[TUHS] Recovered /etc/passwd files

Norman Wilson norman at oclsc.org
Wed Oct 9 04:38:43 AEST 2019

Back in the heyday of uucp, some sites were lazy and allowed
uucico access to any file in the file system (that was accessible
to the uucp user).  A common ploy for white hats and black hats
was to try
	uucp remotesys!/etc/passwd ~/remotesys
or the like, and see what came in and whether it had any easy
hashes (shadow password files didn't quite exist yet).

The system known to the uucp world as research! was more
careful: / was mapped to /usr/spool/uucp.  We left a phony
etc/passwd file there, containing plausible-looking entries
with hashes that, if cracked, spelled out


I don't remember whether anyone ever stole it by uucp, though
I think Bill Cheswick used it to set up the phony system
environment for Berferd to play in (Google for `cheswick berferd'
if you don't know the story).

Norman Wilson
Toronto ON

More information about the TUHS mailing list