Extracting password history from RACF
by Jim
With thanks to Dhiru Kholia, who was able to tidy up the “mystery” racf_debug.c program, it is possible to extract old passwords for IDs from a RACF database. Unfortunately this is one downside to having an extensive password history enabled on a system - e.g. SETROPTS HISTORY(12)
means that 12 old passwords are retained in the RACF database to ensure users do not re-use their passwords. It also means that all 12 password hashes are also stored…
Q: Why would you want the old hashes?
A: Why not? 😃 Apart from idle curiosity, a genuine use would be to track password patterns used which could allow you to predict future passwords for an ID
-
Save the code to your PC (or clone the repo if you prefer)
-
On a Unix-like system, compile and run it (if using macOS you will need to have Xcode and the command line tools installed to use gcc):
gcc racf-debug-cleanup.c -o racf-debug-cleanup; ./racf-debug-cleanup SYS1.RACFDB | grep '\$racf' > hashes.txt
-
Use the resulting hashes.txt file in hashcat