Re: [gentoo-user] Forgotten root password on remote system
Grant wrote: I have forgotten the root password of my remote server. Is there any way to retrieve or reset it? This is my way to solve your problem (and a lot of other problems too): Ask some guy on remote side do this: 1. Put Knoppix CD into drive and reboot 2. answer knoppix 2 to boot: prompt and hit Enter (If prompt doesn't occur, it's probably necessary to change booting order in BIOS.) 3. when root prompt # appears, write these commands: # ifconfig eth0 server's-IP netmask proper-netmask # route add default gw gateway's-IP # passwd put twice this password: word # /etc/init.d/sshd start - If everything went OK, u have now remote access to the server and u can do anything u like. U can change password, repair broken lilo or grub setup, repair broken filesystem, install gentoo ... etc. To change password, follow these steps: mv ~/.ssh/known_hosts{,.bak} ssh [EMAIL PROTECTED] mkdir /gentoo mount /dev/root-device /gentoo chroot /gentoo passwd(now u are changeing server's password) exit (from chroot) init 6; exit (server reboot) mv ~/.ssh/known_hosts{.bak,} Ask remote guy take out Knoppix CD and press Enter. U can adopt this receipt to any other bootable media (CD, DVD, usb key, HDD, etc.) with nearly any live linux on it (Gentoo, Slax ...) HTH, noro -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Forgotten root password on remote system
Frank Schafer wrote: There is no official hack to get the password out of the machine. It is nowhere stored in uncrypted form and the crypting algorithm itself is not reversable. Yes, u are right, but encrypted passwords are stored in /etc/shadow, and therefore u can try to decrypt them (using brutal force) by john (emerge johntheripper). noro -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Forgotten root password on remote system
On Sun, 28 Aug 2005, Norbert Kamenicky wrote: Ask some guy on remote side do this: 1. Put Knoppix CD into drive and reboot 2. answer knoppix 2 to boot: prompt and hit Enter (If prompt doesn't occur, it's probably necessary to change booting order in BIOS.) 3. when root prompt # appears, write these commands: # ifconfig eth0 server's-IP netmask proper-netmask # route add default gw gateway's-IP # passwd put twice this password: word # /etc/init.d/sshd start A Gentoo LiveCD could be used the same way. -- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Forgotten root password on remote system
On Fri, 2005-08-26 at 07:50 +0200, Dirk Heinrichs wrote: Am Donnerstag, 25. August 2005 18:21 schrieb ext Willie Wong: Your best bet is to get someone your trust to boot into single for you and reset the password there. Single wouldn't work, You still get a login: prompt. The only ways to get at it are LiveCD or booting with init=/bin/bash. Bye... Dirk Right. Due to the fact that he got a new password, I think they did it exactly that way (LifeCD or boot disc). There is no official hack to get the password out of the machine. It is nowhere stored in uncrypted form and the crypting algorithm itself is not reversable. 0.02$ Frank -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Forgotten root password on remote system
On 8/26/05, Frank Schafer [EMAIL PROTECTED] wrote: On Fri, 2005-08-26 at 07:50 +0200, Dirk Heinrichs wrote: Am Donnerstag, 25. August 2005 18:21 schrieb ext Willie Wong: Your best bet is to get someone your trust to boot into single for you and reset the password there. Single wouldn't work, You still get a login: prompt. The only ways to get at it are LiveCD or booting with init=/bin/bash. Bye... DirkRight. Due to the fact that he got a new password, I think they did itexactly that way (LifeCD or boot disc).There is no official hack to get the password out of the machine. It is nowhere stored in uncrypted form and the crypting algorithm itself isnot reversable. Not the best way to do it, but getting the crypted form of the root pass and using it for a brute-force attack wouldn't get a good result? By good result I mean a positive match within a short period of time! Of course I assume for that, that he had an idea of what was the password like.. number of characters, use of symbols, and so, so that he could apply the attack as nearer of the real pass as possible.. would this be a possible way to do it?
Re: [gentoo-user] Forgotten root password on remote system
IYpi3tbduwbfwm Such a password can't be cracked by brute force. ... and it's easy to remember. If Your password is 3 times better, don't use words brute force won't matter. I use to use SUCH passwords. ;) On Fri, 2005-08-26 at 08:46 +, Fernando Meira wrote: On 8/26/05, Frank Schafer [EMAIL PROTECTED] wrote: On Fri, 2005-08-26 at 07:50 +0200, Dirk Heinrichs wrote: Am Donnerstag, 25. August 2005 18:21 schrieb ext Willie Wong: Your best bet is to get someone your trust to boot into single for you and reset the password there. Single wouldn't work, You still get a login: prompt. The only ways to get at it are LiveCD or booting with init=/bin/bash. Bye... Dirk Right. Due to the fact that he got a new password, I think they did it exactly that way (LifeCD or boot disc). There is no official hack to get the password out of the machine. It is nowhere stored in uncrypted form and the crypting algorithm itself is not reversable. Not the best way to do it, but getting the crypted form of the root pass and using it for a brute-force attack wouldn't get a good result? By good result I mean a positive match within a short period of time! Of course I assume for that, that he had an idea of what was the password like.. number of characters, use of symbols, and so, so that he could apply the attack as nearer of the real pass as possible.. would this be a possible way to do it? -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Forgotten root password on remote system
On 8/26/05, Frank Schafer [EMAIL PROTECTED] wrote: IYpi3tbduwbfwmSuch a password can't be cracked by brute force and it's easy to remember.If Your password is 3 times better, don't use words brute force won'tmatter. Well.. that just depends on how strong the password was! A brute-force attack would get there.. sooner or later!! For being sooner than later, the idea was to provide the attack with accurate characteristics of the password: number of chars, alphanumeric, upper and lower-case.. and such things..
Re: [gentoo-user] Forgotten root password on remote system
On 25 August 2005 17:04, John Dangler wrote: Grant~ I had the same thing happen to me on one of our dedi servers. I called the isp and they had a way of recovering the password, although it cost me $75 to get it done. Basically, they told me that it's a sophisticated 'hack' into the machine to get it back. If there's another way, I'd also be very interested in knowing what it is. If you have physical access to the box there is nothing sophisticated about it. Uwe -- 95% of all programmers rate themselves among the top 5% of all software developers. - Linus Torvalds http://www.uwix.iway.na (last updated: 20.06.2004) -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Forgotten root password on remote system
On 8/26/05, Frank Schafer [EMAIL PROTECTED] wrote: Hmmm, I think the example password should be strong enough but You areright. Sooner or later it will come in (if sooner is something amongst some hundreds of years and later something amongst some thousands ;)BTW: There isn't only the password. There are log analyzers too.Let such an analyzer catch auth failure - say 20 times within less thanhalf an hour - for root remote, then it can block access from this IP, if it catches local auth failure for root - 20 times within less thanhalf an hour - it can logaut the user (kill his login shell) and blockthe account. Mine does so. Well, in this case the sooner is something amongst some millions of years and the later something amongst sometrillions but this already goes into the direction of IDS. You're lacking optimism... Of course the brute-force attack was not supposed to be done remotely! You can pull passwd to your local machine and the let your computer handle it without interruptions. If some proprieties of the password are known beforehand, then sooner would be a matter of hours and later a couple of days. This is not even putting into the game some distributed computing...
Re: [gentoo-user] Forgotten root password on remote system
On 8/26/05, Fernando Meira [EMAIL PROTECTED] wrote: You're lacking optimism... Of course the brute-force attack was not supposed to be done remotely! You can pull passwd to your local machine and the let your computer handle it without interruptions. If some proprieties of the password are known beforehand, then sooner would be a matter of hours and later a couple of days. This is not even putting into the game some distributed computing... True, but if you use shadow to store your passwords your in much better shape since the average hacker can't get a hold of the root owned shadow file. -Mike -- Michael E. CruteSoftware DeveloperSoftGroup Development CorporationLinux, because reboots are for installing hardware.In a world without walls and fences, who needs windows and gates?
