Test Join combined dictionary to crack a Linux password-vulnerability warning-the black bar safety net

2009-09-03T00:00:00
ID MYHACK58:62200924512
Type myhack58
Reporter 佚名
Modified 2009-09-03T00:00:00

Description

The test environment, the RHEL5 system, The system root account a self-built account icnpunk one.

[root@localhost run]# ./ unshadow /etc/passwd /etc/shadow > /tmp/passwd

[root@localhost run]# vim /tmp/passwd

Delete not used rows, leaving only the need to hack the account:

root:$1$aUXH7Z3Y$fec8RLXoAkEdn41UmvMYj.: 0:0:root:/root:/bin/bash icnpunk:$1$CmzD3ab0$qp. JmpXa8d3IIBYrltWDb/:5 0 0:5 0 0::/home/icnpunk:/bin/bash

I joined their real password to password. lst file.

[root@localhost run]# echo 1 2 3 4 5 6 7 >> password. lst

[root@localhost run]# ./ john –wordlist=password. lst /tmp/passwd Loaded 2 password hashes with 2 different salts (FreeBSD MD5 [32/32]) 1 2 3 4 5 6 7 (root) 1 2 3 4 5 6 7 (icnpunk) guesses: 2 time: 0:0 0:0 0:0 1 1 0 0% c/s: 5 9 2 0 trying: 1 2 3 4 5 6 7

The crack is successful