1827734 Members
3335 Online
109968 Solutions
New Discussion

Re: user password lost..

 
SOLVED
Go to solution
Bill McNAMARA_1
Honored Contributor

user password lost..

Hi, I just changed, and forgot my user password on a system here at Dec 2001 patch level (wu ftpd 2.6.1, ssh 1.2.27, 8.9.3 (PHNE_18546)/8.8.6)

Now, rather than ask root where the box is and to change my password, I'd like to try to parse a file with all my common passwords and just send that to the box.

It's a pain in the butt entering one by one.

If that fails, I'm gonna attempt to crach the box via sw exploit to get my passwd back. any starters!?

Later,
Bill
It works for me (tm)
17 REPLIES 17
Chris Wilshaw
Honored Contributor

Re: user password lost..

Bill,

If you have expect installed, you could try;

for pw in `cat pw.lst`
do
echo "Trying $pw"
./telnet_system.exp $pw
done


where telnet_system.exp contains


#!/usr/local/bin/expect

set timeout 5
set term vt100
set password [lindex $argv 0]

spawn telnet

expect {*ogin:}
send "\n"

expect {*word:}
send "$password\n"

close -i $spawn_id


This should open the connection to your server, send your ID when it sees any prompt ending in ogin: and then each password in turn at any prompt ending in word:
James Beamish-White
Trusted Contributor

Re: user password lost..

Maybe you should anon ftp to the box, grab the passwd file (assuming it's not using tcb), and run Crack!, Crackerjack or John the Ripper against it (the best passwd crackers I know).

The expect suggestion would work, problem is - what happens if there's a lockout on your ID? You'd have to go to root user anyways :-)

Cheers!
James
GARDENOFEDEN> create light
Vincent Fleming
Honored Contributor

Re: user password lost..

If you're like most of us, you use only a limited number of passwords...

If so, note that the cypher in the passwd file is the same on all UNIX boxes for the same password.

You can take the cypher from your passwd entry on the suspect box, and compare it to cyphers on other boxes. A match is your answer.

No matter where you go, there you are.
Rita C Workman
Honored Contributor

Re: user password lost..

Going along with Vince's suggestion, here's a script that someone I met from HP and & worked out. You might be able to modify it for your specific needs .. then just remsh to whatever box you want.
============================
Criteria was to change only users who had CAPITAL Letters in their login ID and had the
value of password had expired (3...)

1. Take a dummy account and key in the new password to get the
encrypted password...

Here's the basic script we tested with:

newpass=""
cat /etc/passwd | while read line #read /etc/passwd line by line
do
echo $line | grep -q '^[A-Z][A-Z]*:[^:]*,3\.\.\.:' #see if it
matches the criteria
if [ $? -eq 0 ]
then #now replace old passwd for new passwd and print line
username=`echo $line | cut -d: -f1`
therest=`echo $line | cut -d: -f 3-`
echo $username:$newpass:$therest
else #print unmodified lines
echo $line
fi
done
===========================
I used the above to do a mass change to about 700 users..while not changing all the others. It worked.

Just a thought,
Rita


Tony Contratto
Respected Contributor

Re: user password lost..

In response to the post by Vincent.

I have two boxes that for the same user account have the same password, and the hash in the /etc/passwd file is NOT the same on both.

--
Tony
got root?
doug hosking
Esteemed Contributor

Re: user password lost..

Vincent, please read
http://www.bioinformatics.dundee.ac.uk/BOOKS/NetworkingBookshelf/puis/ch08_06.htm

section 8.6.2 for a description of 'salt' and
how it relates to passwords.

(This is a quote from Practical Unix and
Internet Security.)
Vincent Fleming
Honored Contributor

Re: user password lost..

OK, so I'm a little outdated. I have several system at home (none are HP-UX, sorry to say), and only 1 seems to be using "salt". The others generated identical passwords. Granted, they're older systems.

Hey - it was just a suggestion...
No matter where you go, there you are.
Bill McNAMARA_1
Honored Contributor

Re: user password lost..

Great, I got the passwd file as anon via the ftp service.. my password is under cracking...
should take all night..