Re: [gentoo-user] Forgotten root password on remote system
Well, when one of my servers got brute forced it was 5+ computers doing it at a time in 10 second intervals... On 8/26/05, Michael Crute [EMAIL PROTECTED] wrote: On 8/26/05, Fernando Meira [EMAIL PROTECTED] wrote: You're lacking optimism... Of course the brute-force attack was not supposed to be done remotely! You can pull passwd to your local machine and the let your computer handle it without interruptions. If some proprieties of the password are known beforehand, then sooner would be a matter of hours and later a couple of days. This is not even putting into the game some distributed computing... True, but if you use shadow to store your passwords your in much better shape since the average hacker can't get a hold of the root owned shadow file. -Mike -- Michael E. CruteSoftware DeveloperSoftGroup Development CorporationLinux, because reboots are for installing hardware. In a world without walls and fences, who needs windows and gates?
Re: [gentoo-user] Forgotten root password on remote system
I use john the ripper to test the passwords on my machines. I created accounts for all those I wanted to test using the original passwords (all of which I know!), took a copy of the files then deleted the accounts. It took 17 days to bruteforce the root on one machine. Its now 46 days and none of the others (root or user) have cracked yet. Machine is a 677Mhz P3 coppermine running as my gateway (hence its up 24/7) with john niced down to 19. moriah ~ # john -status guesses: 1 time: 46:04:14:17 (3) c/s: 1341 moriah ~ # Two questions, 1) are there any good dictionaries for john that add to the standard one, and 2) what other common password crackers are good for this purpose (i.e., likely to be used by the bad guys) BillK On Fri, 2005-08-26 at 16:07 +0200, Frank Schafer wrote: On Fri, 2005-08-26 at 09:45 +, Fernando Meira wrote: On 8/26/05, Frank Schafer [EMAIL PROTECTED] wrote: IYpi3tbduwbfwm -- William Kenworthy [EMAIL PROTECTED] Home! -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Forgotten root password on remote system
Well, if you or someone at the location has access to grub they could add the singleuser flag. This will allow you to change the password. On 8/25/05, Grant [EMAIL PROTECTED] wrote: I have forgotten the root password of my remote server.Is there anyway to retrieve or reset it? - Grant--gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Forgotten root password on remote system
remotely? if there is, couldn't anyone get it? If the system is patched and up-to-date, you should have to be at the keyboard. On Thursday 25 August 2005 10:47, Grant wrote: I have forgotten the root password of my remote server. Is there any way to retrieve or reset it? - Grant -- John Jolet Your On-Demand IT Department 512-762-0729 www.jolet.net [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
RE: [gentoo-user] Forgotten root password on remote system
I have forgotten the root password of my remote server. Is there any way to retrieve or reset it? sarcasm Sure, just use the root backdoor service that every linux system exposes to connect and change the password. Ooops, the secret's out, I guess I have to worry about all of you folks using it to change the password on my boxen. /sarcasm Sorry, couldn't resist. Of course there is no way at all to do this, nor would you want to be able to, cause if you could do it anyone could and would do it. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Forgotten root password on remote system
Well, if you or someone at the location has access to grub they could add the singleuser flag. This will allow you to change the password. Thanks for a real solution. They will attach a KVM unit to the machine and I can log into the KVM. Would that help? - Grant I have forgotten the root password of my remote server. Is there any way to retrieve or reset it? - Grant -- gentoo-user@gentoo.org mailing list
RE: [gentoo-user] Forgotten root password on remote system
On Thu, 25 Aug 2005, Dave Nebinger wrote: Sorry, couldn't resist. Of course there is no way at all to do this, nor would you want to be able to, cause if you could do it anyone could and would do it. That's not technically true and the sarcasm wasn't really warranted. I can think of a couple of possibilities, of course they assume a couple of other things but saying there is no way at all to do this is a little harsh and technically inaccurate. Ric -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Forgotten root password on remote system
On 8/25/05, Willie Wong [EMAIL PROTECTED] wrote: AFAIK it is not possible short of brute force hacking it. If it were,it sort of defeats the point of security on the box...Your best bet is to get someone your trust to boot into single for youand reset the password there. W--ARTHURIt's not a question of whose habitat it is, it's aquestion ofhow hard you hit it.- Arthur pointing out one of the disadvantages of gravity,Fit the Tenth.Sortir en Pantoufles: up 13 days, 19:22 --gentoo-user@gentoo.org mailing listAll you really need is an account with sudo rights then `sudo passwd root` and your all set, else your suck with singleuser. -Mike-- Michael E. CruteSoftware DeveloperSoftGroup Development CorporationLinux, because reboots are for installing hardware.In a world without walls and fences, who needs windows and gates?
Re: [gentoo-user] Forgotten root password on remote system
On 8/25/05, Grant [EMAIL PROTECTED] wrote: Thanks for a real solution.They will attach a KVM unit to themachine and I can log into the KVM.Would that help?- Grant--gentoo-user@gentoo.org mailing list Sure that would work but if you have a sudo user your can do it without rebooting. -Mike-- Michael E. CruteSoftware DeveloperSoftGroup Development CorporationLinux, because reboots are for installing hardware.In a world without walls and fences, who needs windows and gates?
RE: [gentoo-user] Forgotten root password on remote system
Sorry, couldn't resist. Of course there is no way at all to do this, nor would you want to be able to, cause if you could do it anyone could and would do it. That's not technically true and the sarcasm wasn't really warranted. I can think of a couple of possibilities, of course they assume a couple of other things but saying there is no way at all to do this is a little harsh and technically inaccurate. Sarcasm was warranted because the OP obviously was thinking more about how he could get root back than how insecure his system would be if it were possible. Or perhaps the OP wasn't talking about a remote system of his own, but actually your system (which is remote to him), in which case anyone that gave him a valid response is compromising their own system security. There is now way at all to do this most certainly is accurate. This assumes that (a) the OP is neither a skilled hacker/cracker and (b) the OP hasn't specifically set the system up to support this sort of thing. Sure, there are ways to do it from within and without of the system if you have those things in place. From within the system a sticky bit on the passwd executable would do the trick. For access from outside the system you could do anything from developing a web page to do it all the way down to building a custom service that handles the change. But none of these things are feasible *after* you've forgotten root's password as you can't make the necessary file additions/modifications. Saying there is no way at all to do this for the everyday user is most certainly accurate. Otherwise system security for linux would be a joke, and we all know that's far from the case. And I defy you to prove otherwise... -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Forgotten root password on remote system
On Thu, Aug 25, 2005 at 12:38:42PM -0400, Michael Crute wrote: All you really need is an account with sudo rights then `sudo passwd root` and your all set, else your suck with singleuser. If the OP has sudo set up, would he really be sending a mail to the list? And if he didn't, setting up sudo would be a catch 22 now, wouldn't it? Though, granted, the OP did only say he lost root passwd, and not superuser access... W -- Your mom is a monolithic kernel! Sortir en Pantoufles: up 13 days, 21:43 -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Forgotten root password on remote system
On 8/25/05, Willie Wong [EMAIL PROTECTED] wrote: If the OP has sudo set up, would he really be sending a mail to thelist? And if he didn't, setting up sudo would be a catch 22 now,wouldn't it?Though, granted, the OP did only say he lost root passwd, and not superuser access...Indeed and most often the most obvious solution is the one that you have overlooked. -Mike-- Michael E. CruteSoftware DeveloperSoftGroup Development CorporationLinux, because reboots are for installing hardware.In a world without walls and fences, who needs windows and gates?
