01. How do I access the password file under Unix?
In standard Unix the password file is /etc/passwd. On a Unix system with
either NIS/yp or password shadowing, much of the password data may be
elsewhere.
02. How do I crack Unix passwords?
Contrary to popular belief, Unix passwords cannot be decrypted. Unix
passwords are encrypted with a one way function. The login program encrypts
the text you enter at the "password:" prompt and compares that encrypted
string against the encrypted form of your password.
Password cracking software uses wordlists. Each word in the wordlist is
encrypted and the results are compared to the encrypted form of the target
password.
The best cracking program for Unix passwords is currently Crack by Alec
Muffett. For PC-DOS, the best package to use is currently CrackerJack.
03. What is password shadowing?
Password shadowing is a security system where the encrypted password field
of /etc/passwd is replaced with a special token and the encrypted password
is stored in a separate file which is not readable by normal system users.
To defeat password shadowing on many (but not all) systems, write a program
that uses successive calls to getpwent() to obtain the password file.
Example:
#include
main()
{
struct passwd *p;
while(p=getpwent())
printf("%s:%s:%d:%d:%s:%s:%s\n", p->pw_name, p->pw_passwd,
p->pw_uid, p->pw_gid, p->pw_gecos, p->pw_dir, p->pw_shell);
}
04. Where can I find the password file if it's shadowed?
Unix Path Token
-----------------------------------------------------------------
AIX 3 /etc/security/passwd !
or /tcb/auth/files//
A/UX 3.0s /tcb/files/auth/?/*
BSD4.3-Reno /etc/master.passwd *
ConvexOS 10 /etc/shadpw *
ConvexOS 11 /etc/shadow *
DG/UX /etc/tcb/aa/user/ *
EP/IX /etc/shadow x
HP-UX /.secure/etc/passwd *
IRIX 5 /etc/shadow x
Linux 1.1 /etc/shadow *
OSF/1 /etc/passwd[.dir|.pag] *
SCO Unix #.2.x /tcb/auth/files//
SunOS4.1+c2 /etc/security/passwd.adjunct ##username
SunOS 5.0 /etc/shadow
System V Release 4.0 /etc/shadow x
System V Release 4.2 /etc/security/* database
Ultrix 4 /etc/auth[.dir|.pag] *
UNICOS /etc/udb *
This page was created Wed Aug 11 23:45:00 EDT 1999
Using Linux
version 2.0.32
on an i586
Main Page @ Matarese.com
The Myth of the 2600Hz Detector @ Matarese.com
Acquiring Account Information @ Matarese.com
Act2! by Symantec @ Matarese.com
All hacks / Annoyance @ Matarese.com
Alt 2600 Group FAQ @ Matarese.com
Hacking Angelfire @ Matarese.com
Anonymous E-Mail @ Matarese.com
Anonymous FTP: Frequently Asked Questions (FAQ) @ Matarese.com
Maintaining Access - Implementing Backdoors @ Matarese.com
How to Receive Banned Newsgroups FAQ @ Matarese.com
Hacking BBS's @ Matarese.com
phreaking tutorial @ Matarese.com
The Bluebox @ Matarese.com
List of Common Bugs @ Matarese.com
Things that go Bump on the Internet @ Matarese.com
Hacking Calling Cards @ Matarese.com
Expanding the capacity of Caller ID Boxes @ Matarese.com
What is Caller-ID? @ Matarese.com
Hacking Call Back Verify @ Matarese.com
CULT OF THE DEAD COW @ Matarese.com
Cellular Roaming: The New Deals @ Matarese.com
CELLULAR TELEPHONE PHREAKING PHILE SERIES @ Matarese.com
Cracking Unix passwords @ Matarese.com
Hacking Webpages @ Matarese.com
The Matarese Circle @ Matarese.com
Cisco Password Cracking Script @ Matarese.com
Customer Name and Address @ Matarese.com
Cops and Robbers | UNIX Security @ Matarese.com
Cracking NT Passwords @ Matarese.com
Odins cracking/coding and PPE resources @ Matarese.com
Credit Carding Part I @ Matarese.com
How do I defeat Copy Protection? @ Matarese.com
What are the DTMF frequencies? @ Matarese.com
Exploits FAQ @ Matarese.com
Making Free Calls @ Matarese.com
FTP Bouncing @ Matarese.com
Hackers Encyclopedia @ Matarese.com
The Conscience of a Hacker / Hacker Manifesto @ Matarese.com
Hacking from Windows9x FTP @ Matarese.com
