Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Obtain a passwd file


Obtain a passwd file

By ghostghost | 9726 Reads |
0     0

WHAT: It's easy to get a passwd (password) file, but it’s harder to get a “Good One” Yes, a good one, there is only one “Good One”. HOW: The oldest method I know is the FTP://server.com. Note: To do this ftp the server from your browser, not sum ftp progz or anything like that. Then you will ftp the server anonymously and you will see something like this:

FTP Dir on server.com

04/07/1999 12:00 Directory dev | <=— Devices 04/12/1999 12:00 Directory etc | <=— This one you want! 06/10/1998 12:00 Directory hidden | <=— Not important 03/22/2000 02:23 Directory pub | <=— Public stuff

As u can see this is a Unix system (windows does not have /ect/) So we click on –=>etc

FTP Dir /ect on server.com

04/12/1999 12:00 601 group |<=— File with group/user names 04/12/1999 12:00 509 passwd |<=— Bingo!

So we click on the passwd file. We see something like this: root:x:0:1:Super-User:/:/sbin/bash daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer Admin:/usr/spool/lp: smtp:x:0:0:Mail Daemon User:/: WHAT: This stuff is useless. The X that means that the passwd is“shadowed” It's a shadowed passwd file, very hard to crack but there is way to do it, using a program called Deshadow -Deshadow would do the work they say, but deshadow is only to be run on your own unix box. root:x:0:1:Super-User:/:/sbin/bash | | | | | | | Login| | | | | | name | |group | | shell (bash= bourne again shell) | | id fullname| shadowed | passwd| home | dir userid


The "x" is called a token on some systems it is replaced by a "$" or "*" or sometimes even the user name.


-So now that the passwd file is useless, we are disapointed and just for the fun of it all we will take a look at the —=>group. we see something like this: root::0:root other::1: bin::2:root,bin,daemon sys::3:root,bin,sys,adm adm::4:root,adm,daemon uucp::5:root,uucp mail::6:root tty::7:root,tty,adm lp::8:root,lp,adm nuucp::9:root,nuucp staff::10: daemon::12:root,daemon sysadmin::14: nobody::60001: noaccess::60002: nogroup::65534: sponsor::26:dlamb,marci,trs,wjtifft,sndesign,bswingle,sonny star::22:nobody,trs,marci,dlamb,wjtifft,sndesign,bswingle,grossman cron::30:root,rwisner,trs,grossman,bcauthor,starnews,kvoa,bswingle,uurtamo nettools::29:root,rwisner,trs,grossman,bcauthor,bswingle,uurtamo su::27:root,rwisner,trs,grossman,bcauthor,uurtamo,bswingle ftp::60000: What's to say? A bunch a user names and group id's (gid). Sometimes you will find a file called pwd.db in the /etc dir. –Okay our attempt failed to retrieve a good passwd file, so now we are going to get the “Good One”.

  • Note: On windows the passwd file is called .pwl *

You can do the old FTP method on many servers, but lets talk about the Good passwd file. We use the same example as above:

root:Npge08pfz4wuk:0:1:Super-User:/:/sbin/bash daemon:Fs2e08p34Cxw1:1:1::/: bin:Npge08pfz4wuk:2:2::/usr/bin:

What you see and what you should notice is the jibberish (Npge08pfz4wuk) it is an encrypted passwd. Actually it is not encrypted but encoded.

—––>>PASSWD Encoded info<<———

The passwd is to be encoded with randomly generated value called Salt. There are 4096 salt values. So if you want to do a Dictionary Attack u will have to try all the values. So the Npge08pfz4wuk, the Np is the salt and the ge08pfz4wuk is the encoded passwd.


Right about now u would want to download Jack the Ripper Great article on how to use it…. http://hellboundhackers.org/readarticle.php?article_id=45

Hack4u

Comments
ghost's avatar
ghost 18 years ago

its not really useless. if you know how to use it then its fine. not all my articles are for n00bs im sorry :D

ghost's avatar
ghost 18 years ago

lol iv found it usefull, im sry that this guy ranked 5979 of 6763 cant understand enough to learn from it. a good article even if it is a lil out dated

n30's avatar
n30 18 years ago

one question, how do you know if its a unix system w/o ftping it first?

ghost's avatar
ghost 18 years ago

umm the lin ehtat says : As u can see this is a Unix system (windows does not have /ect/) :

points that out i think :happy: