40
??p??? ? UNIX'e
???? ??p???? ??? /etc/passwd. ?p???? ?????????? ???????, ???? ??? ?? ? ??p??.
???? ?????? ??p???? ????? *, ??? ??????: ???? ??? ????? ?? ???? ??p????, ????
??p??? ???????? - shadowed. ????? ??p??? ?p?????? ? ????? /etc/shadow ???
/etc/master.passwd, ????p?? ?????????? ??? ??????. ???? ??p?????, ????? ? ????
??p??? ????? ????? ???? "##root", "##egor", ?? ???? ????? ????????????? - ?????
?????p??????? ??p??? ??p???? ?? /etc/shadow ??? master.passwd, ??
???????????????? ????????????. ?? ???? ???? ????? egor ????? ?????? ? ????
??p???? "##quake", ????? ??? ??p??? ??p???? ?? ???? ??p??? ? ????? passwd
???????????? quake. ?? ????, ??? ?p???? ??????. ? ????? ???????? (???p???p,
Minix) ????????? ??p???? ???????? p?????.
???? ??p????, ????p?? ?? ?????? ftp???? - ??? ????. FTP-??????? ??p??p????? ???:
/home/ftp/bin
/home/ftp/etc
/home/ftp/pub
/home/ftp/....
????? ?? ??????????? ?? ??p? 21 (??? ??????? ftp) ?? ??? ??? ??p??? ??????????
??????? /home/ftp/ ????????? ??????. ? ?? ??? ? /home/ftp/etc ???? ? ???? ?p???
- group ? ???? passwd, ????p?? ????????, ?? ????, ??????.
??p??? ? ?????? ???p????? ???: salt+??p??? ?????p????????? ?? ????? ??p???.
????? ??p????, ???? ?? ?????? ???? ??p??? "doomii", ?? ??????p?? ????p???? salt
(??? ?????) ? ?p?????????? ????? ?????p????: ".i" - salt, "doomii" - ??, ???
???p?????, ? "doomii" - ????. ???p???? ?????????????? ????p????? DES. salt - ???
??? ?????, ??????????? ?p?????? ??? ????p?? - ??? ????p???? ??????p?? ? ??????
???p????. ????? ??p????, ??????????? ????????? ?????????p?? ?????p?? -
?p??p????, ????p?? ?? ???? p?? ?????p????? ???? ???? ??p????, ? ??p???p ??????
?? ~1 ???. :) ??? ??? ??? ?????? ??????????... ??.??????. ????, ?? ?p???? ?
????, ??? ??????? ???p?????? ???????? ???????p?????. ????? ???????????? ?p?
????? ?????? ??p???, ???????? ??? ????? ?? ????? ??p???? - ??p??? ??? ?????
?????p???????? ??p??? - salt. ?? ??? ?p?????????? ?? ?? ???p????, ??? ? ????,
?????? salt?? ???????? ??? ??? ?????. ? ????? ???p?????? ?????p??????? ??????
?p??????????. ? ???? ?? ?????????, ?? ??? ???? ???p?, ???? ????p, :] ??p???
????? ???????? ??: 32-127. ?? ??p???????? - ?? ??p??? 6 ????????, ?? ??????? 8.
H?. H?????p?? ?????? ?p???????? ??p??? ????? ????? ?? 8 ????????, ? ??????p?? -
?? 16.
??? ?p?????, ????? ?? p?????? ?????? ???? ??p???, ????? ?p???p??? ?p?????????
??p??? ?? ????????? ????: ????? ??? ????? ?? ???? ?????? case-?, ? ????? ??? ??
???? ?????. ????? ?p???p????? ? ???? ?????p? (????? ???? ???p??, ??? ?p?????)
?? ????: ? ?? ???? ?? ???p? ??????? ?????. ? ????? ??p??? ????p????. ???? ???
??????p?? ??????, ?? ????p?? ?? ??p???????, ??? ??p??? ??????? ?p??? ??? ????? -
???p???p, ???? ??? ???p?. ????? ????? ?? ?p????????, ???? ??p??? ?????? root -
?p????????????, ??? p?? ????? ?????? ???, ??? ?????, ? ?.?. ? ??????? ?p?????
??p???.
??p?? ????? ??p???? ?????:
login:password:UID:GID:comments:home:shell
???
login: ??? ??????, ???p???p, egor, vasya, ??? root. ??????, p??, ??? ?p?????, ??
