💾 Archived View for gemini.theuse.net › textfiles.com › uploads › passwd.txt captured on 2022-01-08 at 21:03:06.

View Raw

More Information

-=-=-=-=-=-=-


              /////////////////////////////////      //
             //               ///   //              //
            /////            ///   //              //
           /////            ///   //              //
          //               ///   //              //
         ///////////      ///   ////////////    //
	
     	 //////////   //////// //////////////////  //         // ////////
    	//      //   //    // //        //        //   /     // //     //
       //////////   //    // ////////  ////////  //  ///    // //     //
      //           ////////       //        //  // //  //  // //     //
     //           //    //       //        //  ////     //// //     //
    //		 //    // ////////   ///////  ///	/// ////////
=========================================================================ect/passwd

Brought to you by ---=> *KGB* ---=>fh_foxhound@hotmail.com


Intro:	This file is 'bout the ect/passwd and everything that comes with it.

__disclaimer__

This file is for educational purpose only, blah blah, i am not responsable for your actions and 
stuff like that. My main purpose is to contribute my knowledge to you.


	
=======================
Let's Start
=======================

 Good one? yes, a good one, there is only one Good one.
 Okay only one good one, now tell me how 2 get the damn thing!

 The oldest methode i know is the FTP://server.com.   
 Note: To do this ftp the server from your browser, not sum ftp progz or shit like that.
 Then you will ftp the server anonymously and you will see something like this:

 FTP Dir on server.com
 ---------------------
 04/07/1999 12:00      Directory dev     <=--- Devices
 04/12/1999 12:00      Directory etc     <=--- This one u want!
 06/10/1998 12:00      Directory hidden  <=--- Not important
 03/22/2000 02:23      Directory pub     <=--- Public stuff

As u can see this is a Unix system (duh windows doesnt have /ect/).
So we click on --=>ect

 FTP Dir /ect on server.com
 --------------------------
 04/12/1999 12:00      601 group    <=--- File with group/user names
 04/12/1999 12:00      509 passwd   <=--- Bingo!

So we click on the passwd file.
We see:

 root:x:0:1:Super-User:/:/sbin/bash
 daemon:x:1:1::/:
 bin:x:2:2::/usr/bin:
 sys:x:3:3::/:
 adm:x:4:4:Admin:/var/adm:
 lp:x:71:8:Line Printer Admin:/usr/spool/lp:
 smtp:x:0:0:Mail Daemon User:/:

THIS IS USELESSSSSSS, why? see the X that means that the passwd is shadowed.
It's a shadowed passwd file, very very hard to crack there is way 2 do it, a program called
Deshadow would do the work they say, but deshadow is only to be run on your own unix box.

 root:x:0:1:Super-User:/:/sbin/bash
  |   | | |       |    |     |
 Login| | |       |    |     |
 name | |group    |    |    shell (bash= bourne again shell)
      | | id   fullname|
  shadowed	       |	
  passwd|             home
        |              dir
     userid


The "x" is called a token on some systems it is replaced by a "$" or "#" or sometimes even the user name.


So now that the passwd file is useless, we are disapointed and just for the fun of it all
we will take a look at the ---=>group.
we see:

 root::0:root
 other::1:
 bin::2:root,bin,daemon
 sys::3:root,bin,sys,adm
 adm::4:root,adm,daemon
 uucp::5:root,uucp
 mail::6:root
 tty::7:root,tty,adm
 lp::8:root,lp,adm
 nuucp::9:root,nuucp
 staff::10:
 daemon::12:root,daemon
 sysadmin::14:
 nobody::60001:
 noaccess::60002:
 nogroup::65534:
 sponsor::26:dlamb,marci,trs,wjtifft,sndesign,bswingle,sonny
 star::22:nobody,trs,marci,dlamb,wjtifft,sndesign,bswingle,grossman
 cron::30:root,rwisner,trs,grossman,bcauthor,starnews,kvoa,bswingle,uurtamo
 nettools::29:root,rwisner,trs,grossman,bcauthor,bswingle,uurtamo
 su::27:root,rwisner,trs,grossman,bcauthor,uurtamo,bswingle
 ftp::60000:

What's to say? a bunch a user names and group id's (gid).
Sometimes you will find a file called pwd.db in the /ect dir.

=======================
Let's Move On
=======================

 Note: On windows the passwd file is called .pwl
 
 You can do the old FTP method on many servers, but lets talk about the Good passwd file.
 We use the same example as above:

 root:Npge08pfz4wuk:0:1:Super-User:/:/sbin/bash
 daemon:Fs2e08p34Cxw1:1:1::/:
 bin:Npge08pfz4wuk:2:2::/usr/bin:

What u see and what u should notice is the jibberish (Npge08pfz4wuk) it is a encrypted passwd.
Actually it is not encrypted but encoded.

------->>PASSWD Encoded info<<---------

Encoded? that's right, when the passwd is to be encoded with randomly generated value called Salt.
There are 4096 salt values. So if you want to do a Dictionary Attack u will have 2 try all the values.
So the Npge08pfz4wuk, the Np are the salt and the ge08pfz4wuk is the encoded passwd.

---------------------------------------

Right about now u would want 2 download Jack the Ripper "Its primary purpose is to detect weak UNIX passwords"
And use the Ripper to crack the passwd file.
When it is cracked u will have access to the server. =)

=======================
Final Notes
=======================

 the rest is easy compared 2 that.
 Ofcourse i only showed one method of getting a passwd file.
 To get a passwd file the other way, you first need to find a hole in the services running
 at various ports of the host.

 I hope u know enough now.

GrtZ,

---=>KGB (fh_foxhound@hotmail.com)