이 소스는 간단히 현재 사용자명과 암호가 같은 경우를 검출하는 것입니다.
즉, 사용자명이 "test" 인데 암호도 "test"이면 딱 걸립니다.
사전식 및 조합식으로 암호를 역 추출하는 예제도 함께 있습니다.
테스트하실때는 "root" 유저로 로그인해서 하셔야 한다는것 잊지마세요.
첨부파일 참고.
관련글:
http://blog.naver.com/minzkn/60019724785
http://www.joinc.co.kr/modules.php?op=modload&name=Forum&file=viewtopic&topic=31254&forum=1
https://bbs.minzkn.com/viewtopic.php?p=466#466
https://bbs.minzkn.com/viewtopic.php?t=438
hash 를 이용한 방법
pwentry.tar.gz즉, 사용자명이 "test" 인데 암호도 "test"이면 딱 걸립니다.
사전식 및 조합식으로 암호를 역 추출하는 예제도 함께 있습니다.
테스트하실때는 "root" 유저로 로그인해서 하셔야 한다는것 잊지마세요.
첨부파일 참고.
관련글:
http://blog.naver.com/minzkn/60019724785
http://www.joinc.co.kr/modules.php?op=modload&name=Forum&file=viewtopic&topic=31254&forum=1
https://bbs.minzkn.com/viewtopic.php?p=466#466
https://bbs.minzkn.com/viewtopic.php?t=438
| 코드: |
| /* Copyright (C) Information Equipment co.,LTD All rights reserved. Code by JaeHyuk Cho <mailto:minzkn@infoeq.com> CVSTAG="$Header$" */ #include <sys/types.h> #include <stdio.h> #include <string.h> #include <pwd.h> #include <shadow.h> #include <unistd.h> #include <crypt.h> int main(void) { struct passwd *s_password_entry; struct spwd *s_shadow_entry; size_t s_pwdp_size; char s_salt[13]; const char *s_crypt; setpwent(); do { s_password_entry = getpwent(); if(s_password_entry == ((struct passwd *)0))break; #if 0 /* DEBUG */ (void)fprintf(stdout, "name=\"%s\", passwd=\"%s\", uid=%u, gid=%u, gecos=\"%s\", dir=\"%s\", shell=\"%s\"\n", s_password_entry->pw_name, s_password_entry->pw_passwd, (unsigned int)s_password_entry->pw_uid, (unsigned int)s_password_entry->pw_gid, s_password_entry->pw_gecos, s_password_entry->pw_dir, s_password_entry->pw_shell ); #endif setspent(); do { s_shadow_entry = getspent(); if(s_shadow_entry == ((struct spwd *)0))break; if(strcmp(s_password_entry->pw_name, s_shadow_entry->sp_namp) == 0) { s_pwdp_size = strlen(s_shadow_entry->sp_pwdp); s_salt[0] = '\0'; if(s_pwdp_size > ((size_t)0)) { if(s_shadow_entry->sp_pwdp[0] == '$') { if((s_pwdp_size > ((size_t)12)) && (s_shadow_entry->sp_pwdp[2] == '$') && (s_shadow_entry->sp_pwdp[11] == '$')) { (void)memcpy((void *)(&s_salt[0]), (void *)(&s_shadow_entry->sp_pwdp[0]), (size_t)12); s_salt[12] = '\0'; } } else if(s_pwdp_size > ((size_t)2)) { (void)memcpy((void *)(&s_salt[0]), (void *)(&s_shadow_entry->sp_pwdp[0]), (size_t)2); s_salt[2] = '\0'; } } s_crypt = crypt(s_shadow_entry->sp_namp, (char *)(&s_salt[0])); #if 0 /* DEBUG */ (void)fprintf(stdout, "\tpwdp=\"%s\", lstchg/min/max/warn/inact/expire/flag=%ld/%ld/%ld/%ld/%ld/%ld/%08lXH\n\tcrypt=\"%s\"\n", s_shadow_entry->sp_pwdp, (long)s_shadow_entry->sp_lstchg, (long)s_shadow_entry->sp_min, (long)s_shadow_entry->sp_max, (long)s_shadow_entry->sp_warn, (long)s_shadow_entry->sp_inact, (long)s_shadow_entry->sp_expire, (unsigned long)s_shadow_entry->sp_flag, s_crypt); #else if(strcmp(s_shadow_entry->sp_pwdp, s_crypt) == 0)(void)fprintf(stdout, "%s (%s) account detected\n", s_password_entry->pw_name, s_password_entry->pw_dir); #endif break; } }while(1); endspent(); (void)fflush(stdout); }while(1); endpwent(); (void)memset((void *)(&s_salt[0]), 0, sizeof(s_salt)); return(0); } /* vim: set expandtab: */ /* End of source */ |
hash 를 이용한 방법
| 코드: |
