[TUHS] Recovered /etc/passwd files

Arthur Krewat krewat at kilonet.net
Wed Oct 9 03:38:42 AEST 2019 

I have some more out of this list, but not sure if I should send them or 
not. Ken's has not been cracked - yet.

ozalp:m5syt3.lB5LAE:40:10:& Babaoglu,4156423806:/usr/ozalp:/bin/csh

hpk:9ycwM8mmmcp4Q:9:10:Howard Katseff,2019495337:/usr/staff/hpk:/bin/csh

tbl:cBWEbG59spEmM:10:10:Tom London,2019492006:/usr/staff/tbl

ken:ZghOT0eRm4U9s:52:10:& Thompson:/usr/staff/ken

fabry:d9B17PTU2RTlM:305:10:Bob &,4156422714:/usr/staff/fabry:/bin/csh





On 10/5/2019 2:05 PM, Tom Jones wrote:
> On Thu, Oct 03, 2019 at 09:30:31PM +0200, Leah Neukirchen wrote:
>> Finn O'Leary <finnoleary at inventati.org> writes:
>>
>>> Hi, I remember that someone had recovered some ancient /etc/passwd files
>>> and had decrypted(?) them, and I remember reading that either ken or
>>> dmr's
>>> password was something interesting like './,..,/' (it was entirely
>>> punctuation characters, was around three different characters in
>>> total, and
>>> was pretty damn short). I've tried to find this since, as a friend was
>>> interested in it, and I cannot for the life of me find it!
>> I did this once, but I never managed to crack all of them.
>> It was bwk who used /.,/.,
>>
>> My findings (from https://github.com/dspinellis/unix-history-repo/blob/BSD-3-Snapshot-Development/etc/passwd):
>>
>> gfVwhuAMF0Trw:dmac
>> Pb1AmSpsVPG0Y:uio
>> ymVglQZjbWYDE:/.,/.,
>> c8UdIntIZCUIA:bourne
>> AAZk9Aj5/Ue0E:foobar
>> E9i8fWghn1p/I:apr1744
>> IIVxQSvq1V9R2:axolotl
>> 9EZLtSYjeEABE:network
>> P0CHBwE/mB51k:whatnot
>> Nc3IkFJyW2u7E:...hello
>> olqH1vDqH38aw:sacristy
>> 9ULn5cWTc0b9E:sherril.
>> N33.MCNcTh5Qw:uucpuucp
>> FH83PFo4z55cU:wendy!!!
>> OVCPatZ8RFmFY:cowperso
>> X.ZNnZrciWauE:5%ghj
>> IL2bmGECQJgbk:pdq;dq
>> 4BkcEieEtjWXI:jilland1
>> 8PYh/dUBQT9Ss:theik!!!
>> lj1vXnxTAPnDc:sn74193n
>>
>> But I never managed to crack ken's password with the hash
>> ZghOT0eRm4U9s, and I think I enumerated the whole
>> 8 letter lowercase + special symbols key space.
>>
>> The uncracked ones are:
>>
>> ozalp:m5syt3.lB5LAE:40:10:& Babaoglu,4156423806:/usr/ozalp:/bin/csh
> m5syt3.lB5LAE:12ucdort
>
>> hpk:9ycwM8mmmcp4Q:9:10:Howard Katseff,2019495337:/usr/staff/hpk:/bin/csh
>> tbl:cBWEbG59spEmM:10:10:Tom London,2019492006:/usr/staff/tbl
>> ken:ZghOT0eRm4U9s:52:10:& Thompson:/usr/staff/ken
>> fabry:d9B17PTU2RTlM:305:10:Bob &,4156422714:/usr/staff/fabry:/bin/csh
> I pointed my FreeBSD build machine at the password file, but it didn't
> manage many guesses a second (55000 per core with 48 cores, using john).
>
> I asked a friend to point their GPU rig at the password file. It is a
> MSI Graphics Card R9 290X and is doing about 255MHashes/Second using
> hashcat. He is going to do the alphanumeric space and then call it a
> day.
>
>      "for hashcat, 80s DES crypt is -m 1500"
>
> - [tj]
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20191008/73ac0600/attachment.html>

More information about the TUHS mailing list