On Thu, 18 Jan 2001 [EMAIL PROTECTED] wrote:
> Mais comment savoir si ils ont un password (et lequel). Si il y a un
Je crois qu'on va faire un exemple pratique:
Compte bloqué:
defian:/home/schaefer# passwd -S uucp
uucp L 08/17/1999 0 99999 7 -1
defian:/home/schaefer# egrep uucp /etc/shadow /etc/passwd
/etc/shadow:uucp:*:10820:0:99999:7:::
/etc/passwd:uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
Compte actif, avec un mot de passe:
defian:/home/schaefer# passwd -S bsmtp
bsmtp P 01/18/2001 0 99999 7 -1
defian:/home/schaefer# egrep bsmtp /etc/shadow /etc/passwd
/etc/shadow:bsmtp:Os7K58BCXvU1c:11340:0:99999:7:::
/etc/passwd:bsmtp:x:1004:1004:BSMTP test user,,,:/home/bsmtp:/bin/bash
Maintenant sabotons ce compte en introduisant, dans le champ du mot de
passe, un caractère ne figurant pas dans l'alphabet considéré (cf plus
bas), p.ex l'étoile (on plus on change le nombre de caractères).
defian:/home/schaefer# passwd -S bsmtp
bsmtp L 01/18/2001 0 99999 7 -1
Maintenant remettons un mot de passe et utilisons l'option -l de passwd:
defian:/home/schaefer# passwd -l bsmtp
Password changed.
defian:/home/schaefer# passwd -S bsmtp
bsmtp L 01/18/2001 0 99999 7 -1
defian:/home/schaefer# egrep bsmtp /etc/shadow /etc/passwd
/etc/shadow:bsmtp:!RwUttjcgBIpoI:11340:0:99999:7:::
/etc/passwd:bsmtp:x:1004:1004:BSMTP test user,,,:/home/bsmtp:/bin/bash
PS: travail laissé à l'auditoire: casser le mot de passe de l'utilisateur
bsmtp. Avec Crack cela doit pouvoir se faire assez vite.
cf man 5 passwd
[ ... ]
The password field may not be filled if shadow passwords
have been enabled. If shadow passwords are being used,
the encrypted password will be found in /etc/shadow. The
encryped password consists of 13 characters from the 64
character alphabet a thru z, A thru Z, 0 thru 9, . and /.
Refer to crypt(3) for details on how this string is inter
preted.
[ ... ]
(donc p.ex. * n'est pas un caractère valide).
man 5 shadow
[ ... ]
The password field must be filled. The encryped password
consists of 13 to 24 characters from the 64 character
alphabet a thru z, A thru Z, 0 thru 9, . and /. Refer to
crypt(3) for details on how this string is interpreted.
[ ... ]
man 1 passwd
[ ... ]
Account maintenance
User accounts may be locked and unlocked with the -l and
-u flags. The -l option disables an account by changing
the password to a value which matches no possible
encrypted value. The -u option re-enables an account by
changing the password back to its previous value.
[ ... ]
The account status may be given with the -S option. The
status information consists of 6 parts. The first part
indicates if the user account is locked (L), has no pass
word (NP), or has a usable password (P). The second part
gives the date of the last password change. The next four
parts are the minimum age, maximum age, warning period,
and inactivity period for the password.
[ ... ]
--
http://www-internal.alphanet.ch/linux-leman/ avant de poser
une question.
