HPE Community
Operating System - HP-UX
1834100 Members
2213 Online
110063 Solutions
New Discussion

/tcb/files/auth/ passwords ..

 
SOLVED
Go to solution
someone_4
Honored Contributor

‎04-27-2006 03:27 AM

‎04-27-2006 03:27 AM

/tcb/files/auth/ passwords ..

Hell everyone ..

I was wondering if there was a way to see the encrypted passwords in the /tcb/files/auth/ directory?

Thanks

R
0 Kudos
8 REPLIES 8
Patrick Wallek
Honored Contributor

‎04-27-2006 03:29 AM

‎04-27-2006 03:29 AM

Solution

Re: /tcb/files/auth/ passwords ..

If you are root, yes.

Each user has an entry in a file in /tcb/files/auth/[a-z]/username

For example, root's file is /tcb/files/auth/r/root

Have a look at that file. There is all kinds of information there including the encrypted password.
0 Kudos
someone_4
Honored Contributor

‎04-27-2006 03:32 AM

‎04-27-2006 03:32 AM

Re: /tcb/files/auth/ passwords ..

Hi

Maybe I didnt word my quesiton right. I am root and I found the password files. I was looking for a way to unscramble the encryped password.

-R
0 Kudos
Patrick Wallek
Honored Contributor

‎04-27-2006 03:42 AM

‎04-27-2006 03:42 AM

Re: /tcb/files/auth/ passwords ..

Well, yes and no.

No there is no direct way to do this. HP-UX does NOT unscramble the hash when checking passwords. Once it is encrypted, it stays that way.

That being said, there are tools available on the Internet that can attempt to figure out what passwords are.
0 Kudos
Jeff Schussele
Honored Contributor

‎04-27-2006 03:43 AM

‎04-27-2006 03:43 AM

Re: /tcb/files/auth/ passwords ..

Nope - not even as root can they be decrypted. Would kind of defeat the purpose if they could.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
A. Clay Stephenson
Acclaimed Contributor

‎04-27-2006 03:52 AM

‎04-27-2006 03:52 AM

Re: /tcb/files/auth/ passwords ..

You are working under an incorrect assumption: UNIX passwords are not encrypted; they are hashed. Encryption is a reversible process so that it is possible to plaintext -> encrypted_text (or more accurately, enciphered_text) -> plaintext.

A hash is rather a one to many relationship so that the process is not reversible.

You might then ask how does the system know that a password is valid if it cannot compare the response to plaintext? The stored password hash is compared to the output of the same function using the user supplied plaintext key. If the stored passwd hash is identically to the newly hashed password then the login is verified. I'm leaving a little salt out of the recipe but that's the gist of the mechanism.
If it ain't broke, I can fix that.
0 Kudos
rariasn
Honored Contributor

‎05-04-2006 10:34 PM

‎05-04-2006 10:34 PM

Re: /tcb/files/auth/ passwords ..

Hi Richard,

1.- execute attach perl program.

# crack_password.pl > /tmp/password.txt

2.- Run "crack"

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/crack-5.0/readme.html


rgs,

ran

0 Kudos
Bill Hassell
Honored Contributor

‎05-05-2006 01:20 AM

‎05-05-2006 01:20 AM

Re: /tcb/files/auth/ passwords ..

Just to clarify crack -- it is a guessing program. Crack programs have no mechanism to reverse the password hash, so these programs rely on social engineering, also known as human nature. Most people will never create a password such as fhT5$322l so crack uses a large dictionery of common words, names or cartoon and movie stars, etc and then proceeds to try millions of times to find a string that hashes to the stored password. Naturally, this must be done by isolating the password field because trying to login millions of times is impractical and will be discovered. That's why the /tcb directory is protected by root. crack succeeds because humans are somewhat predictable.


Bill Hassell, sysadmin
0 Kudos
someone_4
Honored Contributor

‎06-01-2006 06:14 AM

‎06-01-2006 06:14 AM

Re: /tcb/files/auth/ passwords ..

thanks
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.