I've recently shadowed all my passwd files, and other than
running pwunconv is there any way to get Crack 4.1 to do it's
thing on the shadow files? It's rejecting all of the entries
saying they don't have 8 fields.
__
by Phil Bate » Thu, 30 Jan 1997 04:00:00
I've recently shadowed all my passwd files, and other than
running pwunconv is there any way to get Crack 4.1 to do it's
thing on the shadow files? It's rejecting all of the entries
saying they don't have 8 fields.
__
by Tommy M. Larsso » Thu, 30 Jan 1997 04:00:00
It's no problems for John The Ripper to crack your
passwordfile since it can merge your shadow file and
your passwd file.
> I've recently shadowed all my passwd files, and other than
> running pwunconv is there any way to get Crack 4.1 to do it's
> thing on the shadow files? It's rejecting all of the entries
> saying they don't have 8 fields.
> __
by Nick Maclar » Thu, 30 Jan 1997 04:00:00
|> >
|> > I've recently shadowed all my passwd files, and other than
|> > running pwunconv is there any way to get Crack 4.1 to do it's
|> > thing on the shadow files? It's rejecting all of the entries
|> > saying they don't have 8 fields.
Merge them with a grim shell/awk/sed/perl/whatever script. Crack
5.0 includes some useful ones, and I have written one for another
format.
|> It's no problems for John The Ripper to crack your
|> passwordfile since it can merge your shadow file and
|> your passwd file.
Well, anyone who can do that has already got root access, so he
could equally well put password sniffing into rlogin and telnet.
Nick Maclaren,
University of Cambridge Computer Laboratory,
New Museums Site, Pembroke Street, Cambridge CB2 3QG, England.
Tel.: +44 1223 334761 Fax: +44 1223 334679
by Alec Muffet » Thu, 30 Jan 1997 04:00:00
2) use the "shadmrg.*" scripts in the "Scripts" directory
3) learn this important lesson
4) throw v4.1f in the bin, go get v5.0 from the website below
and apply the same steps 1 thru 3.
- alec
--
# If you e-mail a reply to this message, please modify the "To:" address.
# alec muffett, oxford, uk - http://www.users.dircon.co.uk/~crypto/
# below: password cracker in one line of perl; echo guess | perl [args]
perl -nle 'setpwent;crypt($_,$c)eq$c&&print"$u=$_"while($u,$c)=getpwent'
by lamo.. » Sat, 01 Feb 1997 04:00:00
--
Lamont Granquist (lamontg at u dot washington dot edu) ->note spamfilter<-
"First consider a spherical chicken..." ICBM: 47 39'23"N 122 18'19"W
unsolicited commercial e-mail->contacting your ISP to remove your net.access
by lamo.. » Sat, 01 Feb 1997 04:00:00
Wheeeeee! I wanna use John The Ripper now! It's so K-RAD!Quote:>It's no problems for John The Ripper to crack your
>passwordfile since it can merge your shadow file and
>your passwd file.
Ever heard of Perl?
--
Lamont Granquist (lamontg at u dot washington dot edu) ->note spamfilter<-
"First consider a spherical chicken..." ICBM: 47 39'23"N 122 18'19"W
unsolicited commercial e-mail->contacting your ISP to remove your net.access
by Tommy M. Larsso » Sat, 01 Feb 1997 04:00:00
> >It's no problems for John The Ripper to crack your
> >passwordfile since it can merge your shadow file and
> >your passwd file.
> Wheeeeee! I wanna use John The Ripper now! It's so K-RAD!
> Ever heard of Perl?
by Alec Muffet » Sat, 01 Feb 1997 04:00:00
No, he means that writing such a merging program is a trivial exerciseQuote:> > Ever heard of Perl?
> Yep, I've also heard about sed and awk. But what's your point?
> You rather use a one line perl cracker than JTR or Crack?
...or use the one that's been distributed with Crack since 1991.Quote:> Or you rather make your own shadow and passwd merger than
> use what someone else already have made?
So what?
Can we please leave this embryonic "X is better than Y" argument alone
(I know such arguments are a USENET tradition, BWTF) - and just accept
that people can use whatever the hell software they like to crack
their own password files?
There is no speed difference between Crack and John, if you will
accept no other reason than the logic that it is trivially easy to
plug John's crypt() algorithm into Crack, for those architectures
where it offers a performance improvement over "libdes", or "UFC", or
any of the other dozen-or-so crypt() algorithms in existence - so at
the very least they are equivalent in terms of raw performance.
There are many differences in implementation, and configuration, and
pros and cons in each direction, but in short: if you're seriously
worried whether you're using the right password cracker out of the
pair of Crack or John, then you actually have bigger problems on your
plate that you don't realise yet - like how to distinguish *for
yourself* what is most or least appropriate for your system.
Not to mention that "you have no life".
Once you have realised this, you are on the path towards enlightenment.
If, on the other hand, you go around espousing that one is significantly
better than the other for whatever asinine reason seems to be most
important to yourself, then you should take time out to meditiate on
how small and insignificant you (and your views) actually *are* in the
universe, and that (regardless of what his Marketing department would
have you believe) Bill Gates does not yet control the Internet.
- alec
PS: "My Amiga is better than your PC. Nyaah!"
--
# If you e-mail a reply to this message, please modify the "To:" address.
# alec muffett, oxford, uk - http://www.users.dircon.co.uk/~crypto/
# below: password cracker in one line of perl; echo guess | perl [args]
perl -nle 'setpwent;crypt($_,$c)eq$c&&print"$u=$_"while($u,$c)=getpwent'
Hello, i tried to run crack on my server, and it bombed.. i untarred it
and edited crack and changed the home directory etc.. i tried running it
from /tmp/cr and this is what happened:
$ ./Crack -f -v /etc/passwd
Crack 4.1f RELEASE, The Password Cracker (c) Alec D.E. Muffett, 1992
Invoked as: ./Crack -f -v /etc/passwd
Dictionary Dicts/bigdict.Z intact
Binary directory: /tmp/cr/crack-4.1/generic
( cd ../Sources ; make clean )
rm -f *.o *.u *.a *.pixie *.Addrs *.Counts
rm -f crack-pwc tester bytesex testrule
rm -f speedcrypt speedfcrypt speedxform speedufc
( cd ../Sources ; make crack-pwc.which )
Choosing between Crack.fcrypt and Crack.ufc
((../Scripts/do_ufc && make crack-pwc.ufc) || make crack-pwc.fcrypt)
Looking for UFC-crypt in /tmp/cr/crack-4.1/ufc-crypt
Cannot find /tmp/cr/crack-4.1/ufc-crypt - cannot use UFC-crypt on this
platform
cc -O -c crack-lib.c
sh: cc: 0402-032 Execute permission is denied.
make: 1254-004 The error code from the last command is 1.
Make Quitting.
make: 1254-005 Ignored error code 2 from last command.
cp ../Sources/crack-pwc .
cp: ../Sources/crack-pwc: A file or directory in the path name does not
exist.
make: 1254-004 The error code from the last command is 1.
Make Quitting.
----------
2. XWindows & S3 ViRGE/DX (Newbie)
4. Newbie: want to install Linux badly - but partitiong problems :(
6. Unknown Directive exec (Apache 1.05)
7. Crack 4.1 - doesnt crypt properly on NeXTs?
9. Difference from Crack 4.1 to 5.0
12. shadmrg for crack 4.1 for AIX
13. Installing Crack 4.1 on Solaris 2.4