root password

am 30.03.2005 09:16:10 von ankitjain1580

hi

i have forgotten my root pasword. i had installed
redhat linux 9.0 kernel version 2.4 with grub loader.
if somebody can tell me how to change the password
without logging.

thanks

ankit

__________________________________
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: root password

am 30.03.2005 09:48:46 von Wei.Zhang.GR

--- Ankit Jain wrote:
i have forgotten my root pasword.
--- end of quote ---

>i have forgotten my root pasword.

Boot in single-user mode and create a new root password.

How to boot in single-user mode:
http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom -guide/s1-rescuemode-booting-single.html
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

RE: root password

am 30.03.2005 12:31:07 von rajatj

Pass the following command line option to kernel

"linux single"

The kernel will do minimal things, and give you a bash prompt. You'll be
having root priviledges here.

Go ahead and change the password.

> -----Original Message-----
> From: linux-newbie-owner@vger.kernel.org
> [mailto:linux-newbie-owner@vger.kernel.org] On Behalf Of Ankit Jain
> Sent: Wednesday, March 30, 2005 12:46 PM
> To: admin
> Subject: root password
>
> hi
>
> i have forgotten my root pasword. i had installed redhat
> linux 9.0 kernel version 2.4 with grub loader.
> if somebody can tell me how to change the password without logging.
>
> thanks
>
> ankit
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Small Business - Try our new resources site!
> http://smallbusiness.yahoo.com/resources/
> -
> To unsubscribe from this list: send the line "unsubscribe
> linux-newbie" in the body of a message to
> majordomo@vger.kernel.org More majordomo info at
> http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs
>

Disclaimer:

This message and any attachment(s) contained here are information that is
confidential,proprietary to HCL Technologies and its customers, privileged
or otherwise protected by law.The information is solely intended for the
individual or the entity it is addressed to. If you are not the intended
recipient of this message, you are not authorized to read, forward,
print,retain, copy or disseminate this message or any part of it. If you
have received this e-mail in error, please notify the sender immediately by
return e-mail and delete it from your computer.

-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

RE: root password

am 30.03.2005 15:29:34 von Mike Turcotte

Boot off of a Live CD like Gentoo, mount your root partition, chroot to
it, and clear the password field in you /etc/passwd file

Michael Turcotte
Information Systems
City of North Bay
200 McIntyre St. E
PO Box 360
North Bay, Ontario
P1B 8H8

Mike.Turcotte@cityofnorthbay.ca
http://www.cityofnorthbay.ca

> -----Original Message-----
> From: linux-newbie-owner@vger.kernel.org [mailto:linux-newbie-
> owner@vger.kernel.org] On Behalf Of Ankit Jain
> Sent: Wednesday, March 30, 2005 2:16 AM
> To: admin
> Subject: root password
>
> hi
>
> i have forgotten my root pasword. i had installed
> redhat linux 9.0 kernel version 2.4 with grub loader.
> if somebody can tell me how to change the password
> without logging.
>
> thanks
>
> ankit
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Small Business - Try our new resources site!
> http://smallbusiness.yahoo.com/resources/
> -
> To unsubscribe from this list: send the line "unsubscribe
linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: root password

am 30.03.2005 16:07:59 von Robin Doer

Ankit Jain schrieb:

>hi
>
>i have forgotten my root pasword. i had installed
>redhat linux 9.0 kernel version 2.4 with grub loader.
>if somebody can tell me how to change the password
>without logging.
>
>thanks
>
>ankit
>
>
Boot Linux from a CD. Knoppix for example, Radhat installation medium or
whatever. If you have only one big partition it's quiet easy!

Mount your local partition (e.g. mount /dev/ /mnt/wherever) and
chroot into it (chroot /mnt/wherever). And then "passwd" to change the
password.

Hope it help!

Robin

-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: root password

am 30.03.2005 16:36:32 von Ray Olszewski

At 11:16 PM 3/29/2005 -0800, Ankit Jain wrote:
>hi
>
>i have forgotten my root pasword. i had installed
>redhat linux 9.0 kernel version 2.4 with grub loader.
>if somebody can tell me how to change the password
>without logging.

