Results 1 to 9 of 9

Thread: How to retrieve users password?

  1. #1
    Join Date
    Sep 2008
    Location
    Slovenia
    Posts
    335

    Default How to retrieve users password?

    Hi everyone. I wonder if anyone knows a way to retrieve the current normal user's password. I know I can change it via yast, but I would like to know what is it, before doing that. Any suggestion welcome

  2. #2
    ab@novell.com NNTP User

    Default Re: How to retrieve users password?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Nope.... not normally. Passwords are stored using a hash.

    Good luck.





    arcull wrote:
    > Hi everyone. I wonder if anyone knows a way to retrieve the current
    > normal user's password. I know I can change it via yast, but I would
    > like to know what is it, before doing that. Any suggestion welcome
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.9 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iQIcBAEBAgAGBQJJrEmJAAoJEFl00+q2r0YpkzwP/36QcGzbijJvUc5Tu9JS+ZSC
    iyOHdn5Hmy1Z+krXGx0xC7Tl7IVdBOvHMkPPfXqnhUR07ulTFOewrFqTBlxQkDfp
    Do04IxwHXblFWt7VWex2tA2GdM4pR8gM+9pNzluePreWYGDGUIFJ22BPBmFi+I6c
    U85IZO7rYzvVbyC74PzbMdQ2AylBz2X5QTgginXOBau4P4DCZsy1Md80Kb45FekU
    a8tigBtCeHqjFgbC/FVS4KnjT+X4pQaMGMChAKg7D1QVpU33KWeJvCCzFVY6F+X4
    mV2Dr/OtrmkvmScjCwvoUWL44glacwcP8Hgx2UxB179o9y6Rb/R+Jrzjjhx0z5wi
    r63zgiLsu/erUKDt2TmfhGRLs8nYfh7z9CQgcLYwvOemiC6YBRuVh0ZZ+mTErwMu
    woP4PMDaxkvRJkURW+qDEPFnGZ04yKSN5jb4oCLpXm+7fhkF2OKQVs6zGLz3W2bw
    OEM2hgyAjglk0BmUXCM3DgwfI186qJLIdN7s0OIbU3iAzjzETIssuMQVkST5SNyR
    el83u77rPRXuEzOLZkr89F+D7x3PvKspByqPeIOLWTQPx1R7zo0x/uK/jCHWmpKw
    jJGtS0eMW8sxYnbgJUzDhsovulQSXyf6B6Z9pPp6cjJukHooFT7bhP5037YTaxFa
    fBJPN8rx4vF996RjdUG0
    =S+Dy
    -----END PGP SIGNATURE-----

  3. #3
    Join Date
    Sep 2008
    Location
    Slovenia
    Posts
    335

    Default Re: How to retrieve users password?

    ok, is there a way to get them back from hash, like on mysql?

  4. #4
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: How to retrieve users password?

    No, what you are asking for is to crack the hash. That's computationally expensive, although if the password is weak, it may fail to a dictionary attack. I'll leave it to you to look up resources for that, I'm not going to teach you how to crack passwords.

    Just change it to a new password and move on.

  5. #5
    ab@novell.com NNTP User

    Default Re: How to retrieve users password?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Brute force you can do anything, but that's hardly a great solution.
    Why do you need to know the old password just to change it to a new
    password? I didn't think you could retrieve MySQL's passwords from a
    hash.... have a doc?

    Good luck.





    arcull wrote:
    > ok, is there a way to get them back from hash, like on mysql?
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.9 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iQIcBAEBAgAGBQJJrFK+AAoJEFl00+q2r0YpXWcP/AxIv8xr1fkEaJz/NQW/MWtB
    W4BmySg+e9XcXrlYFuq+TRr20930/mdkSm1X8aykakZpW/m5fI6I+yDqpSKsNcqr
    Z2xznvGwktSerQZ+5baftics4dAQB+K8qcxyiIHyZ+tk5+d87tH3dbqlrrOzbHu1
    IkZPEBD6M0Tcoa2elbZ9sfCR/ZXv0+sRCbQCBfblZJ9tNv8awgeWoUEqtzjKDmW0
    3g8fcPp+e7t3mt/ShwC4NkuHder9fZtxcmvPAvqPBaxY2mKtipH9SBAKHPpQE+8+
    niUTz5rcY47HlSqS9EWVmIHk99VxTZI/3A4PeeYmGTOBviJn3irtMGYzDrv5r1J4
    cM0Rw3H0u45YMkw1iKD7ruv2ub2QvwHNJH2+hC0VzEmb8MjN5UuCj9TbTUBxSr77
    hddWkSzrTSVSSYX3HTIst59Ji2MsQwPy4QCN+PN/p0b2k99Trmw5wCazflzbq95k
    KL0JrHtVcU5aDAvmvapRe1M/JwOzmUB8S6jA1V3KsWmROlqCD3Fs3D0tiRUH7ZDs
    2g4xTt7SJcySQZxBOSMD5+MoBladjsuEZIk4YsBGGDnRCObPWQaHWL4vthW190ol
    euIDY/zRJRiByQUKl2ugbiD4/LhyR6ixOSSuIOp5o6PNwH8h+gX7N7ZsvfBykuVx
    8dP153VI+hW7ZgxM4QwY
    =YNd8
    -----END PGP SIGNATURE-----

  6. #6
    Join Date
    Jun 2008
    Location
    Frisco, TX
    Posts
    1,233

    Default Re: How to retrieve users password?

