On Nov 29, 2007 8:53 AM, David Brown <[EMAIL PROTECTED]> wrote: > On Thu, Nov 29, 2007 at 08:40:59AM -0800, Brian LaMere wrote: > >I don't want to try a dictionary attack on a hash, I want to try a > >*single word*. Of course, there's thousands of hashes I need to > >check, so I'm looking at perl. Issue is that a certain "default" > >password has been used where I work for a couple decades, and I need > >to find what accounts are still using it. > > Perhaps something like John the Ripper <http://www.openwall.com/john/> > could be configured to just use a very small dictionary.
I played around with this yesterday, and you can use "john --wordlist=<FILE> <PASSWORDFILE>", where <FILE> is just a text file with the password(s) you're checking against, one per line. Doing this on /etc/passwd and /etc/samba/smbpasswd on my lab's server revealed a few users who still hadn't changed their passwords from *our* initial assignment... thanks for the idea! -- Brad Beyenhof http://augmentedfourth.com Silence will save me from being wrong (and foolish), but it will also deprive me of the possibility of being right. ~ Igor Stravinsky -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