The normal solution to this sort of problem is to boot the system using a
rescue disk (floppy or CD, depending on your hardware); mount the
filesystem with the password problem at some convenient mount point; and
delete the root password entry from /etc/shadow . Then reboot normally, log
in as root (with no password) and set a new root password. Do all of this
with the system disconnected from the Internet, of course, until you have a
new root password in place.

Any other suggestion of how to become root without knowing the root
password is a technique for breaking into systems, and I (and I hope
everyone else) will not give advice on that publicly, in this forum or
anywhere else.

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: root password

am 30.03.2005 18:36:14 von manish regmi

On Tue, 29 Mar 2005 23:16:10 -0800 (PST), Ankit Jain
wrote:
> hi
>
> i have forgotten my root pasword. i had installed
> redhat linux 9.0 kernel version 2.4 with grub loader.
> if somebody can tell me how to change the password
> without logging.
>
> thanks
>
> ankit

I hope you dont want this information to break into other's system. :)

If that is your system, you might have access to it during boot process.

1) On the Grub menu prompt, select the entry you are booting and type 'e'.
2) Add the letter '1' or 's' to the kernel parameter. (In entry with
kernel ......, type 'e').
3) Type enter and press 'b'.
4) Linux boots and leaves you to the shell. type 'passwd'.
5) Enter the new password and enjoy.

regards
manish
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: root password

am 31.03.2005 02:57:32 von terry white

.... ciao:

> i have forgotten my root pasword

well boys and girls , whenever i see something like that, my immediate
solution is suggesting a "NEW" install. servers two purposes
immediately.

first , it tends to make 'remembering' the "ROOT" password easier.

finally , it more or less assures it not a 'social engineering'
tactic.

this pretty much a 'knee-jerk' reaction to such requests from 'email
only' domains ...

--
.... i'm a man, but i can change,
if i have to , i guess ...

-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: root password

am 31.03.2005 03:32:47 von jma5

On Wed, Mar 30, 2005 at 04:57:32PM -0800, terry white wrote:
> finally , it more or less assures it not a 'social engineering'
> tactic.
>
> this pretty much a 'knee-jerk' reaction to such requests from 'email
> only' domains ...
>

Good advice, but for this example I don't think it is very applicable. A
determined cracker could simply use google to find that information, there is
no need to go to a mailing list to get this information. I take that back ... a
not-so-determined cracker would probably use google as well.

It is probably better to assume that the person asking really doesn't know
enough and needs help, as opposed to questioning said person's motives.

On the other hand your first reason (helps them to remember their root passwords
if they have to reinstall each time) is a very good one. ;)

--
Infinite complexity begets infinite beauty.
Infinite precision begets infinite perfection.
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: root password

am 01.04.2005 18:23:04 von Tobias Hirning

--nextPart1837564.DQj45GX6RA
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hi Ray!
> [...]
> Any other suggestion of how to become root without knowing the root
> password is a technique for breaking into systems, and I (and I
> hope everyone else) will not give advice on that publicly, in this
> forum or anywhere else.
Why shouldn't we know how the bad can break into our systems?
I think it's always better to know exactly how they do it.
Tobias

=2D-=20
GPG-Fingerprint: C39E 5381 7721 8613 B5C9 CFAF 54FC B8DB D02D 7085
Registered Linux-User #367044
Registered Linux-Machine #262062
9x6=3D42
Diese E-Mail wurde mit einer fortgeschrittenen elektronischen
Signatur nach =A72 2. d) SigG signiert.

--nextPart1837564.DQj45GX6RA
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQBCTXVzVPy429AtcIURArCRAJ97mMjChUaP8WFYNtH2R8EN+QGOpACg icvd
b3u04GMg4zJAUZPxh5xKj0E=
=giXw
-----END PGP SIGNATURE-----

--nextPart1837564.DQj45GX6RA--
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: root password

am 01.04.2005 18:52:06 von Eric Bambach

On Friday 01 April 2005 10:23 am, Tobias Hirning wrote:
> Hi Ray!
>
> > [...]
> > Any other suggestion of how to become root without knowing the root
> > password is a technique for breaking into systems, and I (and I
> > hope everyone else) will not give advice on that publicly, in this
> > forum or anywhere else.
>
> Why shouldn't we know how the bad can break into our systems?
> I think it's always better to know exactly how they do it.
> Tobias

Kernel parameter line init=3D/bin/(ba)sh (most effective IMO)
Boot cd/disk/ etc.
Physically removing the hard drive
Get the shadow file and crack
Overwrite the shadow file with an exploit
Sniff the password from telnet/unsecure services

..And many more, these just came off the top of my head.

--=20
----------------------------------------
--EB

> All is fine except that I can reliably "oops" it simply by trying to =
read
> from /proc/apm (e.g. cat /proc/apm).
> oops output and ksymoops-2.3.4 output is attached.
> Is there anything else I can contribute?

The latitude and longtitude of the bios writers current position, and
a ballistic missile.

--Alan Cox LKML-Decembe=
r 08,2000=20

----------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie"=
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: root password

am 01.04.2005 18:55:44 von Eric Bambach

On Wednesday 30 March 2005 08:36 am, Ray Olszewski wrote:
> Any other suggestion of how to become root without knowing the root
> password is a technique for breaking into systems, and I (and I hope
> everyone else) will not give advice on that publicly, in this forum o=
r
> anywhere else.

I respectfully disagree. How will sysadmins ever know how to secure the=
ir=20
systems unless they know HOW break-ins occur. Certainly most hacking do=
esnt=20
come from boot CDs but having a more informed sysadmin is infinitely be=
tter=20
than one that only discovers how to make their system more secure *AFTE=
R*=20
being broken into.

What you are saying is that security through obscurity is good and ther=
e have=20
been countless rebuttals on just how horrible security though obscurity=
is in=20
99% of the situations. The only reason for S.T.O. is a company that fou=
nd an=20
exploit and is giving lead-time to the vendor to patch their vulnerable=
=20
software.

--=20
----------------------------------------
--EB

> All is fine except that I can reliably "oops" it simply by trying to =
read
> from /proc/apm (e.g. cat /proc/apm).
> oops output and ksymoops-2.3.4 output is attached.
> Is there anything else I can contribute?

The latitude and longtitude of the bios writers current position, and
a ballistic missile.

--Alan Cox LKML-Decembe=
r 08,2000=20

----------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie"=
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: root password

am 01.04.2005 20:03:04 von Tobias Hirning

--nextPart1776293.DOgchDIHn7
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hi Ray!
On Friday, 1. April 2005 18:52 Ray wrote:
>> [...]
> [..]
> Get the shadow file and crack
Yeah, I've done this on a big system and about 90% of the users used=20
weak passwords.
> [...]
> Sniff the password from telnet/unsecure services
Who is still using telnet? I wouldn't use telnet on a secure net=20
either.
Tobias

=2D-=20
GPG-Fingerprint: C39E 5381 7721 8613 B5C9 CFAF 54FC B8DB D02D 7085
Registered Linux-User #367044
Registered Linux-Machine #262062
http://counter.li.org
Diese E-Mail wurde mit einer fortgeschrittenen elektronischen
Signatur nach =A72 2. d) SigG signiert.

--nextPart1776293.DOgchDIHn7
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQBCTYzkVPy429AtcIURAqE8AJ9kAh/6el9NiNuqGEMCVf9VC8zwtQCc CGix
/vZn+aysPTRaqtYVYuVxvJQ=
=ZK9C
-----END PGP SIGNATURE-----

--nextPart1776293.DOgchDIHn7--
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: root password

am 01.04.2005 20:23:56 von Ray Olszewski

At 10:55 AM 4/1/2005 -0600, Eric Bambach wrote:
>On Wednesday 30 March 2005 08:36 am, Ray Olszewski wrote:
> > Any other suggestion of how to become root without knowing the root
> > password is a technique for breaking into systems, and I (and I hope
> > everyone else) will not give advice on that publicly, in this forum or
> > anywhere else.
>
>I respectfully disagree. How will sysadmins ever know how to secure their
>systems unless they know HOW break-ins occur. Certainly most hacking doesnt
>come from boot CDs but having a more informed sysadmin is infinitely better
>than one that only discovers how to make their system more secure *AFTER*
>being broken into.
>
>What you are saying is that security through obscurity is good and there have
>been countless rebuttals on just how horrible security though obscurity is in
>99% of the situations. The only reason for S.T.O. is a company that found an
>exploit and is giving lead-time to the vendor to patch their vulnerable
>software.

