Linux old passwd file - reversing
Question
I'm currently trying to "hack" a linux embedded device. This device has a telnet daemon which is not supposed to be used. Anyway, I've taken the binary firmware from the manufacter website and have successfuly extracted the root filesystem. By the way, i have now the /etc/passwd file.
The passwd file looks like that :
root:{10 char long}:0:0:root:/bin:/bin/sh
My question is : What type of hash could it be ? a crypt() hash method would return a string of 13 char.
If I know the hash method, i could either bruteforce or replace it ...
Thank you very much
2 answers
solution1
6 2012-01-12 14:21:06
Usually the password hash contains the salt and used hashing algorithm. If the salt does not start with $ DES is used to encrypt the password.
Quoting from the crypt(3) manpage :
If salt is a character string starting with the characters "$id$" followed by a string terminated by "$":
$id$salt$encryptedthen instead of using the DES machine, id identifies the encryption method used and this then determines how the rest of the password string is interpreted. The following values of id are supported:
ID | Method --------------------------------------------------------- 1 | MD5 2a | Blowfish (not in mainline glibc; added in some | Linux distributions) 5 | SHA-256 (since glibc 2.7) 6 | SHA-512 (since glibc 2.7)
You should be able to set the password 'test' by inserting eg (md5 and empty salt):
$1$$098f6bcd4621d373cade4e832627b4f6
solution2
0 2012-01-12 18:58:10
You don't need to figure the format out by hand. Generally if you take the passwd file and pass it directly to John The Ripper it will auto-detect and brute force the password for you.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.