[sf-lug] John the Ripper

Kristian Erik Hermansen kristian.hermansen at gmail.com
Fri Jan 25 09:06:26 PST 2008


On Jan 25, 2008 2:55 AM, Rick Moen <rick at linuxmafia.com> wrote:
> Question:  Given that shadow passwords have been ubiquitous since about
> 1993, when are you actually going to _find_ a readable password file to
> run John the Ripper against?  I mean, it's a fine program, but you can
> match entries in a file of encrypted passwords using dictionary attempts
> only if you can _read_ the file of encrypted passwords, right?
>
> I might be missing something, here.  (Really.  That's not cheap sarcasm.  ;->)

You should learn about unshadow :-)  There are still many ways to
obtain the shadow file even if you are not root (think kernel leaks,
file race conditions, setuid hijacking)!
$ sudo aptitude install john
$ man unshadow
-- 
Kristian Erik Hermansen
"Know something about everything and everything about something."




More information about the sf-lug mailing list