No joke... Linux password recovery. What are my chances?

[Shuxclams]

I just got a call from a Lawyers office requesting I go to a clients and Ghost 3 PC's. 2 are W2K and one is Linux, nobody has any of the passwords and they need them for evidence. Even if I make the Ghost of the Linux HDD what or how can I get in without having any clue what ROOT password is? I know I could login single but then what?












SHUX

 

[MoFunk]

Well if your being told to do it. Then ghost them to an image and let them worry about it!

 

[Shuxclams]

Well the lawyer peeps are going to be there and they are going to want to see the info......













SHUX

 

[IJump]

try "password".




No one knows the root password? What happened to the guy/girl who set the computer up? Time for you to get some bad hacking skills I guess!!!

Here are some tips. Can't confirm that they work......

Here is another.

Good luck.


edit:

Yet another

 

[Scootin159]

I know this works for NT, but does it work for Linux?

Have a working linux box with a known root password. Pull the hard drive from the other linux box & put it in your new one. You should now be able to access the hard drive of the one with an unknown root password from the one with a known root password.

 

[dblevitan]

OK, here's what I would do:
1. Try to login single. This may not work, since the system can still require you enter the root password.
2. If that doesn't work, you can do the following. The passwords will most likely be stored in /etc/shadow (or maybe, if it's a bad distro, in /etc/passwd). If you delete the encrypted password in that file, you'll have access to root. The way to do this is to take the hard drive and put it into a computer which already has linux or windows loaded on it. On a windows computer there are programs which can access ext2 partitions and let you change files (just make sure you're using an editor which understands unix format text files). In a linux computer, it's even easier -just mound the drive and edit the files.
Hope this helps,
David Levitan

 

[n0cmonkey]

Try going into single user mode and enter "passwd" without the ""s. That should change the password. If you cannot get in that way, you can remove the hard drive, put it in another linux machine and manually mount it. If that is not an option, crack it.

 

[IJump]

hey guys, question, linux boot floppy maybe? That is in one of the links above and should be similar to throwing the drive in another computer with less work.

 

[n0cmonkey]

<< hey guys, question, linux boot floppy maybe? That is in one of the links above and should be similar to throwing the drive in another computer with less work. >>



That would probably be even easier. One of the floppy/cdr distros maybe.

 

[IJump]

boot into Klinux, shux. Then go through the stuff to get at the other drive. I know you have one of those disks laying around.

 

[Ken g6]

IJump's hit on it, I think. I know for a fact that Tom's Root Boot Linux can mount other Linux partitions; I've done it before. It will even mount a partition if LILO is missing from the HD, which is why I needed it. I've also tried it on Win2K, I believe, and I didn't get in; but it says it can mount NTFS, so maybe I'm just not that good with Linux.

Good luck!

 

[Nothinman]

Boot bypassing init incase single-user is passworded (Debian does this by default, not sure if any others do) by passing 'init=/bin/sh' to the kernel via LILO
From there remount the root filesystem read-write because it's still only read-only, by 'mount -o remount,rw /dev/whatever /'
Then type 'passwd' to change the root password.

 

[NorthenLove]

Regardless of whether he gets to image the drive or not he needs to get that root password from the person who installed that box or at least tell the lawyers that they should contact the person who set it up so they can get it.

 

[Mucman]

Why not boot into single user mode? Once in there do a fsck and mnt the filesystem and you can change the password there. That's how I got into an OpenBSD box that I needed to work on when the old admin had gone.

Albeit, that method is useless if single user mode is disabled

 

[Shuxclams]

I changed the root password, the system screen goes blank at the login screen.... :| Looks like the thing was used for spam, it has a million or two email addresses under /home/umg/P_4/xxxx L4m3rz.. The guy prolly administrated from SSH or something... How do I re-enable the screen at the login?









SHUX

 

[Shuxclams]

Actually I found VNCSERVER in init.d and rc5.d, I need to find out where the port config is stored... anyone know? Either that or how to re-enable the local input devices..













SHUX

 

[CTho9305]

<< Boot bypassing init incase single-user is passworded (Debian does this by default, not sure if any others do) by passing 'init=/bin/sh' to the kernel via LILO
From there remount the root filesystem read-write because it's still only read-only, by 'mount -o remount,rw /dev/whatever /'
Then type 'passwd' to change the root password. >>



go to google, and search for jon or john (?) password cracker, and crack the password. if its a good password, this solution will take a LONG time though

 

[n0cmonkey]

<<

<< Boot bypassing init incase single-user is passworded (Debian does this by default, not sure if any others do) by passing 'init=/bin/sh' to the kernel via LILO
From there remount the root filesystem read-write because it's still only read-only, by 'mount -o remount,rw /dev/whatever /'
Then type 'passwd' to change the root password. >>



go to google, and search for jon or john (?) password cracker, and crack the password. if its a good password, this solution will take a LONG time though >>



Why? The password can be changed easily another way. Plus you would still need that shadowed file.

Sorry, but I dont know how to get the screen or whatever back. Try another virtual terminal or whatever

 

[bevancoleman]

Boot of a dist install / rescue disc. Mount the hard disc. Thats all there is to it.