Date: Fri, 15 Mar 1996 16:38:19 -0700 From: "Aaron D. Gifford" <agifford@infowest.com> To: Richard Chang <richardc@CSUA.Berkeley.EDU> Cc: questions@freebsd.org Subject: Re: Passwords Message-ID: <2.2.32.19960315233819.006d2e4c@infowest.com>
next in thread | raw e-mail | index | archive | help
At 11:43 AM 3/15/96 -0800, you wrote:
>Hi there,
>
> We are running a site that had security breakins and the hacker
>managed to changed the root password and the edited both the /etc/passwd
>and /etc/master.passwd file and deleted pretty much everything in it. It
>seems the pwd.db and spwd.db are the original ones since apparently the
>person didn't use vipw on the DES encrypted system. I was wondering if
>there was a way to use the pwd.sb and spwd.db even if the encrypted passwd's
>in master.passwd don't match.... Thanks.
>
>Richard
>
Hi,
I've trashed my master.passwd file before, so I wrote me a perl script to
regenerate my master.passwd file from the spwd.db file. It has worked for
me. maybe it will work for you.
Aaron
----CUT-HERE----
#!/usr/bin/perl
#
# remaster.pl -- a utility to regenerate /etc/master.passwd from /etc/spwd.db
#
# Copyright (C) 1996 Aaron D. Gifford (agifford@infowest.com)
# All rights reserved.
#
# Use this or change it in any way you want, just don't pretend you wrote it,
# even though you probably could, and in less time! *grin*
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# Gee, wasn't THAT a mouthful! Wonder where I've seen THAT before...
#
#
# USAGE:
# If you are brave:
# ./remaster.pl > master.passwd
# If you are smart:
# ./remaster.pl > master.passwd.new
# To test against a valid master.passwd file:
# ./remaster.pl > master.passwd.new ; diff master.passwd master.passwd.new
###
### CONFIGURATION
###
# Where is the spwd.db file located?
# Remember, don't add the ".db" to the spwd.db filename below!
$SPWD = "/etc/spwd";
###
### END OF CONFIGURATION
###
dbmopen(%PASS, $SPWD, undef) || die "Couldn't open \"".$SPWD.".db\" file: $!\n";
# Take a look at /usr/include/pwd.h for some more info, or the sources
# for /usr/sbin/pwd_mkdb... Oh, I sure hope pwd.h doesn't change the "1""2""3"
# key start characters anytime soon... :)
# $PASS{"1".$username} = $entry;
# $PASS{"2".$lineno} = $entry;
# $PASS{"3".$uid} = $entry;
for ($line = 1; defined($PASS{"2".pack("i",$line)}); $line++) {
# Extract all the goodies
($username,$pass,$stuff) = split(/\0/, $PASS{"2".pack("i",$line)}, 3);
($uid,$gid,$change,$stuff) = unpack("i i i a*", $stuff);
($class,$gecos,$dir,$shell,$stuff) = split(/\0/, $stuff, 5);
$expire = unpack("i", $stuff);
print
$username.":".$pass.":".$uid.":".$gid.":".$class.":".$change.":".$expire.":"
.$gecos.":".$dir.":".$shell."\n";
}
close(FILE);
dbmclose(%PASS);
# DONE!!!
----CUT-HERE----
--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--
Aaron D. Gifford InfoWest, 1845 W. Sunset Blvd, St. George, UT 84770
InfoWest Networking Phone: (801) 674-0165 FAX: (801) 673-9734
<agifford@infowest.com> Visit InfoWest at: "http://www.infowest.com/"
ICBM: 37.07847 N, 113.57858 W
"Southern Utah's Finest Network Connection"
--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--=+=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2.2.32.19960315233819.006d2e4c>