I wasn't quite saying that, and I apologize if my abbreviated presentation
led you down that path. My reluctance was specific to this context, in
which someone was asking not how to secure a system, but how to become root
without knowing the root password. That it was his own system he wanted to
break into certainly is relevant, but, on a public list, it is not the only
consideration.

I do believe that sysadmins need to know how to secure thair systems. There
are plenty of sites on the Internet, and books and articles in print, that
offer this sort of help. And one can learn how to secure systems without
receiving detailed tutorials in how to exploit common holes (buffer
overflows, overprivileged daemons, weak passwords, and so on).

But I also believe that giving step-by-step instructions for how to break
into systems, on a list intended for beginners, is not the best way to make
this information public. That sort of help is a bit more than fighting
"security through obscurity" by identifying vulnerabilities, in my opinion
.... it amounts to tutoring crackers, something I personally do not care to
do. Particularly in the context of the actual question, which involved a
system that the poster (presumably) had physical access to, so could retake
control of with a rescue disk.

If you (and Tobias, and anyone else) feel differently, then you should act
on your beliefs and provide this sort of information on request, I suppose.
So I do apologize for the suggestion that my personal view here should
restrict what you and others do. Please feel free to provide any
information of this sort that you have, and be sure I will not criticize
you for doing so.

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: root password

am 02.04.2005 01:57:15 von mailing-lists

On Fri, 1 Apr 2005, Ray Olszewski wrote:

> At 10:55 AM 4/1/2005 -0600, Eric Bambach wrote:
> >On Wednesday 30 March 2005 08:36 am, Ray Olszewski wrote:
> > > Any other suggestion of how to become root without knowing the root
> > > password is a technique for breaking into systems, and I (and I hope
> > > everyone else) will not give advice on that publicly, in this forum or
> > > anywhere else.
> >
> >I respectfully disagree. How will sysadmins ever know how to secure their
> >systems unless they know HOW break-ins occur. Certainly most hacking doesnt
> >come from boot CDs but having a more informed sysadmin is infinitely better
> >than one that only discovers how to make their system more secure *AFTER*
> >being broken into.
> >
> >What you are saying is that security through obscurity is good and there have
> >been countless rebuttals on just how horrible security though obscurity is in
> >99% of the situations. The only reason for S.T.O. is a company that found an
> >exploit and is giving lead-time to the vendor to patch their vulnerable
> >software.
>
> I wasn't quite saying that, and I apologize if my abbreviated presentation
> led you down that path. My reluctance was specific to this context, in
> which someone was asking not how to secure a system, but how to become root
> without knowing the root password. That it was his own system he wanted to
> break into certainly is relevant, but, on a public list, it is not the only
> consideration.
>
> I do believe that sysadmins need to know how to secure thair systems. There
> are plenty of sites on the Internet, and books and articles in print, that
> offer this sort of help. And one can learn how to secure systems without
> receiving detailed tutorials in how to exploit common holes (buffer
> overflows, overprivileged daemons, weak passwords, and so on).
>
> But I also believe that giving step-by-step instructions for how to break
> into systems, on a list intended for beginners, is not the best way to make
> this information public. That sort of help is a bit more than fighting
> "security through obscurity" by identifying vulnerabilities, in my opinion
> ... it amounts to tutoring crackers, something I personally do not care to
> do. Particularly in the context of the actual question, which involved a
> system that the poster (presumably) had physical access to, so could retake
> control of with a rescue disk.
>
> If you (and Tobias, and anyone else) feel differently, then you should act
> on your beliefs and provide this sort of information on request, I suppose.
> So I do apologize for the suggestion that my personal view here should
> restrict what you and others do. Please feel free to provide any
> information of this sort that you have, and be sure I will not criticize
> you for doing so.

If anyone can break into `A', `Your', `Someone's' OS, by following only a
few steps with ease - The World should know.

Since it is only then that Users are able to define quality.

J.

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: root password

am 02.04.2005 02:56:47 von Peter Garrett

On Fri, 2005-04-01 at 10:23 -0800, Ray Olszewski wrote:

(snipped)
>
> If you (and Tobias, and anyone else) feel differently, then you should
> act
> on your beliefs and provide this sort of information on request, I
> suppose.
> So I do apologize for the suggestion that my personal view here
> should
> restrict what you and others do. Please feel free to provide any
> information of this sort that you have, and be sure I will not
> criticize
> you for doing so.

Ray,

I just want to say that over the two years I have been subscribed to
this list, I have learnt a great deal from you, both about Linux, and
about integrity and attention to detail. Your contributions have always
been considered, thorough, to the point and helpful.

We have all, I think, learnt much about how to trouble-shoot our
problems, just from reading the way you go about it.

I personally feel that your response in this case is a model of respect
and openness, and thoroughly in keeping with what I think are the best
traditions of free and open-source software.

Most of us, I hope, can see both sides of this issue.

Thank you for your continuing contribution to the list. I don't often
see acknowledgements of this kind on lists, but I think this one is
deserved.

Sincerely,

Peter Garrett

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: root password

am 02.04.2005 14:38:43 von Glynn Clements

Ankit Jain wrote:

> i have forgotten my root pasword. i had installed
> redhat linux 9.0 kernel version 2.4 with grub loader.
> if somebody can tell me how to change the password
> without logging.

Add "init=/bin/sh" to the kernel's command line at boot time. Then it
will boot directly into a root shell.

However, if you've configured the boot loader to prohibit passing
arguments to the kernel (or if you've configured it to require a
password and have forgotten that as well), you'll need to boot from a
CD.

--
Glynn Clements
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: root password

am 02.04.2005 20:53:24 von Ray Olszewski

At 08:03 PM 4/1/2005 +0200, Tobias Hirning wrote:
>Hi Ray!
>On Friday, 1. April 2005 18:52 Ray wrote:
> >> [...]
> > [..]
> > Get the shadow file and crack
>Yeah, I've done this on a big system and about 90% of the users used
>weak passwords.
> > [...]
> > Sniff the password from telnet/unsecure services
>Who is still using telnet? I wouldn't use telnet on a secure net
>either.
>Tobias

I don't, from these fragments, recognize what message you are replying to,
Tobias. But your quoting makes it appear that the two suggestions you
respond to are mine, and I just wanted to make it clear that they are not.
Neither would have been responsive to the message that started this thread
.... a user who forgot his own root password looking for a workaround.

In a modern setting, neither of these suggestions is very useful ... only
amazingly insecure systems would be vulnerable to either approach.

"Get the shadow file" is not a trivial step in the instructions (How to
travel in time: 1. Purchase or construct a flux capacitor; 2. Install it in
a DeLorean); normally it requires root access. So anyone who can get this
file has already figured out how to get root access, at least in a limited
way. I am a bit surprised at your 90% claim; when I've done this (in my
onetime role as a sysadmin), I found maybe 3-5% of users had weak passwords
(by the standards of the cracking software of the time).

And while telnet continues to have very limited, specialized uses (for some
embedded systems, it is the only service available), you are right that no
host that pretends to be even minimally secure should be running a telnet
daemon.

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: root password

am 02.04.2005 21:11:37 von Tobias Hirning

--nextPart4992552.xG4RJqx6x9
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Am Samstag, 2. April 2005 20:53 schrieben Sie:
> At 08:03 PM 4/1/2005 +0200, Tobias Hirning wrote:
>> [...]
>
> I don't, from these fragments, recognize what message you are
> replying to, Tobias.
Sorry about that, yes I was replying to your mail.

> But your quoting makes it appear that the two=20
> suggestions you respond to are mine, and I just wanted to make it
> clear that they are not. Neither would have been responsive to the
> message that started this thread ... a user who forgot his own root
> password looking for a workaround.
I don't want to start such a big thread.
> [...]
> "Get the shadow file" is not a trivial step in the instructions
> (How to travel in time: 1. Purchase or construct a flux capacitor;
> 2. Install it in a DeLorean); normally it requires root access. So
> anyone who can get this file has already figured out how to get
> root access, at least in a limited way. I am a bit surprised at
> your 90% claim; when I've done this (in my onetime role as a
> sysadmin), I found maybe 3-5% of users had weak passwords (by the
> standards of the cracking software of the time).
Yes, I don't told, that it was the shadow file of a school, with only=20
8 character passwords and DES-encryption.
> [...]
Tobias

=2D-=20
GPG-Fingerprint: C39E 5381 7721 8613 B5C9 CFAF 54FC B8DB D02D 7085
Registered Linux-User #367044
Registered Linux-Machine #262062
http://counter.li.org
Diese E-Mail wurde mit einer fortgeschrittenen elektronischen
Signatur nach =A72 2. d) SigG signiert.

--nextPart4992552.xG4RJqx6x9
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQBCTu5/VPy429AtcIURAgAtAJ4slWu3VUhCyFwKoEgQmSh+zZD9/ACe OeoJ
kxTysJv+MuoFFqY2NnQMcI0=
=PcPk
-----END PGP SIGNATURE-----

--nextPart4992552.xG4RJqx6x9--
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re[2]: root password reset root password with grub

am 03.04.2005 05:03:05 von Kev

>
> Ankit Jain wrote:
>
> > i have forgotten my root pasword. i had installed
> > redhat linux 9.0 kernel version 2.4 with grub loader.
> > if somebody can tell me how to change the password
> > without logging.
>

first you have to boot the computer in single user mode, with single
user mode you dont need to root password.

To get into single user mode from GRUB, highlight the linux operating system you want to boot.
After the line is highlighted, press 'e'. 'e' will get you into the GRUB
editor. Next, highlight the line that begins with "kernel" and press 'e'
again. 'e' the second time will allow you to edit the "kernel" line. Add
the word "single" to the end of the line, "single" will tell the kernel
to boot into single user mode. After adding the word "single", press
"Enter" and then 'b' to boot the operating system.

one you got in to the single user mode, type passwd and change the root
password.

To leave single user mode, there are a number of possibilities,
you can always execute a "shutdown" or "reboot" command, or you can
simply type "exit". When you type "exit", you will leave single user
mode and the operating system will continue to boot normally.

Kev.........
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re[2]: root password reset root password with grub

am 03.04.2005 05:04:59 von Kev

>
> Ankit Jain wrote:
>
> > i have forgotten my root pasword. i had installed
> > redhat linux 9.0 kernel version 2.4 with grub loader.
> > if somebody can tell me how to change the password
> > without logging.
>

first you have to boot the computer in single user mode, with single
user mode you dont need to root password.

To get into single user mode from GRUB, highlight the linux operating system you want to boot.
After the line is highlighted, press 'e'. 'e' will get you into the GRUB
editor. Next, highlight the line that begins with "kernel" and press 'e'
again. 'e' the second time will allow you to edit the "kernel" line. Add
the word "single" to the end of the line, "single" will tell the kernel
to boot into single user mode. After adding the word "single", press
"Enter" and then 'b' to boot the operating system.

one you got in to the single user mode, type passwd and change the root
password.

To leave single user mode, there are a number of possibilities,
you can always execute a "shutdown" or "reboot" command, or you can
simply type "exit". When you type "exit", you will leave single user
mode and the operating system will continue to boot normally.

Kev.........
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Re[2]: root password reset root password with grub

am 03.04.2005 05:53:14 von joy merwin monteiro

Hi,

My Debian System asks for a password even in single mode...
Your solutino would probably work on RH and variants....
Which is OK in this case, but in case somesone needs to know...

