root. shaddow?

f15h · 01-24-2005, 06:22 PM

I need to pull a root password off a brickserver 2.

where is it? /etc/psswd?
/etc/shaddow?

help me out.

merci,

die fische.

horndude · 01-24-2005, 06:33 PM

Its shadowed and encrypted, without the hash and algorithm your going to have a tough time

f15h · 01-24-2005, 09:29 PM

i know its going to be tough... but - I know how I can decrypt an md5, assuming that its not shaddowed.

Shaddowing is an option, isn't it? Not all root pwds are shaddowed, right?

merci,

die fische

horndude · 01-24-2005, 09:37 PM

no they arent always shadowed, but normally they are by default, you can find out real quick just by looking at /etc/passwd, if it looks like gibberish its been shadowed and encrypted, ya you can crack it.If your gonna do that, use johntheripper, its a decent cracking program, uses a dictionary too if needed, that speeds things up, your still looking at a few weeks of CPU time.

oh ya, check on open discussion forum, I added a link and a sample of that ascii art library for you

charles@pcfix · 01-24-2005, 11:28 PM

You basically have to gain access to your machine somehow to alter the respective files. A pretty convenient way is to use the bootable installation CDs of some Linux distro and launch some "recovery console". If you can't see some comand like that you might try the ALT+F1..Fx keystroke to maybe get a clear console.

Once you have managed to get into a shell you need to mount the partition that holds your /etc directory. To reset the root password open the file /etc/passwd and look for a line starting with ...

root:x:.........

Delete the "x" in this line as it tells that the password is shadowed. Save the file.

Secondly open /etc/shadow and search for the entry for the user "root". This one usually looks like this ...

root:$s0m3fR1g9InMD5h45H:<numbers>:<more numbers>::::

Delete all values (the stuff between the columns) so that you get a line like this ...

root::::::::

Save the file, unmount the partitions and reboot. The root-account should not have set a password now, which you should change immediately again.

hope that helps

mrdinkel · 01-25-2005, 05:07 PM

couldn't you use the boot-from cd, chroot (root device) and reset it that way?

Member Login