Re: [SLE] how to see passwords

newer
[SLE] WWW Editors Netobjects...

older
Re: [SLE] Lame server on...

fsanta

7 Apr 2003 7 Apr '03

10:15

On Monday 07 April 2003 12:01, you wrote:

...

...
I'm root on our lan with around 50 users. How can I get a list of their passwords?

You don't. Well, you could try to run something John The Ripper against /etc/shadow Does that mean that I can't or I shouldn't?

...

You don't need to, as r00t, you can always su to them ;)

But I want to find out what their password was. Can I do that? Is there something which will hack into /etc/shadow and decipher it?

...

I tend to give them a good kicking[1] Yeah. Know how you feel.

Show replies by date

Anders Johansson

7 Apr 7 Apr

16:11

New subject: [SLE] how to see passwords

On Monday 07 April 2003 12:15, fsanta wrote:

...

But I want to find out what their password was. Can I do that? Is there something which will hack into /etc/shadow and decipher it?

No there isn't. The strings in /etc/shadow aren't encrypted versions of the password, they are encrypted strings of zeros, with the password used as encryption key. It's a one way encryption. The best you can hope to do is use a tool that will test a large number of keys, and hope you find one that matches. James mentioned John the ripper, and there's also cracklib, which I believe SuSE use in their security check to find weak password.

Oliver Ob [o.b./RSi/TRSi/NSD]

9 Apr 9 Apr

07:05

New subject: [SLE] how to see passwords

Anders Johansson schrieb:

...

On Monday 07 April 2003 12:15, fsanta wrote:

...
But I want to find out what their password was. Can I do that? Is there something which will hack into /etc/shadow and decipher it?

Yes there is. Locate "JOHN" I used it on NT also. Works for ages tho. -- *º¤.,___,.¤º*¨¨¨*¤ =Oliver@home= *º¤.,¸¸¸,.¤º*¨¨*¤ I / __|__ http://www.bmw-roadster.de/Friends/Olli/olli.html I I / / |_/ http://www.bmw-roadster.de/Friends/friends.html I I \ \__|_\ http://groups.yahoo.com/group/VGAP-93 I I \___| mailto:VGAP-93-subscribe@yahoogroups.com I

...

...
...
Telek0ma iBBMS - moving house, but online! +49....TRSi1 <<<

Vince Littler

7 Apr 7 Apr

16:15

New subject: [SLE] how to see passwords

On Monday 07 April 2003 11:15 am, fsanta wrote:

...

On Monday 07 April 2003 12:01, you wrote:

...
...
I'm root on our lan with around 50 users. How can I get a list of their passwords?

You don't. Well, you could try to run something John The Ripper against /etc/shadow

Does that mean that I can't or I shouldn't?

Shouldn't

...

...
You don't need to, as r00t, you can always su to them ;)

But I want to find out what their password was. Can I do that? Is there something which will hack into /etc/shadow and decipher it?

Why do you want to know what the password is? You know you can get to their data etc etc with su. The value of the password is the value of what is hidden behind it. So if you can get to the thing the password protects, the only value of the password is if a user is using the same password to protect something else for which you are not root... Are you dangerous to know? ;-) regards Vince Littler

fsanta

17:18

New subject: [SLE] how to see passwords

...

Why do you want to know what the password is? You know you can get to their data etc etc with su. The value of the password is the value of what is hidden behind it. So if you can get to the thing the password protects, the only value of the password is if a user is using the same password to protect something else for which you are not root...

Are you dangerous to know? ;-)

Hopefully not :-o What I wanted to do was save time in reissuing passwords to those students who had lost or forgotten them. (see previous in thread where I had made a bad decision in NIS to allow them to change their passwords).

Patrick Shanahan

21:22

New subject: [SLE] how to see passwords

* fsanta [04-07-03 12:18]:

...

What I wanted to do was save time in reissuing passwords to those students who had lost or forgotten them. (see previous in thread where I had made a bad decision in NIS to allow them to change their passwords).

Assign their passwords yourself and direct them to use what you assigned. Gives you *complete* control and you do *not* have to try to break any more passwords. If I understand correctly your intent, this will/would solve your problems. -- Patrick Shanahan Please avoid TOFU and trim >quotes< http://wahoo.no-ip.org Registered Linux User #207535 icq#173753138 @ http://counter.li.org Linux, a continuous *learning* experience

Ken Schneider

21:37

New subject: [SLE] how to see passwords

At our place of employment we have over 500 users and yes some do forget their passwords. I do/will not set passwords for them. I will set a temporary password and force them to change it on their next login. We are using SCO unix and it has a passwd parameter -f = force change at next login. Does anyone on this list know if there is a simular command under linux? Also our passwords are set to expire every 6 months which causes users to set a new password. Ken -----Original Message----- From: Patrick Shanahan To: SuSE Date: Mon, 7 Apr 2003 16:22:10 -0500 Subject: Re: [SLE] how to see passwords

...

* fsanta [04-07-03 12:18]:

...
What I wanted to do was save time in reissuing passwords to those

students who

...
had lost or forgotten them. (see previous in thread where I had made a bad decision in NIS to allow them to change their passwords).

