PDA

View Full Version : Password file


cosine
09-22-2004, 04:48 PM
Hey where is the password file for 10.3.5. /etc/passwd does not seem to contain my passwords and there is no /etc/shadow file?

B-Zero
09-22-2004, 11:05 PM
Everything is stored in the Netinfo database. Applications -> Utilities -> Netinfo Manager Go to users and you'll be able to "see" the password there.

cosine
09-23-2004, 03:08 AM
Netinfo manager does not show me the hash it simply says ;ShadowHash;
while I can't think of any reason someone would legitamately want to do this besides why I did it (a corse in computer security) or maybe you forgot your password and lost you cd and you key board busted, I suppose you could write a scirpt to automate this for migrating a system....
My assignment was to run john the ripper on a passwd file either from a windows box or unix box, long story short the password hashes are hidden by OS X and are not in a /etc/passwd file or in a /etc/shadow file the passwd file looks like this:

nobody:*:-2:-2:Unprivileged User:/nohome:/noshell
root:********:0:0:System Administrator:/var/root:/bin/tcsh
daemon:*:1:1:System Services:/var/root:/noshell
smmsp:*:25:25:Sendmail User:/private/etc/mail:/noshell
www:*:70:70:World Wide Web Server:/Library/WebServer:/noshell
mysql:*:74:74:MySQL Server:/nohome:/noshell
sshd:*:75:75:sshd Privilege separation:/var/empty:/noshell
unknown:*:99:99:Unknown User:/nohome:/noshell


Where a single star means disabled and multiple stars means the hash is hidden by OS X. The hases are actually kept in the
/var/db/shadow/hash directory (/private/var/db/shadow/hash)
Under the generateduid of each user as the file name, there is the hash for the user.
I'll do this by hand and leave it up to you to automate it:

/Application/Utilities/NetInfo Manager
in the application go to users/user_name/
copy down the generateduid
in terminal
su
type in your root password
cd /var/db/shadow/hash
more generateduid_you_copied_down_from_netinfo
copy the text it spits out

cd /etc
open passwd
or use vi or what ever editor you want
replace the ******* with the first 32 characters of the hash you copied
from /var/db/shadow/hash
then hit semi colon and put in the next 32 digits of that bunch of stuff you
copied from /var/db/shadow/hash


example:
Stuff you copied from /var/db/shadow/hash
2D20D252A479F485CDF5E171D93985BF598DDCE2660D3193AAD3B435B51404EEIOSMDOICNUD03484N9C8N98NDC98WNE9NSD9N


root:********:Blah:blah:blah
root:2D20D252A479F485CDF5E171D93985BF:598DDCE2660D3193AAD3B435B51404EE:Blah:blah:blah

make sure its all on one line though
will do thanks,

Oh and any and all created for this should go to one dimbulb

ajp
09-23-2004, 01:14 PM
be careful with that. if i read correctly its not and md5 or sha1 hash. its the NTLM hash that is used for samba. and its very weak. the part you discarded is the sha1 hash.