cracking the root password

Place to discuss Debian Linux and Debian based distributions
Post Reply
Master of Reality
guru
guru
Posts: 562
Joined: Thu Jan 09, 2003 8:25 pm

cracking the root password

Post by Master of Reality » Wed Feb 13, 2008 12:44 pm

It's innocent i swear. I have an old ibm thinkpad 300 with an old debian on it. I have my user password, but i cant remember the root password. After many many attempts i still cant figure out what i made it.

Any ideas to getting root access. Lilo is installed, but doesnt pause or anything it loads linux immediately so i cant enter kernel params. The distro isnt old enough, so there is still shadowed passwords meaning i cant just use crack to brute force the password.

There is only a floppy drive.

So far the only thing i can think of is using the floppy to run crack off a live floppy distro. Or re-installing completely.

Tux
guru
guru
Posts: 689
Joined: Wed Jan 08, 2003 10:40 am

Post by Tux » Wed Feb 13, 2008 2:44 pm

Put a boot loader on a floppy, boot installed kernel using said floppy. Boot into single user.

You know that :)

Ice9
guru
guru
Posts: 577
Joined: Thu Jan 09, 2003 12:40 am
Location: Belgium
Contact:

Post by Ice9 » Wed Feb 13, 2008 3:30 pm

Re-installing wouldn't hurt if the install is really that old, you would have to pretty much dist-upgrade the whole shebang just to get it up-to-date.

Other than that it would be interesting to follow Tux's lead, I would have a hard time doing that for sure :-)

Master of Reality
guru
guru
Posts: 562
Joined: Thu Jan 09, 2003 8:25 pm

Post by Master of Reality » Wed Feb 13, 2008 3:35 pm

debian floppies wont boot, tomsrtbt didnt work properly. Slackware (zipslack) floppy loaded into single user then i messed up the partition table screwing around. Dont know what it was before.

I guess ill figure out a way to re-install.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5712
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Wed Feb 13, 2008 6:17 pm

Haven't used Debian in a while but with the Fedora install or rescue CD you can go into rescue mode and mount the partitions where you can either just delete the password from the /etc/shadow file on your root partition or you can chroot to the root partition and run the regular "passwd" command. You could also use KNOPPIX or any other boot disk for that matter and do the same thing. If you are running an unpatched 2.6.17 kernel or newer you can just use the latest local root exploit that came out a few days ago. Patch your kernels if you haven't already. It's trivial to exploit.

Ice9
guru
guru
Posts: 577
Joined: Thu Jan 09, 2003 12:40 am
Location: Belgium
Contact:

Post by Ice9 » Fri Feb 15, 2008 5:44 pm

I think there's no cd on that machine
There is only a floppy drive.
MoR, here you have a floppy boot image you can use to do a network install.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5712
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Sat Feb 16, 2008 12:15 am

Ice9 wrote:I think there's no cd on that machine
There is only a floppy drive.
MoR, here you have a floppy boot image you can use to do a network install.
Ooops. I guess I need to take more time and actually read. :) Seriously, the local root exploit would get you in if single user mode doesn't get him in or he can't boot from floppy.

http://www.milw0rm.com/exploits/5092

Just compile it and run it as a normal user and you'll have root if you are running a kernel between 2.6.17 - 2.6.24.1 that isn't patched.

Do you know how to get your machine booted into single user mode? If you are using grub arrow to the kernel you want to boot and press "a" which should put you into "append" mode. Add a "1" as the last parameter of the boot line and press ENTER. Some systems boot you right to a root shell in single user mode, some ask for root's password. Another thing you can do in Fedora that you may be able to do in Debian is putting the boot process into interactive mode by pressing the "I" key at the beginning of the init process.

If none of that works check this out:

http://www.debianadmin.com/forgot-root- ... ebian.html

It's probably best if you check that out first actually. :)

User avatar
Calum
guru
guru
Posts: 1348
Joined: Fri Jan 10, 2003 11:32 am
Location: Bonny Scotland
Contact:

Post by Calum » Tue Feb 19, 2008 10:53 am

why didn't tomsrtbt work?

insomnia
programmer
programmer
Posts: 123
Joined: Thu Feb 05, 2004 6:58 pm
Location: Belgium, Antwerp

Post by insomnia » Wed Feb 20, 2008 12:13 am

I had the same problem with a Debian(etch) box about a week ago.
All I had to do was chrooting the root partition and run passwd.

PS: You can make a grub floppy (always handy to have around, especially for lilo users) like this:

mke2fs /dev/fd0
mount /dev/fd0 /media/floppy
mkdir /media/floppy/boot
mkdir /media/floppy/boot/grub
cd /boot/grub
cp stage1 stage2 /media/floppy/boot/grub
umount /dev/fd0
grub
device (fd0) /dev/fd0
root (fd0)
setup (fd0)
quit

Master of Reality
guru
guru
Posts: 562
Joined: Thu Jan 09, 2003 8:25 pm

Post by Master of Reality » Fri Feb 22, 2008 10:58 am

tomsrbtb didnt want to boot despite an apparent success on imaging the disk.
I'm using the slackware floppies to re-install.

Post Reply