From owner-freebsd-questions Wed Apr 8 10:59:25 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA22222 for freebsd-questions-outgoing; Wed, 8 Apr 1998 10:59:25 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from dove.peace.com.my (peace.com.my [202.184.153.15]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA22210 for ; Wed, 8 Apr 1998 10:59:12 -0700 (PDT) (envelope-from panda@peace.com.my) Received: from lovebox (love.com.my [202.184.153.17]) by dove.peace.com.my (8.8.5/8.8.5) with SMTP id BAA14435; Thu, 9 Apr 1998 01:41:58 +0800 (SGT) Date: Thu, 9 Apr 1998 01:41:58 +0800 (SGT) Message-Id: <3.0.32.19980409020411.00ecf9a8@peace.com.my> X-Sender: panda@peace.com.my X-Mailer: Windows Eudora Pro Version 3.0 (32) To: THIERRY.HERBELOT@telspace.alcatel.fr From: chas Subject: Crack_on_FBSD Cc: questions@FreeBSD.ORG Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id KAA22211 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Thank you for the explanation, Thierry, though I'm still rather confused. I had already checked the archives and found the MD5/DES posts but thought that they dealt with a different problem since the Crack manual mentioned configuration for FreeBSD. Strange to have a port of Crack available at all then, no ? And strange that it still managed to come up with 2 of the passwds. Cheers, chas > You could check it on the mailing llist archive : passwords beginning > with $1$ are crypted with the MD5 library. Crack tries to discover > passwords crypted with the (standard) DES library : it's completely > normal that you can't find back HELLO. > > AFAIK, there is no method to automatically convert your password > database from MD5 crypting to DES crypting (you would need a tool to > automatically discover the source passwords "in the clear" first, and > all crypting methods try hard making such tolls impossible to have - > except if your name is NSA) > > good luck > > TfH > > > > >____________________________ Séparateur Réponse ________________________________ >Objet : Crack on FBSD - how to make it more thorough ? >Auteur : panda@peace.com.my >Date : 08/04/98 17:28 > > >I installed Crack-5.0 using the package (not the port) and >it seems to function, but I'm not sure it's working properly. >I changed the shadmrg script to merge the /etc/passwd and >/etc/master.passwd and ran Crack on the output. > >Crack was finished in less than 10 seconds. >OK, so I only have 100 users on this system but I thought >that this would be still quite an intensive task to run. > >Before this, I'd added a 'dummy' userid with passwd "HELLO" >so that I could check that crack was actually doing >something but strangely, Crack didn't find that (and >I wouldn't have thought "HELLO" was a particularly >intelligent passwd). Fortunately, Crack did discover >2 users with ridiculously easy passwds (since corrected). >so I knew it was doing something. > >Looking at conf/dictrun.conf, I see that nearly all the >rules were employed. Should it really have run so fast ? > >the Reporter also showed the following errors for all user : > >E:0:bad format: output.txt: username:$1$NTG2CU1tFICN2VX20:1029:1006:U >ser &:/home/username:/bin/sh > >I was running Crack on a file output.txt, which was the output >of running scripts/shadmrg.fbsd, based on the supplied shadmrg.sv : > >SHADOW=/etc/master.passwd >PASSWD=/etc/passwd > >( > sed -e 's/^/STAG:/' < $SHADOW > sed -e 's/^/PTAG:/' < $PASSWD >) | >awk -F: ' >BEGIN { > OFS=":"; >$1 == "STAG" { > pw[$2] = $3; > next; >} >$1 == "PTAG"{ > $3 = pw[$2]; > print $0; > >}' | > >I'm afraid I'm not an awk guy so if I just swapped the variable >names at the top. > >Anyway, if there are any other changes that need to be done >to get crack to work perform a more thorough check on FBSD ? > >chas > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message