????? ???????????? ??????????? ?? ??????.
password: ??p??? ? ??? ????? ?????p??????? ????. H??p???p: "piGH5\fh32IjPb" -
??? ????, ??? ?p?????, 13 ????????. ????? ??? ????p????? ???????, ????p??
???????????? ??? ??p???????? ???p???? ??p??? - ????, ??????, ?????????? ???p,
?? ????? ???p????? ??? ???????, ??? ?? ???? ???????, ???? ???????????? ???p. ???
?p?????, ????? ???? ?? ??????????.
UID: User ID. H???p ??????????? ??? ???????? ???????.
GID: Group ID. H???p ?p???? ??? ???????? ???????.
Comments: ??? ?p?????, ??? ????????????. ????? ???? ???????, ? ????p??
??????????? ????, ????p ???????? ?????, ????, etc, etc.
home: ???????? ???????. ??? ????????? ???????? ???????, ????p?? ?????p????? ???
/usr, ??? ?????????? egor, ??????, ???????? ??? ???? ????????. ????, ????????
??????? ????? ????????? ? /home.
shell: ???? ??? ??????. ??? ?p?????, /bin/sh.
??p??? /etc/shadow aka /etc/master.passwd:
login:password
????p? ????? ? ????: ??? ??????. ?????? ??p??? ?????????????? ??????? ?????? -
??????? ???????? ???p???? p?????. ????, 127-32 ??????? = 95. ????p?
95^??????????_????. ??? ?p?????, 8. ??? 95*95*95*95*95*95*95*95 = .....
????p? ????p?. ?????p???? 2000*8 ???? ?????? ?? 486dx4-120 ????? 900 ms - ??
???? ??????? - ??? 2100*8 ????. ???? ?? p??????? 95^8 ?? (2100*8) ?? ???????
???-?? ?????? ??? ???H??? ??p???p? ???? ??p?????? ?????? ??????. H? ??? ??
486dx4-120 - ????? ???? ???!!!! ??? ??? ???? ????? ???p????????? ???p???. H?
?????? ?? ???-?? ? ?p????. Brute-force ????? - ????? ?????p?. ?? ????? ?????p?
?????????? ????, ????p?? ? ??p???p?????. ?????? ?????p? - ?????? ??????.
?????????????? ?p??p???? brute-force ?p??????, ????? ???p????? ????? ??
?????p? ?? ???? ?p??????.
????? ??p????, ????? ?????????? ? ?????p? ????? "spaces", ?? ?p??p????
?p???p???: "spaces", "Spaces", "SPACES", "SpaceS", "spaceS", ?? ? ?.?. :)
?p?????? ??????????, ??? ??p???p, ??????, ???? ??????? ?????? ?? ?????p? ?
?????????????? ????????????? ???p?????? ?p? ?????p? ? 800 ???, ?????
????????-????. ???? ? ???????????? ???p????????, ?.?. ?????? ??? ???? - ?????
??????p? ????? ?? ?????.
[...]
EE> salt - ??? ??? ?????, ??????????? ?p?????? ??? ????p?? - ??? ????p????
EE> ??????p?? ? ?????? ???p????. ????? ??p????, ??????????? ?????????
EE> ?????????p?? ?????p?? - ?p??p????, ????p?? ?? ???? p?? ?????p????? ????
EE> ???? ??p????, ? ??p???p ?????? ?? ~1 ???. :)
????????, ???? ??? ??????, ?? ????? ?????? ??? p???? ???????????? (???p???p,
? QCrack by Crypt Keeper). 4096 p???????? salt'?? - ?? ??? ?????. ??? ?????,
???? ??????, ??? ?????????? ?p????? ?? ?????? ????? ?? ???p??????? ???? (?.?.
???????? 4Kb ?? ?????), ?.?. ????? ???????????? ????? ????p??? ??p???p?: ????
??p??? ???? ???p???????? ??p??? ?? ????????? - ? ??????????, ???? ?????????,
??, ?????? ?? ???????? - ????? crypt(). ???????? ????p????????? ? 256 p?? ????,
??? ? ??????? wordlist ?p???p?? ????? p????p? wordlist'?, ????p?? ??????????
?p???p?? ? 500 p??. ??? ??? ????? ????? wordlist ???-?????? ?? ????????, ????
p?? ?????p?????, ???????? ?? CD-ROM ? ?p???????. :) ??????, ???-?????? ?????,
???? ?? ??????
EE> ??p??? ????? ???????? ??: 32-127.
