[TUHS] Recovered /etc/passwd files
tj at enoti.me
Sun Oct 6 04:05:04 AEST 2019
On Thu, Oct 03, 2019 at 09:30:31PM +0200, Leah Neukirchen wrote:
> Finn O'Leary <finnoleary at inventati.org> writes:
> > Hi, I remember that someone had recovered some ancient /etc/passwd files
> > and had decrypted(?) them, and I remember reading that either ken or
> > dmr's
> > password was something interesting like './,..,/' (it was entirely
> > punctuation characters, was around three different characters in
> > total, and
> > was pretty damn short). I've tried to find this since, as a friend was
> > interested in it, and I cannot for the life of me find it!
> I did this once, but I never managed to crack all of them.
> It was bwk who used /.,/.,
> My findings (from https://github.com/dspinellis/unix-history-repo/blob/BSD-3-Snapshot-Development/etc/passwd):
> But I never managed to crack ken's password with the hash
> ZghOT0eRm4U9s, and I think I enumerated the whole
> 8 letter lowercase + special symbols key space.
> The uncracked ones are:
> ozalp:m5syt3.lB5LAE:40:10:& Babaoglu,4156423806:/usr/ozalp:/bin/csh
> hpk:9ycwM8mmmcp4Q:9:10:Howard Katseff,2019495337:/usr/staff/hpk:/bin/csh
> tbl:cBWEbG59spEmM:10:10:Tom London,2019492006:/usr/staff/tbl
> ken:ZghOT0eRm4U9s:52:10:& Thompson:/usr/staff/ken
> fabry:d9B17PTU2RTlM:305:10:Bob &,4156422714:/usr/staff/fabry:/bin/csh
I pointed my FreeBSD build machine at the password file, but it didn't
manage many guesses a second (55000 per core with 48 cores, using john).
I asked a friend to point their GPU rig at the password file. It is a
MSI Graphics Card R9 290X and is doing about 255MHashes/Second using
hashcat. He is going to do the alphanumeric space and then call it a
"for hashcat, 80s DES crypt is -m 1500"
More information about the TUHS