Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 627
  • Last Modified:

Create salted MD5 passwort for /etc/shadow

Hi

I am trying to generate a salted md5 hash in C with the propper format "$1$salt$hash" for the /etc/shadow file.

I am not quite sure if $1$ should be part of the salt or not? Right now I use the following code to generate a salt and create the passwort using crypt()

char salt[9];
  char full[50];

  int i = 0;
  static char *choices = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
                         "0123456789./";

  for(i = 0; i<8; i++)
  {
    salt[i] = choices[random_in_range(0, strlen(choices) - 1)];
  }
  salt[8] = 0;

  sprintf(full,"$1$%s",salt);

  /* Loop thru passwd file */
  char pw[100];

  sprintf(pw,"$1$%s$%s",salt,crypt(password, full));

Open in new window


Any hint would be great!
0
Chris Sandrini
Asked:
Chris Sandrini
1 Solution
 
Chris SandriniSenior System EngineerAuthor Commented:
Nevermind. I found a solution to even create SHA-512 passwords. This is my code

int setPassword(const char *password)
{
  FILE* fps;

  struct spwd *sp;
  memset(&sp, 0, sizeof(sp));

  if (!(fps = fopen("/etc/shadow", "r+"))) {
    return 0;
  }

  char user[20] = "amber";
  char salt[9];
  char full[50];

  int i = 0;
  static char *choices = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
                         "0123456789./";

  for(i = 0; i<8; i++)
  {
    salt[i] = choices[random_in_range(0, strlen(choices) - 1)];
  }
  salt[8] = 0;

  sprintf(full,"$6$%s",salt);

  /* Loop thru passwd file */
  char pw[100];

  sprintf(pw,"%s",crypt(password, full));



  while ((sp = getspent()) != NULL) {
    if (strcmp(sp->sp_namp,user) == 0 ) {
      strcpy(sp->sp_pwdp,pw);
      putspent(sp, fps);
    } else {
      putspent(sp,fps);
    }
  }

  fclose(fps);

  return 1;
}

Open in new window

0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now