iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (0)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Upgrading your password hash
  • chroniccommand
    Posts: 1,389
    Most *nix hashes usually use md5 hashes by default. This can be a bit of a security issue. MD5 can be cracked depending on your password in a matter of hours or days. Of course you don't want your hash to be cracked, do you? The purpose of this short tutorial is to guide you through the steps of securing your password hash so it's stronger. I'll be running an Arch Linux box, and I'll show you how to make your hash into SHA512.

    Step one
    First you must edit the /etc/pam.d/passwd file. Open it in your favorite editor as root.
    sudo nano /etc/pam.d/passwd

    You will get a file like this:

    #%PAM-1.0
    #password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
    #password	required	pam_unix.so md5 shadow use_authtok
    password	required	pam_unix.so md5 shadow nullok

    See the last ling? Take out md5 and replace it with sha512.
    Example:

    #%PAM-1.0
    #password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
    #password	required	pam_unix.so md5 shadow use_authtok
    password	required	pam_unix.so sha512 shadow nullok


    Step two
    Now we need to edit another file. /etc/default/passwd
    This is what it will look like when you open it in an editor:

    # This file contains some information for
    # the passwd (1) command and other tools 
    # creating or modifying passwords.

    # Define default crypt hash
    # CRYPT={des,md5,blowfish}
    CRYPT=des

    # Use another crypt hash for group passwowrds.
    # This is used by gpasswd, fallback is the CRYPT entry.
    # GROUP_CRYPT=des


    # We can override the default for a special service
    # by appending the service name (FILES, YP, NISPLUS, LDAP)

    # for local files, use a more secure hash. We
    # don't need to be portable here:
    CRYPT_FILES=blowfish
    # sometimes we need to specify special options for
    # a hash (variable is prepended by the name of the
    # crypt hash).
    BLOWFISH_CRYPT_FILES=5

    # For NIS, we should always use DES:
    CRYPT_YP=des

    Just change the CRYPT=des line to CRYPT=sha512 like so:

    # This file contains some information for
    # the passwd (1) command and other tools 
    # creating or modifying passwords.

    # Define default crypt hash
    # CRYPT={des,md5,blowfish}
    CRYPT=sha512

    # Use another crypt hash for group passwowrds.
    # This is used by gpasswd, fallback is the CRYPT entry.
    # GROUP_CRYPT=des


    # We can override the default for a special service
    # by appending the service name (FILES, YP, NISPLUS, LDAP)

    # for local files, use a more secure hash. We
    # don't need to be portable here:
    CRYPT_FILES=blowfish
    # sometimes we need to specify special options for
    # a hash (variable is prepended by the name of the
    # crypt hash).
    BLOWFISH_CRYPT_FILES=5

    # For NIS, we should always use DES:
    CRYPT_YP=des


    Step 3
    Now that your encryption standard is set to sha512 you need to rehash your password. To do so, just type:
    passwd

    This will ask for a new UNIX password. Just redo your password and it should be in SHA512 :)

    NOTE: Not every system has this option.
    --chroniccommand
  • _st4ck3D*
    Posts: 83
    Nice and helpful guide.
  • Sh3llc0d3
    Posts: 1,910
    Nice tutorial, will be using this on a VPS, so thanks :)
Add a Comment