On Thu, November 29, 2007 8:40 am, Brian LaMere wrote: > I don't want to try a dictionary attack on a hash, I want to try a > *single word*. Of course, there's thousands of hashes I need to > check, so I'm looking at perl. Issue is that a certain "default" > password has been used where I work for a couple decades, and I need > to find what accounts are still using it. > > And no, please, I can't just try logging in to all the servers, and > all the accounts, with that password. There are a variety of reasons > for such. > > I've tried Crypt::Cracklib, but GTry doesn't give me the same hash > with the salt (first 2 chars still, right?) plus string. I've tried > Crypt::PasswdMD5, but again - if I set a password, knowing what it is, > then use those two functions to create a hash, the hash isn't the same > as what is in the password file. So clearly, either I'm wrong about > the salt, or something else is going on. Anyone have suggestions? >
This is almost certainly something you already know, but in unix passwords, the first two characters are a seed. Thus the same password hashed with the same seed will always be the same. So if you want to test 'poopypants' as a password, and the hash is 'Abxxxxxxxxx', then you can write a perl proggie that will crypt any password using the seed you provide, and then crypt 'poopypants' with seed 'Ab'. If they match, you've got it. Caution: I did this before the shadow files, and things may have changed. Others can advise. -- Lan Barnes SCM Analyst Linux Guy Tcl/Tk Enthusiast Biodiesel Brewer -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
