Hi,
>>"Michael" == Michael Beattie <[EMAIL PROTECTED]> writes:
Michael> After thinking about the crypt function, salts, etc... would
Michael> it not be possible to do this:
Michael> 1) obtain the source for the crypt function.
Michael> 2) obtain by whatever method, the hashed/encrypted/whatever
Michael> password from /etc/shadow.
That means you are root on the machine.
Michael> 3) reverse the technique in the crypt function, then apply
Michael> that to the string obtained from /etc/shadow using salt #1
Yup. You shall then have accomplished something that noone
else has, so far. You probably shall then command large salaries as
several corporations and government agencies vie for you talents ;-)
Michael> 4) repeat step 3 for each of the 4096 (??) salts.
Why? You already know what the salt is, if you have read
/etc/shadow. And if you can reverse crypt; you have the password.
Michael> would that leave you with 4096 possible passwords to try at
Michael> login? maybe use a telnet script of some kind somehow?
Does your telent allow you to keep trying passwords ad
infinitum? Does it not close connections after a fixed number of
attempts?
manoj
--
Practice is the best of all instructors. Publilius
Manoj Srivastava <[EMAIL PROTECTED]> <http://www.datasync.com/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
