+----------------------------------------------------------------------------+
¦ Author(s): ¦ Krypto ¦
+---------------+------------------------------------------------------------¦
¦ Subject: ¦ Cracking that "Passwd" File ¦
+----------------------------------------------------------------------------+
______________________________________________________________________________
______________________________________________________________________________
+----------------------------------------------------------------------------+
¦ R E A L I T Y C H E C K N E T W O R K! ¦
+----------------------------------------------------------------------------¦
¦____________________________________________________________________________¦
¦____________________________________________________________________________¦
+----------------------------------------------------------------------------¦
¦ ¦
¦ I'm not an amazing "3l33t3" hacker, but I have picked up some things ¦
¦ over the course of my scene life. ¦
¦ ¦
¦ At times, many of us are without Internet shell account, therefore ¦
¦ inhibiting our ablility to spread the warez. Many of us seek to remedy ¦
¦ this by cracking Internet shell accounts and doing as we please with ¦
¦ them, mainly spreading. Here, I'll show you the basic process in ¦
¦ cracking UNIX accounts so that you can better your efforts in spreading ¦
¦ them warez. ¦
¦ ¦
¦ Most Internet shells are UNIX based and therefore store the password ¦
¦ to all the users in a file called the "passwd" file. This is usually ¦
¦ located at /etc/passwd. The basic structure of the passwd file contains ¦
¦ lines looking like this: ¦
¦ ¦
¦ bgates:VKa0XuF8KB4sc:5604:12:William Gates:/home/bgates:/bin/bash ¦
¦ ¦
¦ Essentially, the line is broken down into these parts: ¦
¦ ¦
¦ Username: bgates ¦
¦ Encrypted Password: VKa0XuF8KB4sc ¦
¦ User number: 5604 ¦
¦ Group Number: 12 ¦
¦ Real Name (usually): William Gates ¦
¦ Home Directory: /home/bgates ¦
¦ Type of Shell: /bin/bash ¦
¦ ¦
¦ Your main concern is to crack each encrypted password for every ¦
¦ user. Because the encryption function is only unidirectional, you ¦
¦ cannot decrypt the encrypted password. You must run a cracking program ¦
¦ which encrypts words then compares the encrypted word with the password. ¦
¦ If they match you now have cracked the password. ¦
¦ ¦
¦ Because cracking relies on words that are encrypted, you MUST have a ¦
¦ wordlist. For beginners, a basic wordlist can be found as a dictionary ¦
¦ file supplied as a part of UNIX. The more the comprehensive the ¦
¦ wordlist is, the better your chances of successfully cracking passwords. ¦
¦ Next, you'll need a passwd cracker, which comes under numerous versions ¦
¦ depending on your operating system. Currently the best are: ¦
¦ ¦
¦ Software Operating System ¦
¦ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ¦
¦ CrackerJack v1.4 DOS ¦
¦ Crack UNIX ¦
¦ ¦
¦ Run the "cracking" program and feed your wordlist and passwd file ¦
¦ into the program. And watch as it "cracks" the passwords. ¦
¦ ¦
¦ Sometimes you'll discover that the passwd file is incomplete or ¦
¦ looks something like this: ¦
¦ ¦
¦ bgates:*:5604:12:William Gates:/home/bgates:/bin/bash ¦
