LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 11-16-2004, 11:41 AM   #1
benjalien
Member
 
Registered: Aug 2003
Location: Belgium
Distribution: Debian (i686/ppc/amd64)
Posts: 85

Rep: Reputation: 15
Question create "shadow" passwords


Hi,

I'm looking to find out how I could crypt a password in the correct format for the shadow file.
I mean I'm triing to manually chage passwords without using the specific passwd command, so I need to crypt the password by myself and go write it directly in the shadow file.

Can anyone please help me with that?

Thanks

 
Old 11-16-2004, 01:17 PM   #2
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374Reputation: 2374
If you are talking about an encrypted pasword as returned by crypt (which also could be used by useradd's -p option), take a look at these url's:

http://www.linuxquestions.org/questi...04/08/3/219779
http://www.redhat.com/docs/manuals/l...-cmd-line.html

The first uses openssl, the second python.

Never tried it, but if useradd's -p option accepts them, you should also be able to 'copy - paste' them into the shadow file.

Hope this helps.
 
Old 11-16-2004, 01:27 PM   #3
bignerd
Member
 
Registered: Nov 2004
Distribution: FC1, Gentoo, Mdk 8.1, RH7-8-9, Knoppix, Zuarus rom 3.13
Posts: 98

Rep: Reputation: 15
Re: create "shadow" passwords

Quote:
Originally posted by benjalien
Hi,

I'm looking to find out how I could crypt a password in the correct format for the shadow file.
I mean I'm triing to manually chage passwords without using the specific passwd command, so I need to crypt the password by myself and go write it directly in the shadow file.

Can anyone please help me with that?

Thanks

I actually don't know of a program that will do that... but here is some code I whipped up that will.

This is very simple and you'd need to add input functions but this is how it works.

#include <unistd.h>

main()
{printf("%s\n", crypt("pass1234","$1$12345"));
}

to compile this to a program save the above code to a file.. lets call it blah.c, then compile it thus:

gcc -o blah blah.c -lcrypt

then execute it with ./blah

What it does is takes the password "pass1234" and uses the salt "12345" and poops out something that is useable in your shadow file. For this example when I ran it the result was:

$1$12345$A8DnQztKXEucytV/McZKS.

I tested this (just to be sure) by making a test user then changed the shadow file with the above. I was able to logon using the password "pass1234".. so it works.

To make this a useful program you'd need to add code that asks for the salt and the password. I won't go into what a salt is and why you need one. Much smarter people than me have already descibed this and I would only be parroting their words.

I'm sure perl has something for this as well but the c code was the first thing I thought of.

-b

edit: For more info check out 'man crypt'

Last edited by bignerd; 11-16-2004 at 01:36 PM.
 
Old 11-16-2004, 06:27 PM   #4
bignerd
Member
 
Registered: Nov 2004
Distribution: FC1, Gentoo, Mdk 8.1, RH7-8-9, Knoppix, Zuarus rom 3.13
Posts: 98

Rep: Reputation: 15
had more time since I'm off work. This is a complete program that has command line input, usage statement, etc..

#define _XOPEN_SOURCE
#include <unistd.h>
#include <stdio.h>

/* compile with gcc -o mkpass mkpass.c -lcrypt */

int main(int argc, char **argv) {
char strarv2 [7] = "$1$";
if (argc != 3) {
printf ("USAGE: %s <password> <salt>\n", argv[0]);
return 1;
}
strcat(strarv2, argv[2]);
printf("%s\n", crypt(argv[1],strarv2));
return 0;
}


Save that to a file such as mkpass.c then compile with gcc -o mkpass mkpass.c -lcrypt

run with ./mkpass

Oh.. and it's horribly insecure. By no means set that suid if the owner is root. Also the pass and salt will probably show in ps if a user looked while you were running it.. so that's bad too. Don't run it if anyone else is logged into the box at the same time.

-b
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Telling people to use "Google," to "RTFM," or "Use the search feature" Ausar General 77 03-21-2010 12:26 PM
"Xlib: extension "XFree86-DRI" missing on display ":0.0"." zaps Linux - Games 9 05-14-2007 04:07 PM
Cannot create a new thread on the "Linux - News, Articles and Editorials" forum sekelsenmat LQ Suggestions & Feedback 1 07-03-2005 09:47 AM
"cannot exec `as': ..." AND "C compiler cannot create ..." pr3st0 Linux - Software 0 10-15-2004 01:42 PM
"wine: failed to create the process heap", in Fedora Core 2 crimsonmoon Linux - Software 3 06-16-2004 05:59 AM


All times are GMT -5. The time now is 11:25 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration