En ocasiones nos conectamos a redes de universidades, cafés o cualquier otro lugar público en el que no nos sentimos agusto enviando datos sensibles y no hemos previsto esta necesidad de antemano, para estos casos podemos improvisar un canal de comunicación seguro mediante OpenSSL, este nos permitirá chatear de forma segura y enviar ficheros de texto.
Chat
Generamos el certificado del servidor:
openssl req -x509 -newkey rsa:2048 -keyout clave.pem -out certificado.pem -days 3650 -nodes
Ponemos a la escucha el servidor:
openssl s_server -key clave.pem -cert certificado.pem -accept 12345
Conectamos con el cliente:
openssl s_client -connect direccion_ip:12345
La salida será algo similar a esto:
CONNECTED(00000004)
Can't use SSL_get_servername
depth=0 C = ES, ST = Alicante, L = Alcoy, O = AlfaExploit, OU = IT, CN = alfaexploit.com, emailAddress = kr0m@alfaexploit.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = ES, ST = Alicante, L = Alcoy, O = AlfaExploit, OU = IT, CN = alfaexploit.com, emailAddress = kr0m@alfaexploit.com
verify return:1
---
Certificate chain
0 s:C = ES, ST = Alicante, L = Alcoy, O = AlfaExploit, OU = IT, CN = alfaexploit.com, emailAddress = kr0m@alfaexploit.com
i:C = ES, ST = Alicante, L = Alcoy, O = AlfaExploit, OU = IT, CN = alfaexploit.com, emailAddress = kr0m@alfaexploit.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEBzCCAu+gAwIBAgIUSf6+mKHBn3ykKd9hfQ1jKxFer+AwDQYJKoZIhvcNAQEL
BQAwgZIxCzAJBgNVBAYTAkVTMREwDwYDVQQIDAhBbGljYW50ZTEOMAwGA1UEBwwF
QWxjb3kxFDASBgNVBAoMC0FsZmFFeHBsb2l0MQswCQYDVQQLDAJJVDEYMBYGA1UE
AwwPYWxmYWV4cGxvaXQuY29tMSMwIQYJKoZIhvcNAQkBFhRrcjBtQGFsZmFleHBs
b2l0LmNvbTAeFw0yMTA5MDMxMjE5MzdaFw0zMTA5MDExMjE5MzdaMIGSMQswCQYD
VQQGEwJFUzERMA8GA1UECAwIQWxpY2FudGUxDjAMBgNVBAcMBUFsY295MRQwEgYD
VQQKDAtBbGZhRXhwbG9pdDELMAkGA1UECwwCSVQxGDAWBgNVBAMMD2FsZmFleHBs
b2l0LmNvbTEjMCEGCSqGSIb3DQEJARYUa3IwbUBhbGZhZXhwbG9pdC5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGZIOkGbmEPFQEreTnvYR1z/4+
J4G6cYHdFGyRQs0mV3Ln7nnnW+xKQwF4NYaDqgO1c9XIc2IuP9Hae0r5yQjMYf+K
nmy1UoZ6S5wz7srVCI2basDUk0Cb48iAaW109Cy54yOibVPeofOsrB8/N5PzNkcY
Qxh4FHpL14BOMZ/9qvdIrWgYWWVHr04ADm2TEeU+PuuuJ6mtQSXgfsdEmr4rz1UF
Fl5x02T8VG4Raeaj3iLxmOxe9vqDgEMkS10fKzPY8pC4pAE3DSGEMqBKT/a2ql2q
lhKVyM8QoQGQcz9j3xcNCuJwioXcFhCQdjBPUv5H1OAWebUHkkon5hbQDlC9AgMB
AAGjUzBRMB0GA1UdDgQWBBSIYt7Qx3K07B5+tP3IDTE6Udi1STAfBgNVHSMEGDAW
gBSIYt7Qx3K07B5+tP3IDTE6Udi1STAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
DQEBCwUAA4IBAQCJLDCIbmEOKulliVecyfHTKVAe2NXDfmY1o63ICDMbJMXfMWlr
lgcIDRkoNHC0p8PHlvhAd/R1PjEd/Hqovy25Yau1+nbtKBzBgCP0go9x9TQTKyL0
QxBkFZYqaG0hg3K4RmyG3eofcyVIcNJrt96/hul1EpnAGtKqs7q1MiCwjOR9QNB0
tHJfiqzv+QNJAm7gNECBetnBkP/8O/gGESWMMTWj6MuHG9GqMqDVgUw7087vtPmc
/ejY8+DoUGkeHcNR3dwEKS7Pkr9wo8/vp02yrIudLYCKqGIPfYKfeC6IxqQn+LYd
x1D+VjhUuYqQzk1uzYELl7NYNFdwu58qSe5A
-----END CERTIFICATE-----
subject=C = ES, ST = Alicante, L = Alcoy, O = AlfaExploit, OU = IT, CN = alfaexploit.com, emailAddress = kr0m@alfaexploit.com
issuer=C = ES, ST = Alicante, L = Alcoy, O = AlfaExploit, OU = IT, CN = alfaexploit.com, emailAddress = kr0m@alfaexploit.com
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1591 bytes and written 373 bytes
Verification error: self signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self signed certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: F745F90BD71C3F6D0A31EF4712244F956DC665E801906089BE85A701244F68FB
Session-ID-ctx:
Resumption PSK: C8B8370ADA93ECFCAA99FFCBBBDD3FC67772615881F090ECFFF0A93BFC96F19C2ED0A316129730AC2C5B5E6D50478D75
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 06 f6 a5 10 1a 2d c5 5b-d5 d5 36 48 05 a5 5b c8 .....-.[..6H..[.
0010 - 6e e8 48 80 e6 6c 49 07-74 9f af 9c ea b7 ba d9 n.H..lI.t.......
0020 - 82 03 7a f6 13 55 61 a9-e2 7e b4 e5 3c 6d 18 95 ..z..Ua..~..<m..
0030 - d0 2d a8 af c1 ab ec 1a-26 9c 14 b0 70 c7 de 2f .-......&...p../
0040 - 04 9a 39 b1 9e f1 fe e4-d4 eb bf 57 c0 53 d4 7d ..9........W.S.}
0050 - 1e 83 e2 2c 67 85 83 fb-79 db d0 17 6b 0f a8 57 ...,g...y...k..W
0060 - 27 95 f1 e0 fe c2 da 32-33 90 8d d5 a7 0c 87 f2 '......23.......
0070 - 36 d3 8e c1 3d 89 0a 6a-34 4b 5f e2 8f a5 03 6d 6...=..j4K_....m
0080 - b2 09 11 dc 23 4e 1c 5d-19 29 5a 55 85 e4 0c 73 ....#N.].)ZU...s
0090 - 96 10 7c 58 cc a7 70 3e-63 30 29 0a c0 98 71 5c ..|X..p>c0)...q\
00a0 - d9 3a a4 fb 66 10 87 c6-d1 08 b2 51 53 5d e7 ef .:..f......QS]..
00b0 - 8b d0 7f 8f fc cf c1 46-6e 78 96 d9 38 98 86 b2 .......Fnx..8...
Start Time: 1630671585
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: D2BB8BF1F39C6DF02E9648420128DC6C22C82FDF1E1C5EE16882AA0E854AF6AA
Session-ID-ctx:
Resumption PSK: 4296B02228B402079C3C3B8131C7E2D1A51DDF2CE660D167CFF74DA7A9B986062339351CFF94EC1BFFE60354D4AE8EC0
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 06 f6 a5 10 1a 2d c5 5b-d5 d5 36 48 05 a5 5b c8 .....-.[..6H..[.
0010 - c0 e0 73 9f a4 5c 0c 62-79 8e e8 e5 6a 05 90 3c ..s..\.by...j..<
0020 - 70 b6 d0 64 c7 17 8b 52-37 0f 8e 2c 41 b7 78 1d p..d...R7..,A.x.
0030 - 84 9f a0 d1 33 02 15 d3-5a 09 8b 24 81 13 bc 8a ....3...Z..$....
0040 - 92 ea cd 41 bc af a8 59-08 0f ae 8d 0a 80 f0 6a ...A...Y.......j
0050 - 5d d5 10 87 7e 53 18 1d-8b 67 80 93 9d 20 95 39 ]...~S...g... .9
0060 - e6 60 e1 5d 83 0b 6e 57-5c 74 e3 96 b9 52 cf 46 .`.]..nW\t...R.F
0070 - 52 c4 29 00 33 76 0b d3-6c cb 9b e5 c9 91 9c 5f R.).3v..l......_
0080 - bc 81 9d 2d 2b 4d 4b 4f-0f 31 a0 62 60 fe aa 97 ...-+MKO.1.b`...
0090 - c2 64 1a e7 99 07 8f 1f-0f 01 50 1e 9e a7 5b 88 .d........P...[.
00a0 - d8 dc b5 61 e6 11 0f 0e-bc 7a 52 89 87 1c 0e 60 ...a.....zR....`
00b0 - 44 dd c7 b0 f4 fe dd d9-61 a1 cf 5e fa 96 8b d8 D.......a..^....
00c0 - 42 34 a0 37 4d fd 4f 50-9a bd f9 15 26 25 bd ba B4.7M.OP....&%..
Start Time: 1630671585
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
Con esto habremos conseguido un chat cifrado bidireccional.
Envío de ficheros
Si queremos enviar un fichero tendremos que empiparlo por el túnel SSL:
cat /etc/passwd | openssl s_server -key clave.pem -cert certificado.pem -accept 12345
Conectamos con el cliente para recibir el fichero:
openssl s_client -connect direccion_ip:12345
CONNECTED(00000004)
Can't use SSL_get_servername
depth=0 C = ES, ST = Alicante, L = Alcoy, O = AlfaExploit, OU = IT, CN = alfaexploit.com, emailAddress = kr0m@alfaexploit.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = ES, ST = Alicante, L = Alcoy, O = AlfaExploit, OU = IT, CN = alfaexploit.com, emailAddress = kr0m@alfaexploit.com
verify return:1
---
Certificate chain
0 s:C = ES, ST = Alicante, L = Alcoy, O = AlfaExploit, OU = IT, CN = alfaexploit.com, emailAddress = kr0m@alfaexploit.com
i:C = ES, ST = Alicante, L = Alcoy, O = AlfaExploit, OU = IT, CN = alfaexploit.com, emailAddress = kr0m@alfaexploit.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEBzCCAu+gAwIBAgIUSf6+mKHBn3ykKd9hfQ1jKxFer+AwDQYJKoZIhvcNAQEL
BQAwgZIxCzAJBgNVBAYTAkVTMREwDwYDVQQIDAhBbGljYW50ZTEOMAwGA1UEBwwF
QWxjb3kxFDASBgNVBAoMC0FsZmFFeHBsb2l0MQswCQYDVQQLDAJJVDEYMBYGA1UE
AwwPYWxmYWV4cGxvaXQuY29tMSMwIQYJKoZIhvcNAQkBFhRrcjBtQGFsZmFleHBs
b2l0LmNvbTAeFw0yMTA5MDMxMjE5MzdaFw0zMTA5MDExMjE5MzdaMIGSMQswCQYD
VQQGEwJFUzERMA8GA1UECAwIQWxpY2FudGUxDjAMBgNVBAcMBUFsY295MRQwEgYD
VQQKDAtBbGZhRXhwbG9pdDELMAkGA1UECwwCSVQxGDAWBgNVBAMMD2FsZmFleHBs
b2l0LmNvbTEjMCEGCSqGSIb3DQEJARYUa3IwbUBhbGZhZXhwbG9pdC5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGZIOkGbmEPFQEreTnvYR1z/4+
J4G6cYHdFGyRQs0mV3Ln7nnnW+xKQwF4NYaDqgO1c9XIc2IuP9Hae0r5yQjMYf+K
nmy1UoZ6S5wz7srVCI2basDUk0Cb48iAaW109Cy54yOibVPeofOsrB8/N5PzNkcY
Qxh4FHpL14BOMZ/9qvdIrWgYWWVHr04ADm2TEeU+PuuuJ6mtQSXgfsdEmr4rz1UF
Fl5x02T8VG4Raeaj3iLxmOxe9vqDgEMkS10fKzPY8pC4pAE3DSGEMqBKT/a2ql2q
lhKVyM8QoQGQcz9j3xcNCuJwioXcFhCQdjBPUv5H1OAWebUHkkon5hbQDlC9AgMB
AAGjUzBRMB0GA1UdDgQWBBSIYt7Qx3K07B5+tP3IDTE6Udi1STAfBgNVHSMEGDAW
gBSIYt7Qx3K07B5+tP3IDTE6Udi1STAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
DQEBCwUAA4IBAQCJLDCIbmEOKulliVecyfHTKVAe2NXDfmY1o63ICDMbJMXfMWlr
lgcIDRkoNHC0p8PHlvhAd/R1PjEd/Hqovy25Yau1+nbtKBzBgCP0go9x9TQTKyL0
QxBkFZYqaG0hg3K4RmyG3eofcyVIcNJrt96/hul1EpnAGtKqs7q1MiCwjOR9QNB0
tHJfiqzv+QNJAm7gNECBetnBkP/8O/gGESWMMTWj6MuHG9GqMqDVgUw7087vtPmc
/ejY8+DoUGkeHcNR3dwEKS7Pkr9wo8/vp02yrIudLYCKqGIPfYKfeC6IxqQn+LYd
x1D+VjhUuYqQzk1uzYELl7NYNFdwu58qSe5A
-----END CERTIFICATE-----
subject=C = ES, ST = Alicante, L = Alcoy, O = AlfaExploit, OU = IT, CN = alfaexploit.com, emailAddress = kr0m@alfaexploit.com
issuer=C = ES, ST = Alicante, L = Alcoy, O = AlfaExploit, OU = IT, CN = alfaexploit.com, emailAddress = kr0m@alfaexploit.com
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1591 bytes and written 373 bytes
Verification error: self signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self signed certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 3BDCD0D18B15E278BF17F35C67A69FEFC1FACF4A479025E91B6A00D9E4F0B5BC
Session-ID-ctx:
Resumption PSK: 61EBFFCC3C4FCC14A8745CAF28300D8EBA497465FC674331FBFB0BD1A6740C206CC1733203D469E4A711102765840F4B
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 83 ee 25 53 ab f8 b9 ae-f8 ff c2 01 7a e3 ea ed ..%S........z...
0010 - a4 9a 71 f2 bd dc 62 e4-e1 7b 2b b0 6d cd d9 4b ..q...b..{+.m..K
0020 - 02 c4 4b a9 31 a3 0b 1c-d2 08 ef 3c 78 6f 2a 64 ..K.1......<xo*d
0030 - ff 17 0e 08 80 85 4a e0-49 d4 04 fc 81 04 0d 84 ......J.I.......
0040 - ba d9 cc 33 21 51 18 0a-db d6 67 5b ce 11 45 e7 ...3!Q....g[..E.
0050 - e6 49 98 ec a7 ab b0 39-2e 46 7d 39 c6 14 9a b2 .I.....9.F}9....
0060 - 43 14 0e f0 37 c4 3d 50-a5 5a 11 25 32 0c 7e 0a C...7.=P.Z.%2.~.
0070 - ed 0e e0 54 02 c8 39 ee-94 73 3b 0b c5 bc 48 76 ...T..9..s;...Hv
0080 - 88 8a a3 84 db 05 6f dd-9f 51 9c 9a d3 c9 43 65 ......o..Q....Ce
0090 - 95 51 57 15 d1 2d 4c f4-19 60 79 c5 56 f5 cf 5f .QW..-L..`y.V.._
00a0 - 77 18 4c 15 25 bb ad 1d-1e 5c e3 94 06 cc 13 b5 w.L.%....\......
00b0 - 49 8a e1 d6 8b 41 c3 59-95 94 f0 b9 73 d8 6a 7a I....A.Y....s.jz
00c0 - 14 26 1e ea 8a 55 f0 47-90 b5 de c6 a7 6a 5a c9 .&...U.G.....jZ.
