[sf-lug] John the Ripper
Rick Moen
rick at linuxmafia.com
Fri Jan 25 03:12:58 PST 2008
Quoting Alex Kleider (a_kleider at yahoo.com):
> ..by the way: john cracked 2 of 13 passwords within a split second: not
> very imaginative passwords to be sure- one was the same as the user's
> log on ID and the other was the users last name with a 1 tacked on to
> the end of it. I will have to scold them severely ..
> It's also inspired me to learn about the deluser command!
(D'oh!)
OK, that answers my question about "When are you actually going to
_find_ a readable password file to run John the Ripper against?"
Answer is: When you're the _root user_, seeking to check up on whether
any of your users is being stupid.
FWIW, my point (earlier) was that the main usage of John the Ripper and
predecessors -used- to be by the bad guys, running it against _other_
people's /etc/passwd files -- back in the days when that file was
world-readable, i.e., before shadow passwords blocked that avenue of
attack.
So, that entire class of traditional uses for password crackers is long
obsolete. The _other_ use, by sysadmins to keep a wary eye for local
user stupidity, certainly does still apply.
As a side-comment: The truly wary sysadmin tries hard to _not_ trust
local shell users, and assumes that, at any time, someone using a
legitimate user's authentication token (either password or public-key
pair) might be a bad guy who's stolen that credential. Therefore, the
wary sysadmin tries to fortify the system against _local_ attack as well
as remote attack.
Possibly relevant reading:
http://linuxmafia.com/faq/Security/breakin-without-remote-vulnerability.html
(Rumours that I was talking about shells.sourceforge.net and breakin
to the sensitive internal network at VA $WHATEVER are... unconfirmed
at this time.)
http://security.itworld.com/4352/LWD000829hacking/pfindex.html
http://linuxgazette.net/issue98/moen.html
More information about the sf-lug
mailing list