Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 20 Sep 1995 09:20:51 +0200 (MET DST)
From:      Ollivier Robert <roberto@keltia.Freenix.FR>
To:        mark@grondar.za (Mark Murray)
Cc:        clary@s4.elec.uq.edu.au, freebsd-security@FreeBSD.org
Subject:   Re: crack for freebsd
Message-ID:  <199509200720.JAA18979@keltia.Freenix.FR>
In-Reply-To: <199509200555.HAA03406@grumble.grondar.za> from "Mark Murray" at Sep 20, 95 07:55:38 am
index | next in thread | previous in thread | raw e-mail 

It seems that Mark Murray said:
> Any version of crack will work, as long as you link against FreeBSD's
> -lcrypt. This libriary is a link to the current encryption scheme, so
> upgrading libcrypt  MD5 -> DES will be transparent to all apps (including
> crack).

Hmm,  you'll have  to deal  with  longer-than-2-characters salt  and a much
longer password. And  the structure of  the encrypted password is different
(magic # and  separators). Here  is the  code  I used  for my  su-like tool
(gives root priv. to some persons -- written in a list  -- with the guy own
password).

#ifdef __FreeBSD__                  /* cope with MD5 based crypt(3) */
        if (!strncmp (calife->pw_passwd, "$1$", 3)) /* MD5 */
        {
            char * pp = (char *) xalloc (1, strlen (calife->pw_passwd) + 1);
            char * md5_salt;
            char * md5_pass;
            
            strcpy (pp, calife->pw_passwd + 3);
            md5_salt = strtok (pp, "$");
            md5_pass = strtok (NULL, "$");
            
            if (md5_pass == NULL || 
                md5_salt == NULL ||
                (strlen (md5_salt) > 8))   /* garbled password */
            {
                syslog (LOG_AUTH | LOG_ERR, "GARBLED PASSWORD %s to unknown %s on %s", name, user_to_be, tty);
                fprintf (stderr, "Bad password string.\n");
                fflush (stderr);
                exit (8);
            }
            MESSAGE_1 ("MD5 password found, salt=%s\n", md5_salt);
            strcpy (salt, md5_salt);            
            free (pp);
        }
        else
        {       
#endif /* !__FreeBSD__ */
            strncpy (salt, calife->pw_passwd, 2);
            salt [2] = '\0';
#ifdef __FreeBSD__
        }
#endif /* __FreeBSD__ */        

-- 
Ollivier ROBERT    -=- The daemon is FREE! -=-    roberto@keltia.frmug.fr.net
 FreeBSD keltia.Freenix.FR 2.2-CURRENT #1: Sun Sep 10 18:50:19 MET DST 1995
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509200720.JAA18979>