Start Time: 1630671767
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: FFF0DF3B559FEB45B28063645964D99E0653FB177AB21CC43C8654A0AF61BBE2
Session-ID-ctx:
Resumption PSK: 4EFE76AC7A92B0305516280B51EE565038BA19068DFD7C7FF924D2B1DE5AAAE78287D0183F1ED0BD53B114D06FE40019
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 83 ee 25 53 ab f8 b9 ae-f8 ff c2 01 7a e3 ea ed ..%S........z...
0010 - c6 96 68 07 b4 43 bd f4-0e 36 9b fc 0c 79 7f 7b ..h..C...6...y.{
0020 - 00 dd 1f eb 59 59 8f b3-51 e8 4d be 10 47 2f 08 ....YY..Q.M..G/.
0030 - f0 da 04 2e ea df da 12-42 5f c6 90 3d e0 57 85 ........B_..=.W.
0040 - 3a 47 25 25 18 ba 1c 0a-1c e4 51 13 ef 03 85 1c :G%%......Q.....
0050 - 68 4c 05 f9 02 64 2b dc-4d 5a df 34 87 8c 36 2c hL...d+.MZ.4..6,
0060 - 56 fd 4b 94 fc 45 1c 54-f5 bc 24 10 38 a6 13 77 V.K..E.T..$.8..w
0070 - 4a 8b 9c 0a c0 3b ad f0-ac 93 e8 ab d6 8e 41 46 J....;........AF
0080 - bb eb c6 b4 ff 47 d5 ae-d1 eb 69 98 ac 74 fb e4 .....G....i..t..
0090 - 02 17 64 b6 2e 8a 26 57-0c 32 a4 6f 32 1c dd a7 ..d...&W.2.o2...
00a0 - 00 d5 8b 21 c0 aa 3b 80-51 2c 4a ca 87 95 63 fe ...!..;.Q,J...c.
00b0 - 76 0f 44 6d 09 c8 12 3b-c5 b4 31 9f f0 6d 15 11 v.Dm...;..1..m..
Start Time: 1630671767
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
# $FreeBSD$
#
root:*:0:0:Charlie &:/root:/usr/local/bin/bash
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5:System &:/:/usr/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13:Games pseudo-user:/:/usr/sbin/nologin
news:*:8:8:News Subsystem:/:/usr/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
unbound:*:59:59:Unbound DNS Resolver:/var/unbound:/usr/sbin/nologin
proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
auditdistd:*:78:77:Auditdistd unprivileged user:/var/empty:/usr/sbin/nologin
www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
ntpd:*:123:123:NTP Daemon:/var/db/ntp:/usr/sbin/nologin
_ypldap:*:160:160:YP LDAP unprivileged user:/var/empty:/usr/sbin/nologin
hast:*:845:845:HAST unprivileged user:/var/empty:/usr/sbin/nologin
tests:*:977:977:Unprivileged user for tests:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
kr0m:*:1001:1001:kr0m:/home/kr0m:/usr/local/bin/bash
_tss:*:601:601:TCG Software Stack user:/var/empty:/usr/sbin/nologin
messagebus:*:556:556:D-BUS Daemon User:/nonexistent:/usr/sbin/nologin
avahi:*:558:558:Avahi Daemon User:/nonexistent:/usr/sbin/nologin
polkitd:*:565:565:Polkit Daemon User:/var/empty:/usr/sbin/nologin
cups:*:193:193:Cups Owner:/nonexistent:/usr/sbin/nologin
colord:*:970:970:colord color management daemon:/nonexistent:/usr/sbin/nologin
pulse:*:563:563:PulseAudio System User:/nonexistent:/usr/sbin/nologin
_sndio:*:702:702:sndio privsep:/var/empty:/usr/sbin/nologin
transmission:*:921:921:Transmission Daemon User:/usr/local/etc/transmission/home:/usr/sbin/nologin
git_daemon:*:964:964:git daemon:/nonexistent:/usr/sbin/nologin
cyrus:*:60:60:the cyrus mail server:/nonexistent:/usr/sbin/nologin
cbsd:*:150:150:Cbsd user:/usr/jails:/bin/sh
postgres:*:770:770:PostgreSQL Daemon:/var/db/postgres:/bin/sh
read:errno=0