In the computer, we know there are 2 (two) type of computer user, namely: the computer administrator (root) and User usual.
What's the difference?
Tedapat difference in access to.
• computer Administrator (root):
If we enter (log in) as the administrator, we can make changes (edit) in the whole setting, including the computer to change the administrator password Because adminnya have access rights, namely: Read and Write (-r, w-,-rw)
• User usual:
as a regular user we only have Read access rights, namely, mean we can only read / see (r) setting on the computer but can not change it because they do not have access to it (w-,-rw) except adminnya allow.
In many cases, we often find there are many computers that administratornya terpassword either for the security reasons or because our niggardly that can not see, change and even copying the data on the computer hard drive. But do not be afraid, because it can help us on the other user accounts. If you enter as a "guest", under the terms of this will not be done because you can enter as a regular user.
Steps - steps are as follows:
1. Turn on the computer and use the entrance as the other users, all user accounts if it terpassword, please ask the owner to use the computer to allow it.
2. Open the Run menu by pressing "R windows."
3. Then type "cmd", so that the command propmpt it open.
4. Then type "net user" to the name of mngetahui from administratornya.
The core of this process is we must first know the User name administratornya. In the author's computer use, user name is administratornya is "Miliandri."
5. Once we find the name of the user administratornya, it is time we change the password administratornya by typing "net user Miliandri Mike" in the command prompt.
PS: Mike is the new password (the password we want).
6. Now the password has been successfully adminnya we change.
Now please log off the computer and was loginLah as with the admin password that has been our election.
7. "ARTICLES FOR THIS ONLY AS A LEARNING FOR NON damage." The author is not responsible for any kerusakkan that will happen.
8. For suggestions and criticism, please hub. Author's email address with: miliandri_mike_makassar@yahoo.co.id or http://www.miliandri.wordpress.com
Tampilkan postingan dengan label Password. Tampilkan semua postingan
Tampilkan postingan dengan label Password. Tampilkan semua postingan
Senin, 10 November 2008
Security
Shadow Passwords
By: Cygnus - Necromancer
In general technique "Shadow Password" in the bucket as follows:
For all entry in the directory '/ etc / passwd_file', that is encrypted password files moved to the other, such as'
/ etc / shadow '.
While the '/ etc / passwd' can be read by everyone in the system, 'etc / shadow' can only be read by the group
concerned, may even read only by the superuser. This is necessary to anticipate the list
encrypted password that the program be solved by the dictionary.
Ideas on the "information" (hiding information) is one of many techniques contained in the category
"Security through Obscurity". According to those communities LINUX, 2 opinions on the "Security through Obscurity", namely:
1. "It can help and can not be destroyed, then let us use it"
2. "In fact, can be destroyed, because he makes a wrong on security, and should not be used"
But there are many more people will be good from the shadow password, it will be raised from third-baikan shadow password. The main assumption when people use the system to the shadow password is that the use of this system promises that no one does not have the rights, will be able to see the password list.
But somehow, some people can make mistakes with the release list it. Perhaps the opponent (Adversary), which has root access before, with the "work" sysadmin on the right time, he will be able to obtain the information needed. Adversary may not be enough time to install the program "backdoor", but he can "fly wallop on the password file.
Or by making an error in the permissions settings from the 'etc / shadow,' or giving instructions "chmod ar / etc / *" without thinking involvement in the '/ etc / shadow'.
Or another possibility is that there is a security problem just after the correct use "CERT advisory," this will create a list of passwords will be read by anyone, too! And there are many ways to release the contents of the '/ etc / shadow', when we had to be an experienced sysadmin.
The problem with using the system as is the shadow password system will provide a sense of security (false sense of security). In this case, they will think that the list of passwords is secure and Protected. This often makes sense sysadmin lazy to use the method that is more superior, and more pro-active (pro-active method) to password protect their files.
The most easy and most inexpensive method on a pro-active way is the directory password swap. No other system is changed, - just change the position of the directory '/ bin / passwd'. There are several utility programs and UNIX to the default directory password swap, such as "Matt Bishop's passwd" from darmouth.edu: / pub / security and "Mark Henderson's ANLpasswd" from info.mcs.anl.gov: / pub / systems.
Basically, each one password to change, programs will compare with the previous dictionary (and to gecos field), this is similar to the way the program works ceacker. When users choose a password that "weak", a pro-active program will force users to change their password option.
Without using a program pro-active, we must also mengkawatirkan attacks on the program cracker (on risetm, more than 15 years without a pro-active program, most users will choose passwords that are easy, can in the Crack, often a first name women). When the system relies on a shadow passwords to secure password we, the direktory '/ etc / shadow /' will be guaranteed vulnerable.
However, when using a pro-active password checker, we can announce to the world outside the names of the password vulnerable. Forcing the user to change their passwords regularly will also reduce the possibility uncover security.
By: Cygnus - Necromancer
In general technique "Shadow Password" in the bucket as follows:
For all entry in the directory '/ etc / passwd_file', that is encrypted password files moved to the other, such as'
/ etc / shadow '.
While the '/ etc / passwd' can be read by everyone in the system, 'etc / shadow' can only be read by the group
concerned, may even read only by the superuser. This is necessary to anticipate the list
encrypted password that the program be solved by the dictionary.
Ideas on the "information" (hiding information) is one of many techniques contained in the category
"Security through Obscurity". According to those communities LINUX, 2 opinions on the "Security through Obscurity", namely:
1. "It can help and can not be destroyed, then let us use it"
2. "In fact, can be destroyed, because he makes a wrong on security, and should not be used"
But there are many more people will be good from the shadow password, it will be raised from third-baikan shadow password. The main assumption when people use the system to the shadow password is that the use of this system promises that no one does not have the rights, will be able to see the password list.
But somehow, some people can make mistakes with the release list it. Perhaps the opponent (Adversary), which has root access before, with the "work" sysadmin on the right time, he will be able to obtain the information needed. Adversary may not be enough time to install the program "backdoor", but he can "fly wallop on the password file.
Or by making an error in the permissions settings from the 'etc / shadow,' or giving instructions "chmod ar / etc / *" without thinking involvement in the '/ etc / shadow'.
Or another possibility is that there is a security problem just after the correct use "CERT advisory," this will create a list of passwords will be read by anyone, too! And there are many ways to release the contents of the '/ etc / shadow', when we had to be an experienced sysadmin.
The problem with using the system as is the shadow password system will provide a sense of security (false sense of security). In this case, they will think that the list of passwords is secure and Protected. This often makes sense sysadmin lazy to use the method that is more superior, and more pro-active (pro-active method) to password protect their files.
The most easy and most inexpensive method on a pro-active way is the directory password swap. No other system is changed, - just change the position of the directory '/ bin / passwd'. There are several utility programs and UNIX to the default directory password swap, such as "Matt Bishop's passwd" from darmouth.edu: / pub / security and "Mark Henderson's ANLpasswd" from info.mcs.anl.gov: / pub / systems.
Basically, each one password to change, programs will compare with the previous dictionary (and to gecos field), this is similar to the way the program works ceacker. When users choose a password that "weak", a pro-active program will force users to change their password option.
Without using a program pro-active, we must also mengkawatirkan attacks on the program cracker (on risetm, more than 15 years without a pro-active program, most users will choose passwords that are easy, can in the Crack, often a first name women). When the system relies on a shadow passwords to secure password we, the direktory '/ etc / shadow /' will be guaranteed vulnerable.
However, when using a pro-active password checker, we can announce to the world outside the names of the password vulnerable. Forcing the user to change their passwords regularly will also reduce the possibility uncover security.
Langganan:
Postingan (Atom)