I need to know or know of a terminal program/command that can convert ascii to decimal for a script i'm writing. I also need a way to su to root in a shell script.
Thanks

By decimal do you mean partial numbers? Bash only understands whole numbers.

foo=3
echo $(($foo + 2)

What you can do is use `bc` to do the math parts.

foo=3.4
echo `bc << EOF
$foo + 1
EOF
`

su -c might what you're looking for. You'll still have to enter a password of course.

I think you can use sudo in scripts too, although I've never done it.

Yes, sudo can be used in scripts, but the user/group who will run the script must be added in /etc/sudoers file.

I ment ascii to decimal as in converting an ascii character to its number value. By su in script i ment so you can enter or | the password to su automaticly, without having to enter it manualy everytime you run the script.

Never hard code passwords; never, never su paswords. It's like saying, here trash my system.

I know you sould never have passwords actually written out in shell scripts and I know thats what it sounds like i'm doing but i'm not. The program is going to be used for password recovery and will basicly brute force attack su. I'm looking for a way to enter the password after su through a shell script. I already wrote the program out a while ago in a (slow) vb clone called rapidq wich had a command to convert ascii charaters to the're numericle values. Thats why I need a command to do so in shellscript.

Originally posted by Gogeta_44
The program is going to be used for password recovery and will basicly brute force attack su. Try expect; it's the only thing I know of that will get around su's must-read-the-password-from-a-terminal checks -- if you try to pipe anything to su, it will complain that its input is not coming from a terminal:

$ echo notmyrootpassword | su
su: must be run from a terminal
$ Expect gets around this by using pseudo-terminals (it starts up su on a slave terminal, and it writes the input to the master terminal, so that su thinks its input is a terminal -- because it is).

For help writing the expect script, look into autoexpect (it's kind of like the "macro recorders" available in certain office programs -- you do whatever it is that you want your expect script to do, and then it writes an expect script to do that).

For the ASCII to decimal converter, you might have to write a C program (I don't know of any standard utility that does it, in other words). It would be pretty simple:

#include <stdio.h>

int main(int argc, char *argv[])
{
if(argc < 2) {
fprintf(stderr, "Usage: %s <letter>\n", argv[0]);

return 1;
}

printf("%d", (int)(argv[1][0]));

return 0;
} This prints the ASCII code of the first character of its first argument (code untested, but it should work).

Then, depending on the alphabet you use in your brute-force attack, it may never find the password...

<Insert standard comment about how any password recovery tool can be used for password stealing also, so it may not be the greatest thing to post when you're done.>

bwkaz, I totally agree on not posting the script when i'm finished writing it. I barely know any C (and what I do know is extermely rusty) but i'll try compiling the code you wrote. Also, how do I use this expect command your talking about? oh, and thanks for the help already.

The easiest way to write an expect script is to use autoexpect, like I said. I can barely read the expect language, let alone write it, but I've heard good things about autoexpect. Check its manpage if it's already installed, or look here (http://expect.nist.gov/example/autoexpect.man.html) for the online manpage for it.

Expect is a public-domain program written by the guys at NIST -- http://expect.nist.gov/ for the source, but see your distro's CDs for the easy version. It will require that you install Tcl. I'm not sure if autoexpect comes with expect, but I think so (when I installed expect as a dependency of DejaGNU, which was a dependency of the gcc/glibc/binutils testsuites, I passed SCRIPTS="" to the "make install", in order to suppress all supplementary scripts -- I think autoexpect was one of those).

If you have access to the crypted passwd you could avoid the speed hit taken by expect and firing up a su process by comparing the crypted passwd to your input string after calling crypt on it with the same salt.

This would depend on how the system's passwds are crypted and stored.

man 3 crypt

Once you find the right password you can su.

Originally posted by dchidelf
...comparing the crypted passwd to your input string after calling crypt on it with the same salt.

So do you mean generating the password then running it through crypt and if it matches the password file then its found it?
1. how do I know what the salt is?
2. how do I know which of the 4069 ways the salt is used?
3. where is roots password file?
4. these are probably very simple questions but I know nothing of cryptology.

I just realized a problem.

If you are trying to crack root's passwd you probably don't have access to the passwords. But, you might.

The passwords are likely stored in either /etc/passwd or /etc/shadow.

if the second field in /etc/passwd are all x or * or something the system uses some sort of password shadowing, so they are probably in /etc/shadow. /etc/shadow should be owned by root and only readable to root, so unless you can boot into single user mode or find some exploit you are likely out of luck.

The first two characters of the crypted password are the salt. If you use crypt on your guessed password using those same two characters as the salt, the resulting output should match the crypted password if you guessed correctly.

given a crypted password
q3jdf8fn4hysk
your guessed password
mypassword

crypt("mypassword","q3") will return q3jdf8fn4hysk if mypassword is infact the correct password.

Unless you have some sort of limit field of possible guesses, brute force password guessing will take a VERY long time.