HPE Community
Operating System - HP-UX
1832759 Members
2986 Online
110045 Solutions
New Discussion

crack on trusted system

 
SOLVED
Go to solution
Jannik
Honored Contributor

‎06-24-2004 11:07 PM

‎06-24-2004 11:07 PM

crack on trusted system

Hey all,
Iâ m running crack to check whether or not my users are using password that are not guessable. My problems are what do I do on a trusted system. Is there somebody out there that have created a script to merge /tcb/files/auth and /etc/passwd into a separate file?
This is my go:

#!/usr/bin/ksh

for i in $(cat /etc/passwd | cut -b 1)
do
cd /tcb/files/auth/$i
for j in $(ls $PWD)
do
echo $j
for k in $(cat $j | grep u_pwd | cut -d : -f 2 | cut -d = -f 2)
do
echo $k
done
done
done

This only creates a list of users and there password encrypte
jaton
0 Kudos
Reply
9 REPLIES 9
Simon Hargrave
Honored Contributor

‎06-25-2004 12:32 AM

‎06-25-2004 12:32 AM

Solution

Re: crack on trusted system

How about this: -

cat /tcb/files/auth/?/* | awk '
/u_name/ { split($0,a,":|=|#"); name=a[3]; uid=a[5]; }
/u_pwd/ { split($0,a,":|="); pass=a[3]; }
pass != "" {
printf("%s:%s:%s:0:No Name:/home:/usr/bin/false\n",name,uid,pass);
pass="" ; name="" ; uid="";
}

'
Reply
generic_1
Respected Contributor

‎06-25-2004 05:16 AM

‎06-25-2004 05:16 AM

Re: crack on trusted system

Symantec has a unix product I believe that checks password security on trusted and untrusted unix systems with a variety of options.
0 Kudos
Reply
RAC_1
Honored Contributor

‎06-25-2004 05:38 AM

‎06-25-2004 05:38 AM

Re: crack on trusted system

for i in `logins -a|awk '{print $1}'`
do
pass=`cat /tcb/files/auth/?/$i|grep "u_pwd"|awk -f : '{print $2}'`
grep $i /etc/passwd|awk -F : -v x=${pass}'{print $1:$x:$3:$4:$5:$6:$7}' >> /tmp/pass_file
done

Anil
There is no substitute to HARDWORK
Reply
Steven E. Protter
Exalted Contributor

‎06-25-2004 05:40 AM

‎06-25-2004 05:40 AM

Re: crack on trusted system

I just copied all the password files in /tcb to one gigantic file and let crack have at that.

Worked out just fine.

On Shadowed systems let crack attack a copy of the shadow file.

DO NOT, under any circumstances let crack actually touch the real password file.

Bad things can happen.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Sundar_7
Honored Contributor

‎06-25-2004 06:03 AM

‎06-25-2004 06:03 AM

Re: crack on trusted system

But tell you what, I dont believe "crack" will be able to guess any passwords from the trusted system.

Even with the basic triviality checks, the user password is supposed to have at least two alphabetic characters and at least one numeric or special character. As far as I can reach, "crack" only tries to guess the password from the dictionary database it has.

I would be curious to know if you managed to crack any trusted system password.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎06-25-2004 03:43 PM

‎06-25-2004 03:43 PM

Re: crack on trusted system

Actually, crack has a bit more sophistication than a simple dictionary match. It will try substituting common characters such as 0 (zero) for O (letter o), l (letter L) for 1 (one) or i (letter i), etc to crack b1llh, adding trivial numbers to the front and back (billh1 or billh9), and some common capitalization (Billh). crack saves a lot of time by using the GECOS field for hints (the user name, phone, etc).

crack will have troubles with imbedded numbers (bi26llh) and mixed case (bIllH) as well as non-words (g7fG4tT). Of course, humans have big problems with g7fG4tT also).

Whether the system is standard, Trusted or uses a shadow password, the encryption is the same (man crypt and makekey). The crypt process is lossy which means that there is no decryption possible, only guessing which crack performs. Once you have the actual encrypted password fields, crack just does a brute force guess using the dictionary and applying variations. crack 5.0 has dozens of rule definitions so you can customize the variant searches (and drastically increase the amount of CPU time).


Bill Hassell, sysadmin
Reply
Sridhar Bhaskarla
Honored Contributor

‎06-26-2004 05:17 PM

‎06-26-2004 05:17 PM

Re: crack on trusted system

Hi,

This is my version of make_passwd script.

cp /etc/passwd tmp$$
while read line
do
USER=$(echo $line|awk '{FS=":";print $1}')
echo "making entry for $USER"
FL=$(echo $USER|cut -c 1)
ENC=$(grep "u_pwd" /tcb/files/auth/${FL}/${USER} |awk '{FS="=";print $2}' |awk '
{FS=":";print $1}')
echo $line |awk -v enc=$ENC -F":" '{$2=enc;OFS=":";print $0}' >> crack_pa
sswd
done < tmp$$
rm tmp$$

I like crack. It gives you an ability to specify your custom dictionaries. One of the features of my dream IT datacenter is running a dedicated system that runs nothing but Crack program constantly gathering and crunching the password files from all other systems in a round-robin fashion. But for me rule 1 is not giving a user choice to set weak passwords. This can be controlled by trusted features as well making use of /etc/default/security file. Crack comes next.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
Sridhar Bhaskarla
Honored Contributor

‎06-26-2004 05:17 PM

‎06-26-2004 05:17 PM

Re: crack on trusted system

Hi,

This is my version of make_passwd script.

cp /etc/passwd tmp$$
while read line
do
USER=$(echo $line|awk '{FS=":";print $1}')
echo "making entry for $USER"
FL=$(echo $USER|cut -c 1)
ENC=$(grep "u_pwd" /tcb/files/auth/${FL}/${USER} |awk '{FS="=";print $2}' |awk '
{FS=":";print $1}')
echo $line |awk -v enc=$ENC -F":" '{$2=enc;OFS=":";print $0}' >> crack_pa
sswd
done < tmp$$
rm tmp$$

I like crack. It gives you an ability to specify your custom dictionaries. One of the features of my dream IT datacenter is running a dedicated system that runs nothing but Crack program constantly gathering and crunching the password files from all other systems in a round-robin fashion. But for me rule 1 is not giving a user choice to set weak passwords. This can be controlled by trusted features as well making use of /etc/default/security file. Crack comes next.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Michael R. Monteith
Advisor

‎07-14-2004 01:12 AM

‎07-14-2004 01:12 AM

Re: crack on trusted system

Hi Sri,
I prefer John The Ripper myself. I've also compiled a 900K word dictionary if you're ever interested.

Michael
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.