LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-27-2011, 09:57 AM   #1
rjo98
Senior Member
 
Registered: Jun 2009
Location: US
Distribution: RHEL, CentOS
Posts: 1,674

Rep: Reputation: 47
Recovering a password


I have multiple servers, all of which have the same account with the same password, setup by someone who know longer is around. Is there any way to figure out what that password is, so i can create the same account on a new server without having to reset the password on all the other servers. I'm not sure what resetting that password would break on the others, so I dont want to do that.
 
Old 04-27-2011, 11:10 AM   #2
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
Hi,

It is very hard/almost impossible to recover a password.

If you have root access you could copy the hash from the /etc/shadow file from one of the servers to the new server. I.e:

- create the account on the new server (don't set a password), something like the following is now present in the /etc/shadow file:
Code:
foobar:!:15091:0:99999:7:::
- Open the /etc/shadow file on a server that already has this account and look for that user, you see something like this:
Code:
foobar:$1$ivXLmWAB$90ILxAyDTLQi6wKOYovpx1:15091:0:99999:7:::
- replace the ! on the new account with the bold part from the known account.

Although the above does work, I would strongly suggest to change the password on all servers. Do this one at the time over a period of days (and skip Fridays) and let users know that something might stop working, if so fix it.

Hope this helps.

Last edited by druuna; 04-27-2011 at 11:26 AM. Reason: spelling
 
1 members found this post helpful.
Old 04-27-2011, 11:11 AM   #3
jadrevenge
Member
 
Registered: Mar 2011
Location: Manchester,UK
Distribution: OpenIndiana/Ubuntu
Posts: 36

Rep: Reputation: 2
if you can get at the encrypted password tools like "john the ripper" will allow you to either use a dictionary style attack or a brute force attack.

changing the password shouldn't cause any major changes unless it is hardcoded into an application ... and if it is you should be able to get the password out of that application.

Jon
 
Old 04-27-2011, 11:20 AM   #4
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
Hi,
Quote:
Originally Posted by jadrevenge View Post
if you can get at the encrypted password tools like "john the ripper" will allow you to either use a dictionary style attack or a brute force attack.
In the end you might get the password, but a good password takes a long time to "guess".

I let John the Ripper have a go at my root password a while back and I cancelled it after it ran 5 days 24/7 and still didn't come up with it........

If strong passwords are enforced, running John the Ripper might be pointless. If, on the other hand, there is no password policy you might have a chance.
 
Old 04-27-2011, 11:24 AM   #5
rjo98
Senior Member
 
Registered: Jun 2009
Location: US
Distribution: RHEL, CentOS
Posts: 1,674

Original Poster
Rep: Reputation: 47
yeah, i'm afraid its hard coded into a bunch of stuff that's way over my head and all hell might break loose. maybe i'll try that program if i cant guess what it is, which i haven't had any luck at yet.
 
Old 04-27-2011, 11:39 AM   #6
savona
Member
 
Registered: Mar 2011
Location: Bellmawr, NJ
Distribution: Red Hat / Fedora
Posts: 195

Rep: Reputation: 50
Quote:
Originally Posted by rjo98 View Post
yeah, i'm afraid its hard coded into a bunch of stuff that's way over my head and all hell might break loose. maybe i'll try that program if i cant guess what it is, which i haven't had any luck at yet.
If you had a competent admin before yourself chances are he set the account to be locked out after some number of failed attempts. Personally I set this to 3 failed attempts. Chances are the account is already locked out.
 
Old 04-27-2011, 11:41 AM   #7
rjo98
Senior Member
 
Registered: Jun 2009
Location: US
Distribution: RHEL, CentOS
Posts: 1,674

Original Poster
Rep: Reputation: 47
the guy before me was far from competent (at least from what i'm told), but i bet the accounts lock out so brute forcing wouldn't help.
 
Old 04-27-2011, 11:59 AM   #8
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by jadrevenge
if you can get at the encrypted password tools like "john the ripper" will allow you to either use a dictionary style attack or a brute force attack.
John is a fantastic utility, but a strong password could take you many months to guess (unless you have a very impressive CPU farm, coupled with an equally impressive password dictionary, at your disposal).

Side note: You are not at risk of being "locked out". John operates on a de-shadowed copy of user passwd(5) entries.

Quote:
Originally Posted by rjo98
yeah, i'm afraid its hard coded into a bunch of stuff that's way over my head and all hell might break loose.
Well, then you're in luck. Find where it's hard coded and simply take the password from there.

Last edited by anomie; 04-27-2011 at 12:02 PM.
 
Old 04-27-2011, 12:00 PM   #9
rjo98
Senior Member
 
Registered: Jun 2009
Location: US
Distribution: RHEL, CentOS
Posts: 1,674

Original Poster
Rep: Reputation: 47
believe me, i'm trying to find it, but not having any luck so far. i may just create a new account on all the servers, might be easiest/best.
 
