Results 1 to 12 of 12
  1. #1
    Join Date
    Aug 2002
    Location
    Hong Kong
    Posts
    417

    how to decrypt password used in linux?

    i have this password for a mailbox after encryption: HmLTpXCJJ/NMc

    i find that even the same password e.g. abc123 used for different mailboxes would become different after encryption!!

    if i wanna write a custom script, or just by adding some records in the corresponding files, to create a mailbox and retrieve emails in pop3 using authentication, how do i generate such password using a say perl/php script? is there a shell command to encrypt password?

    i have no idea about it.

    thanks

  2. #2
    Join Date
    Jan 2001
    Posts
    58
    Hello lwknet,

    At least in perl: http://www.perldoc.com/perl5.6/pod/func/crypt.html

  3. #3
    Join Date
    Oct 2002
    Location
    Tel-Aviv, Israel
    Posts
    433
    I'm lost. Did you want to decrypt or encrypt?
    You can't decrypt, unixs encryption works only one way.
    You can encrypt with crypt(). I belive there's a crypt.c that you can compile and use on the net.
    Uadm.com - Unix Administration, Security and Support.
    http://www.uadm.com
    "Unix is user friendly; it's just picky about who its friends are."

  4. #4
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    you have to bruteforce JTR can do it
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  5. #5
    Join Date
    Feb 2004
    Posts
    1,226
    they may look different because linux add a "random seed"
    when you look at /etc/shadow you'll see lines like:

    username:$1$bslLald$a9Kajs1A/aRE2cJralze0:12510::::::

    what's between the $1$ and $ is the seed (bslLald) and between $ and : is the hash (a9Kajs1A/aRE2cJralze0)

    you must combine the (decrypted) password with the "seed" (i don't remember how to do it, but AFAIK perl has a crypt function that can be used) to generate the hash

  6. #6
    Join Date
    Dec 2001
    Location
    NYC, NY
    Posts
    798
    what you do is run a it through a list of passwords.. like

    abc123
    abc1234
    admin
    password
    john

    then it takes the hash and then crypts the password with the hash and compars the entry in /etc/shadow with what it came up with.. if they match.. then you have a valid password.

  7. #7
    Join Date
    Nov 2003
    Posts
    58

    Seed

    A 'seed' plays an important role when encrypting passwords. There are a set number of 'seeds' for encrypting algorithms to choose from. I forgot the exact number but if you encrypt the same string enough times (usually less than 500 ?) you would begin to see duplication.

    This makes it harder to crack at a very minor performance loss when verifying passwords.

  8. #8
    Join Date
    Aug 2002
    Location
    Hong Kong
    Posts
    417
    i ALREADY have this password encrypted: "HmLTpXCJJ/NMc"
    and i KNOW the original password to be say: "abc123"

    now if i want to verify "abc123" matches "HmLTpXCJJ/NMc", i need a SEED in the crypt process to make it work, like
    if(crypt($seed,'abc123') eq 'HmLTpXCJJ/NMc'){
    #do sth...
    }

    so...where is the seed i can get to verify an already encrypted password?

    thanks

  9. #9
    Join Date
    Feb 2004
    Posts
    1,226
    Originally posted by lwknet
    i ALREADY have this password encrypted: "HmLTpXCJJ/NMc"
    and i KNOW the original password to be say: "abc123"

    now if i want to verify "abc123" matches "HmLTpXCJJ/NMc", i need a SEED in the crypt process to make it work, like
    if(crypt($seed,'abc123') eq 'HmLTpXCJJ/NMc'){
    #do sth...
    }

    so...where is the seed i can get to verify an already encrypted password?

    thanks
    scroll up a little and read my post

  10. #10
    Join Date
    Aug 2002
    Location
    Hong Kong
    Posts
    417
    sorry i finally get it work,

    $crypted=crypt('password','seed');
    if($crypted eq crypt('password',$crypted)){
    print 'it works';
    }

    but still can't get the mailbox auth

  11. #11
    Join Date
    Jul 2003
    Location
    Kuwait
    Posts
    5,099
    For DES encryption, the "salt" is the first two characters.

    In PHP (assuming DES encryption is used) :

    PHP Code:
    $encrypted_text "HmLTpXCJJ/NMc";
    if (
    crypt("abc123",substr($encrypted_text,0,2)) == "abc123") { echo "matched"; } 
    In order to understand recursion, one must first understand recursion.
    If you feel like it, you can read my blog
    Signal > Noise

  12. #12
    Join Date
    Jun 2003
    Posts
    673
    fyrestrtr, in that if statement, you need to compare against the encrypted string rather than the cleartext version.

    http://us3.php.net/manual/en/function.crypt.php also recommends passing the entire encrypted string to the crypt() function rather than just trying to pass the hash (that way it'll handle MD5 as well).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •