Password shadowing is a securitysystem where the encrypted password field of /etc/passwd is replaced with aspecial token and the encrypted password is stored in a separate file which isnot readable by normal system users.
On older systems, password shadowingwas often defeated by using a program that made successive calls to getpwent()to obtain the entire password file.
Example (Fully programming "C"):
Where can I find the passwordfile if it's shadowed?
Unix | Path | Token |
AIX 3 and AIX 4 | /etc/security/passwd | ! |
or | /tcb/auth/files/<first letter of username>/<username> | # |
A/UX 3.0s | /tcb/files/auth/?/* | |
BSD4.3-Reno | /etc/master.passwd | * |
ConvexOS 10 | /etc/shadpw | * |
ConvexOS 11 | /etc/shadow | * |
DG/UX | /etc/tcb/aa/user/ | * |
EP/IX | /etc/shadow | x |
HP-UX | /.secure/etc/passwd | * |
IRIX 5 | /etc/shadow | x |
Linux 1.1 | /etc/shadow | * |
OSF/1 | /etc/passwd[.dir|.pag] | * |
SCO Unix 3.2.x | /tcb/auth/files/<first letter of username>/<username> | * |
SunOS4.1+c2 | /etc/security/passwd.adjunct | ##username |
SunOS 5.0 / Solaris 2.x | /etc/shadow | |
| <optional NIS+ private secure | maps> |
System V Release 4.0 | /etc/shadow | x |
System V Release 4.2 | /etc/security/* database | |
Ultrix 4 | /etc/auth[.dir|.pag] | * |
UNICOS | /etc/udb | * |
Enjoy hacking...
0 comments:
Post a Comment