Previous Thread
Next Thread
Print Thread
Rate Thread
Joined: Aug 2003
Posts: 8
Junior Member
Junior Member
Joined: Aug 2003
Posts: 8
A little help here would be much appreciated. I was wondering about password files. I know quite a bit about how to crack them, and why the passwords cant be reversed. So I was wondering, why dont you just modify the password file, so that the encypted part is the same as an encrypted password you know. I hope someone understands me!!! Ill try and explain what I mean, if people dont understand me

Sponsored Links
▼ Sponsored Links ▼ ▲ Sponsored Links ▲
Joined: Mar 2002
Posts: 1,273
DollarDNS Owner
DollarDNS Owner
Joined: Mar 2002
Posts: 1,273
usually you can do that very thing. I've remarked before how sending encrypted passwords on a network isn't very secure. Just because you can't figure out the original password, doesn't mean you can't login with the encrypted form. Unfortunately you'd have to be pretty experienced in protocols and programming to make use of that. You'd have to be able to sniff networks and code yourself some programs to take advantage.

There's a program called ERD Commander which overwrites NT/2K/XP passwords from dos. It doesn't take but a second to do it.


Domain Registration, Hosting, Management
http://www.dollardns.net
Joined: Aug 2003
Posts: 8
Junior Member
Junior Member
Joined: Aug 2003
Posts: 8
Thanks for that, i mean with regards to linux, as opposed to Windows though. I hope you understand what I mean. Lets suppose your linux password is "password", so you look in your pwd file, copy the encrypted version of "password". Then theoretically all you should need to do, is replace any password in a different password file to what you just copied, you should be able to log in as that user using your password. Is that what you thought I meant.

I totally agree with you on plaintext passwords, I understand the principals ( but dont have much experience), and think that anyone with an ounce of common sense would realise what a danger it can be. Specially when anyone can get there hands on a packet sniffer, and "easily" read them.

Joined: Mar 2002
Posts: 1,273
DollarDNS Owner
DollarDNS Owner
Joined: Mar 2002
Posts: 1,273
I wasn't talking about plaintext passwords. I was talking about encrypted passwords being no better than plaintext. That you don't need to see the plaintext. Just use the encrypted password.

And what you said is very imaginative. I heartily support a test to see if it actually works. There's a chance that it won't though - like if they use the username as a key to decrypt the password. Who knows. Just try it and report back to us on the results.


Domain Registration, Hosting, Management
http://www.dollardns.net
Joined: Oct 2002
Posts: 955
UGN Super Poster
UGN Super Poster
Joined: Oct 2002
Posts: 955
Yes. In some situations it can work. As can removing the password field altogether.

Now if you are talking about linux specifically, a big problem may be that there are alot of ways to get ahold of the file, but attempting to write to the file and writing to it (to use the hash you know) is opening a whole new can of worms.

Joined: Aug 2003
Posts: 8
Junior Member
Junior Member
Joined: Aug 2003
Posts: 8
I'm currently experimenting with it, I've written a small program in C++ that sort of does it, but am having no joy in getting access. I have a few more ideas, will post source soon, if it works wink

A friend recommended using a buffer overflow to write to the password file, so far I've had not much luck with that.

Thanks for the advice

Joined: Jul 2003
Posts: 14
S
Junior Member
Junior Member
S Offline
Joined: Jul 2003
Posts: 14
Chasm

here is what i do. Say you get someones password file and you want to decrypt some of those passwords, you obviously can't write a program to decrypt them but what you can do is this:

1) Get a huge list of words (possible a dictionary list)
2) In linux they have a standard algorithm they use for encrypting those plaintext passwords into encrypted text. Search for it and use the code in your program to encrypt all the words in your dictionary file.
3) now all you have to do is write a little program which will loop through and try and match your encryted dictionary file with your password file.

Simple stuff isn't it?


Link Copied to Clipboard
Member Spotlight
None yet
Forum Statistics
Forums41
Topics33,840
Posts68,858
Members2,176
Most Online3,253
Jan 13th, 2020
Latest Postings
Top Posters
UGN Security 41,392
Gremelin 7,203
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Likes Received
Ghost 2
Dartur 1
Cyrez 1
Girlie 1
unreal 1
Powered by UBB.threads™ PHP Forum Software 8.0.0