese.com       List of Common Bugs @ Matarese.com      

Things that go Bump on the Internet @ Matarese.com       Hacking Calling Cards @ Matarese.com      

Expanding the capacity of Caller ID Boxes @ Matarese.com       What is Caller-ID? @ Matarese.com      

Hacking Call Back Verify @ Matarese.com       CULT OF THE DEAD COW @ Matarese.com      

Cellular Roaming: The New Deals @ Matarese.com       CELLULAR TELEPHONE PHREAKING PHILE SERIES @ Matarese.com      

      The Matarese Circle @ Matarese.com      

Cops and Robbers | UNIX Security @ Matarese.com       Credit Carding Part I @ Matarese.com      

Exploits FAQ @ Matarese.com       Making Free Calls @ Matarese.com      

FTP Bouncing @ Matarese.com       Hackers Encyclopedia @ Matarese.com      

Hacking from Windows9x FTP @ Matarese.com       Hacking Tripod @ Matarese.com      

Hacking Web Pages @ Matarese.com       How to crack a UNIX password file. @ Matarese.com      

Hacking Servers : A Begginners Guide @ Matarese.com       Hacking Tutorial @ Matarese.com      

Hacking UNIX @ Matarese.com       How to Hack the WWWboard Message Board 2.0 @ Matarese.com      

Hackers Handbook @ Matarese.com       Guide to Harmless-Hacking @ Matarese.com      

All about security holes @ Matarese.com       Hacking Hotmail @ Matarese.com      

]How to Hack from from Harlequin and Archangel @ Matarese.com       Improve security by breaking into your site @ Matarese.com      

Ch1can0 BEOWULF @ Matarese.com       Internet Security @ Matarese.com      

IRC Hacking FAQ by Lord Somer @ Matarese.com       Lan Technology Scorecard @ Matarese.com      

Harmless Hacking - Linux @ Matarese.com       INDEX @ Matarese.com      

Mail Spoofing Explained @ Matarese.com       Microsoft IIS Vulnerability @ Matarese.com      

Microsoft(Yuk) Index Server exposes IDs and Passwords @ Matarese.com       Intresting Microsoft Access 7.0 Trick @ Matarese.com      

MS Money 2.0 Back Door @ Matarese.com       Mind Your Own Business (MYOB) @ Matarese.com      

This Hack is for the OptiChat Original Chat Room @ Matarese.com       Internet Outdials @ Matarese.com      

Introduction to the Internet Protocols @ Matarese.com       Analysis of QueSO Performance @ Matarese.com      

Finger - ATTACKING FROM THE OUTSIDE @ Matarese.com       L0pht Security Advisory - Sendmail 8.7.5 @ Matarese.com      

Sniffer FAQ V 1.7 @ Matarese.com       SSPING/JOLT patches @ Matarese.com      

WORKING OUT-TELNETS @ Matarese.com       How do I post to a moderated newsgroup? @ Matarese.com      

What You Should Know About Computer Viruses @ Matarese.com       How can I protect myself from viruses and such? @ Matarese.com      

What is a trojan/worm/virus/logic bomb? @ Matarese.com       VMS Info (Password Cracking) @ Matarese.com      

HACKING THE WAL-MART ARMORGUARD COMPUTER PROTECTION SYSTEM @ Matarese.com       Using web proxies to disguise your IP address @ Matarese.com      

Dig up hidden CD Keys @ Matarese.com       X-Windows Security @ Matarese.com      

Copyright (C) 1999 - Matarese.com