Follow us on Twitter!
Understanding is the answer, hatred is the problem, and hackers are the slaves abused and destroyed in the process of peace online - Deshouleres
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 64
Guests Online: 58
Members Online: 6

Registered Members: 82839
Newest Member: fezphantom
Latest Articles

Obtain a passwd file

Arrow Image Obtain passwd file



WHAT:
It's easy to get a passwd (password) file, but it’s harder to get a “Good One”
Yes, a good one, there is only one “Good One”.
HOW:
The oldest method I know is the FTP://server.com.
*Note: To do this ftp the server from your browser, not sum ftp progz or anything like that.*
Then you will ftp the server anonymously and you will see something like this:

FTP Dir on server.com
---------------------
04/07/1999 12:00 Directory dev | <=--- Devices
04/12/1999 12:00 Directory etc | <=--- This one you want!
06/10/1998 12:00 Directory hidden | <=--- Not important
03/22/2000 02:23 Directory pub | <=--- Public stuff

As u can see this is a Unix system *(windows does not have /ect/)*
So we click on --=>etc

FTP Dir /ect on server.com
--------------------------
04/12/1999 12:00 601 group |<=--- File with group/user names
04/12/1999 12:00 509 passwd |<=--- Bingo!

So we click on the passwd file.
We see something like this:
root:x:0:1:Super-User:/:/sbin/bash
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
smtp:x:0:0:Mail Daemon User:/:
WHAT: This stuff is useless. The X that means that the passwd is“shadowed”
It's a shadowed passwd file, very hard to crack but there is way to do it, using a program called Deshadow
-Deshadow would do the work they say, but deshadow is only to be run on your own unix box.
root:x:0:1:Super-User:/:/sbin/bash
| | | | | | |
Login| | | | | |
name | |group | | shell (bash= bourne again shell)
| | id fullname|
shadowed |
passwd| home
| dir
userid


****
The "x" is called a token on some systems it is replaced by a "$" or "*" or sometimes even the user name.
****
-So now that the passwd file is useless, we are disapointed and just for the fun of it all
we will take a look at the ---=>group.
we see something like this:
root::0:root
other::1:
bin::2:root,bin,daemon
sys::3:root,bin,sys,adm
adm::4:root,adm,daemon
uucp::5:root,uucp
mail::6:root
tty::7:root,tty,adm
lp::8:root,lp,adm
nuucp::9:root,nuucp
staff::10:
daemon::12:root,daemon
sysadmin::14:
nobody::60001:
noaccess::60002:
nogroup::65534:
sponsor::26:dlamb,marci,trs,wjtifft,sndesign,bswingle,sonny
star::22:nobody,trs,marci,dlamb,wjtifft,sndesign,bswingle,grossman
cron::30:root,rwisner,trs,grossman,bcauthor,starnews,kvoa,bswingle,uurtamo
nettools::29:root,rwisner,trs,grossman,bcauthor,bswingle,uurtamo
su::27:root,rwisner,trs,grossman,bcauthor,uurtamo,bswingle
ftp::60000:
What's to say? A bunch a user names and group id's (gid).
Sometimes you will find a file called pwd.db in the /etc dir.
--Okay our attempt failed to retrieve a good passwd file, so now we are going to get the “Good One”.
* Note: On windows the passwd file is called .pwl *

You can do the old FTP method on many servers, but lets talk about the Good passwd file.
We use the same example as above:

root:Npge08pfz4wuk:0:1:Super-User:/:/sbin/bash
daemon:Fs2e08p34Cxw1:1:1::/:
bin:Npge08pfz4wuk:2:2::/usr/bin:

What you see and what you should notice is the jibberish (Npge08pfz4wuk) it is an encrypted passwd.
Actually it is not encrypted but encoded.

------->>PASSWD Encoded info<<---------

The passwd is to be encoded with randomly generated value called Salt.
There are 4096 salt values. So if you want to do a Dictionary Attack u will have to try all the values.
So the Npge08pfz4wuk, the Np is the salt and the ge08pfz4wuk is the encoded passwd.
**********************************************************************
Right about now u would want to download Jack the Ripper Great article on how to use it.... http://hellboundhackers.org/readarticle.php?article_id=45

Hack4u

Comments

hack4uon June 25 2006 - 06:23:47
its not really useless. if you know how to use it then its fine. not all my articles are for n00bs im sorry Grin
Neon_wingon July 04 2006 - 18:52:45
lol iv found it usefull, im sry that this guy ranked 5979 of 6763 cant understand enough to learn from it. a good article even if it is a lil out dated
n30on September 02 2006 - 18:50:09
one question, how do you know if its a unix system w/o ftping it first?
hack4uon September 15 2006 - 02:00:43
umm the lin ehtat says : As u can see this is a Unix system *(windows does not have /ect/)* : points that out i think :happy:
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.