    On Mon, 2009-03-02 at 21:36 +0000, arcull wrote:
    > ok, is there a way to get them back from hash, like on mysql?
    >
    >


    Only by brute force. If it's a weak password, won't take long
    at all... use something like John the Ripper (john). But if
    it's a relatively strong password, could takes weeks, months, years,
    etc. AND that's if it's a DES hash... if it's blowfish or md5,
    probably not worth your time (opensuse defaults to blowfish I believe).





  7. #7
    Join Date
    Sep 2008
    Location
    Slovenia
    Posts
    335

    Default Re: How to retrieve users password?

    Thanks for replies. I don't intend to crack anyone's password. It's everything about my pc, and I'm the only user on it. The reason for trying to do this is, when I installed Oracle XE 10g it did create a new user named Oracle by it self. Ok that does not bother me at all, but I would like to make sure no one could abuse such accounts when trying to hack to my computer. That's why I would like to check it's password, to see if it's strong enough. But since that isn't so easy, I gues I'll uninstall Oracle and put on another pc which is not intended to accept connections from outside my network. Thanks anyway.
    I didn't think you could retrieve MySQL's passwords from a
    hash.... have a doc?
    no you can't, sorry, that's was misinformation from my colleague

  8. #8
    ab@novell.com NNTP User

    Default Re: How to retrieve users password?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Don't trust your colleague. If they told you the Oracle user had a
    password they are also wrong there. This may be a good chance to
    encourage providing more information in the future. When Oracle creates
    an account it typically sets it up with no password so you cannot login
    as that user at all. It also typically sets the account to be disabled
    by setting the default login shell to /bin/false (vs. /bin/bash or some
    other valid shell) in the /etc/passwd file. You can confirm the
    password is non-existent by looking in /etc/shadow (requires 'root'
    privileges) and you should see that the 'oracle' user has a hash of just
    something like an '!' character.

    Good luck.







    arcull wrote:
    > Thanks for replies. I don't intend to crack anyone's password. It's
    > everything about my pc, and I'm the only user on it. The reason for
    > trying to do this is, when I installed Oracle XE 10g it did create a new
    > user named Oracle by it self. Ok that does not bother me at all, but I
    > would like to make sure no one could abuse such accounts when trying to
    > hack to my computer. That's why I would like to check it's password, to
    > see if it's strong enough. But since that isn't so easy, I gues I'll
    > uninstall Oracle and put on another pc which is not intended to accept
    > connections from outside my network. Thanks anyway. > I didn't think you could retrieve MySQL's passwords from a
    >> hash.... have a doc? no you can't, sorry, that's was misinformation from my colleague

    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.9 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iQIcBAEBAgAGBQJJrTQdAAoJEFl00+q2r0Yph1UP/2ml/oVDMntAkx4GGCW4YV2H
    97125ji9cDito+NYb25Nlksz9SPlfPgzdx6cU0xYrewLFDS8AlaCra9GM8OuZHPF
    nLUWXgVDSCL+E0uyY7Uecma1RGdCcr9k2aG57wTZyNbaFmO0Wp49Bpjy1hwJ/bbU
    nTTykQt2wCAudiqTtpUnGtsdV6YRTfIy/+XdG7DCeyci9c+E8iKMVkZhknfEbaFn
    YLgqlmJ20c08vIrxg7ahmpUszC61n4BG3L6QP7/bimd76A6XnDdJqPbRtA9w/J2o
    ndAB0SYc8BhPJYhbIJsazm4rb9w60nzzEUOL+/Qpet9/SSKWDw8Rn6qROMpTzdu5
    pMceUDX8cW4avsLLQDYM4GZYc79q7b4Tzdvbc4qIt6ogLYqjx1L+DG+hyLoUp9kW
    I0tV0zbYkqtE9wnmqpMBV0I2Gm7vZ18lfwqnz4SEn0FjdZwg3HmavZ+OVJPKdF72
    B8X+bfsNg3YSWb6yzKPGLWSscKWz83NPPCzpe6sInzKU1adOAIdcNNhDkDuLvgmA
    J1QSXdzSGnXZNIkXW4lHGdzjEqWJzQt66Ufk2cK/L1uKXNEUEIRBM8dw7I5uLLcd
    QGZD/wyE1PqfFyEHkp/uwlvY+3KMqvnL4zPUF7qPtbFMvu07UFEztLvS1w/L8WBV
    cMoyzMgFttB6fK2EA9gP
    =kJbg
    -----END PGP SIGNATURE-----

  9. #9
    Join Date
    Sep 2008
    Location
    Slovenia
    Posts
    335

    Default Re: How to retrieve users password?

    When Oracle creates
    an account it typically sets it up with no password so you cannot login
    as that user at all. It also typically sets the account to be disabled
    by setting the default login shell to /bin/false
    I wouldn't be so sure about that, it may depend on selections during setup of oracle or any additional changes,... I don't remember which ticks I have turned on and which I haven't during setup, probably I've just left the default settings...however in my case that isn't so.
    Code:
    egrep 'oracle' /etc/passwd
    returns
    Code:
    oracle:x:1003:1001::/usr/lib/oracle/xe:/bin/bash
    meaning the oracle user has a valid shell.
    You can confirm the
    password is non-existent by looking in /etc/shadow (requires 'root'
    privileges) and you should see that the 'oracle' user has a hash of just
    something like an '!' character
    in my case hash of oracle residing in /etc/shadow is not empty at all, looking at the length of it, it is similar to that of user I use to log in to suse. Ok, I won't mess up with this hashes anymore, I'll just uninstall xe 10g and delete it's user. Thanks for your help.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •