LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 09-29-2009, 02:41 PM   #1
Dopamine
LQ Newbie
 
Registered: Sep 2009
Posts: 14

Rep: Reputation: 0
Recover/Change UNIX root password from SSH terminal


Hello everyone

I am enrolled in a UNIX/Linux class at college and the instructor gave us an interseting side project. He wants us to try to find out the root password. He said we can even change it if we can get to that point, we dont have to know what the old one is.

We use Red Hat linux realse 8.0 (Psyche) 2.4.18-24. I found numerous tutorials on how to change the root password but you need to be physically at the machine which is out of the question for this project. We login remotely using PuTTy.

Since im using PuTTy to log in, can anyone point me in the right direction on how to go about this? Please if possible dont give me the answer XD i want to learn and have fun with this.

Thank you!


Dopamine
 
Old 09-29-2009, 02:56 PM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,610

Rep: Reputation: 518Reputation: 518Reputation: 518Reputation: 518Reputation: 518Reputation: 518
Is RH 8 old enough that it puts the encrypted passwords in the (readable) /etc/passwd ?
 
Old 09-29-2009, 03:03 PM   #3
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
This doesn't speak directly to your question, but it may be helpful as a learning tool: Damn Vulnerable Linux // on distrowatch

Not sure if it covers the precise scenario you've been asked to look into for your project.
 
Old 09-29-2009, 03:16 PM   #4
Dopamine
LQ Newbie
 
Registered: Sep 2009
Posts: 14

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by AlucardZero View Post
Is RH 8 old enough that it puts the encrypted passwords in the (readable) /etc/passwd ?
It puts the encrypted passwords in a file called 'shadow'. I am unable to copy or view the shadow file or /etc/passwd without root privlidges.
 
Old 09-29-2009, 03:16 PM   #5
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,610

Rep: Reputation: 518Reputation: 518Reputation: 518Reputation: 518Reputation: 518Reputation: 518
Find an exploit to get root privileges?
 
Old 09-29-2009, 03:30 PM   #6
Dopamine
LQ Newbie
 
Registered: Sep 2009
Posts: 14

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by AlucardZero View Post
Find an exploit to get root privileges?
Ok going to look into this ty dude.
 
Old 09-29-2009, 07:47 PM   #7
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,247

Rep: Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025
I think on old systems,

init 1

might work
 
Old 09-30-2009, 11:45 AM   #8
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by chrism01
I think on old systems,

init 1

might work
Doesn't he need to be root to do that?
 
Old 09-30-2009, 12:35 PM   #9
Dopamine
LQ Newbie
 
Registered: Sep 2009
Posts: 14

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by chrism01 View Post
I think on old systems,

init 1

might work
yea i got denied XD

/sbin]$ ./init 1
init: must be superuser.
 
Old 09-30-2009, 12:54 PM   #10
Myiagros
Member
 
Registered: Mar 2009
Distribution: Ubuntu, CentOS 5.3
Posts: 75

Rep: Reputation: 18
Any rules against using brute force attacks to try and get the password?
 
Old 09-30-2009, 01:32 PM   #11
Dopamine
LQ Newbie
 
Registered: Sep 2009
Posts: 14

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Myiagros View Post
Any rules against using brute force attacks to try and get the password?

We can use any method possible as long as we dont damage the system once we find/change the root password.

Is using a brute force attack the only option since im loggin in remotely?
 
Old 09-30-2009, 01:41 PM   #12
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
My hint (this is homework, right?) is for you to look at the system initialization (i.e. boot time or runlevel change) scripts. If you can find weaknesses in the permissions for any of those, with a little creativity you can have free reign.
 
Old 09-30-2009, 01:57 PM   #13
Dopamine
LQ Newbie
 
Registered: Sep 2009
Posts: 14

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by anomie View Post
My hint (this is homework, right?) is for you to look at the system initialization (i.e. boot time or runlevel change) scripts. If you can find weaknesses in the permissions for any of those, with a little creativity you can have free reign.
Yea this is homework, just a side project the instructor gave us for fun =D.
Ok sweet i will look into what the system initialization scripts are and go from there.
 
Old 09-30-2009, 06:19 PM   #14
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,247

Rep: Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025
Yeah , I forgot about the remote thing as well, ssh isn't running in level 1.
Just ignore that post.
I must have been trying to do something else here and just did a quick answer.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How could normal user obtain root password or change root password ckamheng Debian 18 02-18-2009 10:28 PM
change root password over ssh noir911 Linux - Server 2 01-06-2009 02:33 PM
[SOLVED] Need to recover or change root password. And must run "nano". ShellyCat Linux - Newbie 10 07-14-2007 03:01 PM
Best way for users to change/recover password psychobyte Linux - Networking 1 01-18-2006 12:58 AM
Recover Root password Dannyb Linux - Newbie 7 10-25-2001 12:04 PM


All times are GMT -5. The time now is 08:41 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration