From: wonko@yabbs
To: cosmos@yabbs
Subject: re: pword files
Date: Wed Oct 20 08:37:13 1993
here is a little trick we picked up from hacking lehigh u.  
grab the passwd file.  even if the accounts are shadowed try this.
try the login as the password, you will be suprised how many actually
work.  we got into lehigh that way.  none of the student accounts
are in passwd, they are all in shadow with no reference from passwd
(something my sysadmin was teaching me how to do, cuts down on one
big ass security hole.  most people don't play with what they can't
see) but the maint accounts and admin accounts were all in passwd but
shadowed.  out of the 37 accounts in passwd 17!!!!!!!! used the login
as the passwd.  that has been changed because of me, but i had to make
a deal somehow.  i said yea, if i give you info about your system to
help with security holes, you get me off light.  they said ok, i told
them about 5 of the 17 accounts, a week later all 17 were changed.
i guess they descided to check them all.  oh well.

-wonko