On 19 Aug 1998, Manoj Srivastava wrote:

> Hi,
> >>"Michael" == Michael Beattie <[EMAIL PROTECTED]> writes:
> 
>  Michael> After thinking about the crypt function, salts, etc... would
>  Michael> it not be possible to do this:
> 
>  Michael> 1) obtain the source for the crypt function.
>  Michael> 2) obtain by whatever method, the hashed/encrypted/whatever
>  Michael>    password from /etc/shadow.
> 
>       That means you are root on the machine.

It was more of a "by whatever means possible" scenario.

 
>  Michael> 3) reverse the technique in the crypt function, then apply
>  Michael>    that to the string obtained from /etc/shadow using salt #1
> 
>       Yup. You shall then have accomplished something that noone
>  else has, so far. You probably shall then command large salaries as
>  several corporations and government agencies vie for you talents ;-) 

Great :) --> $$$$$$$$$$$$ <-----

>  Michael> 4) repeat step 3 for each of the 4096 (??) salts.
> 
>       Why? You already know what the salt is, if you have read
>  /etc/shadow. And if you can reverse crypt; you have the password. 

Ooops.. forgot the salt is right under yer nose.

>  Michael> would that leave you with 4096 possible passwords to try at
>  Michael> login? maybe use a telnet script of some kind somehow?
> 
>       Does your telent allow you to keep trying passwords ad
>  infinitum? Does it not close connections after a fixed number of
>  attempts? 

um, reconnect maybe? yeah, I know, my box is set to 5 attempts.. or is it
3? heh.. cant remember.
 


                       Michael Beattie ([EMAIL PROTECTED])

               PGP Key available, reply with "pgpkey" as subject.
 -----------------------------------------------------------------------------
     WinErr: 003 Dynamic linking error - Your mistake is now in every file
 -----------------------------------------------------------------------------
                Debian GNU/Linux....  Ooohh You are missing out!

Reply via email to