¦ ¦
¦ The * is called the token and means that the passwd file has been ¦
¦ shadowed. Password shadowing is a security system where the encrypted ¦
¦ password field of /etc/passwd is replaced with a special token and the ¦
¦ encrypted password is stored in a separate file which is not readable by ¦
¦ normal system users. ¦
¦ ¦
¦ In order to defeat this, you'll need to write a C program and ¦
¦ compile it similar to this: ¦
¦ ¦
¦ Cut out the program at the bottom and save as "shadow.c" ¦
¦ ¦
¦ Run "gcc shadow.c -o shadow" or "cc shadow.c -o shadow" ¦
¦ ¦
¦ Run "./shadowpw >> password" ¦
¦ ¦
¦ "password" should be your deshadowed password list. ¦
¦ ¦
¦ If you have any problems, or need any help whatsoever... DO NOT ¦
¦ CONTACT ME! ¦
¦ ¦
+----------------------------------------------------------------------------¦
¦ ¦
¦ Sample Unshadow Program ¦
¦ ~~~~~~~~~~~~~~~~~~~~~~~ ¦
¦ ¦
¦ struct SHADOWPW { /* see getpwent(3) */ ¦
¦ char *pw_name; ¦
¦ char *pw_passwd; ¦
¦ int pw_uid; ¦
¦ int pw_gid; ¦
¦ int pw_quota; ¦
¦ char *pw_comment; ¦
¦ char *pw_gecos; ¦
¦ char *pw_dir; ¦
¦ char *pw_shell; ¦
¦ }; ¦
¦ struct passwd *getpwent(), *getpwuid(), *getpwnam(); ¦
¦ ¦
¦ #ifdef elxsis? ¦
¦ ¦
¦ /* Name of the shadow password file. Contains password and aging info * ¦
¦ ¦
¦ #define SHADOWPW "/etc/shadowpw" ¦
¦ #define SHADOWPW_PAG "/etc/shadowpw.pag" ¦
¦ #define SHADOWPW_DIR "/etc/shadowpw.dir" ¦
¦ /* ¦
¦ * Shadow password file pwd->pw_gecos field contains: ¦
¦ * ¦
¦ * ,,,, ¦
¦ * ¦
¦ * = Type of password criteria to enforce (type int). ¦
¦ * BSD_CRIT (0), normal BSD. ¦
¦ * STR_CRIT (1), strong passwords. ¦
¦ * = Password aging period (type long). ¦
¦ * 0, no aging. ¦
¦ * else, number of seconds in aging period. ¦
¦ * = Time (seconds from epoch) of the last password ¦
¦ * change (type long). ¦
¦ * 0, never changed.n ¦
¦ * = Time (seconds from epoch) that the current password ¦
¦ * was made the (type long). ¦
¦ * 0, never changed.ewromsinm ¦
¦ * = Password (encrypted) saved for an aging t ¦
¦ * prevent reuse during that period (type char [20]). ¦
¦ * "*******", no . ¦
¦ */ ¦
¦ ¦
¦ /* number of tries to change an aged password */ ¦
¦ ¦
¦ #define CHANGE_TRIES 3 ¦
¦ ¦
¦ /* program to execute to change passwords */ ¦
¦ ¦
¦ #define PASSWD_PROG "/bin/passwd" ¦
¦ ¦
¦ /* Name of the password aging exempt user names and max number of entir ¦
¦ ¦
¦ #define EXEMPTPW "/etc/exemptpw" ¦
¦ #define MAX_EXEMPT 100 ¦
¦ ¦
¦ ¦
¦ /* Password criteria to enforce */ ¦
¦ ¦
¦ #define BSD_CRIT 0 /* Normal BSD password criteria */ ¦
¦ #define STR_CRIT 1 /* Strong password criteria */ ¦
¦ #define MAX_CRIT 1 ¦
¦ #endif elxsi ¦
¦ #define NULL 0 ¦
¦ main() ¦
¦ { ¦
¦ struct passwd *p; ¦
¦ int i; ¦
¦ for (;1;) {; ¦
¦ p=getpwent(); ¦
¦ if (p==NULL) return; ¦
¦ printpw(p); ¦
¦ } ¦
¦ } ¦
¦ ¦
¦ printpw(a) ¦
¦ struct SHADOWPW *a; ¦
¦ { ¦
¦ printf("%s:%s:%d:%d:%s:%s:%s\n", ¦
¦ a->pw_name,a->pw_passwd,a->pw_uid,a->pw_gid, ¦
¦ a->pw_gecos,a->pw_dir,a->pw_shell); ¦
¦ } ¦
¦ ¦
¦ /* SunOS 5.0 /etc/shadow */ ¦
¦ /* SunOS4.1+c2 /etc/security/passwd.adjunct */ ¦
¦ ¦
+----------------------------------------------------------------------------¦
¦ ¦
