topic Re: user password lost.. in Operating System - HP-UX

user password lost..

Bill McNAMARA_1 — Tue, 30 Jul 2002 14:24:58 GMT

Hi, I just changed, and forgot my user password on a system here at Dec 2001 patch level (wu ftpd 2.6.1, ssh 1.2.27, 8.9.3 (PHNE_18546)/8.8.6)

Now, rather than ask root where the box is and to change my password, I'd like to try to parse a file with all my common passwords and just send that to the box.

It's a pain in the butt entering one by one.

If that fails, I'm gonna attempt to crach the box via sw exploit to get my passwd back. any starters!?

Later,
Bill

Re: user password lost..

Chris Wilshaw — Tue, 30 Jul 2002 14:54:44 GMT

Bill,

If you have expect installed, you could try;

for pw in `cat pw.lst`
do
echo "Trying $pw"
./telnet_system.exp $pw
done

where telnet_system.exp contains

#!/usr/local/bin/expect

set timeout 5
set term vt100
set password [lindex $argv 0]

spawn telnet

expect {*ogin:}
send "\n"

expect {*word:}
send "$password\n"

close -i $spawn_id

This should open the connection to your server, send your ID when it sees any prompt ending in ogin: and then each password in turn at any prompt ending in word:

Re: user password lost..

James Beamish-White — Tue, 30 Jul 2002 15:09:35 GMT

Maybe you should anon ftp to the box, grab the passwd file (assuming it's not using tcb), and run Crack!, Crackerjack or John the Ripper against it (the best passwd crackers I know).

The expect suggestion would work, problem is - what happens if there's a lockout on your ID? You'd have to go to root user anyways :-)

Cheers!
James

Re: user password lost..

Vincent Fleming — Tue, 30 Jul 2002 16:12:58 GMT

If you're like most of us, you use only a limited number of passwords...

If so, note that the cypher in the passwd file is the same on all UNIX boxes for the same password.

You can take the cypher from your passwd entry on the suspect box, and compare it to cyphers on other boxes. A match is your answer.

Re: user password lost..

Rita C Workman — Tue, 30 Jul 2002 17:10:04 GMT

Going along with Vince's suggestion, here's a script that someone I met from HP and & worked out. You might be able to modify it for your specific needs .. then just remsh to whatever box you want.
============================
Criteria was to change only users who had CAPITAL Letters in their login ID and had the
value of password had expired (3...)

1. Take a dummy account and key in the new password to get the
encrypted password...

Here's the basic script we tested with:

newpass=""
cat /etc/passwd | while read line #read /etc/passwd line by line
do
echo $line | grep -q '^[A-Z][A-Z]*:[^:]*,3\.\.\.:' #see if it
matches the criteria
if [ $? -eq 0 ]
then #now replace old passwd for new passwd and print line
username=`echo $line | cut -d: -f1`
therest=`echo $line | cut -d: -f 3-`
echo $username:$newpass:$therest
else #print unmodified lines
echo $line
fi
done
===========================
I used the above to do a mass change to about 700 users..while not changing all the others. It worked.

Just a thought,
Rita

Re: user password lost..

Tony Contratto — Tue, 30 Jul 2002 17:14:52 GMT

In response to the post by Vincent.

I have two boxes that for the same user account have the same password, and the hash in the /etc/passwd file is NOT the same on both.

--
Tony

Re: user password lost..

doug hosking — Wed, 31 Jul 2002 05:14:41 GMT

Vincent, please read
http://www.bioinformatics.dundee.ac.uk/BOOKS/NetworkingBookshelf/puis/ch08_06.htm

section 8.6.2 for a description of 'salt' and
how it relates to passwords.

(This is a quote from Practical Unix and
Internet Security.)

Re: user password lost..

Vincent Fleming — Wed, 31 Jul 2002 12:29:28 GMT

OK, so I'm a little outdated. I have several system at home (none are HP-UX, sorry to say), and only 1 seems to be using "salt". The others generated identical passwords. Granted, they're older systems.

Hey - it was just a suggestion...

Re: user password lost..

Bill McNAMARA_1 — Wed, 31 Jul 2002 12:40:46 GMT

Great, I got the passwd file as anon via the ftp service.. my password is under cracking...
should take all night..

