LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 11-11-2009, 03:44 PM   #1
MrMcGoo
LQ Newbie
 
Registered: Jun 2009
Distribution: Currently, Debian Lenny with no desktop sucks the least for me.
Posts: 23

Rep: Reputation: 0
Lost root password, can't reset


My wife's computer might have been entered. It's connected to my firewalled router and is running SUSE 10.2. My computers run BSD.

Anyway, I had to use YAST to install a printer, on her machine, as root, and discovered that the root password no longer worked, which caused me to become suspicious.

In order to enter rescue mode, one needs the install cd which I didn't have. So, I booted a Knoppix cd to edit the /etc/shadow file. I found that there was no encrypted root password, only an asterisk between the two colons. I deleted it, and then could log onto SUSE as root without a password.

However, all attempts to reset the root password with passwd fail. Typing "pwd" confirms I'm logged in as root, but after typing "passwd" I'm prompted for a password, which of course there is none.

Actually, I don't want to fix the problem in SUSE as I was going to install BSD anyways. I have all her stuff backed up and will wipe the hdd before the new install.

I'm just curious about the root password problem. Any thoughts here?
 
Old 11-11-2009, 04:08 PM   #2
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 729Reputation: 729Reputation: 729Reputation: 729Reputation: 729Reputation: 729Reputation: 729
"pwd" gives you the current working directory---not the login name. For the later, enter "users", or "whoami".

Did you become root by entering "su" or "su -"?

If you are not logged in as root, then "passwd" wants a password before it will go further.

You can boot into single-user mode and become root with no password required---like so:

when the grub menu appears, hit any key to stop the count, then "e" for edit.
select the kernel line, and "e" again.
Add the word "single" to the end to or the line
hit return and then "b"
 
Old 11-11-2009, 05:24 PM   #3
MrMcGoo
LQ Newbie
 
Registered: Jun 2009
Distribution: Currently, Debian Lenny with no desktop sucks the least for me.
Posts: 23

Original Poster
Rep: Reputation: 0
About "pwd" - sorry, my typo. wanted to say "whoami" which does confirm that I am logged in as root.

No su done. The etc/shadow file should contain the encrypted or hashed up root password between the first two colons. Remove those characters and then, after reboot, login as root is automatic without password. Quote the SUSE BIBLE - "You will find you can now reboot the system as root without a password." This is true.

As I have explained, although I am indeed logged in as root, when I attempt to reset the root password, it asks me for a password. Obviously, I cannot give one as firstly, the original one got busted, and secondly, I wiped out the asterisk that somehow found its way into where the hashed password should have been. Most importantly, I am already logged in as root, but passwd asks for a root password.

There is no grub menu. Rescue mode is what SUSE wants, and it's the mode I chose. I guess this is the SUSE version of single user mode.
 
Old 11-11-2009, 08:43 PM   #4
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.6, Centos 5.10
Posts: 16,324

Rep: Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041
I think you'll find its asking for the new passwd, even though the prompt doesn't say 'new'.
It'll look something like

passwd >
Re-enter passwd >
 
Old 11-11-2009, 09:06 PM   #5
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 729Reputation: 729Reputation: 729Reputation: 729Reputation: 729Reputation: 729Reputation: 729
Code:
mherring@Ath ~]$ su
Password:
[root@Ath mherring]# passwd
Enter new UNIX password:
Retype new UNIX password:
(I purposely entered different passwords so it would abort)
 
Old 11-11-2009, 11:36 PM   #6
MrMcGoo
LQ Newbie
 
Registered: Jun 2009
Distribution: Currently, Debian Lenny with no desktop sucks the least for me.
Posts: 23

Original Poster
Rep: Reputation: 0
Would someone please READ my question? I know how to reset a root and/or user password. This hasn't a thing to do with SU.

It has to do with the fact that when I wanted to be root, the root password was not accepted. I had it written down, used it before, and then it no longer worked. Either SUSE screwed up or someone, on the WAN not LAN, had gained access and changed it. It is a security, not a how-to question.

The root password (IN SUSE) is stored on the first line of the file /etc/shadow, not in its original state, but in a hashed/encrypted format. It is seen as a bunch of mishmash characters, separated by colons. The idea is to delete the characters between the first and second colons. Then one can log on as root without needing to enter a password.

Great, but you must have install cd#1 where you log into rescue mode to do this. Lacking the install cd, I did it by booting a Knoppix cd which automatically logs the user on as root. I then deleted all the hash characters between the first and second colons. Either way, the result is the same.

Now, I get logged on to SUSE as root without entering a password! YESI DO. Once logged on as root, I issue the command "passwd" and the o/s responds with "changing password for root" - then immediately "password: user not known to the underlying authentication module."

Thus, it is not possible to reset the root password.

Please understand: I don't want to fix the problem. Tomorrow, SUSE will be history, and my wife will be running BSD.

The question is: Given these circumstances, is it possible that my wife's computer was hacked, and for what possible reason?
 
Old 11-12-2009, 02:03 AM   #7
evo2
Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,591

Rep: Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244Reputation: 1244
Quote:
Originally Posted by MrMcGoo View Post
However, all attempts to reset the root password with passwd fail. Typing "pwd" confirms I'm logged in as root, but after typing "passwd" I'm prompted for a password, which of course there is none.
I agree it is strange that root is prompted for a password when running passwd.

However, no password, just means an empty string right? So what happens if you just hit enter?

One more question did you try running passwd both with no argument and explicitly as 'passwd root'?

Methinks it's some strange SUSE specific thing.

Evo2.

PS. Sorry, no idea about your actual question regarding if you wife's machine was cracked.

Last edited by evo2; 11-12-2009 at 02:05 AM. Reason: PS
 
Old 11-12-2009, 05:57 AM   #8
abefroman
Senior Member
 
Registered: Feb 2004
Location: lost+found
Distribution: CentOS
Posts: 1,278

Rep: Reputation: 53
Just boot it into single user mode.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Reset Root password hbenway AIX 9 08-19-2008 05:13 PM
How to retrieve( or reset) root password in Mandrake Linux, as I forgot my password? Reghunath Linux - Software 4 05-08-2008 05:11 AM
reset root password powah Linux - Security 5 09-15-2006 02:30 PM
reset root password kapslock Debian 14 07-27-2006 08:08 AM
Reset Root password sdsouza Linux - Software 5 11-12-2003 05:50 PM


All times are GMT -5. The time now is 05:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration