I have a running system that I have forgotten the root password. I really do not want to take down the system, go through the steps to boot up in single user mode and change the password.
I just happen to have used the same password on a test system, so I was able to copy the /etc/passwd, edit it so that it only contains the root user and feed it into john on a notebook I have (F22).
Well john has been working for 20 hours (one cpu pegged at 100%). I did not think the password was that complex!
Anyone have any experience with this? Is there a better cracker than john? I DO know a couple of the letters in the password (not the numbers or special characters or the letter case) and password length. Is there some tool that I can feed in a partial password like 'a?bc??d?"?
thanks
On 11/21/2016 12:25 PM, Robert Moskowitz wrote:
I have a running system that I have forgotten the root password. I really do not want to take down the system, go through the steps to boot up in single user mode and change the password.
I just happen to have used the same password on a test system, so I was able to copy the /etc/passwd, edit it so that it only contains the root user and feed it into john on a notebook I have (F22).
Well john has been working for 20 hours (one cpu pegged at 100%). I did not think the password was that complex!
Copy /etc/passwd from the running system onto your notebook (Be sure to save the regular copy, of course.) and then boot into single user mode to change the password.
On 11/21/2016 03:54 PM, Joe Zeff wrote:
On 11/21/2016 12:25 PM, Robert Moskowitz wrote:
I have a running system that I have forgotten the root password. I really do not want to take down the system, go through the steps to boot up in single user mode and change the password.
I just happen to have used the same password on a test system, so I was able to copy the /etc/passwd, edit it so that it only contains the root user and feed it into john on a notebook I have (F22).
Well john has been working for 20 hours (one cpu pegged at 100%). I did not think the password was that complex!
Copy /etc/passwd from the running system onto your notebook (Be sure to save the regular copy, of course.) and then boot into single user mode to change the password.
Um, how to I get the REAL /etc/passwd file from the system when logged in as a regular user? Yeah, I did things like this back in the days before /etc/shadow, but since then...
On Mon, 2016-11-21 at 13:12 -0800, Joe Zeff wrote:
On 11/21/2016 01:06 PM, Robert Moskowitz wrote:
Um, how to I get the REAL /etc/passwd file from the system when logged in as a regular user? Yeah, I did things like this back in the days before /etc/shadow, but since then...
Ah! I'd forgotten about that. Maybe copy both?
/etc/shadow is only readable by root ...
poc
The stupid build for this system has no sudo installed!
First thing I fix once I recover the password...
john has been running for 35 hrs.
On 11/21/2016 07:03 PM, fred roller wrote:
Is the user in the sudo group?
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
On 11/21/2016 04:33 PM, Robert Moskowitz wrote:
The stupid build for this system has no sudo installed!
First thing I fix once I recover the password...
john has been running for 35 hrs.
Uhm, running a cracker for 35 hours is more efficient than rebooting off a CD in rescue mode, mounting the root filesystem and modifying the /etc/shadow file or "chrooting" to it and simply running "passwd"?
Just asking...
On 11/21/2016 07:44 PM, Rick Stevens wrote:
On 11/21/2016 04:33 PM, Robert Moskowitz wrote:
The stupid build for this system has no sudo installed!
First thing I fix once I recover the password...
john has been running for 35 hrs.
Uhm, running a cracker for 35 hours is more efficient than rebooting off a CD in rescue mode, mounting the root filesystem and modifying the /etc/shadow file or "chrooting" to it and simply running "passwd"?
This notebook is normally off unless I am copying a tape via audacity or some other such task. So other than it sitting over on the corner of my desk running along and reminding me it is cracking, it is no real time, and I can work at my desk writing my reports. All the rest of that is real work. :)
Just asking... _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
Hate to say it but you could have booted to a live disk and reset the password by now, unless the drive is encrypted... Just an interesting problem at this point. Still worth pursuing for the "can it be done" value IMO.