Hacking Tripod @ Matarese.com
Hacking Web Pages @ Matarese.com
How to crack a UNIX password file. @ Matarese.com
Hacking Servers : A Begginners Guide @ Matarese.com
TIPS FOR TRACKING HACKERS @ Matarese.com
Hacking Tutorial @ Matarese.com
Hacking UNIX @ Matarese.com
How to Hack the WWWboard Message Board 2.0 @ Matarese.com
Hackers Handbook @ Matarese.com
Guide to Harmless-Hacking @ Matarese.com
All about security holes @ Matarese.com
Hacking Hotmail @ Matarese.com
How to crack by +ORC complete tutorial in one file (BIG!) @ Matarese.com
]How to Hack from from Harlequin and Archangel @ Matarese.com
Improve security by breaking into your site @ Matarese.com
Ch1can0 BEOWULF @ Matarese.com
Internet Security @ Matarese.com
Bugs and Backdoors in IRC clients, scripts and bots @ Matarese.com
IRC Hacking @ Matarese.com
FAQ for Trading For FileZ in IRC @ Matarese.com
Creating a Xdcc offer bot for irc @ Matarese.com
Integrated Systems Digital Network @ Matarese.com
Everything you should know about computer viruses @ Matarese.com
Lan Technology Scorecard @ Matarese.com
Local Area Signalling Services (LASS) and Custom Calling Feature Control Codes @ Matarese.com
Harmless Hacking - Linux @ Matarese.com
INDEX @ Matarese.com
Loops wanted! @ Matarese.com
Mail Spoofing Explained @ Matarese.com
Microsoft IIS Vulnerability @ Matarese.com
Microsoft(Yuk) Index Server exposes IDs and Passwords @ Matarese.com
Intresting Microsoft Access 7.0 Trick @ Matarese.com
MS Money 2.0 Back Door @ Matarese.com
Mind Your Own Business (MYOB) @ Matarese.com
Nameserver listing! @ Matarese.com
Newbies handbook / HOW TO BEGIN IN THE WORLD OF H/P @ Matarese.com
Bugs in Windows NT (Too many to list here completely...) @ Matarese.com
This Hack is for the OptiChat Original Chat Room @ Matarese.com
Internet Outdials @ Matarese.com
Pager Frequencies @ Matarese.com
Password Recovery Techniques @ Matarese.com
How to Steal Local Calls from Most Payphones @ Matarese.com
PBX's (Private Branch Exchanges) and WATS @ Matarese.com
Cryptography / PGP @ Matarese.com
The PHF bug @ Matarese.com
Introduction to the Internet Protocols @ Matarese.com
Analysis of QueSO Performance @ Matarese.com
Finger - ATTACKING FROM THE OUTSIDE @ Matarese.com
The PPP protocol (Point-to-Point Protocol) @ Matarese.com
Scam news / Hacking / Phreaking / Anarchy / Virii @ Matarese.com
Hacking your school computers @ Matarese.com
L0pht Security Advisory - Sendmail 8.7.5 @ Matarese.com
Sniffer FAQ V 1.7 @ Matarese.com
THE COMPLETE SOCIAL ENGINEERING FAQ! @ Matarese.com
Socket Services @ Matarese.com
Softice Manual @ Matarese.com
Softice Manual 2 @ Matarese.com
Softice Manual 3 @ Matarese.com
Softice Manual 4 @ Matarese.com
Softice Manual 5 @ Matarese.com
SSPING/JOLT patches @ Matarese.com
THE ULTIMATE BEGINNER'S GUIDE TO HACKING AND PHREAKING @ Matarese.com
@ Matarese.com
@ Matarese.com
TCP/IP Services (Phrack Stuff) @ Matarese.com
Telenet The Secret Exposed @ Matarese.com
WORKING OUT-TELNETS @ Matarese.com
Covering your tracks, Theory @ Matarese.com
How to defeat the Tripod Advertisement on your webpage. @ Matarese.com
BT Basics @ Matarese.com
BT Phreaking @ Matarese.com
The Psychotic Internet Services' Unix Bible @ Matarese.com
The Psychotic Internet Services' Unix Bible @ Matarese.com
How do I post to a moderated newsgroup? @ Matarese.com
What You Should Know About Computer Viruses @ Matarese.com
How can I protect myself from viruses and such? @ Matarese.com
What is a trojan/worm/virus/logic bomb? @ Matarese.com
VMS Info (Password Cracking) @ Matarese.com
HACKING THE WAL-MART ARMORGUARD COMPUTER PROTECTION SYSTEM @ Matarese.com
Using web proxies to disguise your IP address @ Matarese.com
Dig up hidden CD Keys @ Matarese.com
X-Windows Security @ Matarese.com
Copyright (C) 1999 - Matarese.com