unix r00t - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: unix r00t

  1. #11
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Originally posted here by phishphreek80
    If you have access to the system as root, but don't know the root password then you can edit the /etc/shadow file to remove the encrypted password. Then you can set the password to whatever you want. This method is also used to reset the root password using single user mode at boot.
    Ever heard of passwd? If you're on as root just change the password, sheesh. You don't need to edit /etc/shadow.

    Originally posted here by !mitationRust
    You would like to read some of the major flaws? I'm afraid I broke my stick on this dead horse awhile ago, but I'll let catch educate you on some of the flaws. *nix vs. ?, thread is not the same unless it has catch involved.
    IOW, I don't actually know myself, so I will defer to someone else who I think knows.
    At any rate, it's useless to debate your non-statements based on someone else's statements that may or may not be correct.

    Originally posted here by spurious_inode For root, always use a shell that can set the environment variables as `read-only'. Most implementations of the Korn shell recognize 'typeset -xr VAR' to mean export the variable and set it to read-only.
    Props to you spurious, for being the first person I've seen recommend this here in a long time.

    Bash supports this as well, via the readonly built-in for existing exports/declarations:
    Code:
    root@Optimus:~# export PATH="$PATH:/home/chsh"
    root@Optimus:~# readonly PATH
    root@Optimus:~# export PATH="$PATH:."
    -su: PATH: readonly variable
    It should be in root's /etc/.bash_profile, or perhaps the system-wide /etc/profile if you want to do it for everyone. You should then lock down the profile files obviously, however if someone gets root on your system, your efforts will only lengthen the time it will take them to break it.

    You can also optionally flag stuff as readonly when it's declared using the built-in declare.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  2. #12
    Senior Member
    Join Date
    Oct 2003
    Posts
    234
    Ever heard of passwd? If you're on as root just change the password, sheesh. You don't need to edit /etc/shadow.
    I am relatively sure that, in order to change a password using passwd, you need to enter the old password first. So, by deleting it in /etc/shadow, you can change a password without entering the old one because the system believes there was no password to begin with.

    nifty trick, btw

  3. #13
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Originally posted here by TheRepublican
    I am relatively sure that, in order to change a password using passwd, you need to enter the old password first. So, by deleting it in /etc/shadow, you can change a password without entering the old one because the system believes there was no password to begin with.

    nifty trick, btw
    You use Gentoo and you're Republican.... You'll end up burning in hell anyway.

    How did you have time too post this in between security updates? Gentoo still poppin' out 2 a day?

    And for the record, no you don't have too enter in the old password too use passwd. You type passwd and type the new password twice.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  4. #14
    Junior Member
    Join Date
    Oct 2004
    Posts
    2
    I think the point of the method from the book, vs the methods suggested in this thread, is to obtain the root password without changing it - secretly gaining access without breaking the original user's access as well.

    If I'm wrong about the functionality of the book instructions, please let me know. If my comment was just too obvious for anyone to state it before this, I apologize for your wasted time.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides