Stop Microsoft
Operating Systems => Linux and UNIX => Topic started by: Sleeping Dog on 27 May 2002, 22:45
-
Can one of you Unix/Linux Gurus help me with this one?
Question: Using a utility such as LREAD running under DRDOS, is it possible to manually edit the /etc/passwd and-or the /etc/shadow files so that root access is set back to the original post installation default (as if `root' had not set any passwords yet)? I was given a box with Red Hat 6.0 already on it, but the benefactor could not remember the root password or even the login name. I have found the login name(s) and encripted passwords in passwd and shadow respectively, but am hesitant to do any manual editing of these files without `professional' advice.
Your kind advice and assistance would be greatly appreciated.
Sleeping Dog
-
the password is encrypted ... forget about it and re-install (http://smile.gif)
-
couldnt he get a decrypter??
-
no .... he could brute force crack it ... but that can take a while (depending on the password)
edit:
in theory he could decrypt it, however (to the best of my knowledge) the root password is encrypted with the password itself being the key (so the key to decrypt the password doesn't have to be stored somewhere) which kind of defeats the point in this purpose (http://smile.gif)
in conclusion:
just re-install (http://smile.gif)
[ May 27, 2002: Message edited by: BadKarma ]
-
[sarcasm] this is just many of the reasons why windows is so much better, i mean in windows when you forget your password you can just click "cancel" and change it in the control panel. and in win NT+ you can just use a password editing disk that is really just a small linux on a disk.... that way i never have to re-install, except of course once a week to clear all the extra spyware registry files and such.[/sarcasm]
-
yup, reinstall, linux is too secure to crack! ;)
-
An Addendum To My Original Question:
Question 1: If I loaded the same Red Hat OS on another box, then looked at the passwd and shadow for root and wrote it down, could I manually edit those areas of those files on the box that already has encripted access to say the same thing, and get in as if it were a fresh install?
Question 2: If I loaded the same Red Hat OS on another box, then set up root access on that box under username and password that I select, could I copy that root username and the encripted password string to the passwd and shadow files of the other machine and have access? (Would the encription algorythm decript the encrypted string in the shadow file the same way on both machines?)
Question 3: Will this approach, or some variation thereof, allow me to reset root username and password on the machine that already has those things set and encrypted?
-
Theoretically speaking, anything locked could be unlocked. As to your questions, a simple no to all would give you a proper answer. It's a bit funny though because this is the first time I come across such a question.
To sum up, just re-install ;)
-
Have a look here (http://linuxrefresher.com/trouble.htm)
-
that's just evil ... so a boot floppy and some hands on access would give me a root account on any linux box? too bad you still wouldn't know the old pw so you couldn't change it back ;)
-
That's the point. You don't have to remember your old password to change it. I'll have to give it a try to see if it works though.. We'll see..
-
Of course it works. No box is secure unless physical access is restricted. For instance, in Solaris all you have to do is boot off of CD, mount the root file system, edit the passwd/shadow file and delete the encrypted password. Or enter single user mode and change the password like in the Linux example. Physical access is the key. Hell, even Cisco routers can be manipulated similarly with physical access. Same with Windows. With physical access this is trivial on any OS. That's the point of having locked server rooms.
[ May 27, 2002: Message edited by: VoidMain ]
-
I posted this question originally because I am a Linux Newbie.....
However, I do take note of patterns.
Just like the permissions in UNIX seem to fall into a "group of three" pattern, so do those wierd groups of characters that an encrypted password has.
I have noticed that if you put in a five character password, there seem to be fifteen characters in the encrypted thing in the "shadow" file.
Have I made an erroneous observation or are there always three times as many characters in that field of the shadow as there are in the real password?
Kindest Regards
Sleeping Dog
-
Another Addendum:
I just saw a thing on the History Channel about how The Brits broke The German Enigma during WWII. If my stupid observation about each character of a UNIX/Linux password being made up of three character "groups" in the shadow file is correct, would that facilitate cracking the password or is that already known?