/* Copyright (C) Information Equipment co.,LTD All rights reserved. Code by JaeHyuk Cho <mailto:minzkn@infoeq.com> CVSTAG="$Header$" */ #include <sys/types.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <pwd.h> #include <shadow.h> #include <unistd.h> #include <crypt.h> #include "hash.h" #define def_pwentry_debug (1) struct ts_shadow { struct ts_shadow *next; char *namp; char *pwdp; char *crypt; }; struct ts_shadow * (load_shadow)(struct ts_mzapi_hash *s_hash) { struct ts_shadow *s_shadow = (struct ts_shadow *)0, *s_new; struct spwd *s_spwd; size_t s_pwdp_size; char s_salt[13]; setspent(); do { s_spwd = getspent(); if(s_spwd == ((struct spwd *)0))break; s_new = (struct ts_shadow *)malloc((size_t)sizeof(struct ts_shadow)); if(s_new == ((struct ts_shadow *)0))continue; s_new->next = s_shadow; s_new->namp = strdup(s_spwd->sp_namp); s_new->pwdp = strdup(s_spwd->sp_pwdp); s_pwdp_size = strlen(s_spwd->sp_pwdp); s_salt[0] = '\0'; if(s_pwdp_size > ((size_t)0)) { if(s_spwd->sp_pwdp[0] == '$') { if((s_pwdp_size > ((size_t)12)) && (s_spwd->sp_pwdp[2] == '$') && (s_spwd->sp_pwdp[11] == '$')) { (void)memcpy((void *)(&s_salt[0]), (void *)(&s_spwd->sp_pwdp[0]), (size_t)12); s_salt[12] = '\0'; } } else if(s_pwdp_size > ((size_t)2)) { (void)memcpy((void *)(&s_salt[0]), (void *)(&s_spwd->sp_pwdp[0]), (size_t)2); s_salt[2] = '\0'; } } s_new->crypt = strdup(crypt(s_spwd->sp_namp, (char *)(&s_salt[0]))); s_shadow = s_new; (void)s_hash->add(s_hash, s_hash->function(s_hash, (void *)s_spwd->sp_namp, strlen(s_spwd->sp_namp)), (void *)s_new); }while(1); endspent(); return(s_shadow); } struct ts_shadow * (free_shadow)(struct ts_shadow *s_shadow) { struct ts_shadow *s_prev; while(s_shadow != ((struct ts_shadow *)0)) { s_prev = s_shadow; s_shadow = s_shadow->next; if(s_prev->crypt != ((char *)0))free((void *)s_prev->crypt); if(s_prev->pwdp != ((char *)0))free((void *)s_prev->pwdp); if(s_prev->namp != ((char *)0))free((void *)s_prev->namp); free((void *)s_prev); } return((struct ts_shadow *)0); } int main(void) { struct ts_mzapi_hash *s_shadow_hash; struct ts_shadow *s_shadow, *s_this; struct passwd *s_passwd; struct ts_mzapi_hash_node *s_hash_node; s_shadow_hash = mzapi_open_hash(256); if(s_shadow_hash != ((struct ts_mzapi_hash *)0)) { s_shadow = load_shadow(s_shadow_hash); if(s_shadow != ((struct ts_shadow *)0)) { setpwent(); do { s_passwd = getpwent(); if(s_passwd == ((struct passwd *)0))break; s_hash_node = s_shadow_hash->search_by_key(s_shadow_hash, s_shadow_hash->function(s_shadow_hash, (void *)s_passwd->pw_name, strlen(s_passwd->pw_name))); while(s_hash_node != ((struct ts_mzapi_hash_node *)0)) { s_this = (struct ts_shadow *)s_hash_node->vector; if(strcmp(s_passwd->pw_name, s_this->namp) == 0)break; s_hash_node = s_shadow_hash->next_search(s_shadow_hash, s_hash_node); } if(s_hash_node == ((struct ts_mzapi_hash_node *)0))continue; if(strcmp(s_this->pwdp, s_this->crypt) != 0)continue; (void)fprintf(stdout, "warning: \x1b[1;31m%s\x1b[0m (%s) account detected\n", s_passwd->pw_name, s_passwd->pw_dir); }while(1); endpwent(); s_shadow = free_shadow(s_shadow); } else (void)fprintf(stdout, "error: shadow\n"); s_shadow_hash = mzapi_close_hash(s_shadow_hash); } else (void)fprintf(stdout, "error: hash\n"); return(0); } /* vim: set expandtab: */ /* End of source */ |
댓글을 달아 주세요