On Thu, Nov 29, 2007 at 08:40:59AM -0800, Brian LaMere wrote:
I don't want to try a dictionary attack on a hash, I want to try a *single word*. Of course, there's thousands of hashes I need to check, so I'm looking at perl. Issue is that a certain "default" password has been used where I work for a couple decades, and I need to find what accounts are still using it.
Perhaps something like John the Ripper <http://www.openwall.com/john/> could be configured to just use a very small dictionary.
I've tried Crypt::Cracklib, but GTry doesn't give me the same hash with the salt (first 2 chars still, right?) plus string. I've tried Crypt::PasswdMD5, but again - if I set a password, knowing what it is, then use those two functions to create a hash, the hash isn't the same as what is in the password file. So clearly, either I'm wrong about the salt, or something else is going on. Anyone have suggestions?
For MD5 passwords, there are several fields separated by dollar signs. One page suggests that the salt is base-64 encoded, so you would have to decode that before giving it to the password attempt. I'm surprised that isn't part of the API on the module, though. The TCL man page suggests that the salt is just the characters between the dollar signs (after the $1$ indicating an MD5 password). Dave -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