Re: [gentoo-user] Forgotten root password on remote system
Well, I just remembered hearing about rootkits.I think all you need is access to a user and a rootkit, but I haven't used one so I wouldn't know...but a simple google search came up with some linux rootkits:p
RE: [gentoo-user] Forgotten root password on remote system
yeah - and someone using a rootkit was able to successfully login to our old dedicated server and wreak havoc on it, too. That led to a complete rebuild of the server (which now runs seLinux... (Understandably, there may have been steps we could/should have taken to prevent it, but this was setup by our isp and was supposed to be 'secure')... John D -Original Message- From: Greg Shikhman [mailto:[EMAIL PROTECTED] Sent: Thursday, August 25, 2005 3:23 PM To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Forgotten root password on remote system Well, I just remembered hearing about rootkits. I think all you need is access to a user and a rootkit, but I haven't used one so I wouldn't know...but a simple google search came up with some linux rootkits :p -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Forgotten root password on remote system
Grant~ I had the same thing happen to me on one of our dedi servers. I called the isp and they had a way of recovering the password, although it cost me $75 to get it done. Basically, they told me that it's a sophisticated 'hack' into the machine to get it back. If there's another way, I'd also be very interested in knowing what it is. John D Booyah, thanks John. LayeredTech.com hooked it up without charge. - Grant -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Forgotten root password on remote system
On Thursday August 25 2005 10:47 am, Grant wrote: I have forgotten the root password of my remote server. Is there any way to retrieve or reset it? If you can get access to the root partition (ie:mount from a livecd) and have a working /etc/passwd with a known password for root, move the original passwd file (or merge other users into the known file keeping the root entry of course)... this might grant you access. -jm -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Forgotten root password on remote system
Wow! That was decent of them. Is it a dedicated server or a colo ? John D Hey John, It's a dedicated (not virtual dedicated) box. They changed the password and forwarded me the new one. - Grant -- gentoo-user@gentoo.org mailing list
RE: [gentoo-user] Forgotten root password on remote system
Hmm - Maybe I need to look into a different service ? John -Original Message- From: Grant [mailto:[EMAIL PROTECTED] Sent: Thursday, August 25, 2005 5:52 PM To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Forgotten root password on remote system Wow! That was decent of them. Is it a dedicated server or a colo ? John D Hey John, It's a dedicated (not virtual dedicated) box. They changed the password and forwarded me the new one. - Grant -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Forgotten root password on remote system
Hmm - Maybe I need to look into a different service ? John I can tell you that I'm happy with Layered Tech. They told me I would have to rent a KVM unit from them to get started with the LiveCD when I was first installing. It flipped me out but they wouldn't budge. The funny thing is, when I was ready to go they didn't have any KVM units available so they set up SSH access from the LiveCD after all. I see sustained transfer rates of 1.2Mbps in portage. - Grant -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Forgotten root password on remote system
On Thu, 25 Aug 2005 12:38:42 -0400 Michael Crute [EMAIL PROTECTED] wrote: All you really need is an account with sudo rights then `sudo passwd root` and your all set, else your suck with singleuser. This is a bad idea as it creates two effective root passwords. One of them even has the ability to log in through the network. Just find the priveleged user's password and then change the real root one. -- Ian. EOM -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Forgotten root password on remote system
On 8/25/05, Ian Hastie [EMAIL PROTECTED] wrote: This is a bad idea as it creates two effective root passwords.One ofthem even has the ability to log in through the network.Just find thepriveleged user's password and then change the real root one. OTYou have a point here but I find it easier to grant sudo priviledges to the admins rather than try to give them all the root password, and since we change our root weekly (policies... bah) it would be a maintenance nightmare to try to keep everyone in the loop. Plus sudo offers the ability to revoke root priviledges plus the ability to limit sudo rights to a set of commands (if you so choose). Overall I think sudo is the better way to go. But thats just my $0.02 /OT-- Michael E. CruteSoftware DeveloperSoftGroup Development CorporationLinux, because reboots are for installing hardware.In a world without walls and fences, who needs windows and gates?
Re: [gentoo-user] Forgotten root password on remote system
Am Donnerstag, 25. August 2005 18:21 schrieb ext Willie Wong: Your best bet is to get someone your trust to boot into single for you and reset the password there. Single wouldn't work, You still get a login: prompt. The only ways to get at it are LiveCD or booting with init=/bin/bash. Bye... Dirk -- Dirk Heinrichs | Tel: +49 (0)162 234 3408 Configuration Manager | Fax: +49 (0)211 47068 111 Capgemini Deutschland | Mail: [EMAIL PROTECTED] Hambornerstraße 55 | Web: http://www.capgemini.com D-40472 Düsseldorf | ICQ#: 110037733 GPG Public Key C2E467BB | Keyserver: www.keyserver.net pgpK0NHrgpUJY.pgp Description: PGP signature