If you want no downtime, use sucrack+john. Take https://labs.portcullis.co.uk/download/sucrack-1.2.3.tar.gz and https://github.com/magnumripper/JohnTheRipper
Compile and run as folows
./john -min-len=8 -max-len=12 -mask="password?d" --stdout | SUCRACK_AUTH_FAILURE="su: Authentication failure" ./sucrack -u root -w 25
Where -mask is your partial password mask min/max expected length range to try
Read https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/doc/MASK
2016-11-21 22:25 GMT+02:00 Robert Moskowitz rgm@htt-consult.com:
I have a running system that I have forgotten the root password. I really do not want to take down the system, go through the steps to boot up in single user mode and change the password.
I just happen to have used the same password on a test system, so I was able to copy the /etc/passwd, edit it so that it only contains the root user and feed it into john on a notebook I have (F22).
Well john has been working for 20 hours (one cpu pegged at 100%). I did not think the password was that complex!
Anyone have any experience with this? Is there a better cracker than john? I DO know a couple of the letters in the password (not the numbers or special characters or the letter case) and password length. Is there some tool that I can feed in a partial password like 'a?bc??d?"?
thanks _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
On Mon, Nov 21, 2016 at 03:25:40PM -0500, Robert Moskowitz wrote:
Well john has been working for 20 hours (one cpu pegged at 100%). I did not think the password was that complex!
Without using cloud resources or multiple GPUs, these programs are really going to be effective with older -- and faster -- has methods like MD5 (or, wow, DES). In Fedora, we use SHA-512.
On Mon, Nov 21, 2016 at 08:07:26PM -0500, Matthew Miller wrote:
On Mon, Nov 21, 2016 at 03:25:40PM -0500, Robert Moskowitz wrote:
Well john has been working for 20 hours (one cpu pegged at 100%). I did not think the password was that complex!
Without using cloud resources or multiple GPUs, these programs are really going to be effective with older -- and faster -- has methods like MD5 (or, wow, DES). In Fedora, we use SHA-512.
I ran into a password cracker in the last year or so that has a version that uses GPU. Too bad I can't remember its name...
Ah, it is called hashcat. I don't really know how to use it, I've not messed with it in some time, and wasn't a guru, ever. but you can find it at hashcat.net.
On 11/21/2016 02:25 PM, Robert Moskowitz wrote:
I have a running system that I have forgotten the root password. I really do not want to take down the system, go through the steps to boot up in single user mode and change the password.
I just happen to have used the same password on a test system, so I was able to copy the /etc/passwd, edit it so that it only contains the root user and feed it into john on a notebook I have (F22).
Well john has been working for 20 hours (one cpu pegged at 100%). I did not think the password was that complex!
Anyone have any experience with this? Is there a better cracker than john? I DO know a couple of the letters in the password (not the numbers or special characters or the letter case) and password length. Is there some tool that I can feed in a partial password like 'a?bc??d?"?
is it not nice to know that you and fedora created a fairly secure password?
no experiance yet. but i do subscribe to their list.
interesting "Subject:" line;
How long should I let JtR munch?
results in a question to pass along to you, did you run JtR against the test examples to insure you have a good compile?
other than above, nothing related to cracking user root password and your post, all the way back to 2014/04/01 - 1504 hrs. [ have been following longer, but lost drive due to fedora and lvm. :=( ]
some links that may help;
http://openwall.info/wiki/ http://openwall.info/wiki/john http://www.openwall.com/lists/
tho i could offer to pass along your problems to list, i do believe you should mailto:john-users-subscribe@lists.openwall.com or pull up the 'list' page above to join and see rest of lists offered.
On 11/21/2016 09:25 PM, Robert Moskowitz wrote:
I have a running system that I have forgotten the root password. I really do not want to take down the system, go through the steps to boot up in single user mode and change the password.
Is the system fully patched? If not, maybe you have some vulnerability you can exploit, such as DirtyCow.
https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
-
Alchemist -
fred roller -
Fred Smith -
geo.inbox.ignored -
Joe Zeff -
Matthew Miller -
Patrick O'Callaghan -
Rick Stevens -
Robert Moskowitz -
Roberto Ragusa