Re: [cobalt-security] How do we shadow these passwords?

["Mark Baker - Cobalt Lists" <cobalt@xxxxxxxxxxxxxxxxxx>]

Erm Rod, you've just given out ALL your passwords I think and usernames!

Anyone could decode that and get the correct password. I think!!

Regards,

Mark Baker
Dark Marketing Ltd
http://www.yoursitehere.co.uk

Reply e-mail: mark@xxxxxxxxxxxxxxxxxx
----- Original Message -----
From: Rod Todd <rodd_todd_1999@xxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Thursday, October 05, 2000 4:27 PM
Subject: [cobalt-security] How do we shadow these passwords?


> Hello, we need to find a way to shadow these passwords
> we think.
> When we do this : vi /etc/htpasswd
>
> We receive this:
>
> admin:3HbEKpCib5w8c
> HOME:*
> Greg:ZpEHawEPyAfQc
> mitch:fL/M22A4/gbJ6
> snax:98Ss4LdDcCPIw
> bob:T3BWT9JW0GbF.
> support:iF/8NUOzAe6og
> johnny:K8a9B9b902P/k
> harry:oECTlev52ykKk
> esupport:K9NtmtaRV0kIk
> coolio:z86Z.gvt1cOB2
> validation:9z1nQce4QCsX6
> info:mcJ1A1w.sRjXI
> sales:0xcNvMx0J8Ze2
> pr:jrIiXwm7GO3Hc
> ceo:ZiAs4sdXXp6cs
> cfo:cKrXF0/9RP/0I
> admin.staff:qWxEjZYJurSOM
> joe:AWYRapFeaEgx.
> bobby:Axb843DCwgDhQ
> sam:6zcuB/8MJqZ76
> sally:fkLs/0pe7roT2
> george:AiEpFsf9lXFmc
> jim:3XTLonGzlSZlY
> bobo:sj.APoPhqEmfg
> larry:lKdHCu4TqzF6.
> della:e0SIbGCAgqDzg
> sammy:V0HIVLYSvLrrE
> david:IHm.VZ/rOQOdY
> happy:pCPDrfNPlUIds
> henry:OMfidHmsu.PDM
> joey:rq0ZsbcDiWckI
> will:moSogH5pBn/Nk
> geo:pawLpohw4FQos
> al:fpvgkoeyHwCU2
> ho:68FNKkdlA/IK2
>
>
> When we do this : vi /etc/htpasswd.OLD
>
> We get this:
>
> admin:n4xe2tZ/8r6Gg
> HOME:*
>
> When we do this: vi /etc/passwd
>
> We receive this:
>
> root:3HbEKpCib5w8c:0:0:Root:/root:/bin/sh
> bin:x:1:1:bin:/bin:
> daemon:x:2:2:daemon:/sbin:
> adm:x:3:4:adm:/var/adm:
> lp:x:4:7:lp:/var/spool/lpd:
> sync:x:5:0:sync:/sbin:/bin/sync
> shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
> halt:x:7:0:halt:/sbin:/sbin/halt
> mail:x:8:12:mail:/var/spool/mail:
> news:x:9:13:news:/var/spool/news:
> uucp:x:10:14:uucp:/var/spool/uucp:
> operator:x:11:0:operator:/root:
> games:x:12:100:games:/usr/games:
> gopher:x:13:30:gopher:/usr/lib/gopher-data:
> ftp:x:14:50:FTP User:/home/ftp:
> httpd:x:15:11:httpd:/home/httpd:
> squid:x:16:16:Squid Cache:/home/squid:
> nobody:x:99:99:Nobody:/:
> admin:3HbEKpCib5w8c:110:100:greenLine:/home/users/admin:/bin/bash
> HOME:x:111:100:home anonymous FTP
> user:/home/groups/home/ftp:/bin/bash
> jeo:ZpEHawEPyAfQc:118:100:R:/home/users/jeo:/bin/bash
> mitch:fL/M22A4/gbJ6:119:100:Mitch:/home/users/mitch:/bin/bash
> snax:98Ss4LdDcCPIw:120:100:snax:/home/users/snax:/bin/bash
> bob:T3BWT9JW0GbF.:121:100:bob:/home/users/bob:/bin/bash
> support:iF/8NUOzAe6og:122:100:
> Support:/home/users/support:/bin/bash
> johnny:K8a9B9b902P/k:123:100:johnny:/home/users/johnny:/bin/bash
> harry:oECTlev52ykKk:124:100:harry:/home/users/harry:/bin/bash
>
>
> When we do this: vi /etc/passwd-
>
> We receive this:
>
> root:O0EaLbg8orLgM:0:0:Root:/root:/bin/sh
