Skip to content

Commit

Permalink
shadow: improved shadow module
Browse files Browse the repository at this point in the history 
- check for read access instead of being root; permissions could be misconfigured
- skip !! hashes, they are disabled on RHEL-like systems
- more intuitive output ordering
- removed outdated comment about SHA-512 being used on all modern computers (yescrypt it is)
  • Loading branch information
@exploide
exploide committed Aug 6, 2023
1 parent 457f9d2 commit 3b58592
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions Linux/lazagne/softwares/sysadmin/shadow.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ def dictionary_attack(self, user, crypt_pwd):
'1': 'MD5',
'2': 'Blowfish',
'5': 'SHA-256',
'6': 'SHA-512', # Used by all modern computers
'6': 'SHA-512',
}

# For Debug information
Expand Down Expand Up @@ -63,16 +63,16 @@ def dictionary_attack(self, user, crypt_pwd):
return False

def run(self):
# Need admin privilege
if os.getuid() == 0:
shadow_file = '/etc/shadow'
if os.access(shadow_file, os.R_OK):
pwd_found = []
with open('/etc/shadow', 'r') as shadow_file:
with open(shadow_file, 'r') as shadow_file:
for line in shadow_file.readlines():
user_hash = line.replace('\n', '')
line = user_hash.split(':')

# Check if a password is defined
if not line[1] in ['x', '*', '!']:
if not line[1] in ['x', '*', '!', '!!']:
user = line[0]
crypt_pwd = line[1]

Expand All @@ -84,8 +84,8 @@ def run(self):
else:
# No clear text password found - save hash
pwd_found.append({
'Login': user_hash.split(':')[0].replace('\n', ''),
'Hash': ':'.join(user_hash.split(':')[1:]),
'Login': user_hash.split(':')[0].replace('\n', '')
})

return pwd_found

0 comments on commit 3b58592

Please sign in to comment.