[TriLUG] how to unshadow
Ryan Leathers
Ryan.Leathers at globalknowledge.com
Mon Nov 4 14:50:57 EST 2002
Thanks for the quick responses to my post. I wound up doing it by hand
since the *conv tools were not available on the system.
In answer to an earlier question (Jeremy I think) this was needed for a
network security course where students were cracking passwords using
john.
The target box in the exercise got shadowized and this caused a problem
for the less unix savvy students. Great irony huh.
Ryan
-----Original Message-----
From: Jon Carnes [mailto:jonc at nc.rr.com]
Sent: Monday, November 04, 2002 1:45 PM
To: trilug at trilug.org
Subject: Re: [TriLUG] how to unshadow
No you are right (well at least they can't be recovered easily).
All that pwunconv does is move the current encrypted password from a
field in /etc/shadow over to the appropriate field in /etc/passwd. It
doesn't decrypt the password.
You use the file /etc/shadow to store the passwords because it has
limited rights (only the system and root can read the file). The
/etc/passwd file is readable by everyone and everything on your system.
Jon Carnes
On Mon, 2002-11-04 at 13:32, Jeff Bollinger wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I guess I was wrong, but I thought that because of the Salt on the
> passwords and one-way encryption, that once they were shadowed the
> plaintext password could not be recovered?
>
> Thanks,
> Jeff
>
> Jon Carnes wrote:
> | On Mon, 2002-11-04 at 13:04, Ryan Leathers wrote:
> |
> |>
> |>Quick one I hope - - - im in a pinch - how do I unshadow my passwd
> |> Is there a shell script - do I have to do it by hand - or is
> |>there a passwd argument
> |>
> |
> |
> | pwunconv:
> | NAME
> | pwconv, pwunconv, grpconv, grpunconv - convert to and
from
> | shadow
> | passwords and groups.
> |
> | SYNOPSIS
> | pwconv
> | pwunconv
> | grpconv
> | grpunconv
> |
> | DESCRIPTION
> | These four programs all operate on the normal and shadow password
and
> | group files: /etc/passwd, /etc/group, /etc/shadow, and
/etc/gshadow.
> |
> | pwconv creates shadow from passwd and an optionally existing
shadow.
> | pwunconv creates passwd from passwd and shadow and then
removes
> | shadow. grpconv creates gshadow from group and an optionally
exist
> | ing gshadow. grpunconv creates group from group and gshadow and
then
> | removes gshadow.
> |
> | Each program acquires the necessary locks before conversion.
> |
> | pwconv and grpconv are similiar. First, entries in the shadowed
file
> | which don't exist in the main file are removed. Then,
shadowed
> | entries which don't have `x' as the password in the main file
are
> | updated. Any missing shadowed entries are added. Finally,
passwords
> | in the main file are replaced with `x'. These programs can be
used
> | for initial conversion as well to update the shadowed file if
the
> | main file is edited by hand.
> |
> | pwconv will use the values of PASS_MIN_DAYS, PASS_MAX_DAYS,
and
> | PASS_WARN_AGE from /etc/login.defs when adding new entries
to
> | /etc/shadow.
> |
> | Likewise, pwunconv and grpunconv are similiar. Passwords in the
main
> | file are updated from the shadowed file. Entries which exist in
the
> | main file but not in the shadowed file are left alone. Finally,
the
> | shadowed file is removed.
> |
> | Some password aging information is lost by pwunconv. It will
convert
> | what it can.
> |
> | _______________________________________________
> | TriLUG mailing list
> | http://www.trilug.org/mailman/listinfo/trilug
> | TriLUG Organizational FAQ:
> | http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
>
> - --
> Jeff Bollinger
> University of North Carolina
> IT Security Analyst
> 105 Abernethy Hall
> mailto: jeff_bollinger at unc dot edu
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.0 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE9xr1BvoVlxVBmgsURAhdRAKCQtnKd8o7vztR+NR8fQdoHYTJicwCfa4er
> jwB8Oou6bHtdw0KOdD6d59s=
> =mbaS
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
> http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
_______________________________________________
TriLUG mailing list
http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ:
http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3061 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20021104/ff688e75/attachment.bin>
More information about the TriLUG
mailing list