Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site pyramid.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!mhuxr!mhuxb!mhuxn!mhuxm!mhuxj!houxm!whuxlm!harpo!decvax!decwrl!pyramid!ena
From: ena@pyramid.UUCP (Eric Aubery)
Newsgroups: net.sources
Subject: Find Trivial Passwords
Message-ID: <215@pyramid.UUCP>
Date: Fri, 8-Feb-85 15:10:53 EST
Article-I.D.: pyramid.215
Posted: Fri Feb  8 15:10:53 1985
Date-Received: Sun, 10-Feb-85 05:35:54 EST
Distribution: net
Organization: Pyramid Technology
Lines: 132

Here's a little shell script and program that test to see if any of the
users on your system are joes. A joe is defined as someone who uses their
login name as their password. The joes will be identified as being 
NOT SECURE. I was amazed that on all the systems I tried there was always
at least one joe. On some there were as many as 20% joes. The shell scripts
are identified as ATT for Bell derivatives, BSD for Berkely derivatives,
and PYR for Pyramid dual universe systems. Well actually there all pretty
similar.

Format is shar archive:

+++++++++++++++++++++++++  CUT HERE  +++++++++++++++++++++++++++++++++++++

# -------- joetest.ATT --------
echo extracting file joetest.ATT
cat \<\< THE_END \> joetest.ATT
# /bin/sh
TMP1=/tmp/jt$$
PSWD=${1-"/etc/passwd"}
cut -d: -f1,2 $PSWD > $TMP1
ed - $TMP1 < joetest.BSD
# /bin/sh
TMP1=/tmp/jt$$
PSWD=${1-"/etc/passwd"}
#cut -d: -f1,2 $PSWD > $TMP1
cp $PSWD $TMP1
chmod 777 $TMP1
ed - $TMP1 < joetest.PYR
# /bin/sh
TMP1=/tmp/jt$$
PSWD=${1-"/etc/passwd"}
att cut -d: -f1,2 $PSWD > $TMP1
ed - $TMP1 < makekey.c
#include 
char	*crypt();

main(argc,argv)
char *argv[];
{
	char key[80];
	char *salt;
	int i,yes;
	
	if( argc < 3 ) {
		/* fprintf(stderr,"Usage makekey salt key\n"); */
		exit(1);
	}

	salt = argv[1];

	yes = 0;	
	for(i=0;i<8;i++)
		if(yes || argv[2][i] == '\0') {
			key[i] = '\0';
			yes++;
		}
		else
			key[i] = argv[2][i];

	printf("%s %s\n",key, crypt(key, salt));

	return(0);
}
THE_END
echo Done with extraction
-- 
	Eric N. Aubery	pyramid!ena

	{ dual }!pyramid!ena
	Pyramid Technology Corporation, Mtn. View Califonia