Quick thought, get a copy of the passwd (and possibly shadow passwd) file, on a different machine. Use them as data input to crack. We did that in the 'old days' when I worked for an oil company and were on a mission to ensure our users used 'better' passwords.
Now find your BEEFIEST CPU in house, or borrow one (big amazon?)? Someone have a CRAY IV running UNIX? ... it will run a long time for any algorithm's that go into brute force cracking. (Ok, I feel obligated to throw out legal weazle words for eveyone: use it only on machines where you have management authorization. When I was a consultant, before we even downloaded such stuff, I went and had the customer bosses sign a form saying we were held harmless, and it was a best efforts, and this was not meant for attacking personal or corporate privacy. ... So, play nice. Get permission. BEFORE you do anything. ... Ok, that is off my chest... now on to the diatribe that is subject based :) ) http://www.nmrc.org/pub/faq/hackfaq/hackfaq-28.html -- an overview of the process Access to crack (the historical program - great): http://cybersoft.com/Support/unix.php Check the readme before trying crack 5.0. You will need to compile crack if you want to use it. It is in C. One website said: ------------- Install John the Ripper Password Cracking Tool John the ripper is not installed by default. If you are using Debian / Ubuntu Linux, enter: $ sudo apt-get install john ------------- http://www.governmentsecurity.org/articles/crack-unix-linux-passwords.html has some detail on effective use of 'john'. https://www.phx2600.org/archive/2010/08/30/password-cracking-unix/ Also has instructions on running 'john' You might also look at web site: http://crackstation.net/ for an online utility using an un-salted password. I have used ophcrack on windows machines for the same reasons. (It is a good cd to keep in your tool box). Pretty easy to run. Use the largest dictionary they have available. I have not needed to use the 'pay for' dictionary with ophcrack. At a bank where I worked, we had to do a reboot into Linux on a Windows server, to get the windows password file, and we took a copy of the windows password file and cracked it on another server. It worked, but again, ran for a long time (several days, and it was a good password). Suggestion (yes, I iterate again): Run it on a BEEFY CPU box, as it will run seemingly 'forever' if the crack system goes into brute force cracking. Just a few thoughts! ... Jack -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
