[TUHS] Recovered /etc/passwd files

Tom Jones tj at enoti.me
Sun Oct 6 04:05:04 AEST 2019 

On Thu, Oct 03, 2019 at 09:30:31PM +0200, Leah Neukirchen wrote:
> Finn O'Leary <finnoleary at inventati.org> writes:
> 
> > Hi, I remember that someone had recovered some ancient /etc/passwd files
> > and had decrypted(?) them, and I remember reading that either ken or
> > dmr's
> > password was something interesting like './,..,/' (it was entirely
> > punctuation characters, was around three different characters in
> > total, and
> > was pretty damn short). I've tried to find this since, as a friend was
> > interested in it, and I cannot for the life of me find it!
> 
> I did this once, but I never managed to crack all of them.
> It was bwk who used /.,/.,
> 
> My findings (from https://github.com/dspinellis/unix-history-repo/blob/BSD-3-Snapshot-Development/etc/passwd):
> 
> gfVwhuAMF0Trw:dmac
> Pb1AmSpsVPG0Y:uio
> ymVglQZjbWYDE:/.,/.,
> c8UdIntIZCUIA:bourne
> AAZk9Aj5/Ue0E:foobar
> E9i8fWghn1p/I:apr1744
> IIVxQSvq1V9R2:axolotl
> 9EZLtSYjeEABE:network
> P0CHBwE/mB51k:whatnot
> Nc3IkFJyW2u7E:...hello
> olqH1vDqH38aw:sacristy
> 9ULn5cWTc0b9E:sherril.
> N33.MCNcTh5Qw:uucpuucp
> FH83PFo4z55cU:wendy!!!
> OVCPatZ8RFmFY:cowperso
> X.ZNnZrciWauE:5%ghj
> IL2bmGECQJgbk:pdq;dq
> 4BkcEieEtjWXI:jilland1
> 8PYh/dUBQT9Ss:theik!!!
> lj1vXnxTAPnDc:sn74193n
> 
> But I never managed to crack ken's password with the hash
> ZghOT0eRm4U9s, and I think I enumerated the whole
> 8 letter lowercase + special symbols key space.
> 
> The uncracked ones are:
> 
> ozalp:m5syt3.lB5LAE:40:10:& Babaoglu,4156423806:/usr/ozalp:/bin/csh

m5syt3.lB5LAE:12ucdort

> hpk:9ycwM8mmmcp4Q:9:10:Howard Katseff,2019495337:/usr/staff/hpk:/bin/csh
> tbl:cBWEbG59spEmM:10:10:Tom London,2019492006:/usr/staff/tbl
> ken:ZghOT0eRm4U9s:52:10:& Thompson:/usr/staff/ken
> fabry:d9B17PTU2RTlM:305:10:Bob &,4156422714:/usr/staff/fabry:/bin/csh

I pointed my FreeBSD build machine at the password file, but it didn't
manage many guesses a second (55000 per core with 48 cores, using john). 

I asked a friend to point their GPU rig at the password file. It is a
MSI Graphics Card R9 290X and is doing about 255MHashes/Second using
hashcat. He is going to do the alphanumeric space and then call it a
day.

    "for hashcat, 80s DES crypt is -m 1500"

- [tj]

More information about the TUHS mailing list