Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <536575.46215.qm@web54305.mail.yahoo.com>
Date: Tue, 5 Dec 2006 21:12:36 +0000 (GMT)
From: Danett song <danett18@...oo.com.br>
To: john-users@...ts.openwall.com
Subject: OpenUnix 8 hash format is not the normal DES?

Hi there,
  
  I got a new machine, it's a OpenUnix 8 running in ia32, so I solved to  check how it the password format. At first look it appear like a Linux  system which use /etc/passwd and /etc/shadow.
  
  A example entry is:
  
  # cat /etc/passwd|grep test
  test:x:155:1::/home/test:/bin/sh
  
  # cat /etc/shadow|grep test
  test:B1x0F/cug2meE:13487::::::
  
  The password is "test1234567". If I use john (including my password at  wordlist) it  found my password as a DES (only showing the first 8  characters, since in DES the rest is truncated).
  
  # john -wordfile:wordlist.txt  pwd
  Loaded 1 password (Standard DES [48/64 4K])
  test1234         (test)
  guesses: 1  time: 0:00:00:00 100%  c/s: 512  trying: amor - amux
  
  Perfect, however if I try log in the OpenUnix 8 with user test and  password test1234 it always fail. I tryed via telnet, with su (and  typing the password manualy, copying it from clipboard, etc). So in  short it's not a mistake mine in the type process.
  
  I also looked system for possible alternate password file in  /etc/default/password and /etc/security/ but I can't find. I also tryed  locate in /etc files having the string "root:" which can indicate a  alternate password file.
  
  # find /etc -type f -mount |xargs fgrep -le "root:"
  /etc/conf/cf.d/unix
  /etc/conf/pack.d/fs/Driver_atup.o
  /etc/conf/pack.d/fs/Driver_mp.o
  /etc/conf/pack.d/fs/_drv.o
  /etc/group
  /etc/init.d/RFC1006init
  /etc/mail/cf/README
  /etc/shadow
  /etc/ogroup
  /etc/oshadow
  /etc/passwd
  /etc/rc0.d/K69rfc1006
  /etc/rc1.d/K69rfc1006
  /etc/rc2.d/S69rfc1006
  /etc/saf/nbcots/_pmtab
  /etc/saf/tcp/_pmtab
  /etc/security/seclevel/high/script
  /etc/security/seclevel/improved/script
  /etc/security/seclevel/low/script
  /etc/security/seclevel/traditional/script
  /etc/opasswd
  
  I checked each file and the unique that have password entrys are:
  
  /etc/shadow
  /etc/oshadow
    /etc/passwd
  /etc/opasswd
  
  However looking at documentation, this opasswd and oshadow are copys of  original files (equivalento to passwd- and shadow- in Linux).
  
  In the man passwd I found a intersting text:
  
  "Passwords must be constructed to meet the following requirements:
       * Each password must have at least PASSLENGTH characters as defined
         in /etc/default/passwd. PASSLENGTH must be at least 3. The first
         80 characters of a password are treated as significant (this is
         the value of PASS_MAX in /usr/include/limits.h)."
  
  It say it's able to TRAT UP TO 80 characters? How can it be possible using DES?
  
  So my doubt goes, how OpenUnix 8 appear to use DES and is able to store and compare password bigger than 8 characters?
  
  Also, is there a way to crack the full password using John in wordlist mode?
  
  Ideas and solutions are welcome.
  
  Thank you and cheers,
  
 		
---------------------------------
 Yahoo! Search
 Música para ver e ouvir: You're Beautiful, do James Blunt

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.