| View previous topic :: View next topic |
| Author |
Message |
chrism
Guru
Joined: 15 Jul 2004
Posts: 526
|
 Posted: Wed Nov 02, 2005 8:34 pm Post subject: Trying to use JOHN to find weak passwords. |
 |
|
Hi,
I am trying to use john to detect weak passwords which allready have been set.
When I run I get:
Loaded 0 passwords, exiting...
Any help would be appreciated. Thanks Chris |
|
| Back to top |
|
 |
kashani
Advocate
Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
|
| Posted: Wed Nov 02, 2005 8:43 pm Post subject: |
|
|
That's probably because /etc/passwd contains no passwords. Try this instead
john /etc/shadow
kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
| Back to top |
|
|
chrism
Guru
Joined: 15 Jul 2004
Posts: 526
|
| Posted: Wed Nov 02, 2005 9:01 pm Post subject: |
|
|
What is /etc/passwd god for? What is the difference between /etc/shadow and /etc/passwd?
Thanks,
Chris |
|
| Back to top |
|
|
krolden
Apprentice
Joined: 28 May 2004
Posts: 293
Location: Belgium
|
| Posted: Wed Nov 02, 2005 9:27 pm Post subject: |
|
|
| yellowhippy wrote: | What is /etc/passwd god for? What is the difference between /etc/shadow and /etc/passwd?
Thanks,
Chris |
/etc/passwd = world readable
/etc/shadow = only readable by UID 0
Security reasons. If /etc/passwd would contain hashed passwds, anyone (i.e. any user) could just copy it, and crack it. That's why the passwd is kept in /etc/shadow.
The Shadow Suite has other features too, such as automatically locking out inactive accounts, etc.
Google for Shadow Suite if you want to learn more about it. |
|
| Back to top |
|
|
chrism
Guru
Joined: 15 Jul 2004
Posts: 526
|
| Posted: Wed Nov 02, 2005 9:50 pm Post subject: |
|
|
Thanks a lot.
Chris |
|
| Back to top |
|
|
chrism
Guru
Joined: 15 Jul 2004
Posts: 526
|
| Posted: Thu Dec 22, 2005 3:03 pm Post subject: |
|
|
Can John work with LDAP as well? Or how can find weak passwords in LDAP?
Thanks,
Chris |
|
| Back to top |
|
|
|
Networking & Security
