Date: Thu, 3 Aug 2006 16:39:57 -0600 From: "Jeff Scott" <jeff (at mark) skislave.com> Subject: [coba-e:06194] Re: Password Program To: <coba-e (at mark) bluequartz.org> Message-Id: <200608032241.k73MfCM2032455 (at mark) wb1.tier3.us> In-Reply-To: <eb471b0a0608011929n5ae6fa7ct58aa4036d6b57dee (at mark) mail.gmail.com> X-Mail-Count: 06194Kinda related.but, I mentioned this before, I'd like to see BQ move to the scponly shell as an option for users. It allows the use of chrooted scp, without ssh access. That way, we'd at least have a path to start to get users off ftp, and reduce the concerns of ssh attacks (at least on normal users). I don't know enough about BQ programming to do this.. Jeff _____ From: Kevin Gingerich [mailto:kevin.gingerich (at mark) gmail.com] Sent: Tuesday, August 01, 2006 8:30 PM To: coba-e (at mark) bluequartz.org Subject: [coba-e:06174] Re: Password Program That worked. Thanks! On 7/31/06, Adam Crews <adam.crews (at mark) gmail.com> wrote: I've never had a raq4, so I'm not sure. Things to try: If you are not running the commands as root, that may be the problem. also, simply check to see if there is an /etc/shadow file with the encrypred passwords in it. If there is, then copy /etc/passwd and /etc/shadow to your ripper directory and use the unshadow util that comes with the ripper program. -Adam On 7/31/06, Kevin Gingerich <kevin.gingerich (at mark) gmail.com> wrote: > > That works great for me Adam! I found 3 users with matching passwords. Is > there anyway to generate a password file on a Raq4? I tried but the > password hash was replaced with an 'x'? > > > > > On 7/29/06, Adam Crews < <mailto:adam.crews (at mark) gmail.com> adam.crews (at mark) gmail.com> wrote: > > I use http://www.openwall.com/john/ > > > > To generate the list of passwords to use I do: > > perl -e "while( (at mark) pw=getpwent()){print join(':', (at mark) pw).\"\n\"; }" > > > passwd_list && chmod 600 passwd_list > > > > then run the 'john' binary on the passwd_list > > > > I have set it up to send nasty grams to people with passwords that are > > found quickly. > > > > I also use http://www.csc.liv.ac.uk/~greg/sshdfilter/ to > block against > > dictionary attacks on ssh. This of course does not prevent dictionary > > attacks on pop, imap, or other protocols, but those seem to be far > > less common than ssh attacks. > > > > -Adam > > > > On 7/29/06, Robbert Hamburg < rhamburg (at mark) xs4all.nl <mailto:rhamburg (at mark) xs4all.nl> > wrote: > > > Billy Lenox wrote: > > > > Does anyone know of a program that can run on the BlueQuartz CentOS > > > > computer that only root can run to check security and make sure that > > > > the users are using strong passwords that are not in a dictionary? > > > > > > > > Billy > > > I would be interested in the same tool ! > > > I know that michael stauber made a tool for it some time ago, > > > unfortunately it is not on his site anymore. > > > > > > If i find something i will post it here. > > > > > > ROb > > > > > > > > > > > > -- > > > ----------------------------------------------------------------- > > Shroom.net Donation Based Web Hosting > > http://www.shroom.net/ > > > ----------------------------------------------------------------- > > > > > > -- ----------------------------------------------------------------- Shroom.net Donation Based Web Hosting http://www.shroom.net/ -----------------------------------------------------------------6194_2.html (attatchment)(tag is disabled)