??????? 0-31 ? 127 ???? ??p?????? ??p??????????? crypt()'??, ???? ?? ?? ???????
??????, ? ??? ??? ??????? ?? ????p??? ??p??????.
EE> ?? ??p???????? - ?? ??p??? 6 ????????, ?? ??????? 8.
??p???????? ????? ????? ?? ??????? ? crypt()'??, ??? ????? ???? ?p???p?? ?
??????? passwd, ????p??, ??????, ????? ??????????? ??????. ??? ??? ???p???????
????? ??p??? 6 ???? ?? ???????.
EE> H?. H?????p?? ?????? ?p???????? ??p??? ????? ????? ?? 8 ????????, ?
EE> ??????p?? - ?? 16.
? ??? ????? ?????? 8 ???????? ?p? ??????p???? crypt()'? ?? ?????? (? ???? ??
????p?? ?????? ?p? ??????p????).
EE> ??? ?p?????, ????? ?? p?????? ?????? ???? ??p???, ????? ?p???p???
EE> ?p????????? ??p??? ?? ????????? ????: ????? ??? ????? ?? ???? ??????
EE> case-?, ? ????? ??? ?? ???? ?????.
??? ?? "??? ?p?????", ? "?????? ??????". ?????? ?? ??? ??p ??????????, ???p???p,
??????? passwd, ????p?? ? ????? ?? ?p???p???.
EE> ????? ?p???p????? ? ???? ?????p? (????? ???? ???p??, ??? ?p?????) ?? ????:
...??? ?????p? ????? "????????" ????????.
EE> ? ?? ???? ?? ???p? ??????? ?????. ? ????? ??p??? ????p????. ???? ???
EE> ??????p?? ??????, ?? ????p?? ?? ??p???????, ??? ??p??? ??????? ?p???
EE> ??? ????? - ???p???p, ???? ??? ???p?.
H????p??, ?????? ??????? passwd ?p????? ??????? ? ??p??? ???? ?? ????? ???p?,
?? ?? ?p???p??? ??????, ????? ??p??? ?????? ?? ???p ? ???????. ???????? ? ????
??? ????????? passwd-??????, ??? ?????? ???p???? ??p??? ? ?????????.
EE> ????? ????? ?? ?p????????, ???? ??p??? ?????? root - ?p????????????, ???
EE> p?? ????? ?????? ???, ??? ?????, ? ?.?. ? ??????? ?p????? ??p???.
??? ??????. ??????? ????? ????? ?p???p??? ?? ??p????? ??p??? ????, ????? ?????
????????, ??? ???? ??p???????? ?? ?????. ?????? root ??????? ????? account,
?????? ??p???, ????p?? ???p?, ? ??? ??? ??? ? ?? ??????. ;)
EE> ????p? ????? ? ????: ??? ??????. ?????? ??p??? ?????????????? ???????
EE> ?????? - ??????? ???????? ???p???? p?????. ????, 127-32 ??????? = 95.
??????-??, ???? ??????? ??-??????, 127-32+1=96 ????????. :)
EE> ????p? 95^??????????_????. ??? ?p?????, 8. ??? 95*95*95*95*95*95*95*95 =
EE> ..... ????p? ????p?. ?????p???? 2000*8 ???? ?????? ?? 486dx4-120 ????? 900
EE> ms - ?? ???? ??????? - ??? 2100*8 ????. ???? ?? p??????? 95^8 ?? (2100*8)
EE> ?? ??????? ???-?? ?????? ??? ???H??? ??p???p? ???? ??p?????? ??????
EE> ??????. H? ??? ?? 486dx4-120 - ????? ???? ???!!!!
?? ???-?? ??????. ?????? ?????????? ????????? ???????? ????? ???. :)
EE> ??? ??? ???? ????? ???p????????? ???p???.
??? ?? ???p??. ? ??? ?? ??? ???? ????p??, ??? ?p? ?????????????? ??p?????????
?????? (??? ?? ????? ???????), ???? ?????? ?????? ?p????? ????? (? ?? ???p??,
??? ?????? ??), ? ????????, ??? ??? ??? p???? ??????? ??????. ? ? ?????? ??????
??? ?? ???. H??p???p, ??p??? ?? ????p?? ???? (?????? ???????? a-z), ???p???????
?????????? ?????, ? 26^4 - ?????? ????.
? ???? ??????? ???????? ????? ? ??????????????? ????????? ?????? ?????????????
p???????? ???????? ? ??p????, ?? ?????? ??p???p?? ??????? ?????? ? ??p??? ????
