Greetings, Due to the recent outpouring of DU buffer overflows I thought the following might be of interest. With the Enhanced Security package running, authentication info is stored in individual files according to username. In this case /tcb/files/auth/r/root for root and so on. I am not aware of any built in method for creating the equivalent of your everyday unix /etc/shadow file. As a result it is probable that many DU systems have not weeded out poor choices for passwords through the use of a program such as Crack since each encrypt is stored in a separate file. Though trivial once root is compromised, a would be attacker might have an easy time obtaining passwords because of this "feature". The program below outputs a crackable shadow file. Regards, James Clement ----dushad.c---- /* Digital Unix 4.x get encrypts from protected password database(s). Must be euid(0), compile with cc dushad.c -lsecurity -o dushad Written by James Clement - clem7508at_private */ #include <sys/types.h> #include <sys/security.h> #include <prot.h> struct pr_passwd *getprpwent(void); void main(){ struct pr_passwd *p; set_auth_parameters(); while (p = getprpwent()) { printf("%s:%s:%d:::\n", p->ufld.fd_name, p->ufld.fd_encrypt, p->ufld.fd_uid); } } ----end----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:25 PDT