-
Root Password...
Hello everyone,
I recently moved and before I left I changed the password on my RedHat 9.0 box. I wrote the password down on a piece of paper and have unfortunately lost it. I've searched everywhere and it's no where to be found.
The RedHat box is the main computer on my home network. It acts as a router, firewall, DNS, DHCP and Telnet for my home LAN. I would seriously hate to have to reinstall the box and reconfigure everything.
The only account I can log into on the box is a limited account in which I'd memorized the password.
I'm trying to figure out how I can get the root password on it without having to reinstall everything and make a new one. For some reason the Telnet server is not responding to me, port 23 is open on it but when I try and connect I'm getting nothing. I was going to try running a program called brutus but like I said the Telnet server isn't up from what I gather. Well, when I do a netstat on the RedHat box under the limited account it's listing Telnet but at the ip 0.0.0.0, so I'm confused... My local interface on the box is 192.168.1.1.....
The RedHat box actually has two network cards, eth0 acts as the public interface my ISP's DNS and DHCP servers work with and eth1 runs to a switch which I connect my workstations to. At the moment when I want on the Internet I'm connecting through a dial up connection on my Windows box. Maybe that has something to do with it (since eth0 isn't activating at boot on the RedHat box)??
Any idea's besides re-installing or searching around for a piece of paper I can't find that will get me the root password would be excellent.
The RedHat box is like I said off the Internet right now. I understand that I am asking for a privilege escalation method and that's not information you just hand out to anyone unless you feel it's okay to. If need be I can quickly install a 56k modem in the RedHat box and use a reasonable method to prove the pc is mine.
Also I have a program called Jack the ripper, I haven't used it yet but if I can figure out what file I need to get off the Linux box and a way to aquire it with a limited account that may work? The password cracking tool I use for Windows boxes is extremely fast maybe Jack the ripper would work fast as well? Of course RedHat doesn't use LAN Manager hash's right???
Thanks for any help you may provide and if no one feels comfortable helping me out I understand.
-
Well, see this could be looked at from a few way's. It could be looked at as a social engineering attempt or a legit attempt to get back a lost password. Either way, it should be a lesson. If you really did lose your password, then let it be a lesson: Remember your password. The best thing to do is to format/re-install the OS (RedHat 9.0, correct?). That is the best thing from a security standpoint to do right now.
(By the way: Telnet server? Why? It's soo outdated, you might as well use SSH)
EDIT: For future reference, try to post your thread's in the correct forum. This should go (IMO) under *nix Security Discussion's or Newbie Security Discussion's. :)
-
1. Boot from the installation CD <edit> type rescue at boot prompt</edit>
2. vi /mnt/sysimage/etc/shadow and remove the encrypted password
3. reboot
-
Much along the method jonathans_daddy stated, you could change the boot paramaters to boot into single user mode. On my red hat box i added "single" to the end of the boot sequence. I was able to get into the box without a password (except for my grub password). This is of course the reason people always say "physical access means full access".
-
Heh, even if this is a Social Engineernig attempt to get passwords, it could turn into a great thread about password security. IT could also turn into an example about Social Engineering of course though too.
Anyway, I'm going to agree with a few things already said, and say to boot into single user mode. If you want to use a crack tool, then that's fine too, but just simply booting into single user mode would be much easier.
Single user mode won't run many services, it will only run what is needed for the machine to function, and gives you complete root access. No password needed.
You really should get a new way to remote access the box too. Try out SSH, which will encrypt the traffic sent to and from the box over it. It comes with RedHat, and you can use PuTTY for Windows to access it, which had a GUI to set up the options you want, then when you hit "Connect" you will see the log in prompt.
I highly recommend you use SSH over Telnet, as anyone sniffing you can get anything you type into Telnet.
If you want to try SSH out, you can use it in Linux by typing ssh -l <Username> 192.168.*.*
* = Octets of the IP your server uses.
PuTTY is an SSH client for Windows, and works very well. I use it on my Windows boxes, and I'll attach it if I can here, or I'll give you the link to download it.
-
Well...I would follow the above advice. Get a CD bootable distro, enter as mini-root. Mount the system drive for write access. Wipe out the hash in the /etc/shadow file. Bam. You can do this easily with vi, or if you are not comfortable with that, with ed.
Just go:
# cp /etc/shadow /etc/shadow.bak ( //make backup... )
ed /etc/shadow
1p
s/:.............:/::/ ( //thats 13 dots )
1p
w
q
----------
Bam. Done. Reboot. No root password.
-
Yeah, I'll second the PuTTy advice. I use putty with both my Window's boxes and it's great for SSH connection's. SSH (Secure Shell) won't be sniffed unlike Telnet (like gore said, and thus the reason why it's called Secure Shell). So definitely use PuTTy as a great SSH client.
-
if you are using lilo as boot manager, you could possibly even do it easier..
if your kernel image is called Linux, in the lilo prompt type:
Linux init=/bin/bash rw
this boots the kernel and instead of the normal runlevels starts bash (shell) with the root harddisk mounted read write..
Then you can go to the /etc/shadow and remove the password (hash)..
-
I don't know about RedHat but on FreeBSD you can boot to single user mode (press a key before kernel load and enter boot -s). There's no need to enter a password to get root access. After you get the # prompt you can change the (root) password with passwd.
