After thinking about the crypt function, salts, etc... would it not be
possible to do this:
1) obtain the source for the crypt function.
2) obtain by whatever method, the hashed/encrypted/whatever password from
/etc/shadow.
3) reverse the technique in the crypt function, then apply that to the
string obtained from /etc/shadow using salt #1
4) repeat step 3 for each of the 4096 (??) salts.
would that leave you with 4096 possible passwords to try at login? maybe
use a telnet script of some kind somehow?
The above is only an Idea I thought of on the toilet (of all places..
sheesh). would it work?
Michael Beattie ([EMAIL PROTECTED])
PGP Key available, reply with "pgpkey" as subject.
-----------------------------------------------------------------------------
Bother! said Pooh, as the Klingons opened fire.
-----------------------------------------------------------------------------
Debian GNU/Linux.... Ooohh You are missing out!