I'm sure there are other remote root exploits I could use, just a matter of looking through the right cert..

Has anyone got a good password strategy to propose so this doesn't happen again.

Password must be 8 letters, including 1 number at least, 1 capital, 1 nonalphabetic character and stripping off the number and nonalphabetic character, cannot be a dictionary word.

This is a real pain in the but for me.
I must have tried 10 different passwords before it accepted a change, then I completely forgot what it was!

Damn. Next time I'll just write it down on a post-it and stick it onto my monitor.

Later,
Bill
It works for me (tm)
W.C. Epperson
Trusted Contributor

Re: user password lost..

If you put your frequently used passwords at the top of the crack dictionary list, you might succeed faster than overnight. And you may not succeed at all if the password is a variation with number substitutions, etc.

With so many systems to log onto with different change intervals and different rules for password composition, I find it necessary to keep a pgp-encrypted password list with system name, id, password, and date changed. If I don't forget my PGP password, I'm ok.
"I have great faith in fools; self-confidence, my friends call it." --Poe
Pete Randall
Outstanding Contributor

Re: user password lost..

Bill,

I'd be very surprised if Crack figures out a password like you've described (that's probably why they came up with that requirement). Let us know, would you please?

Pete (whose terminal is covered with sticky notes)

Pete
Vincent Fleming
Honored Contributor

Re: user password lost..

Isn't it ironic how whenever they try to make security tighter, we always nullify it by doing things like writing down the password because we can't remember it???

It's just silly.

I started using German words in my passwords so I can remember them - the password programs don't seem to pick up on foreign words. Just use something that isn't spelled like an english word (or whatever language your password program speaks), add a number and an underscore or something.

Good luck!
No matter where you go, there you are.
James Beamish-White
Trusted Contributor
Solution

Re: user password lost..

I construct passwords using numbers and special characters. E.g. replacing i's with 1's, e's with {'s, o's with 0's etc. I then use 2 words, one of which I can relate to the system or to something I can see. For example, maybe compaq becomes pack. Then the second word is something in your head, maybe an unlikely hobby or tv program. String them together a few times and your memory should do the rest.

So for example, compaq goes to pack plus startrek goes to trek goes to packtrek goes to pa(ktr3k for a password that is very unlikely to be guessed.

James
-Student of memory and study.
GARDENOFEDEN> create light
James Beamish-White
Trusted Contributor

Re: user password lost..

... or alternately, do what I do. Buy a Palm, stick some decent encryption SW on it, and write down all your passwords in the one (encrypted) place ;-)

Cheers!
James
GARDENOFEDEN> create light
John Dvorchak
Honored Contributor

Re: user password lost..

What I do to keep passwords straight is to use a random alpha/numeric sequence that is easy for me to remember, followed by or placed in the middle, the month of the year. Then every 60 days I just change the month number i.e. xys!bdf02 for February then it would be xys!bdf04 for April etc. Some systems want the passwords to have more than two characters different, but most systems only remember about 6 of your past passwords so it shouldn't be to bad to come up with a variation on my theme that would work for all of your systems. Of course the down side is that all of your systems have the same password, but this is still better than English words.
If it has wheels or a skirt, you can't afford it.
Bill McNAMARA_1
Honored Contributor

Re: user password lost..

I'm kindof impressed with john the ripper.
It got root's password, but not mine or most of the users yet!
So I guess my problem is solved ;)
I will let you know if it gets mine!
which was some kind of mix of this:
d0LrB1l$

Thanks,
Bil
It works for me (tm)
Pete Randall
Outstanding Contributor

Re: user password lost..

Bill,

Did root's password follow the same rules you described?

Pete
(whose own four letter password Crack was unable to break)

Pete
Jeff Schussele
Honored Contributor

Re: user password lost..

Bill,

I'm not surprised.
John's the one to fear - not Crack.
It's a very impressive engine.

If you can come up with PWs that John the Ripper has to crank on for quite a while, then you've done a good job creating it, and Crack will probably never get it.

Rgds,
Jeff (who needs Gingko Boloba to remember his)
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!