Very Computer

It seems that every Internet search engine I try finds a brute force
cracker named "crack20", but the actual file is not found. Is there
some "good samaritan" out there deleting these useful tools?

I have a legitimate need: a used HP-UX system with a long forgotten
root password. All I have is the encoded string from the passwd
file. Crack 4.1 was not able to crack it.

If someone has the source code for a brute force cracker they are
willing to share, please email me.

Thanks,
Reinhold

Quote:>I have a legitimate need: a used HP-UX system with a long forgotten
>root password. All I have is the encoded string from the passwd
>file. Crack 4.1 was not able to crack it.

Some url's w/ additional wordlists:
    ftp://coast.cs.purdue.edu/pub/dict/
    ftp://sable.ox.ac.uk/pub/wordlists/

-jwl
--
      /          "Meddle not in the affairs of dragons, for             \
 *}=={*}>======-  thou art crunchy and go well with ketchup."  -======<{*}=={*

    Musashi          - - -=- Finger for PGP key -=- - -             Musashi

Quote:

>I have a legitimate need: a used HP-UX system with a long forgotten
>root password. All I have is the encoded string from the passwd
>file. Crack 4.1 was not able to crack it.

Once upon a time, a friend and I did (something like) this with the disk
from a Fortune box.
We used Norton on a DOS machine, searched for the string 'root' and found
nothing.  It seems that every two bytes on the disk were swapped.
Searching for 'orto', we found the passwd file.  We plugged in a known
encrypted password, swapping bytes of course, and presto.

Quote:>If someone has the source code for a brute force cracker they are
>willing to share, please email me.

Quote:> I have a legitimate need: a used HP-UX system with a long forgotten
> root password. All I have is the encoded string from the passwd
> file. Crack 4.1 was not able to crack it.

> If someone has the source code for a brute force cracker they are
> willing to share, please email me.

Break in some other way, if all else fails mount the hard drive under
another system.

Chris.

Just remove the drive with the rot partition on it, and attach it to
another Unix box, mount the drive, and change the root password by hand.
It will save you a great deal of heartache and time. Of course you have
to have a second Unix box implement this solution.

Chris
--
PGP PUBLIC KEY available upon request
URL: http://www.veryComputer.com/
Sonic-Boom - The Net Industrial/EBM/Goth/*Culture Music Review Zine
"The Bill Of Rights: Void Where Prohibited By Law"

If you are trying to recover from a lost root password, can't you just reboot,
bring it up in single user mode and then mount the disk and edit the
password file?  I know IBM's needed a key to be able to bring it up in single
user mode, but the HP's don't.  I upgraded a bunch at school and remember thinking
how insecure it was.  I would try calling HP support - they probably have a fax
on it.  It was quite a common problem when I did tech support for IBM.

Also, if anyone has system access, you can nfs mount a suid program and run that
to become root, or a plethora of other methods (system pretty much equals root).

Laters,
Marx
--
           __    ______________________________________________    __

  \      :|  |::| http://netnow.micron.net/~sunbane            |::|  |:      /
   \     :|  |::| Don't go Away Mad...         Just Go Away!!! |::|  |:     /
   /     :|__|::|______________________________________________|::|__|:     \
  /______:/  \::/                                              \::/  \:______\

: > I have a legitimate need: a used HP-UX system with a long forgotten
: > root password. All I have is the encoded string from the passwd
: > file. Crack 4.1 was not able to crack it.
: >
: > If someone has the source code for a brute force cracker they are
: > willing to share, please email me.

: How many years are you prepred to wait, or how many supercomputers do you
: have at your disposal?!!!

: Break in some other way, if all else fails mount the hard drive under
: another system.

: Chris.

Either that, or use a MUCH bigger wordlist.

: If you are trying to recover from a lost root password, can't you just reboot,
: bring it up in single user mode and then mount the disk and edit the
: password file?  I know IBM's needed a key to be able to bring it up in single
: user mode, but the HP's don't.  I upgraded a bunch at school and remember thinking
: how insecure it was.  I would try calling HP support - they probably have a fax
: on it.  It was quite a common problem when I did tech support for IBM.

HP has a neat (stupid) feature.  Call up HP with your Model/Serial Number,
and they can tell you the back door into the system.  One of the original
reasons kernel hacking became an interest was to remove that "feature".

Wes
---
Wes Brown

http://prozac.cwru.edu/wes/About.me.html
KB8TGR

If you already have system access, then you have root. Set UID programs
have to have
root ownership and have their sticky bits set.

Again, HP tech support can easily walk someone through the boot up
procedure and
help them regain access to their system.

-Mikey

: It seems that every Internet search engine I try finds a brute force
: cracker named "crack20", but the actual file is not found. Is there
: some "good samaritan" out there deleting these useful tools?

: I have a legitimate need: a used HP-UX system with a long forgotten
: root password. All I have is the encoded string from the passwd
: file. Crack 4.1 was not able to crack it.

: If someone has the source code for a brute force cracker they are
: willing to share, please email me.

: Thanks,
: Reinhold

--
To get past the root passwd..reboot, escape out of the auto boot search..

When you get to a prompt (is this 10.X or 9.x?) and enter ipl.

When you get the ipl prompt move yourself into single user state..

bypasses..all passwd..

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
                    _
  __    _   _  _   /~)
  \ \  I_I/I-II-I /~/'  Shaka !!!!!!
   \~~\'   `-'`- '~I    Opinions stated here represent me only..
     \_ ) ~\_ /~~ )    
       \_    Y  )'      

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

: : It seems that every Internet search engine I try finds a brute force
: : cracker named "crack20", but the actual file is not found. Is there
: : some "good samaritan" out there deleting these useful tools?
:
: : I have a legitimate need: a used HP-UX system with a long forgotten
: : root password. All I have is the encoded string from the passwd
: : file. Crack 4.1 was not able to crack it.
:
: : If someone has the source code for a brute force cracker they are
: : willing to share, please email me.
:
: : Thanks,
: : Reinhold

:
: --
: To get past the root passwd..reboot, escape out of the auto boot search..
:
: When you get to a prompt (is this 10.X or 9.x?) and enter ipl.
:
: When you get the ipl prompt move yourself into single user state..
:
: bypasses..all passwd..
:
Sure don't work for 9.x HP/UX Apollo 700...(Which I have I also lost a
passwd, and we were never given meduim disk because it was 2nd hand..
UGH!. =)

I refuse to use crack because that would take YEARS for a single password.

This is not sarcasm, it is a serious offer.  Whether or not you decide to
take me up on it remains to be seen.