HPE Community
Operating System - HP-UX
1847466 Members
2627 Online
110265 Solutions
New Discussion

Word Dictionary for crack

 
SOLVED
Go to solution
Belinda Dermody
Super Advisor

‎03-24-2003 05:29 AM

‎03-24-2003 05:29 AM

Word Dictionary for crack

I have crack 5 running on HP-UX 11. With the basic dictionary. Is there a site where I can download addional dictionaries. Problem is We have an old unix system(mid 1990'), at another site that has been running an old version of unix to support a phone system that the root password has been lost. The system has only been rebooted and never changed. They need to modify some parmaters but can not do. We have tried all the normal standards of trying to boot into single user modes.

root passwd line is
root:lO89DKPAUj0Nw:0:3:0000-Admin(0000):/:/bin/ksh
0 Kudos
Reply
10 REPLIES 10
Robert-Jan Goossens
Honored Contributor

‎03-24-2003 05:41 AM

‎03-24-2003 05:41 AM

Re: Word Dictionary for crack

Hi James,

Sorry no way to crack the encrypted password in the passwd file.

Boot the system up in single user mode, interrupt the bootup proces and at ISL mode enter.

ISL> hpux -is

Now you can change the root password.

passwd root

Hope it helps,

Robert-Jan.
0 Kudos
Reply
Tim Maletic
Valued Contributor

‎03-24-2003 06:17 AM

‎03-24-2003 06:17 AM

Solution

Re: Word Dictionary for crack

I prefer John the Ripper (http://www.openwall.com/john/). Read the accompanying documentation on "Incremental Mode" (and run it on the fastest processor you've got).
Reply
Steven E. Protter
Exalted Contributor

‎03-24-2003 10:26 AM

‎03-24-2003 10:26 AM

Re: Word Dictionary for crack

A little advice from a crack user.

I never run crack against /etc/passwd

I copy it somewhere and run against that file.

crack can do damage. I also don't run it on production systems.

Additional dictionaries available at:

http://hpux.cs.utah.edu/

Search for crack.


SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎03-24-2003 10:39 AM

‎03-24-2003 10:39 AM

Re: Word Dictionary for crack

The http://hpux.cs.utah.edu/ has been unavailable (at least to me) for a couple of weeks now. I checked the UK version of the site and was unable to find any additional dictionaries.
http://hpux.connect.org.uk/


Pete

Pete
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎03-24-2003 10:46 AM

‎03-24-2003 10:46 AM

Re: Word Dictionary for crack

The Wisconsin site has been down as well for a while..

http://hpux.cae.wisc.edu/

UK may be your best bet.

Jeff

PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎03-24-2003 10:56 AM

‎03-24-2003 10:56 AM

Re: Word Dictionary for crack

Here's a few possible sources

http://www-it.et.tudelft.nl/~erik/open-source/crack/

ftp://ftp.cerias.purdue.edu/pub/dict/dictionaries/

ftp://ftp.ox.ac.uk/pub/wordlists/

ftp://ftp.funet.fi/pub/unix/security/dictionaries/


HTH,
Jeff

PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Belinda Dermody
Super Advisor

‎03-24-2003 10:57 AM

‎03-24-2003 10:57 AM

Re: Word Dictionary for crack

Thanks for the information. I have down loaded John the ripper and have it running on my test box.

By the way the system is not a HP.

I do not use the real time password file.

I make a password file using script to take the auth files and passwd file and make a temp file and run crack against it.

I have been running Crack now for 6 years and have never had any problems with it.

The reason I posted was I couldn't get to the sites for the past couple of days and was wondering about other sites.
0 Kudos
Reply
Tor-Arne Nostdal
Trusted Contributor

‎05-19-2003 12:56 AM

‎05-19-2003 12:56 AM

Re: Word Dictionary for crack

You said the system is not an HP system, but you're trying to run the crack on HP 11.
The question is "Will the makekey command on the HP generate the same encrypted password as on your other box?".

When you try to crack a password, you guess a pw and run it trough the makekey command. Then you compare the output with the encrypted pw.
When you have a match you have found the pw.

If now the makekey on the HP does not generate similare encrypted pw's you wont find a match.

Please tell what kind of UX system your trying to crack, or continue with trying to interrupt the boot process.

If you have access to another user in this system, you can see which encrypted password this user have. Then try to replace the encrypted pw string for root in /etc/passwd with this pw string.

After stopping the boot process you can try to:
1) ensure that you have needed commands available.
Some systems only have the ed editor available unless you mount /usr
2) make a backup copy of the /etc/passwd
3) edit the /etc/passwd and replace the encrypted root pw string with a "known" string, or simply just try to leave it blank.
Some older systems do not prompt for pw when the pw-string is empty.

I'm trying to become President of the state I'm in...
0 Kudos
Reply
Bill McNAMARA_1
Honored Contributor

‎05-19-2003 01:04 AM

‎05-19-2003 01:04 AM

Re: Word Dictionary for crack

I think in either case you may have trouble booting into -is considering that your login shell is /bin/ksh
hopefully that's a link to a file/shell that will be available in single user.

It works for me (tm)
0 Kudos
Reply
Tor-Arne Nostdal
Trusted Contributor

‎05-19-2003 03:47 AM

‎05-19-2003 03:47 AM

Re: Word Dictionary for crack

I agree with Bill, but it depends which system this is and how the system is set up.

I assume it has been working and that your problem isn't related to change of login shell. If you have problems with the login shell you could also expect problems during startup.

If you suspect that the login shell might cause you problem, try to edit this as well in the password file and set it to /bin/sh or /sbin/sh
I'm trying to become President of the state I'm in...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.