Old 04-27-2011, 12:09 PM   #10
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by rjo98
believe me, i'm trying to find it, but not having any luck so far.
There are some tricks to help. For instance:
Code:
# find / -type f -exec grep 'account_here' {} \; -print 2>/dev/null
(replace 'account_here' with the username you're looking for..)
 
Old 04-27-2011, 12:19 PM   #11
rjo98
Senior Member
 
Registered: Jun 2009
Location: US
Distribution: RHEL, CentOS
Posts: 1,674

Original Poster
Rep: Reputation: 47
that turned up nothing well at least on this server.
 
Old 04-27-2011, 01:50 PM   #12
lisle2011
Member
 
Registered: Mar 2011
Location: Surrey B.C. Canada (Metro Vancouver)
Distribution: Slackware 2.6.33.4-smp
Posts: 183
Blog Entries: 1

Rep: Reputation: 25
lost password

With so many servers you must do backups?

If not then you should?

Here are some facts concerning backups:

1. 50% of all backups fail;
2. 100% of all drives and backup media fails;
3. Backing up is only half the process the other half is to do a test restore;
4. Besides doing a tape backup have the tape backup a file, a nice tif file will work and use that file as the test restore, do it every day;
5. If you are running a database, probably an SQL variant, at the time of day/night the database is least active have the database dump all it's tables as text (csv) i.e. SELECT * FROM {all the tables}; and write them to the hard drive. All good databases can do this and you can put a job in the database to do it automatically.

Later burn the CSV files to a cd/dvd. Make sure you got them on the cd or cd's.
All database programs can do a backup of themselves, do it daily and write it to the hard drive.
Copy the servers backup to a cd/dvd/s.
Store tapes and cd/dvd/s OFF-SITE; if the place burns down overnight you are still hooped if you are storing that stuff in the office.
Make sure the person assigned to do this work is diligent, if not get someone else.
This person does not need to be an IT person they just need a good written script and a little training.

You will be the shining star of the corporation when you produce GOOD backups and you must test to make sure they are good backups. Without them you will probably be looking for another job.

You may have lost some data but it will only be few hours of lost data, better than losing th entire database.

Not only do hard drives fail but the cables and the cards (raid drives) also fail.
If you are using mirrored OS drives and the machine goes down make sure you break the mirror before you boot into the system.
Errors on mirrored OS drives corrupt the Mirror on bootup.
If that disk doesn't boot try the other one, chances are it will be OK.
If you are not using mirrored drives for the OS and raid for everything else, programs and data you will probably suffer the consequences.
Do not use the OS drives for data period.
Runaway processes can fill up a hard drive lickety split.
Nobody advertizes that they just had a failure but even very large corporations suffer from the same disease - backup lethargy.
Backup is the most important task the IT dept has to accomplish on a daily basis.

Good Luck

David
 
Old 04-27-2011, 02:00 PM   #13
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,527

Rep: Reputation: 898Reputation: 898Reputation: 898Reputation: 898Reputation: 898Reputation: 898Reputation: 898
And how is this relevant to the original question?

Kind regards
 
Old 04-27-2011, 04:21 PM   #14
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 18,333

Rep: Reputation: 3891Reputation: 3891Reputation: 3891Reputation: 3891Reputation: 3891Reputation: 3891Reputation: 3891Reputation: 3891Reputation: 3891Reputation: 3891Reputation: 3891
Quote:
Originally Posted by repo View Post
And how is this relevant to the original question?
Kind regards
I think lisle2011 was going for "why don't you restore your /etc/shadow and /etc/passwd files from backups?", before arcing off.
 
1 members found this post helpful.
Old 04-28-2011, 11:45 AM   #15
lisle2011
Member
 
Registered: Mar 2011
Location: Surrey B.C. Canada (Metro Vancouver)
Distribution: Slackware 2.6.33.4-smp
Posts: 183
Blog Entries: 1

Rep: Reputation: 25
My prior post

Hi,

Didin't really mean to get on such a sidetrack, i have strong views on making backups as all media fails. I want to know if this is a group of Linux servers or if they have Windows components?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
recovering root password rkd7474 Linux - Newbie 8 02-09-2011 03:25 AM
Recovering password from cinternet kaesekrainer Linux - General 2 08-04-2007 03:31 AM
recovering root password isaacvimal Red Hat 3 04-02-2005 09:47 AM
Recovering Linux Password. chamalsl Linux - Security 6 02-14-2005 12:16 PM
Recovering XP Password using Knoppix doctor_damien Linux - Newbie 6 05-03-2004 04:09 AM


All times are GMT -5. The time now is 05:21 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration