I have got my hands on a passwd file, I have run a dic. on it but nothing
worked, what am I going to do?
by Gumbe » Sat, 22 Mar 1997 04:00:00
I have got my hands on a passwd file, I have run a dic. on it but nothing
worked, what am I going to do?
by Chery » Sat, 22 Mar 1997 04:00:00
Be surprised that all your users have decent passwords set? ;-)Quote:> I have got my hands on a passwd file, I have run a dic. on it but nothing
> worked, what am I going to do?
rgds
Cheryl
by Jerome O'Nei » Sat, 22 Mar 1997 04:00:00
> I have got my hands on a passwd file, I have run a dic. on it but nothing
> worked, what am I going to do?
Jerome
by Scott Norwo » Sun, 23 Mar 1997 04:00:00
>> I have got my hands on a passwd file, I have run a dic. on it but nothing
>> worked, what am I going to do?
>Turn youself in to the local authorities.
I've cracked several passwd files, with absolutely no intention of using
the cracked accounts; it was merely an exercise to see a) how various
cracker programs go about the task and b) how much time (both CPU time
and real time) it would take to crack various-size passwd files. When
I finished, I deleted the cracked files from my machine.
Of course, this guy may just be "an 3l337 WaReZ d00d," in which case,
I'll leave password cracking as an excercise to the reader. :)
--
<html><head><title>Down with HTML news postings!</title></head><body>
<h1><blink>If this line blinks, then it's time to get a newsreader that
doesn't encourage HTML news posting! There are many that are better
than Netscape or IE; try trn!</blink></h1></body></html>
by S. Sho » Sun, 23 Mar 1997 04:00:00
Here... give it to me. :)Quote:>I have got my hands on a passwd file, I have run a dic. on it but nothing
>worked, what am I going to do?
by Piotr T Zbiegie » Tue, 25 Mar 1997 04:00:00
> >> I have got my hands on a passwd file, I have run a dic. on it but nothing
> >> worked, what am I going to do?
> >Turn youself in to the local authorities.
> Hey, there's nothing wrong with running a passwd file through 'Crack'
> or something similar. Just because he wants to crack the file doesn't
> mean that he's going to actually login as someone else. Actually, he may
> even help to secure the system, if afterwards he encourages the users
> with insecure passwords to change them and/or encourages the admin. to
> install npasswd.
> I've cracked several passwd files, with absolutely no intention of using
> the cracked accounts; it was merely an exercise to see a) how various
> cracker programs go about the task and b) how much time (both CPU time
> and real time) it would take to crack various-size passwd files. When
> I finished, I deleted the cracked files from my machine.
> Of course, this guy may just be "an 3l337 WaReZ d00d," in which case,
> I'll leave password cracking as an excercise to the reader. :)
Aren't we being a little naive if we are goind to allow Joe User to run
all sorts of nastly little programs on our system with the hope that
he's doing it to help us out? C'mon, how many users would actually do
that out of the goodness of their hearts. And anyway, how many of us
actually *like* having all our security pointed out and being told how
to do our jobs;)
Just my 0.02, I expect change.
Piotr
----------------
Piotr T Zbiegiel
Unix Systems Specialist
Berk & Hirt Consulting Co.
by Piotr T Zbiegie » Wed, 26 Mar 1997 04:00:00
> What you people also have to realise is that it's often the people who
> have something (shady?) to hide that get into such a tizzy about
> security. It's so easy to make inflexible rules, and then take the
> high m*ground when someone suggests the contrary. Perhaps some
> people in this newsgroup have something to hide as well?
I agree, *some* people in this newsgroup have alterior motives to hide.
But I'm sure they are not wasting their time posting about high m*
ground, they are too busy posting "I need help cracking passwd file"
messages.
Peace
P T Z
--
Piotr T Zbiegiel
Unix Systems Specialist
Berk & Hirt Consulting Co.
by Scott Norwo » Wed, 26 Mar 1997 04:00:00
And, of course, by starting threads with that kind of subject head,Quote:>I agree, *some* people in this newsgroup have alterior motives to hide.
>But I'm sure they are not wasting their time posting about high m*
>ground, they are too busy posting "I need help cracking passwd file"
>messages.
--
<html><head><title>Down with HTML news postings!</title></head><body>
<h1><blink>If this line blinks, then it's time to get a newsreader that
doesn't encourage HTML news posting! There are many that are better
than Netscape or IE; try trn!</blink></h1></body></html>
by Sean A. Walbe » Wed, 26 Mar 1997 04:00:00
It has been said that there are two approaches to security, that which
is not expressly prohibited is allowed, and that which is not
expressly allowed is prohibited. The former may work at the
university, but in the real world the latter is the only option.
I don't know of any sysadm worth his salt that doesn't cringe at the
possiblity of his password file being comprimised.
I'm not hiding anything, I'm doing my job.
Sean
====================] Will work for RAM [=====================
| Sean A. Walberg | PGP Encrypted | C programmers |
| Computer Engineering III | mail accepted | do it in |
================] http://www.veryComputer.com/~sean [================
by Scott Norwo » Wed, 26 Mar 1997 04:00:00
>Any unauthorised attempt to gain access to a system you don't own is the
>low m*ground, and by default places me, and people who feel like I do
>on the high m*ground.
--
<html><head><title>Down with HTML news postings!</title></head><body>
<h1><blink>If this line blinks, then it's time to get a newsreader that
doesn't encourage HTML news posting! There are many that are better
than Netscape or IE; try trn!</blink></h1></body></html>
by Kenneth L. Hame » Wed, 26 Mar 1997 04:00:00
Count me as another person who has ZERO tolerance for uninvited
exploration of my system security. At the same time, I find the entire
subject fascinating, and have happily discussed the issue with users
when they had the basic sense to come to me and ask permission to
explore the subject on our systems.
Back on the subject, I tend to think if you can't read and understand
the copious documentation out there on how to attack the UNIX password
system, then you don't have any business messing with it. You have to
show _some_ level of capability after all.
- Ken
===
Kenneth L. Hamer, CCSO Departmental User Services Consultant/Network
Analyst for the Department of Astronomy and Extramural Programs / CEPS
===
As a computer, I find your faith in technology amusing.
1. Crack 5.0 - How to safely collect passwd files?
How do You safely collect local /etc/passwd files into a central
machine, so that Crack can be run on them? I have about 15 mamachines
I'd like to check, a mixture of AIX, SCO and SunOS 4.1.3 machines.
From cron as root on each machine, and then rcp to central machine?
rdist?
--
------------------------------------------------------------
Rune Mossige, Systems Support Tel : +47 515 98 922
Western Geophysical, Stavanger, Norway Fax : +47 515 98 999
Mobile: +47 908 71 024
2. Help ! how can I run my server xwindows applications at home using linux
3. Crack problem with MD5 passwd file?
4. ftp logging with 'last' command
5. BSDi passwd file to Linux Passwd file
7. Please help!!! need recover passwd file
9. Need help with /etc/passwd file urgently..
11. Need help shadowing passwd file
12. help, help, fouled up Solaris passwd file
13. Crack removes all passwd entries