Find Trivial Passwords
Eric Aubery
ena at pyramid.UUCP
Sat Feb 9 06:10:53 AEST 1985
Here's a little shell script and program that test to see if any of the
users on your system are joes. A joe is defined as someone who uses their
login name as their password. The joes will be identified as being
NOT SECURE. I was amazed that on all the systems I tried there was always
at least one joe. On some there were as many as 20% joes. The shell scripts
are identified as ATT for Bell derivatives, BSD for Berkely derivatives,
and PYR for Pyramid dual universe systems. Well actually there all pretty
similar.
Format is shar archive:
+++++++++++++++++++++++++ CUT HERE +++++++++++++++++++++++++++++++++++++
# -------- joetest.ATT --------
echo extracting file joetest.ATT
cat \<\< THE_END \> joetest.ATT
# /bin/sh
TMP1=/tmp/jt$$
PSWD=${1-"/etc/passwd"}
cut -d: -f1,2 $PSWD > $TMP1
ed - $TMP1 <<!
1,\$s/:/ /
w
q
!
cat $TMP1 | while read PASS SEED
do
echo "$PASS \c"
RESULT="`makekey $SEED $PASS`"
if [ \( $? -eq 0 \) -a \( "$RESULT" = "$PASS $SEED" \) ]
then
echo NOT SECURE
else
echo SECURE
fi
done
rm $TMP1
THE_END
# -------- joetest.BSD --------
echo extracting file joetest.BSD
cat \<\< THE_END \> joetest.BSD
# /bin/sh
TMP1=/tmp/jt$$
PSWD=${1-"/etc/passwd"}
#cut -d: -f1,2 $PSWD > $TMP1
cp $PSWD $TMP1
chmod 777 $TMP1
ed - $TMP1 <<!
1,\$s/^\\(.*:.*\\):.*:.*:.*:.*:.*\$/\\1/
1,\$s/:/ /
w
q
!
cat $TMP1 | while read PASS SEED
do
# echo "$PASS \c"
echo -n $PASS
RESULT="`makekey $SEED $PASS`"
if [ \( $? -eq 0 \) -a \( "$RESULT" = "$PASS $SEED" \) ]
then
echo NOT SECURE
else
echo SECURE
fi
done
rm $TMP1
THE_END
# -------- joetest.PYR --------
echo extracting file joetest.PYR
cat \<\< THE_END \> joetest.PYR
# /bin/sh
TMP1=/tmp/jt$$
PSWD=${1-"/etc/passwd"}
att cut -d: -f1,2 $PSWD > $TMP1
ed - $TMP1 <<!
1,\$s/:/ /
w
q
!
cat $TMP1 | while read PASS SEED
do
att echo "$PASS \c"
RESULT="`makekey $SEED $PASS`"
if [ \( $? -eq 0 \) -a \( "$RESULT" = "$PASS $SEED" \) ]
then
echo NOT SECURE
else
echo SECURE
fi
done
rm $TMP1
THE_END
# -------- makekey.c --------
echo extracting file makekey.c
cat \<\< THE_END \> makekey.c
#include <stdio.h>
char *crypt();
main(argc,argv)
char *argv[];
{
char key[80];
char *salt;
int i,yes;
if( argc < 3 ) {
/* fprintf(stderr,"Usage makekey salt key\n"); */
exit(1);
}
salt = argv[1];
yes = 0;
for(i=0;i<8;i++)
if(yes || argv[2][i] == '\0') {
key[i] = '\0';
yes++;
}
else
key[i] = argv[2][i];
printf("%s %s\n",key, crypt(key, salt));
return(0);
}
THE_END
echo Done with extraction
--
Eric N. Aubery pyramid!ena
{ dual }!pyramid!ena
Pyramid Technology Corporation, Mtn. View Califonia
More information about the Comp.sources.unix
mailing list