On Fri, Nov 16, 2001 at 10:28:16PM -0800, saeed babadi nia wrote:
>> Hi all
>> I want to know how someone can find the password
> with having password and shadow files ?
assuming you are reffering to /etc/passwd and /etc/shadow
and the system is configured (as is the default configuration)
to use /etc/shadow for authentication there are several methods.
/etc/shadow typically stores passwords as the result of a one way hash
function , usually DES or MD5, it's pretty much impossible to take a hash
and find out what the corresponding password is. You can however try a
dictionary attack, whereby you hash the entire contents of a sophisticated
dictionary, reversing each word, replacing certain letters with numbers,
adding numbers, trying certain capitalisations .. etc. In in a large
shadow file it is common to get quiet a few weak passwords this way.
There are numerous utilites available to help with this task.
In a small shadow file, with sensible passphrase choices you havnt a
hope.
--
------------------------------------------------------------
colmmacc at redbrick.dcu.ie
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
