[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] RaQ4-View all site usernames/passwords
- Subject: Re: [cobalt-users] RaQ4-View all site usernames/passwords
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Sun Jan 5 17:54:54 2003
- Organization: nobaloney.net
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Bruce Timberlake wrote:
> The passwords are only stored (encrypted) in /etc/passwd- (shadow
> file), so you'd have to parse that with a root-permission script, but
> you wouldn't get any meaningful passwords that way...
The shadow file is /etc/shadow, Bruce, not /etc/passwd-.
Fwiw, I just created a binary of "John the Ripper" that'll work on a
RaQ4. Should I put it into my ftp server, or just make it available on
request?
Running "John the Ripper" against your shadow file is a GOOD thing...
it'll let you see how many of your clients use easy-to-guess passwords.
If anyone wants a copy, until/unless I decide to make it available by
anonymous ftp, write me for it... but please don't use jblists (my
mailing address for lists); instead follow the link in my sig; you'll
reach me a lot more quickly that way.
Thanks!
Jeff
--
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA 92517 US
Internet & Unix/Linux/Sun/Cobalt Consulting +1 909 778-9980
Our jblists address used on lists is for list email only
To contact us offlist: "http://www.nobaloney.net/contactus.html";