Happy MEM Day...
Sleeping Dog
-
Guess I hit a sore spot. Some say to re-install, some say that I hit the motherload.
Hmmmmm........guess the UNIX Admins out there don't like a newbie like me asking such deep and dark questions.
Now the curiosity is tweaked and the plot thickens....and if you soak chicken parts in cheap lemon juice for 24 hours before they go on the grill, everyone will think that you know how to cook.
Stupididitity has it's rewards if you know when to just be stupid instead of just being a dumbass. Trouble is...I don't know when to stop being a dumbass.
You guys know this stuff and I do not. I just want to load up a computer, write letters, do email and maybe a presentation or two. Occasionally, people send me photos that I want to see, or joke stuff that I want to laugh at. I don't want to have to get a PHD in OS operation just to chuckle at an email.
However.....I hate Microsoft.....Their shit is presently user friendly.....Linux is not recognized as being so. How can we change this attitude and this perception?
I don't know......I just struggle on. Any suggestions?
With Kindest Regards
Sleeping Dog.
-
i don't think you hit a sore spot, sleeping dog, and i don't think people are keeping anything from you, just because you are new or anything like that, i think in the current unix climate, there's less keeping secrets than there is in a lot of other systems related circles.
I do think though that a reinstall would be your best option, you could just get the spankinest newest version of whatever distro you want (usually for free, red hat 7.3 is out now for instance) and bob's your uncle, there you go, set your own root password! I'm afraid cryptography is not my strong point so that's what i'd do.
As VoidMain says though, physical access is definitely the key, I saw a thread elsewhere, i'll try and look it up so i can post the url here... The only reasons i can think of that you might be hesitant to reinstall is if you had data on the computer that you didn't want to lose, or if you didn't actually have any linux install media to do a reinstall from... wait and i'll get that url...
here's the first thread (http://www.linuxquestions.org/questions/showthread.php?s=49af4fbed286d69d94e66f73781bd36d&threadid=21519) i was thinking of, Brion posts a solution that you could employ.
Here's another thread (http://www.linuxquestions.org/questions/showthread.php?s=49af4fbed286d69d94e66f73781bd36d&threadid=21936) about this topic.
And here's the thread i was (http://www.linuxquestions.org/questions/showthread.php?s=49af4fbed286d69d94e66f73781bd36d&threadid=20113) thinking of initially, although it doesn't seem to be as informative as the other two on reflection.
Good luck! and let us know how you get on. :D
[ May 28, 2002: Message edited by: Calum ]
-
Well, in the case of servers I would definitely agree with the locked server rooms option also. I was really surprised by the fact that in runlevel one (single user mode) you can change your root password without being prompted for your old one. Anyway, that about answers your question Sleeping Dog. You don't have to manually edit the /etc/passwd or the /etc/shadow files (that would be crazy). You can set up a new root password if and only if you have physical access to that machine you're talking about. Otherwise, just reinstall a newer distro. Hope I've answered everything ;)
-
I want to thank all of you for your input. It has been quite helpful. I do have physical access to this box. There are files on it that the person who gave it to me wants preserved. I recently FTP slurped Red Hat 7.3 from a mirror site and would like to upgrade this thing with it and with the new KDE once I have gotten in and saved what needs saving. My upgrade will proably have to wait until I can put a new CD ROM in it though......the one in it now was used as a cup holder once too often.
Again...thanks to all.
Sleeping Dog
-
Why do you think you need to reinstall? The link hoojchoons posted should show you how to set your root password if you've forgotten it. Boot into single user mode and type "passwd".
-
sorry to drag this old topic up, but we tried this out at work, and when booting with lilo option single, we were prompted for a root password (this was on suse 8, running kernel 2.4.x)
-
BadKarma you're absolutely right. I've also tried that with SuSE 8.0 Professional and it also prompted for the old root password. Looks like that's not an option anymore for the 2.4.* kernel.