There is a tool called "john the ripper" that can be used to recover passwords.
http://www.openwall.com/john/ The encryption used on the passwords on a cobalt box is one way, this can be seen in the file /etc/shadow. The way John works is to take a word, encrypt it, and compare the results to the encrypted password. If they match, you have the password. John comes with a dictionary and does a fair amount of morphing, ie adding 1 to the end of a word. It will then attempt standard brute force techniques It will work at a speed of about 50,000 tries per second on a 800Mhz desktop. If the users have special characters in their password, and may take many decades to break the password, but easy ones will pop out pretty quickly. Given that you want this for users that may forget their passwords, chances are their passwords won't be to complex. You should copy both the /etc/passwd and /etc/shadow files onto fast secure system ( ideally utilising 'air gap' technology) and use John to join both the files and then crack them. Not sure if this is what you after, I hope it helps. Jacob. On Thu, 2002-01-17 at 09:12, Ilmars Knipshis wrote: > Hello Bigwig, > > The best way is to keep passwords separately on a local computer. > > I use simple in Delfi written programm to keep passwords sorted by > usernames or site names and to be able to search in. > > If there is an interest I can share with it. > > Ilmars. > Wednesday, January 16, 2002, 11:29:51 AM, you wrote: > > BS> Is there any way that i can get a list of usernames and passwords for all > BS> the users on my site. We are running a small ISP and have just moved to > BS> some new RAQ4's, quite often people tend to forget their passwords and we > BS> are never able to tell them their old one we can only change it to > BS> something new. This can get a quite annoying when you have to do it > BS> several times a day and would be much easier solved if we had access to all > BS> their current access details from one interface, like on our old servers. > > BS> Any thoughts much appreciated > > BS> Mark Unsworth > BS> Technical Support > BS> Presbury Group > > > BS> --- > BS> Outgoing mail is certified Virus Free. > BS> Checked by AVG anti-virus system (http://www.grisoft.com). > BS> Version: 6.0.314 / Virus Database: 175 - Release Date: 11/01/02 > > > BS> _______________________________________________ > BS> cobalt-developers mailing list > BS> [EMAIL PROTECTED] > BS> http://list.cobalt.com/mailman/listinfo/cobalt-developers > > > > -- > Regards, > Ilmars mailto:[EMAIL PROTECTED] > > _______________________________________________ > cobalt-developers mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-developers > _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers
