[sf-lug] John the Ripper
Kristian Erik Hermansen
kristian.hermansen at gmail.com
Fri Jan 25 09:06:26 PST 2008
On Jan 25, 2008 2:55 AM, Rick Moen <rick at linuxmafia.com> wrote:
> Question: Given that shadow passwords have been ubiquitous since about
> 1993, when are you actually going to _find_ a readable password file to
> run John the Ripper against? I mean, it's a fine program, but you can
> match entries in a file of encrypted passwords using dictionary attempts
> only if you can _read_ the file of encrypted passwords, right?
>
> I might be missing something, here. (Really. That's not cheap sarcasm. ;->)
You should learn about unshadow :-) There are still many ways to
obtain the shadow file even if you are not root (think kernel leaks,
file race conditions, setuid hijacking)!
$ sudo aptitude install john
$ man unshadow
--
Kristian Erik Hermansen
"Know something about everything and everything about something."
More information about the sf-lug
mailing list