- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: user password lost..
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-30-2002 07:24 AM
07-30-2002 07:24 AM
Now, rather than ask root where the box is and to change my password, I'd like to try to parse a file with all my common passwords and just send that to the box.
It's a pain in the butt entering one by one.
If that fails, I'm gonna attempt to crach the box via sw exploit to get my passwd back. any starters!?
Later,
Bill
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-30-2002 07:54 AM
07-30-2002 07:54 AM
Re: user password lost..
If you have expect installed, you could try;
for pw in `cat pw.lst`
do
echo "Trying $pw"
./telnet_system.exp $pw
done
where telnet_system.exp contains
#!/usr/local/bin/expect
set timeout 5
set term vt100
set password [lindex $argv 0]
spawn telnet
expect {*ogin:}
send "
expect {*word:}
send "$password\n"
close -i $spawn_id
This should open the connection to your server, send your ID when it sees any prompt ending in ogin: and then each password in turn at any prompt ending in word:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-30-2002 08:09 AM
07-30-2002 08:09 AM
Re: user password lost..
The expect suggestion would work, problem is - what happens if there's a lockout on your ID? You'd have to go to root user anyways :-)
Cheers!
James
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-30-2002 09:12 AM
07-30-2002 09:12 AM
Re: user password lost..
If so, note that the cypher in the passwd file is the same on all UNIX boxes for the same password.
You can take the cypher from your passwd entry on the suspect box, and compare it to cyphers on other boxes. A match is your answer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-30-2002 10:10 AM
07-30-2002 10:10 AM
Re: user password lost..
============================
Criteria was to change only users who had CAPITAL Letters in their login ID and had the
value of password had expired (3...)
1. Take a dummy account and key in the new password to get the
encrypted password...
Here's the basic script we tested with:
newpass="
cat /etc/passwd | while read line #read /etc/passwd line by line
do
echo $line | grep -q '^[A-Z][A-Z]*:[^:]*,3\.\.\.:' #see if it
matches the criteria
if [ $? -eq 0 ]
then #now replace old passwd for new passwd and print line
username=`echo $line | cut -d: -f1`
therest=`echo $line | cut -d: -f 3-`
echo $username:$newpass:$therest
else #print unmodified lines
echo $line
fi
done
===========================
I used the above to do a mass change to about 700 users..while not changing all the others. It worked.
Just a thought,
Rita
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-30-2002 10:14 AM
07-30-2002 10:14 AM
Re: user password lost..
I have two boxes that for the same user account have the same password, and the hash in the /etc/passwd file is NOT the same on both.
--
Tony
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-30-2002 10:14 PM
07-30-2002 10:14 PM
Re: user password lost..
http://www.bioinformatics.dundee.ac.uk/BOOKS/NetworkingBookshelf/puis/ch08_06.htm
section 8.6.2 for a description of 'salt' and
how it relates to passwords.
(This is a quote from Practical Unix and
Internet Security.)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2002 05:29 AM
07-31-2002 05:29 AM
Re: user password lost..
Hey - it was just a suggestion...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2002 05:40 AM
07-31-2002 05:40 AM
Re: user password lost..
should take all night..
I'm sure there are other remote root exploits I could use, just a matter of looking through the right cert..
Has anyone got a good password strategy to propose so this doesn't happen again.
Password must be 8 letters, including 1 number at least, 1 capital, 1 nonalphabetic character and stripping off the number and nonalphabetic character, cannot be a dictionary word.
This is a real pain in the but for me.
I must have tried 10 different passwords before it accepted a change, then I completely forgot what it was!
Damn. Next time I'll just write it down on a post-it and stick it onto my monitor.
Later,
Bill
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2002 06:05 AM
07-31-2002 06:05 AM
Re: user password lost..
With so many systems to log onto with different change intervals and different rules for password composition, I find it necessary to keep a pgp-encrypted password list with system name, id, password, and date changed. If I don't forget my PGP password, I'm ok.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2002 06:12 AM
07-31-2002 06:12 AM
Re: user password lost..
I'd be very surprised if Crack figures out a password like you've described (that's probably why they came up with that requirement). Let us know, would you please?
Pete (whose terminal is covered with sticky notes)
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2002 06:33 AM
07-31-2002 06:33 AM
Re: user password lost..
It's just silly.
I started using German words in my passwords so I can remember them - the password programs don't seem to pick up on foreign words. Just use something that isn't spelled like an english word (or whatever language your password program speaks), add a number and an underscore or something.
Good luck!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2002 06:38 AM
07-31-2002 06:38 AM
SolutionSo for example, compaq goes to pack plus startrek goes to trek goes to packtrek goes to pa(ktr3k for a password that is very unlikely to be guessed.
James
-Student of memory and study.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2002 06:39 AM
07-31-2002 06:39 AM
Re: user password lost..
Cheers!
James
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2002 08:36 AM
07-31-2002 08:36 AM
Re: user password lost..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2002 10:38 AM
07-31-2002 10:38 AM
Re: user password lost..
It got root's password, but not mine or most of the users yet!
So I guess my problem is solved ;)
I will let you know if it gets mine!
which was some kind of mix of this:
d0LrB1l$
Thanks,
Bil
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2002 10:45 AM
07-31-2002 10:45 AM
Re: user password lost..
Did root's password follow the same rules you described?
Pete
(whose own four letter password Crack was unable to break)
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2002 10:53 AM
07-31-2002 10:53 AM
Re: user password lost..
I'm not surprised.
John's the one to fear - not Crack.
It's a very impressive engine.
If you can come up with PWs that John the Ripper has to crank on for quite a while, then you've done a good job creating it, and Crack will probably never get it.
Rgds,
Jeff (who needs Gingko Boloba to remember his)