LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   create "shadow" passwords (http://www.linuxquestions.org/questions/linux-security-4/create-shadow-passwords-255560/)

benjalien 11-16-2004 11:41 AM

create "shadow" passwords
 
Hi,

I'm looking to find out how I could crypt a password in the correct format for the shadow file.
I mean I'm triing to manually chage passwords without using the specific passwd command, so I need to crypt the password by myself and go write it directly in the shadow file.

Can anyone please help me with that?

Thanks

:scratch:

druuna 11-16-2004 01:17 PM

If you are talking about an encrypted pasword as returned by crypt (which also could be used by useradd's -p option), take a look at these url's:

http://www.linuxquestions.org/questi...04/08/3/219779
http://www.redhat.com/docs/manuals/l...-cmd-line.html

The first uses openssl, the second python.

Never tried it, but if useradd's -p option accepts them, you should also be able to 'copy - paste' them into the shadow file.

Hope this helps.

bignerd 11-16-2004 01:27 PM

Re: create "shadow" passwords
 
Quote:

Originally posted by benjalien
Hi,

I'm looking to find out how I could crypt a password in the correct format for the shadow file.
I mean I'm triing to manually chage passwords without using the specific passwd command, so I need to crypt the password by myself and go write it directly in the shadow file.

Can anyone please help me with that?

Thanks

:scratch:

I actually don't know of a program that will do that... but here is some code I whipped up that will.

This is very simple and you'd need to add input functions but this is how it works.

#include <unistd.h>

main()
{printf("%s\n", crypt("pass1234","$1$12345"));
}

to compile this to a program save the above code to a file.. lets call it blah.c, then compile it thus:

gcc -o blah blah.c -lcrypt

then execute it with ./blah

What it does is takes the password "pass1234" and uses the salt "12345" and poops out something that is useable in your shadow file. For this example when I ran it the result was:

$1$12345$A8DnQztKXEucytV/McZKS.

I tested this (just to be sure) by making a test user then changed the shadow file with the above. I was able to logon using the password "pass1234".. so it works.

To make this a useful program you'd need to add code that asks for the salt and the password. I won't go into what a salt is and why you need one. Much smarter people than me have already descibed this and I would only be parroting their words.

I'm sure perl has something for this as well but the c code was the first thing I thought of.

-b

edit: For more info check out 'man crypt'

bignerd 11-16-2004 06:27 PM

had more time since I'm off work. This is a complete program that has command line input, usage statement, etc..

#define _XOPEN_SOURCE
#include <unistd.h>
#include <stdio.h>

/* compile with gcc -o mkpass mkpass.c -lcrypt */

int main(int argc, char **argv) {
char strarv2 [7] = "$1$";
if (argc != 3) {
printf ("USAGE: %s <password> <salt>\n", argv[0]);
return 1;
}
strcat(strarv2, argv[2]);
printf("%s\n", crypt(argv[1],strarv2));
return 0;
}


Save that to a file such as mkpass.c then compile with gcc -o mkpass mkpass.c -lcrypt

run with ./mkpass

Oh.. and it's horribly insecure. By no means set that suid if the owner is root. Also the pass and salt will probably show in ps if a user looked while you were running it.. so that's bad too. Don't run it if anyone else is logged into the box at the same time.

-b


All times are GMT -5. The time now is 10:41 PM.