> bin:*:1:1:bin:/bin:
> daemon:*:2:2:daemon:/sbin:
> adm:*:3:4:adm:/var/adm:
> lp:*:4:7:lp:/var/spool/lpd:
> sync:*:5:0:sync:/sbin:/bin/sync
> shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown
> halt:*:7:0:halt:/sbin:/sbin/halt
> mail:*:8:12:mail:/var/spool/mail:
> news:*:9:13:news:/var/spool/news:
> uucp:*:10:14:uucp:/var/spool/uucp:
> operator:*:11:0:operator:/root:
> games:*:12:100:games:/usr/games:
> gopher:*:13:30:gopher:/usr/lib/gopher-data:
> ftp:*:14:50:FTP User:/home/ftp:
> httpd:*:15:11:httpd:/home/httpd:
> squid:*:16:16:Squid Cache:/home/squid:
> nobody:*:99:99:Nobody:/:
> admin:O0EaLbg8orLgM:110:100:greenLine:/home/users/admin:/bin/bash
> HOME:*:111:100:home anonymous FTP
> user:/home/groups/home/ftp:/bin/bash
> chip:hmiXv.Vh2MtMQ:500:500::/home/chip:/bin/bash
>
>
> When we do this : vi /etc/passwd.master
>
> We receive this:
>
> root:JBhhWODYfbRvY:0:0:root:/root:/bin/bash
> bin:*:1:1:bin:/bin:
> daemon:*:2:2:daemon:/sbin:
> adm:*:3:4:adm:/var/adm:
> lp:*:4:7:lp:/var/spool/lpd:
> sync:*:5:0:sync:/sbin:/bin/sync
> shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown
> halt:*:7:0:halt:/sbin:/sbin/halt
> mail:*:8:12:mail:/var/spool/mail:
> news:*:9:13:news:/var/spool/news:
> uucp:*:10:14:uucp:/var/spool/uucp:
> operator:*:11:0:operator:/root:
> games:*:12:100:games:/usr/games:
> gopher:*:13:30:gopher:/usr/lib/gopher-data:
> ftp:*:14:50:FTP User:/home/ftp:
> httpd:*:15:11:httpd:/home/httpd:
> squid:*:16:16:Squid Cache:/home/squid:
> nobody:*:99:99:Nobody:/:
>
> We we do this: vi /etc/passwd.OLD
>
> We receive this :
>
> root:x:0:0:Root:/root:/bin/sh
> bin:x:1:1:bin:/bin:
> daemon:x:2:2:daemon:/sbin:
> adm:x:3:4:adm:/var/adm:
> lp:x:4:7:lp:/var/spool/lpd:
> sync:x:5:0:sync:/sbin:/bin/sync
> shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
> halt:x:7:0:halt:/sbin:/sbin/halt
> mail:x:8:12:mail:/var/spool/mail:
> news:x:9:13:news:/var/spool/news:
> uucp:x:10:14:uucp:/var/spool/uucp:
> operator:x:11:0:operator:/root:
> games:x:12:100:games:/usr/games:
> gopher:x:13:30:gopher:/usr/lib/gopher-data:
> ftp:x:14:50:FTP User:/home/ftp:
> httpd:x:15:11:httpd:/home/httpd:
> squid:x:16:16:Squid Cache:/home/squid:
> nobody:x:99:99:Nobody:/:
> admin:x:110:100:greenLine:/home/users/admin:/bin/bash
> HOME:x:111:100:home anonymous FTP
> user:/home/groups/home/ftp:/bin/bash
> chip:x:500:500::/home/chip:/bin/bash
>
> When we do this: vi /etc/smbpasswd
>
> We receive this:
>
> # This is Samba's encrypted password file
> # It stores LANMAN and NT password hashes
> # This file *must* be mode 0600
>
admin:110:C96EA9AD38D6AEA506A12F6F9D41898F:65E381D3A0B9492D3BBF60482FDACE84:
greenLine:/home/users/admin:/bin/bash
> .....
>
> Also, we can not su - from admin with the GUI admin
> password; nor can we SSH in with the root/admin
> passwords.  Any clues?
> Warm Regards,
> RT
>
>
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free!
> http://photos.yahoo.com/
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security