|
Click to See Complete Forum and Search --> : Reading unencrypted pw file as root dogn00dles 11-25-2002, 09:39 PM I have the feeling that there is an extremely easy way to do this, I just don't know what it is. I was planning on making an analog of su to learn more about permissions/SUID/etc. Thanks, if anybody knows how. Love, dogn00dles Vlad902 11-25-2002, 10:03 PM This isn't really a programming question but whatever... What I think you are asking is how to obtain a non-encrypted version of /etc/passwd. This would probably be hard be cause /etc/passwd is the only thing on your box with the encrypted passwd's. There is nothing else that has them non-encrypted, perhaps a sniffed or trojaned getty? dogn00dles 11-25-2002, 10:17 PM Hmph...then how does su work? I did an strace on it. . .and came to the conclusion that I barely know anything about the Linux programming environment (well...syscall wise) :). Thanks for the reply. Friend in the business, dognoodles baldguy 11-26-2002, 02:23 AM To get the unencrypted file you have to use a password file cracker like John the Ripper, or Crack. The encrypted passwords (hashes actually) are not reversible. You have to (if you use shadowed passwords) merge your /etc/shadow and /etc/passwd, then run the cracker on it. You would do better with a relatively good wordlist to start off with. dogn00dles 11-26-2002, 07:28 PM Ah, just forget all that stuff I just said. I just need a function that will accept a string and see if it is the password of a user. Danke. bastard23 11-28-2002, 12:05 AM dogn00dles, Unfortunately, I'm not up to speed on this, but I would point you toward reading the source for su or login. This is also a pretty undocumented area, so "Use the source, Luke." There are three basic levels (off the top of my head) for this. A long time ago, all that was needed was to run the clear text password through crypt() and compare it to the password entry in /etc/passwd. Then we got shadow support, which puts the (hashed or crypted) password in a (non world readable) file. I'm not even going to mention (OK, I will) the other schemes like NIS and Kerberos. Now we have PAM (Pluggable Authentication Modules.) I don't know how or where PAM hooks in (always have been a little iffy on this.) But it allows you to have modules for all aspects of user authentication (and information.) So in summary, read up on PAM, perhaps browse su.c (and various other files in the login package.) Hope that helps, chris justlinux.com
Copyright Internet.com Inc. All Rights Reserved. |
|