Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Lost password on Sun Solaris; can it be decrypted
Operating Systems Solaris Lost password on Sun Solaris; can it be decrypted Post 302269976 by Perderabo on Friday 19th of December 2008 08:42:23 AM
Old 12-19-2008
Quote:
Originally Posted by jdfeathe
If you're using solaris, with a shadow file for passwords with encryption set to one of the encrytion standards that are supported, john the ripper will crack the password in the shadow file. Not sure what robsonde is talking about ... I've used it a million times to check users passwords.

robsonde has it right. If something is encrypted there must be a way to decrypt it. The algorithm used by unix for passwords is a one-way hash that cannot be reversed. JtR works by trying all possible passwords until it finds one that happens to result in the same hashed value. That is not what is meant by decryption. I will say the JtR is very clever at guessing weak passwords though.

We are required to used strong passwords here at work. To verify compliance I have been asked to run JtR. So far:
Code:
guesses: 1  time: 20:17:21:23  c/s: 324328  trying: lmpsps* - lmpsos!

After 20 days, 17 hours, 21 minutes, and 23 seconds, JtR has guessed one password. Note that the author of JtR chose the verb "guess", not "crack", not "decrypt" or anything like that. It may take decades to guess all of the remaining 186 passwords. And I downloaded dozens of carefully chosen dictionaries to help JtR out, which is the only reason that JtR even has one guess so far.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Root Password Lost !!!

I've forgotten root password on one of Solaris machines, i searched in forumes to find a similar case but there's no proceudre here to reinintialize root password, cause most of related commands & even single user mode needs root password that i don't have. Any solution would be helpful. --rgrds,... (9 Replies)
Discussion started by: nikk
9 Replies

2. UNIX for Advanced & Expert Users

I lost my password root

Hello ... I lost my password root ! maybe someone can to help me to log in HP_UX, i started the server in " Singel - User" and i changed my password to new password and it`s not working .. what i must to do ??? (4 Replies)
Discussion started by: yanly
4 Replies

3. UNIX for Advanced & Expert Users

Lost Root Password

I have recently become the sys adm guy for our unix systems here for my shop. I have a pretty good understanding of the system, but there is just some stuff that I don't know. Right now one of those things is to recover the password for a unix system. I know that there is a way that you can use... (2 Replies)
Discussion started by: GlockCW
2 Replies

4. UNIX for Dummies Questions & Answers

Root Password Lost

I'm attempting to blank out the root user password on a machine that we have forgotten the password for. I have been using the advice posted on this site to boot from CDROM in single user mode, then mounting the root slice and editing the /etc/shadow file. Each time I save the shadow file and... (1 Reply)
Discussion started by: gonzotonka
1 Replies

5. UNIX for Advanced & Expert Users

Help with Lost Root Password

This is a common question im sure... I bought a RS/6000 Model 240. Aix 4.3.3 loaded. No root password was supplied to me, but I do have the install media (4 disks). I want to drop into maint mode. So I place the cd into the drive, restart the box ( by pressing the power button, since i do not have... (3 Replies)
Discussion started by: JoeJohnSmith
3 Replies

6. Solaris

password less login from openssh to SSH Secure Shell 3.0.1 Sun solaris 7

Hi, I would like to login from a Sun server running ssh: Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f to ssh: SSH Secure Shell 3.0.1 on sparc-sun-solaris2.6 How can I achieve this? Thanks a million in advance (1 Reply)
Discussion started by: newbewie
1 Replies

7. Solaris

Firmware password Solaris Sun Fire v440

Hi: I bougth an used Sun Fire v440, and It have a firmware password. When I turn on the server, it ask for firmware password. (I don 't know what is the correct password). I can access to SC, but when I want to access to OBP, Firmware Password appears again. I remove the battery for two hours,... (1 Reply)
Discussion started by: mguazzardo
1 Replies

8. Shell Programming and Scripting

How to pass decrypted password to script

Hi Everybody, I am trying to write a script (ksh) to connect to oracle db via sqlplus. As I do not want the password to be in plain text, I've tried to use java to encrypt and decrypt it but I am not sure how can I pass the decrypted password to the script. Pls advise. Below is what I would... (1 Reply)
Discussion started by: Nick1971
1 Replies

9. What is on Your Mind?

Lost Sun Solaris 10Certification

.............. (1 Reply)
Discussion started by: siddulamadhu
1 Replies

10. Solaris

Failed to recover root password in Solaris 10 on Sparc CPU Sun Ultra10

Failed to recover lost root password for Solaris SunSparc (On Sun Ultra10 - SPARC CPU Hardware, not x86 Intel CPU nor x64 AMD CPU) This Sun Ultra10 workstation comes with an old 6-in wafer probing station purchased from a Surplus equipment vendor. Computer: Sun Ultra 5/10 UPA/PCI... (21 Replies)
Discussion started by: fromtexas0
21 Replies

LEARN ABOUT REDHAT

passwd

PASSWD(5)							   File formats 							 PASSWD(5)

NAME

       passwd - password file

DESCRIPTION

       Passwd  is  a text file, that contains a list of the system's accounts, giving for each account some useful information like user ID, group
       ID, home directory, shell, etc.	Often, it also contains the encrypted passwords for each account.  It should have general read	permission
       (many utilities, like ls(1) use it to map user IDs to user names), but write access only for the superuser.

       In  the	good old days there was no great problem with this general read permission.  Everybody could read the encrypted passwords, but the
       hardware was too slow to crack a well-chosen password, and moreover, the basic assumption used to be that  of  a  friendly  user-community.
       These  days  many  people  run some version of the shadow password suite, where /etc/passwd has *'s instead of encrypted passwords, and the
       encrypted passwords are in /etc/shadow which is readable by the superuser only.

       Regardless of whether shadow passwords are used, many sysadmins use a star in the encrypted password field to make sure that this user  can
       not authenticate him- or herself using a password. (But see the Notes below.)

       If you create a new login, first put a star in the password field, then use passwd(1) to set it.

       There is one entry per line, and each line has the format:

	      account:password:UID:GID:GECOS:directory:shell

       The field descriptions are:

	      account	the name of the user on the system.  It should not contain capital letters.

	      password	the encrypted user password or a star.

	      UID	the numerical user ID.

	      GID	the numerical primary group ID for this user.

	      GECOS	This  field  is  optional and only used for informational purposes.  Usually, it contains the full user name.  GECOS means
			General Electric Comprehensive Operating System, which has been renamed to GCOS when GE's large systems division was  sold
			to Honeywell.  Dennis Ritchie has reported: "Sometimes we sent printer output or batch jobs to the GCOS machine.  The gcos
			field in the password file was a place to stash the information for the $IDENTcard.  Not elegant."

	      directory the user's $HOME directory.

	      shell	the program to run at login (if empty, use /bin/sh).  If set to a non-existing executable, the	user  will  be	unable	to
			login through login(1).

NOTE

       If you want to create user groups, their GIDs must be equal and there must be an entry in /etc/group, or no group will exist.

       If  the	encrypted  password  is  set  to a star, the user will be unable to login using login(1), but may still login using rlogin(1), run
       existing processes and initiate new ones through rsh(1), cron(1), at(1), or mail filters, etc.  Trying to lock an account by simply  chang-
       ing the shell field yields the same result and additionally allows the use of su(1).

FILES

       /etc/passwd

SEE ALSO

       passwd(1), login(1), su(1), group(5), shadow(5)

								    1998-01-05								 PASSWD(5)
All times are GMT -4. The time now is 09:25 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy