/*
 
 
   Digital Unix 4.x get encrypts from protected password database(s).
   Must be euid(0), compile with cc dushad.c -lsecurity -o dushad
   Written by James Clement - clem7508@fredonia.edu
 
  -->
 
  Greetings,
     Due to the recent outpouring of DU buffer overflows I thought the
  following might be of interest. With the Enhanced Security package
  running, authentication info is stored in individual files according to
  username. In this case /tcb/files/auth/r/root for root and so on. I am not
  aware of any built in method for creating the equivalent of your everyday
  unix /etc/shadow file. As a result it is probable that many DU systems
  have not weeded out poor choices for passwords through the use of a
  program such as Crack since each encrypt is stored in a separate file.
     Though trivial once root is compromised, a would be attacker might
  have an easy time obtaining passwords because of this "feature". The
  program below outputs a crackable shadow file.
 
 
   Regards,
    James Clement
 
 
 
*/

#include <sys/types.h>
#include <sys/security.h>
#include <prot.h>

struct pr_passwd *getprpwent(void);

void main()
{
  struct pr_passwd *p;

  set_auth_parameters();

  while (p = getprpwent())
    {
      printf("%s:%s:%d:::\n", p->ufld.fd_name, p->ufld.fd_encrypt, p->ufld.fd_uid);
    }
}
/*                    www.hack.co.za              [2000]*/