Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello, I lost root password on an old linux box that I need to recover. I remember that the password is not complex, so brute forcing should be possible, however I'm currently looking to find a user escalation vulnerability because this would likely be faster.
In the event that this fails, does anyone know of a script I could use to brute force my password?
(This is a local Mandriva box. I have the password for a non-root user.)
Thanks in advance.
Click here to see the post LQ members have rated as the most helpful post in this thread.
I don't think so that suggesting how to reset a root password using single user mode is violation to LQ rules. LQ prohibit talks on hacking and going in single usermode when you have physical access to the system (in single user mode you do not have network connectivity so person has to be physically there) is not hacking. And if a person has physical access to the system then he can do anything with the system if he want :-) hacking not required ;-)
@ Moderators
Moderators please correct if I am wrong. If I am then I sincerly apologise for my earlier post.
Last edited by T3RM1NVT0R; 01-14-2012 at 08:43 PM.
A couple of thoughts,
1) is sudo set up, to enable you to change the root passwd using the normal user accounts password
2) can you burn a new iso as a user?
You can boot to a live cd and modify /etc/passwd manually
I found a Live-CD, tried to mount my mandriva partition, and getting error that it can't mount because
it doesn't contain a valid partition table.
Isn't it great how a simple thing can turn into an impossible thing?
EDIT: it just occurred to me the problem is that my Live-CD is fedora 8 which is pretty old one. My hard drive is ext4 which it probably can't recognize.
Since the answer to this would likely be a breach of the LQ rules, i wont tell you how to do it.
Creating a new root account password (un-passworded runlevel 1 or S entry, alternative bootable medium) is not a breach of the LQ Rules as the myriad of threads on the subject show. What is a breach of the LQ Rules would be:
0) aiding the OP accomplishing things wrt his or her misguided approach:
Quote:
Originally Posted by Geminias
I'm currently looking to find a user escalation vulnerability because this would likely be faster.
...or
1) misguided attempts at promoting brute-forcing:
Quote:
Originally Posted by realbluntz
If you have the root password hash and know the hash type, you can [MODERATED]
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.