Help using Crack for testing password strength
Hi all Ive configured and installed Crack to work with Tara however as Im using Shadow passwords Tara isnt checking /etc/shadow only /etc/passwd
Ive tried running Crack /etc/Shadow manually then I try running ./Reporter and get output similar to following: - ---- passwords cracked as of Tue Jul 1 23:57:37 UTC 2003 ---- ---- errors and warnings ---- bad format: /etc/shadow: adm:*:9797:0::::: bad format: /etc/shadow: bin:*:9797:0::::: bad format: /etc/shadow: chroot:$dfgregjpij454r0ffegr4tg4 bad format: /etc/shadow: rpc:*:9797:0::::: bad format: /etc/shadow: shutdown:*:9797:0::::: bad format: /etc/shadow: smmsp:*:9797:0::::: bad format: /etc/shadow: sync:*:9797:0::::: bad format: /etc/shadow: uucp:*:9797:0::::: bad format: /etc/shadow: webuser:!:15y5y5y5y54yy:7thytrh453::: ---- done ---- Obviously Ive edited the posted output so no real passwords are included but does this bad format mean that I have chosen a weak password or is there a problem with Crack???? (I am checking /etc/shadow as root). Just wondering because I tried a password similar to follows: - 1Q_3=+de£_r£3:;[pY&(grcN?><+G|\¬`@fEWQ%C"_eFyT and it only took like 1 minute for Crack to end and for it to be added to the above list. Can Anybody help??? Ive tried searching for help with the Reporter tool but cant fibnd anything |
Hi Dai,
I haven't tried crack on Linux, but I have run it a lot on AIX. As far as I know, it only works on traditional (i.e. no shadow) format /etc/passwd style files. In AIX there's a command to merge the shadow and passwd files and get this popping out, which makes life very easy. There should be some similar utility you can run to merge the two. Then you put the merged version in a new file and run crack against that. Iain. Edited to add To test this theory, copy /etc/passwd and paste in an encrypted password string for an easily crackable password. Run crack and it should crack it within a few seconds. |
Cheers, Ive now downloaded Jack the Ripper and Apparrently after using the unshadow utility from this it appears that my passwords are actually MD5 hash's, I thought they were Des based.
From what I can see Crack on ly works (by default) on Des based encryption which would seem to be one of the problems that I have. Jack has been running non-stop since 10 this morning and still hasnt cracked all of my passwords (only 3) So I think I can safely assume that thier relatively strong. Thanks Dai |
All times are GMT -5. The time now is 01:18 PM. |