hi guys
i was just wondering if there is some way to decrypt shadowed password files!!
thankx for ur help
by the way it's for educational purposes
no need to flame:)
Printable View
hi guys
i was just wondering if there is some way to decrypt shadowed password files!!
thankx for ur help
by the way it's for educational purposes
no need to flame:)
i tried john but it couldnt resolve it
so isnt there any other high tech tool??
Couldn't resolve it???
Weird. I was just there. AFAIK, that is the best for shadowed passwords.
What do you mean it wouldnt 'resolve' ? what operating system you using ?Quote:
i tried john but it couldnt resolve it
so isnt there any other high tech tool??
Wordlists
More wordlists
wordlists for the obvious !
For Educational purposes only:
The answer is probably "yes", but you have to decide between what is theoretically possible and what is practical in terms of time and money.
"Encrypted passwords can not be decrypted. Programs that pretend to
crack a password file just do brute-force on it : they have a
dictionary, they encrypt every word in it (plus some common
spellings, such a 0 at the end of word), and they compare these
results with what's in password file. Which means that if all
passwords are well chosen, they should not be able to get one.
But do not rely on this. Shadow passwords are good, for they do not
cost much, and they are a great security improvement."
I cannot remember where the quote came from, but the guy does have a point.
Any software that does, or claims to do this, must run two steps:
1. "Unshadow" the data {it has been replaced with "X" or "*"}
2. Unencrypt/decipher the data.
Obviously the strength and type of encryption is a factor here, as well.
I am sure that there are organisations that have very sophisticated software that does attempt "true" decryption (Mossad perhaps :D ) This, and the supercomputers to run them are way outside the budgets and attention spans of script kiddies and those who do not belong to government intelligence agencies.
Other programs will be defeated by well chosen passwords, and may well fail if the dictionary is wrong (eg. a Roman Alphabet dictionary will not crack an Arabic file), if the passwords are all symbols etc. It would just take too long to try all the possibilities, and if an exact match is not found, you don't get a crack.
The message is, don't use proper words, use letters in upper and lower case, use numbers, use characters. Also that the longer your password is, the harder it is to crack.
Change your passwords regularly, so that if anyone gets hold of the file it will be useless before they have time to crack it. Enforce a security policy that makes users change their passwords regularly.
Hope that this helps.
Seeing how this is going to be used for educational purposes only try this program
http://www.freewareweb.com/cgi-bin/archive.cgi?ID=496
If you are well speaking about *nix shadowed passwords, John is the ultimate program for cracking them. You will not find a better one. The only issue is (like with every crackers) the time needed to make the job if the passwords are not obvious.
If you are simply speaking about passwords hidden behind asterisks in programs, you can try the DeadAddict link or find a ton of similar programs with Google.
To use John the Ripper, you have to "unshadow" the /etc/shadow file. For that, you have to have read access of said /etc/shadow since only root can view it (on most shadow routines). Once you unshadow (making sure you direct it to a file, since unshadow puts to STDOUT), then you can run it as './john ./file_name'. Success is purely based on your computer's per-second ciphers. Standard crypt passwords are eaten like popcorn whereas md5 hashes are extremely hard to brute-force and take days if not weeks. A 5-digit md5 password brute-forced on an average 1ghz machine takes something like 4 days (or something close) because the number of ciphers per second is much much less than regular crypt/etc.
vorlin,
thanks for the support...........are you saying up to 4 days per password, or per password file?
If it is the file, are you alllowed to suggest how many in it?
cheers
well he specified that a standard 5-digit md5 hash takes at least 4 days or something on a 1ghz machine, which i dont know where you came up with the assumption of him talking about a password file entirely.. unless for some reason you can find a password file with only one small hash in it... which is stupid and i dont understand how anyone could even do something like that, much less someone else creating one..
er0k..................it looks like some kind of college test...........??
or are we being socially engineered?
Cheers
johnno
Hehe, if there were a passwd file with only one entry or less than all the system accounts, your box wouldn't run. Anyone ever blow out the /etc/passwd on an HP box (10.20x) and then run a utility that checks /etc/passwd against who you're logged in as? It's funny as it comes back and says 'How'd you log in anyways?'.