[TriLUG] how to unshadow

Ryan Leathers Ryan.Leathers at globalknowledge.com
Mon Nov 4 14:50:57 EST 2002


Thanks for the quick responses to my post.  I wound up doing it by hand
since the *conv tools were not available on the system.
In answer to an earlier question (Jeremy I think) this was needed for a
network security course where students were cracking passwords using
john.
The target box in the exercise got shadowized and this caused a problem
for the less unix savvy students.  Great irony huh.

Ryan 

-----Original Message-----
From: Jon Carnes [mailto:jonc at nc.rr.com]
Sent: Monday, November 04, 2002 1:45 PM
To: trilug at trilug.org
Subject: Re: [TriLUG] how to unshadow

No you are right (well at least they can't be recovered easily).

All that pwunconv does is move the current encrypted password from a
field in /etc/shadow over to the appropriate field in /etc/passwd.  It
doesn't decrypt the password.

You use the file /etc/shadow to store the passwords because it has
limited rights (only the system and root can read the file). The
/etc/passwd file is readable by everyone and everything on your system.

Jon Carnes

On Mon, 2002-11-04 at 13:32, Jeff Bollinger wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I guess I was wrong, but I thought that because of the Salt on the
> passwords and one-way encryption, that once they were shadowed the
> plaintext password could not be recovered?
>
> Thanks,
> Jeff
>
> Jon Carnes wrote:
> | On Mon, 2002-11-04 at 13:04, Ryan Leathers wrote:
> |
> |>
> |>Quick one I hope - - - im in a pinch - how do I unshadow my passwd
> |>    Is there a shell script - do I have to do it by hand - or is
> |>there a passwd argument
> |>
> |
> |
> | pwunconv:
> | NAME
> |        pwconv,  pwunconv,  grpconv,  grpunconv  - convert to and
from
> | shadow
> |        passwords and groups.
> |
> | SYNOPSIS
> |        pwconv
> |        pwunconv
> |        grpconv
> |        grpunconv
> |
> | DESCRIPTION
> |   These four programs all operate on the normal and shadow password
and
> |   group  files: /etc/passwd, /etc/group, /etc/shadow, and
/etc/gshadow.
> |
> |   pwconv creates shadow from passwd and an optionally existing
shadow.
> |   pwunconv  creates  passwd  from  passwd  and  shadow and then
removes
> |   shadow.  grpconv creates gshadow from group and an optionally
exist
> |   ing gshadow.  grpunconv creates group from group and gshadow and
then
> |   removes gshadow.
> |
> |   Each program acquires the necessary locks before conversion.
> |
> |   pwconv and grpconv are similiar.  First, entries in the shadowed
file
> |   which  don't  exist  in  the  main  file are removed.  Then,
shadowed
> |   entries which don't have `x' as the password in  the  main  file
are
> |   updated.  Any missing shadowed entries are added.  Finally,
passwords
> |   in the main file are replaced with `x'.  These programs can  be
used
> |   for  initial  conversion  as  well to update the shadowed file if
the
> |   main file is edited by hand.
> |
> |   pwconv will use  the  values  of  PASS_MIN_DAYS,  PASS_MAX_DAYS,
and
> |   PASS_WARN_AGE   from  /etc/login.defs  when  adding  new  entries
to
> |   /etc/shadow.
> |
> |   Likewise, pwunconv and grpunconv are similiar.  Passwords in the
main
> |   file  are updated from the shadowed file.  Entries which exist in
the
> |   main file but not in the shadowed file are left alone.  Finally,
the
> |   shadowed file is removed.
> |
> |   Some password aging information is lost by pwunconv.  It will
convert
> |   what it can.
> |
> | _______________________________________________
> | TriLUG mailing list
> |     http://www.trilug.org/mailman/listinfo/trilug
> | TriLUG Organizational FAQ:
> |     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
>
> - --
> Jeff Bollinger
> University of North Carolina
> IT Security Analyst
> 105 Abernethy Hall
> mailto: jeff_bollinger at unc dot edu
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.0 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE9xr1BvoVlxVBmgsURAhdRAKCQtnKd8o7vztR+NR8fQdoHYTJicwCfa4er
> jwB8Oou6bHtdw0KOdD6d59s=
> =mbaS
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> TriLUG mailing list
>     http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
>     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html


_______________________________________________
TriLUG mailing list
    http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ:
    http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3061 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20021104/ff688e75/attachment.bin>


More information about the TriLUG mailing list