Assign their passwords yourself and direct them to use what you assigned. Gives you *complete* control and you do *not* have to try to break any more passwords. If I understand correctly your intent, this will/would solve your problems. -- Patrick Shanahan Please avoid TOFU and trim >quotes< http://wahoo.no-ip.org Registered Linux User #207535 icq#173753138 @ http://counter.li.org Linux, a continuous *learning* experience

-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com

Avi Schwartz

22:17

New subject: [SLE] how to see passwords

In Linux you can use the -e parameter to expire the password immediately and force the user to change the password on the next login. Avi On Monday, Apr 7, 2003, at 16:37 America/Chicago, Ken Schneider wrote:

...

At our place of employment we have over 500 users and yes some do forget their passwords. I do/will not set passwords for them. I will set a temporary password and force them to change it on their next login. We are using SCO unix and it has a passwd parameter -f = force change at next login. Does anyone on this list know if there is a simular command under linux?

Also our passwords are set to expire every 6 months which causes users to set a new password.

Ken -- Avi Schwartz avi@CFFtechnologies.com

''You can turn painful situations around through laughter. If you can find humor in anything, even poverty, you can survive it.'' - Bill Cosby

Patrick Shanahan

8 Apr 8 Apr

00:01

New subject: [SLE] how to see passwords

* Avi Schwartz [04-07-03 17:16]:

...

In Linux you can use the -e parameter to expire the password immediately and force the user to change the password on the next login.

Will not help in this case. User has forgotten his password. -- Patrick Shanahan Please avoid TOFU and trim >quotes< http://wahoo.no-ip.org Registered Linux User #207535 icq#173753138 @ http://counter.li.org Linux, a continuous *learning* experience

Dave Smith

07:38

New subject: [SLE] how to see passwords

On Mon, Apr 07, 2003 at 07:01:22PM -0500, WideGlide@MyRealBox.com wrote:

...

* Avi Schwartz [04-07-03 17:16]:

...
In Linux you can use the -e parameter to expire the password immediately and force the user to change the password on the next login.

Will not help in this case. User has forgotten his password.

Well, it will, sort of. Basically, you can retrieve a password from the system. However, it takes quite a long time, since it basically involves a brute force attack by trying every possible value until you find one that works. If you've configured the system to use one of the more secure types of password (e.g. MD5), then it's much more difficult, and takes a lot more CPU power (possibly so much that it's impractical). There are shortcuts, such as trying dictionary words (and permutations thereof), birthdays, names, etc. first, but this is still a 'brute force' attack, albeit slightly more intelligent. The correct way to do this is as mentioned above. Make up a new password for the user, and give it to them. Log in as root, and change their password to this new value, but use the -e option to force it to expire immediately. They can then log in using the password you've just given them, but they have to change it straight away. That way, only *they* end up knowing their own password - you don't need to know it yourself, since you can su to their username from root without a password. If you're looking for speed, then you should just set a new password. trying to get back the old one will (should) take a long time. If you can crack their password very quickly, you need to educate your users to use more secure passwords. HTH... -- David Smith Work Email: Dave.Smith@st.com STMicroelectronics Home Email: David.Smith@ds-electronics.co.uk Bristol, England GPG Key: 0xF13192F2

Oliver Ob [o.b./RSi/TRSi/NSD]

9 Apr 9 Apr

17:00

New subject: [SLE] how to see passwords

Patrick Shanahan schrieb:

...

* Avi Schwartz [04-07-03 17:16]:

...
In Linux you can use the -e parameter to expire the password immediately and force the user to change the password on the next login.

Will not help in this case. User has forgotten his password.

You did not understand. What Avi is telling you is to set a new password for the user, tell this new pw to the user and having set it using the -e parm, the user is prompted automatically to change it next login. -- *º¤.,___,.¤º*¨¨¨*¤ =Oliver@home= *º¤.,¸¸¸,.¤º*¨¨*¤ I / __|__ http://www.bmw-roadster.de/Friends/Olli/olli.html I I / / |_/ http://www.bmw-roadster.de/Friends/friends.html I I \ \__|_\ http://groups.yahoo.com/group/VGAP-93 I I \___| mailto:VGAP-93-subscribe@yahoogroups.com I

...

...
...
Telek0ma iBBMS - moving house, but online! +49....TRSi1 <<<

Thomas

7 Apr 7 Apr

17:02

New subject: [SLE] how to see passwords

...

On Monday 07 April 2003 12:01, you wrote:

...
...
I'm root on our lan with around 50 users. How can I get a list of their passwords?

You don't. Well, you could try to run something John The Ripper against /etc/shadow Does that mean that I can't or I shouldn't?

...
You don't need to, as r00t, you can always su to them ;)

But I want to find out what their password was. Can I do that? Is there something which will hack into /etc/shadow and decipher it?

When you log on your unix station, the password you enter is encrypted, then compared to the ecrypted password in /etc/shadow. It is not possible to know what the password was at the beginning, because the unix encrypt command is not reversible. Therefore, if you want to find out what the original password was, you need to do a dictionnay attack (basically try all possible paswords, or try at least the obvious ones first). This is what John The Ripper does. Thomas

7689

Age (days ago)

7691

Last active (days ago)

List overview

Download

11 comments

9 participants

participants (9)

Anders Johansson
Avi Schwartz
Dave Smith
fsanta
Ken Schneider
Oliver Ob [o.b./RSi/TRSi/NSD]
Patrick Shanahan
Thomas
Vince Littler