I'm sure there are other remote root exploits I could use, just a matter of looking through the right cert..

Has anyone got a good password strategy to propose so this doesn't happen again.

Password must be 8 letters, including 1 number at least, 1 capital, 1 nonalphabetic character and stripping off the number and nonalphabetic character, cannot be a dictionary word.

This is a real pain in the but for me.
I must have tried 10 different passwords before it accepted a change, then I completely forgot what it was!

Damn. Next time I'll just write it down on a post-it and stick it onto my monitor.

Later,
Bill

Re: user password lost..

W.C. Epperson — Wed, 31 Jul 2002 13:05:19 GMT

If you put your frequently used passwords at the top of the crack dictionary list, you might succeed faster than overnight. And you may not succeed at all if the password is a variation with number substitutions, etc.

With so many systems to log onto with different change intervals and different rules for password composition, I find it necessary to keep a pgp-encrypted password list with system name, id, password, and date changed. If I don't forget my PGP password, I'm ok.

Re: user password lost..

Pete Randall — Wed, 31 Jul 2002 13:12:57 GMT

Bill,

I'd be very surprised if Crack figures out a password like you've described (that's probably why they came up with that requirement). Let us know, would you please?

Pete (whose terminal is covered with sticky notes)

Re: user password lost..

Vincent Fleming — Wed, 31 Jul 2002 13:33:20 GMT

Isn't it ironic how whenever they try to make security tighter, we always nullify it by doing things like writing down the password because we can't remember it???

It's just silly.

I started using German words in my passwords so I can remember them - the password programs don't seem to pick up on foreign words. Just use something that isn't spelled like an english word (or whatever language your password program speaks), add a number and an underscore or something.

Good luck!

Re: user password lost..

James Beamish-White — Wed, 31 Jul 2002 13:38:11 GMT

I construct passwords using numbers and special characters. E.g. replacing i's with 1's, e's with {'s, o's with 0's etc. I then use 2 words, one of which I can relate to the system or to something I can see. For example, maybe compaq becomes pack. Then the second word is something in your head, maybe an unlikely hobby or tv program. String them together a few times and your memory should do the rest.

So for example, compaq goes to pack plus startrek goes to trek goes to packtrek goes to pa(ktr3k for a password that is very unlikely to be guessed.

James
-Student of memory and study.

Re: user password lost..

James Beamish-White — Wed, 31 Jul 2002 13:39:22 GMT

... or alternately, do what I do. Buy a Palm, stick some decent encryption SW on it, and write down all your passwords in the one (encrypted) place ;-)

Cheers!
James

Re: user password lost..

John Dvorchak — Wed, 31 Jul 2002 15:36:23 GMT

What I do to keep passwords straight is to use a random alpha/numeric sequence that is easy for me to remember, followed by or placed in the middle, the month of the year. Then every 60 days I just change the month number i.e. xys!bdf02 for February then it would be xys!bdf04 for April etc. Some systems want the passwords to have more than two characters different, but most systems only remember about 6 of your past passwords so it shouldn't be to bad to come up with a variation on my theme that would work for all of your systems. Of course the down side is that all of your systems have the same password, but this is still better than English words.

Re: user password lost..

Bill McNAMARA_1 — Wed, 31 Jul 2002 17:38:15 GMT

I'm kindof impressed with john the ripper.
It got root's password, but not mine or most of the users yet!
So I guess my problem is solved ;)
I will let you know if it gets mine!
which was some kind of mix of this:
d0LrB1l$

Thanks,
Bil

Re: user password lost..

Pete Randall — Wed, 31 Jul 2002 17:45:01 GMT

Bill,

Did root's password follow the same rules you described?

Pete
(whose own four letter password Crack was unable to break)

Re: user password lost..

Jeff Schussele — Wed, 31 Jul 2002 17:53:14 GMT

Bill,

I'm not surprised.
John's the one to fear - not Crack.
It's a very impressive engine.

If you can come up with PWs that John the Ripper has to crank on for quite a while, then you've done a good job creating it, and Crack will probably never get it.

Rgds,
Jeff (who needs Gingko Boloba to remember his)