-
Regardless of distribution, you can boot all linuxes into "single-user mode" by passing init=/bin/sh as a kernel parameter from your bootloader. This bypasses all of your system's startup scripts and dumps you to a shell on your root FS. From there, a simple passwd root and you can reset your password.
-
I'm sure you were thinking it was time for a new fresh install.. :)
-
Thank you everyone,
I'm not going to be able to try your advice out until tomorrow because I just got home and it's late. I'm sure it will work wonderfully. This will save me a lot of time.
By the way I customized the firewall on my box and the telnet is ONLY open to the internal workstations. You scan my Linux box from the Internet and you'll get nothing. If I remember correctly on nmap it showed up as some funky routers I'd never heard of, and the OS quess had like 15 different os's. All 65535 ports are in stealth mode and no packets are recieved from the scans. As far as traditional hacking is concerned it's very solid.
I do use the computer to learn about security. Well I started doing it recently anyways. I want to start out working with easy stuff like telnet then start messing with stuff like http, ftp, ssh etcetera.
When I ran SSH on the server I hadn't set some keys up I think it was??? Tunneling the tcp connections would be a great thing to do if I open the network up to the Internet. Thanks for the advice.
As far as the social engineering comments go..... I was trying to convince someone to help me because I honestly needed the help. I'll be straight forward and say that I'm interested in all types of network security related stuff (ethical and unethical). I must also note that I have character, value's, and respect for people's property and privacy. I am curious because I'm intrigued. I would like to work as a network administrator once out of college.
Well, I need to get to bed. I'm really impressed with the people here on Antionline I've met so far. Thanks a bunch everyone and I look forward to the next topic. :)
-
i'm new here, but i just want to add to this.
another easy way to change the root password would simply be to boot to a livecd of some sort like gentoo's, and chroot to your root directory, like 'chroot /mnt/urrootdir /bin/bash' and then you can do whatever you want like normal.
btw, gentoo's livecd makes an all around AWESOME tool type disk, kind of like knoppix, but it's a much smaller download and is much more stable than knoppix.
-
Quote:
Originally posted here by xavior2180
is much more stable than knoppix.
Interesting...
In what way is it more stable?
I have not had any problems with either Knoppix or Knoppix-STD and have actually found
their wireless support second to none....
Just curious..
-
xavior2180 -
First and foremost welcome to the forum we are glad to have you. I would also like to let you in on a little info. If you look at the dates on the post some will be flashing this means they are older and have for the most part died. Just some advice to stay out the 'red' take it easy.
- MilitantEidolon
-
well, first of all, knoppix automatically uses a framebuffer and startx Xfree86 by default, making it difficult if you're using a computer or a monitor that won't work with it's settings, at least, unless you give it a short essay on how you want it to work. the gentoo livecd only enables all the devices it finds and only starts networking. it doesn't start X and so there's less options to mess with upon booting, such as no-acpi, no-smp, no-fb, etc. (or whatever it has, i don't recall them all at the moment). knoppix's support for wireless hasn't worked for me, but from what i've seen in the kernel, there's only support for cisco and a few others' cards, and i had a dlink and an MSI card, neither worked. I did have trouble booting to knoppix 3.4 using the 2.4 kernel on a few machines, but they worked fine with 2.6.
please don't misunderstand me, i wasn't trying to imply that gentoo is better than knoppix at all, i was just simply stating that the fact the gentoo livecd is more 'lightweight' makes it a much better all-purpose tool than a knoppix cd. it doesn't have things start up when you boot it, like knoppix starts up with kde and mozilla. knoppix would be much better for showing off to people, but gentoo is great for things like recovering data on an unbootable drive, or reconfiguring a broken grub, or things like that, where you don't need the extra fluff.
-
Quote:
Originally posted here by MilitantEidolon
xavior2180 -
First and foremost welcome to the forum we are glad to have you. I would also like to let you in on a little info. If you look at the dates on the post some will be flashing this means they are older and have for the most part died. Just some advice to stay out the 'red' take it easy.
- MilitantEidolon
i apologize, thanks for the advice!
-
-
Quote:
Originally posted here by xavior2180
well, first of all, knoppix automatically uses a framebuffer and startx Xfree86 by default, making it difficult if you're using a computer or a monitor that won't work with it's settings, at least, unless you give it a short essay on how you want it to work. the gentoo livecd only enables all the devices it finds and only starts networking. it doesn't start X and so there's less options to mess with upon booting, such as no-acpi, no-smp, no-fb, etc. (or whatever it has, i don't recall them all at the moment). knoppix's support for wireless hasn't worked for me, but from what i've seen in the kernel, there's only support for cisco and a few others' cards, and i had a dlink and an MSI card, neither worked. I did have trouble booting to knoppix 3.4 using the 2.4 kernel on a few machines, but they worked fine with 2.6.
please don't misunderstand me, i wasn't trying to imply that gentoo is better than knoppix at all, i was just simply stating that the fact the gentoo livecd is more 'lightweight' makes it a much better all-purpose tool than a knoppix cd. it doesn't have things start up when you boot it, like knoppix starts up with kde and mozilla. knoppix would be much better for showing off to people, but gentoo is great for things like recovering data on an unbootable drive, or reconfiguring a broken grub, or things like that, where you don't need the extra fluff.
If I'm not mistaken, Knoppix STD has patches that can be run after boot to get different wireless cards to work...
