Saturday, March 5, 2011

[Level 3] Knowing the Unix encrypt password.

Follow the below steps to know the encrypt password.

1. add new user "testpwd":
# useradd testpwd

2. set password to "mypass":
# passwd testpwd
Enter new UNIX password: [mypass]
Retype new UNIX password: [mypass]
passwd: password updated successfully

3. get encrypt password:
# grep ^testpwd /etc/shadow
testpwd:$6$qPApAmPP$.EyjXo6y2NVpxrlng1r.OHiQi8XTC/PCFdQ22Y7cxfk5KlZu3DOxyNA3W.78jMYD.ipyJLoS1TH01/HuEBjBE0:15037:0:99999:7:::
PS. The meaning of the encrypt.
$id$salt$encrypted, string terminated by "$"
ID | Method
────────────────────────────────────────────────── ───────
1 | MD5
2a | Blowfish (not in mainline glibc; added in some Linux distributions)
5 | SHA-256 (since glibc 2.7)
6 | SHA-512 (since glibc 2.7)

4. get command "mkpasswd":
# apt-get -y install mkpasswd

5. reproduce the encrypt password:
# mkpasswd -m sha-512 mypass qPApAmPP
$6$qPApAmPP$.EyjXo6y2NVpxrlng1r.OHiQi8XTC/PCFdQ22Y7cxfk5KlZu3DOxyNA3W.78jMYD.ipyJLoS1TH01/HuEBjBE0

Wish this helps.
regards,
Stanley Huang