On Mon, 3 Jun 2002, Praedor Tempus wrote: > > Yeah, ok, but what about the actual password? I just took a look at my > /etc/passwd file and naturally saw nothing. The passwords are stored in my > /etc/shadow file, which is encrypted. You may be able to simply append > someone to /etc/passwd but what about giving that someone a password? It > wouldn't be trivial to create a password to be appended to the shadow file. > I believe you'd need to know the random seed, etc, to create the appropriate > encrypted version of the desired password for this new UID 0 user. >
The passwd file (or shadow file for that matter), is encrypted using a standard crypt function. You don't need the original root password to append entries to the shadow file once you have access to the filesystem. In perl you could use the crypt-passwd module. In c there's a crypt function to which you pass the salt and the passwd to encrypt. I.e., the passwd is one that you provide. crypt() will return the hash. You could also create the hash on another machine and cut and paste it if you don't want to go through the trouble. If you don't want to do this, once you have the passwd hash you can even try brute-forcing the password. But this would be unnecessary if all you wanted was root or a login ID.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