¦ The passwd file is located in the following pathes for each system. ¦
¦ To determine your UNIX system type, enter the following during the UNIX ¦
¦ prompt: ¦
¦ ¦
¦ uname -a ¦
¦ ¦
¦ UNIX Paths (Courtesy of 2600) ¦
¦ ¦
¦ UNIX Path Token ¦
¦ ----------------------------------------------------------------- ¦
¦ AIX 3 /etc/security/passwd ! ¦
¦ or /tcb/auth/files// ¦
¦ A/UX 3.0s /tcb/files/auth/?/* ¦
¦ BSD4.3-Reno /etc/master.passwd * ¦
¦ ConvexOS 10 /etc/shadpw * ¦
¦ ConvexOS 11 /etc/shadow * ¦
¦ DG/UX /etc/tcb/aa/user/ * ¦
¦ EP/IX /etc/shadow x ¦
¦ HP-UX /.secure/etc/passwd * ¦
¦ IRIX 5 /etc/shadow x ¦
¦ Linux 1.1 /etc/shadow * ¦
¦ OSF/1 /etc/passwd[.dir|.pag] * ¦
¦ SCO Unix #.2.x /tcb/auth/files// ¦
¦ SunOS4.1+c2 /etc/security/passwd.adjunct ##username ¦
¦ SunOS 5.0 /etc/shadow ¦
¦
This page was created Wed Aug 11 23:46:19 EDT 1999
Using Linux
version 2.0.32
on an i586
Main Page @ Matarese.com
The Myth of the 2600Hz Detector @ Matarese.com
Acquiring Account Information @ Matarese.com
Act2! by Symantec @ Matarese.com
All hacks / Annoyance @ Matarese.com
Alt 2600 Group FAQ @ Matarese.com
Hacking Angelfire @ Matarese.com
Anonymous E-Mail @ Matarese.com
Anonymous FTP: Frequently Asked Questions (FAQ) @ Matarese.com
Maintaining Access - Implementing Backdoors @ Matarese.com
How to Receive Banned Newsgroups FAQ @ Matarese.com
Hacking BBS's @ Matarese.com
phreaking tutorial @ Matarese.com
The Bluebox @ Matarese.com
List of Common Bugs @ Matarese.com
Things that go Bump on the Internet @ Matarese.com
Hacking Calling Cards @ Matarese.com
Expanding the capacity of Caller ID Boxes @ Matarese.com
What is Caller-ID? @ Matarese.com
Hacking Call Back Verify @ Matarese.com
CULT OF THE DEAD COW @ Matarese.com
Cellular Roaming: The New Deals @ Matarese.com
CELLULAR TELEPHONE PHREAKING PHILE SERIES @ Matarese.com
Cracking Unix passwords @ Matarese.com
Hacking Webpages @ Matarese.com
The Matarese Circle @ Matarese.com
Cisco Password Cracking Script @ Matarese.com
Customer Name and Address @ Matarese.com
Cops and Robbers | UNIX Security @ Matarese.com
Cracking NT Passwords @ Matarese.com
Odins cracking/coding and PPE resources @ Matarese.com
Credit Carding Part I @ Matarese.com
How do I defeat Copy Protection? @ Matarese.com
What are the DTMF frequencies? @ Matarese.com
Exploits FAQ @ Matarese.com
Making Free Calls @ Matarese.com
FTP Bouncing @ Matarese.com
Hackers Encyclopedia @ Matarese.com
The Conscience of a Hacker / Hacker Manifesto @ Matarese.com
Hacking from Windows9x FTP @ Matarese.com
Hacking Tripod @ Matarese.com
Hacking Web Pages @ Matarese.com
How to crack a UNIX password file. @ Matarese.com
Hacking Servers : A Begginners Guide @ Matarese.com
TIPS FOR TRACKING HACKERS @ Matarese.com
Hacking Tutorial @ Matarese.com
Hacking UNIX @ Matarese.com
How to Hack the WWWboard Message Board 2.0 @ Matarese.com
Hackers Handbook @ Matarese.com
Guide to Harmless-Hacking @ Matarese.com
All about security holes @ Matarese.com
Hacking Hotmail @ Matarese.com
How to crack by +ORC complete tutorial in one file (BIG!) @ Matarese.com
]How to Hack from from Harlequin and Archangel @ Matarese.com
Improve security by breaking into your site @ Matarese.com
Ch1can0 BEOWULF @ Matarese.com
Internet Security @ Matarese.com
Bugs and Backdoors in IRC clients, scripts and bots @ Matarese.com
IRC Hacking @ Matarese.com
FAQ for Trading For FileZ in IRC @ Matarese.com
Creating a Xdcc offer bot for irc @ Matarese.com
Integrated Systems Digital Network @ Matarese.com
Everything you should know about computer viruses @ Matarese.com
Lan Technology Scorecard @ Matarese.com
Local Area Signalling Services (LASS) and Custom Calling Feature Control Codes @ Matarese.com
Harmless Hacking - Linux @ Matarese.com
INDEX @ Matarese.com
Loops wanted! @ Matarese.com
Mail Spoofing Explained @ Matarese.com
Microsoft IIS Vulnerability @ Matarese.com
Microsoft(Yuk) Index Server exposes IDs and Passwords @ Matarese.com
Intresting Microsoft Access 7.0 Trick @ Matarese.com
MS Money 2.0 Back Door @ Matarese.com
Mind Your Own Business (MYOB) @ Matarese.com
Nameserver listing! @ Matarese.com
Newbies handbook / HOW TO BEGIN IN THE WORLD OF H/P @ Matarese.com
Bugs in Windows NT (Too many to list here completely...) @ Matarese.com
This Hack is for the OptiChat Original Chat Room @ Matarese.com
Internet Outdials @ Matarese.com
Pager Frequencies @ Matarese.com
Password Recovery Techniques @ Matarese.com
How to Steal Local Calls from Most Payphones @ Matarese.com
PBX's (Private Branch Exchanges) and WATS @ Matarese.com
Cryptography / PGP @ Matarese.com
The PHF bug @ Matarese.com
Introduction to the Internet Protocols @ Matarese.com
Analysis of QueSO Performance @ Matarese.com
Finger - ATTACKING FROM THE OUTSIDE @ Matarese.com
The PPP protocol (Point-to-Point Protocol) @ Matarese.com
Scam news / Hacking / Phreaking / Anarchy / Virii @ Matarese.com
Hacking your school computers @ Matarese.com
L0pht Security Advisory - Sendmail 8.7.5 @ Matarese.com
Sniffer FAQ V 1.7 @ Matarese.com
THE COMPLETE SOCIAL ENGINEERING FAQ! @ Matarese.com
Socket Services @ Matarese.com
Softice Manual @ Matarese.com
Softice Manual 2 @ Matarese.com
Softice Manual 3 @ Matarese.com
Softice Manual 4 @ Matarese.com
Softice Manual 5 @ Matarese.com
SSPING/JOLT patches @ Matarese.com
THE ULTIMATE BEGINNER'S GUIDE TO HACKING AND PHREAKING @ Matarese.com
@ Matarese.com
@ Matarese.com
TCP/IP Services (Phrack Stuff) @ Matarese.com
Telenet The Secret Exposed @ Matarese.com
WORKING OUT-TELNETS @ Matarese.com
Covering your tracks, Theory @ Matarese.com
How to defeat the Tripod Advertisement on your webpage. @ Matarese.com
BT Basics @ Matarese.com
BT Phreaking @ Matarese.com
The Psychotic Internet Services' Unix Bible @ Matarese.com
The Psychotic Internet Services' Unix Bible @ Matarese.com
UNIX FAQ @ Matarese.com
Gibe's UNIX COMMAND Bible @ Matarese.com
How to become a Unix Hacker @ Matarese.com
How do I post to a moderated newsgroup? @ Matarese.com
What You Should Know About Computer Viruses @ Matarese.com
How can I protect myself from viruses and such? @ Matarese.com
What is a trojan/worm/virus/logic bomb? @ Matarese.com
VMS Info (Password Cracking) @ Matarese.com
HACKING THE WAL-MART ARMORGUARD COMPUTER PROTECTION SYSTEM @ Matarese.com
Using web proxies to disguise your IP address @ Matarese.com
Dig up hidden CD Keys @ Matarese.com
X-Windows Security @ Matarese.com
Copyright (C) 1999 - Matarese.com