Monday, November 08, 2010
Anu
Password shadowing is a securitysystem where the encrypted password field of /etc/passwd is replaced with aspecial token and the encrypted password is stored in a separate file which isnot readable by normal system users.
On older systems, password shadowingwas often defeated by using a program that made successive calls to getpwent()to obtain the entire password file.
Example (Fully programming "C"):
Where can I find the passwordfile if it's shadowed?
| Unix | Path | Token |
| AIX 3 and AIX 4 | /etc/security/passwd | ! |
| or | /tcb/auth/files/<first letter of username>/<username> | # |
| A/UX 3.0s | /tcb/files/auth/?/* | |
| BSD4.3-Reno | /etc/master.passwd | * |
| ConvexOS 10 | /etc/shadpw | * |
| ConvexOS 11 | /etc/shadow | * |
| DG/UX | /etc/tcb/aa/user/ | * |
| EP/IX | /etc/shadow | x |
| HP-UX | /.secure/etc/passwd | * |
| IRIX 5 | /etc/shadow | x |
| Linux 1.1 | /etc/shadow | * |
| OSF/1 | /etc/passwd[.dir|.pag] | * |
| SCO Unix 3.2.x | /tcb/auth/files/<first letter of username>/<username> | * |
| SunOS4.1+c2 | /etc/security/passwd.adjunct | ##username |
| SunOS 5.0 / Solaris 2.x | /etc/shadow | |
| | <optional NIS+ private secure | maps> |
| System V Release 4.0 | /etc/shadow | x |
| System V Release 4.2 | /etc/security/* database | |
| Ultrix 4 | /etc/auth[.dir|.pag] | * |
| UNICOS | /etc/udb | * |
Enjoy hacking...
Posted in
0 comments:
Post a Comment