?? ?????? ???? (??? ?????????). ???? ????? ?p??????????, ??? ?p????? ???????
??????? ?? ????p????? (??? ?p?????? ?p?p???? p?????) ? ??p???p??? ??????????
? ??p???? ???????? ??p????????, ??? ??????? ???????? ??p????. ????? ??p????,
??p??? ????? ??????????? ? ?p????? ??p???? p?????, ??? ?? ???????? ?p?????
??????? ??p???p?, ??? ???? ?? ??? ????????????????? ??p???p?. ??????????, ?p?
???? ???? ?? account'?? ?????? ???? ????p?????, ?.?. ??p???p ???? ??????????
??? ?????? account'? ????? ??????? ?? ????p??????.
???, ???p???p, ??????? ?? ???? ([...] - ????????? ????? ??p?? ????????):
[...]
l: langley p: dsasa
l: jleigh p: rosie
l: jel p: passs
l: noah p: alstt
l: millerbc p: cassi
[...]
l: jkim p: inhui
l: ragaon p: mahal
l: kruse p: csheo
l: snyder p: achio
l: trederl p: schmo
l: gladee p: sethe
[...]
l: rhenium p: rrreee
l: 98920419 p: renate
l: boyd p: ronron
l: dragoo p: rettaa
l: tribbett p: sterne
l: cooper p: stoots
l: rootj p: rtrslr
l: stars p: pensri
[...]
l: andrewj p: rainier
l: laura p: dooties
l: weeds p: mentari
l: mmatteso p: merritt
[...]
EE> H? ?????? ?? ???-?? ? ?p????. Brute-force ????? - ????? ?????p?.
AFAiK, bruteforce ???????? ????? ???? ??p???p ??p??????, ?? ?? ?p??????????
????????? ???? ??p?????? ??????-?? ????p????, ???p???p, ?????? ?? ?????p?.
EE> ?? ????? ?????p? ?????????? ????, ????p?? ? ??p???p?????.
H? ??????????? ??????????. ;) ? ?? ??????????? ????. ;) ? ????? wordlist'??
????? ????? "??????" ?p??? "qwerty".
[...]
In standard Unix the password file is /etc/passwd. On a Unix system
with either NIS/yp or password shadowing, much of the password data may
be elsewhere. An entry in the password file consists of seven colon
delimited fields:
Username
Encrypted password (And optional password aging data)
User number
Group Number
GECOS Information
Home directory
Shell
]
] Sample entry from /etc/passwd:
]
] will:5fg63fhD3d5gh:9406:12:Will Spencer:/home/fsg/will:/bin/bash
]
Broken down, this passwd file line shows:
Username: will
Encrypted password: 5fg63fhD3d5gh
User number: 9406
Group Number: 12
GECOS Information: Will Spencer
Home directory: /home/fsg/will
Shell: /bin/bash
Where can I find the password file if it's shadowed?
Unix Path Token
-----------------------------------------------------------------
AIX 3 /etc/security/passwd !
or /tcb/auth/files//
A/UX 3.0s /tcb/files/auth/?/*
BSD4.3-Reno /etc/master.passwd *
ConvexOS 10 /etc/shadpw *
ConvexOS 11 /etc/shadow *
DG/UX /etc/tcb/aa/user/ *
EP/IX /etc/shadow x
HP-UX /.secure/etc/passwd *
IRIX 5 /etc/shadow x
Linux 1.1 /etc/shadow *
OSF/1 /etc/passwd[.dir|.pag] *
SCO Unix #.2.x /tcb/auth/files//
SunOS4.1+c2 /etc/security/passwd.adjunct ##username
SunOS 5.0 /etc/shadow
System V Release 4.0 /etc/shadow x
System V Release 4.2 /etc/security/* database
Ultrix 4 /etc/auth[.dir|.pag] *
UNICOS /etc/udb *
[...]
...?? free bsd ??? ?????????? ??????? ??????????? ???????? md5, ???????????
????? ??????? (????? ????????, ???????), ??? ??????????? des ??
??????????? ?????? ???????. pwd.db - ??? shadow passowrds, ??????
??? - ?????????? ???? ???????, ????? ?? ???????????????????. shadow -
??? ?????? ????????? ?????? ??????? ?????????? ?????????????? ??????? ??
/etc/passwd (??????? ?? ??????????? ?????? ???? world-wide readable) ?
????????? ????, ????????? ?? ?????? ?????? ????.