发信人: liyv.bbs@bbs.cst.sh.cn (小邱), 信区: cnhacker
标 题: Hacker_FAQ 01
发信站: 生命玄机站 (Wed Oct 7 00:36:49 1998)
转信站: Lilac!ustcnews!cstshnews!lifebbs
01. How do I access the password file under Unix?
In standard Unix the password file is /etc/passwd. On a Unix system
with either NIS/yp or password shadowing, much of the password data
may be elsewhere.
02. How do I crack Unix passwords?
Contrary to popular belief, Unix passwords cannot be decrypted. Unix
passwords are encrypted with a one way function. The login program
encrypts the text you enter at the "password:" prompt and compares
that encrypted string against the encrypted form of your password.
Password cracking software uses wordlists. Each word in the wordlist
is encrypted with each of the 4096 possible salt values and the
results are compared to the encrypted form of the target password.
The best cracking program for Unix passwords is currently Crack by
Alec Muffett. For PC-DOS, the best package to use is currently
CrackerJack.
03. What is password shadowing?
Password shadowing is a security system where the encrypted password
field of /etc/passwd is replaced with a special token and the
encrypted password is stored in a separate file which is not readable
by normal system users.
To defeat password shadowing on many (but not all) systems, write a
program that uses successive calls to getpwent() to obtain the
password file.
Example:
#include <pwd.h>
main()
{
struct passwd *p;
while(p=getpwent())
printf("%s:%s:%d:%d:%s:%s:%s\n", p->pw_name, p->pw_passwd,
p->pw_uid, p->pw_gid, p->pw_gecos, p->pw_dir, p->pw_shell);
}
04. Where can I find the password file if it's shadowed?
Unix Path Token
-----------------------------------------------------------------
AIX 3 /etc/security/passwd !
or /tcb/auth/files/<first letter #
of username>/<username>
A/UX 3.0s /tcb/files/auth/?/*
BSD4.3-Reno /etc/master.passwd *
ConvexOS 10 /etc/shadpw *
ConvexOS 11 /etc/shadow *
DG/UX /etc/tcb/aa/user/ *
EP/IX /etc/shadow x
HP-UX /.secure/etc/passwd *
IRIX 5 /etc/shadow x
Linux 1.1 /etc/shadow *
OSF/1 /etc/passwd[.dir|.pag] *
SCO Unix #.2.x /tcb/auth/files/<first letter *
of username>/<username>
SunOS4.1+c2 /etc/security/passwd.adjunct ##username
SunOS 5.0 /etc/shadow
<optional NIS+ private secure maps/tables/whatever>
System V Release 4.0 /etc/shadow x
System V Release 4.2 /etc/security/* database
Ultrix 4 /etc/auth[.dir|.pag] *
UNICOS /etc/udb *
05. What is NIS/yp?
NIS (Network Information System) in the current name for what was once
known as yp (Yellow Pages). The purpose for NIS is to allow many
machines on a network to share configuration information, including
password data. NIS is not designed to promote system security. If
your system uses NIS you will have a very short /etc/passwd file with
a line that looks like this:
+::0:0:::
To view the real password file use this command "ypcat passwd"
06. What are those weird characters after the comma in my passwd file?
The characters are password aging data. Password aging forces the
user to change passwords after a System Administrator specified period
of time. Password aging can also force a user to keep a password for
a certain number of weeks before changing it.
]
] Sample entry from /etc/passwd with password aging installed:
]
] will:5fg63fhD3d,M.z8:9406:12:Will Spencer:/home/fsg/will:/bin/bash
]
Note the comma in the encrypted password field. The characters after
the comma are used by the password aging mechanism.
]
] Password aging characters from above example:
]
] M.z8
]
The four characters are interpreted as follows:
1: Maximum number of weeks a password can be used without changing.
2: Minimum number of weeks a password must be used before changing.
3&4: Last time password was changed, in number of weeks since 1970.
Three special cases should be noted:
If the first and second characters are set to '..' the user will be
forced to change his/her passwd the next time he/she logs in. The
passwd program will then remove the passwd aging characters, and the
user will not be subjected to password aging requirements again.
If the third and fourth characters are set to '..' the user will be
forced to change his/her passwd the next time he/she logs in. Password
aging will then occur as defined by the first and second characters.
If the first character (MAX) is less than the second character (MIN),
the user is not allowed to change his/her password. Only root can
change that users password.
It should also be noted that the su command does not check the password
aging data. An account with an expired password can be su'd to
without being forced to change the password.
Password Aging Codes
+------------------------------------------------------------------------+
| |
| Character: . / 0 1 2 3 4 5 6 7 8 9 A B C D E F G H |
| Number: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
| |
| Character: I J K L M N O P Q R S T U V W X Y Z a b |
| Number: 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
| |
| Character: c d e f g h i j k l m n o p q r s t u v |
| Number: 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
| |
| Character: w x y z |
| Number: 60 61 62 63 |
| |
+------------------------------------------------------------------------+
--
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃萧秋水虽脸色苍白,但依然笑问道:“老铁,小邱,看来你们的 ┃
┃武功又有精进!” ┃
┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛
※ 来源:·生命玄机 bbs.cst.sh.cn·[FROM: 202.127.16.22]