Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

John the Ripper

  • 29-06-2001 5:15pm
    #1
    Loomer
    Closed Accounts Posts: 752 ✭✭✭


    Anyone know much about this program. I was reading through the Docs and it was saying you have to copy the passwd file but be logged on as root? I thought the whole point of it was that you are able to crack passwords hence log on as root. I tryed running it on passwd as a normal user and it returns 0 words. Any help?


Comments

  • #2
    wintermute
    Closed Accounts Posts: 65 ✭✭wintermute


    John the Ripper, like other password crackers is designed to detect weak passwords from a password hash file that you already obtained. It's more of a system administrator's tool than a hacker one.

    It would only be useful to a hacker if password shadowing was not turned on on the box in question or they wanted to get a list of user passwords from an already breached system.

    How UNIX authentication works:

    http://uw7doc.sco.com/SEC_admin/_Identification_and_Authenticati.html



    [This message has been edited by wintermute (edited 29-06-2001).]


  • #3
    ObeyGiant
    Registered Users, Registered Users 2 Posts: 1,982 ✭✭✭ObeyGiant


    A lot of programs need to be able to view the passwd file. For them to do this, the passwd file must be world-readable, which inevitably leads to lusers trying to crack it. To get around this, the system of "shadow"ing a passwd file was introduced. What this means is that you have the world-readable /etc/passwd file, which contains user information, but no actual passwords, and the root-only-readable /etc/master.passwd (varies from system to system), which DOES contain passwords. You must have been trying to crack the wrong passwd file.

    man 5 shadow


  • #4
    Loomer
    Closed Accounts Posts: 752 ✭✭✭Loomer


    Thanks guys, interesting info biggrin.gif


  • #5
    dahamsta
    Banned (with Prison Access) Posts: 16,659 ✭✭✭✭dahamsta


    Works a charm too. I ran it on one of my boxes a while back and it cracked one users passwords in a minute or so. Got another couple after a while too. Good for security - run it via cron every day, have it send an email to "offenders" telling them to change their passwords, and disable their accounts if they don't (BAD LUSER!).

    adam


  • #6
    Loomer
    Closed Accounts Posts: 752 ✭✭✭Loomer


    Exactly what I was thinking of Tomo - Thx for the help


  • Advertisement
Advertisement