Joy

On Apr 3, 2005 8:34 AM, Kev wrote:
>
> >
> > Ankit Jain wrote:
> >
> > > i have forgotten my root pasword. i had installed
> > > redhat linux 9.0 kernel version 2.4 with grub loader.
> > > if somebody can tell me how to change the password
> > > without logging.
> >
>
> first you have to boot the computer in single user mode, with single
> user mode you dont need to root password.
>
> To get into single user mode from GRUB, highlight the linux operating system you want to boot.
> After the line is highlighted, press 'e'. 'e' will get you into the GRUB
> editor. Next, highlight the line that begins with "kernel" and press 'e'
> again. 'e' the second time will allow you to edit the "kernel" line. Add
> the word "single" to the end of the line, "single" will tell the kernel
> to boot into single user mode. After adding the word "single", press
> "Enter" and then 'b' to boot the operating system.
>
> one you got in to the single user mode, type passwd and change the root
> password.
>
> To leave single user mode, there are a number of possibilities,
> you can always execute a "shutdown" or "reboot" command, or you can
> simply type "exit". When you type "exit", you will leave single user
> mode and the operating system will continue to boot normally.
>
>
> Kev.........
> -
> To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs
>

--
people always turn away,
from the eyes of a stranger...
Afraid to know
what lies behind the stare.......
--QueensRyche
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: root password

am 03.04.2005 06:39:40 von ankitjain1580

Thanks a lot for help.

i started the question not to hack any system but i
was curious to know that in linux its easy to change
the root passwd

in this case the authenticity is a problem. still it
can be changed by a boot CD even i think so u have
apasswd for boot loader. so in this case what should
be done? and also is there any other flaws which are
openly known i am not intrested to destruct any system
but want to know which is already known to ppl that if
root passwd can be changed any other way also?

thanks to all for helping me out

regards,

ankit
--- Ray Olszewski wrote:
> At 10:55 AM 4/1/2005 -0600, Eric Bambach wrote:
> >On Wednesday 30 March 2005 08:36 am, Ray Olszewski
> wrote:
> > > Any other suggestion of how to become root
> without knowing the root
> > > password is a technique for breaking into
> systems, and I (and I hope
> > > everyone else) will not give advice on that
> publicly, in this forum or
> > > anywhere else.
> >
> >I respectfully disagree. How will sysadmins ever
> know how to secure their
> >systems unless they know HOW break-ins occur.
> Certainly most hacking doesnt
> >come from boot CDs but having a more informed
> sysadmin is infinitely better
> >than one that only discovers how to make their
> system more secure *AFTER*
> >being broken into.
> >
> >What you are saying is that security through
> obscurity is good and there have
> >been countless rebuttals on just how horrible
> security though obscurity is in
> >99% of the situations. The only reason for S.T.O.
> is a company that found an
> >exploit and is giving lead-time to the vendor to
> patch their vulnerable
> >software.
>
> I wasn't quite saying that, and I apologize if my
> abbreviated presentation
> led you down that path. My reluctance was specific
> to this context, in
> which someone was asking not how to secure a system,
> but how to become root
> without knowing the root password. That it was his
> own system he wanted to
> break into certainly is relevant, but, on a public
> list, it is not the only
> consideration.
>
> I do believe that sysadmins need to know how to
> secure thair systems. There
> are plenty of sites on the Internet, and books and
> articles in print, that
> offer this sort of help. And one can learn how to
> secure systems without
> receiving detailed tutorials in how to exploit
> common holes (buffer
> overflows, overprivileged daemons, weak passwords,
> and so on).
>
> But I also believe that giving step-by-step
> instructions for how to break
> into systems, on a list intended for beginners, is
> not the best way to make
> this information public. That sort of help is a bit
> more than fighting
> "security through obscurity" by identifying
> vulnerabilities, in my opinion
> ... it amounts to tutoring crackers, something I
> personally do not care to
> do. Particularly in the context of the actual
> question, which involved a
> system that the poster (presumably) had physical
> access to, so could retake
> control of with a rescue disk.
>
> If you (and Tobias, and anyone else) feel
> differently, then you should act
> on your beliefs and provide this sort of information
> on request, I suppose.
> So I do apologize for the suggestion that my
> personal view here should
> restrict what you and others do. Please feel free to
> provide any
> information of this sort that you have, and be sure
> I will not criticize
> you for doing so.
>
>
> -
> To unsubscribe from this list: send the line
> "unsubscribe linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at
> http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at
> http://www.linux-learn.org/faqs
>

__________________________________
Do you Yahoo!?
Yahoo! Personals - Better first dates. More second dates.
http://personals.yahoo.com

-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: root password

am 03.04.2005 07:05:45 von jma5

On Sat, Apr 02, 2005 at 08:39:40PM -0800, Ankit Jain wrote:
> in this case the authenticity is a problem. still it
> can be changed by a boot CD even i think so u have
> apasswd for boot loader. so in this case what should
> be done?

Password on the bootloader will only stop those who are trying to get into
single user mode. In most cases, a boot CD will be loaded before the hard disk
is checked for a bootloader, and in that case the password protection would
be effectively bypassed.

If your bios supports it, you can turn on a CMOS password ... this is asked
the moment you turn your computer on from a cold boot, and must be entered
correctly before the bios will load any boot media (such as CDs, hard disks,
floppy disks, etc). However it is fairly easy to read the CMOS password on a
running system, and it can be erased by resetting the CMOS chip's battery.
So a determined person (such as a computer thief) will be able to bypass all 3
password protections.

There is the additional factor of password protecting your file systems (by
means of encryption) but this is not a trival undertaking (there is no single
'what command do i type' to do this, and unless this is a fresh install or you
have fresh backups there is the possibility of losing all your data in the
conversion if something goes wrong). And it only protects your data from being
read, a thief could still bypass CMOS password and load up bootCD to erase
everything on your disk.

> and also is there any other flaws which are
> openly known i am not intrested to destruct any system
> but want to know which is already known to ppl that if
> root passwd can be changed any other way also?
>
> thanks to all for helping me out

I would recommend looking at linuxsecurity.com or the security advisorys on
linux.com

>
> regards,
>
> ankit
> --- Ray Olszewski wrote:
> > At 10:55 AM 4/1/2005 -0600, Eric Bambach wrote:
> > >On Wednesday 30 March 2005 08:36 am, Ray Olszewski
> > wrote:
> > > > Any other suggestion of how to become root
> > without knowing the root
> > > > password is a technique for breaking into
> > systems, and I (and I hope
> > > > everyone else) will not give advice on that
> > publicly, in this forum or
> > > > anywhere else.
> > >
> > >I respectfully disagree. How will sysadmins ever
> > know how to secure their
> > >systems unless they know HOW break-ins occur.
> > Certainly most hacking doesnt
> > >come from boot CDs but having a more informed
> > sysadmin is infinitely better
> > >than one that only discovers how to make their
> > system more secure *AFTER*
> > >being broken into.
> > >
> > >What you are saying is that security through
> > obscurity is good and there have
> > >been countless rebuttals on just how horrible
> > security though obscurity is in
> > >99% of the situations. The only reason for S.T.O.
> > is a company that found an
> > >exploit and is giving lead-time to the vendor to
> > patch their vulnerable
> > >software.
> >
> > I wasn't quite saying that, and I apologize if my
> > abbreviated presentation
> > led you down that path. My reluctance was specific
> > to this context, in
> > which someone was asking not how to secure a system,
> > but how to become root
> > without knowing the root password. That it was his
> > own system he wanted to
> > break into certainly is relevant, but, on a public
> > list, it is not the only
> > consideration.
> >
> > I do believe that sysadmins need to know how to
> > secure thair systems. There
> > are plenty of sites on the Internet, and books and
> > articles in print, that
> > offer this sort of help. And one can learn how to
> > secure systems without
> > receiving detailed tutorials in how to exploit
> > common holes (buffer
> > overflows, overprivileged daemons, weak passwords,
> > and so on).
> >
> > But I also believe that giving step-by-step
> > instructions for how to break
> > into systems, on a list intended for beginners, is
> > not the best way to make
> > this information public. That sort of help is a bit
> > more than fighting
> > "security through obscurity" by identifying
> > vulnerabilities, in my opinion
> > ... it amounts to tutoring crackers, something I
> > personally do not care to
> > do. Particularly in the context of the actual
> > question, which involved a
> > system that the poster (presumably) had physical
> > access to, so could retake
> > control of with a rescue disk.
> >
> > If you (and Tobias, and anyone else) feel
> > differently, then you should act
> > on your beliefs and provide this sort of information
> > on request, I suppose.
> > So I do apologize for the suggestion that my
> > personal view here should
> > restrict what you and others do. Please feel free to
> > provide any
> > information of this sort that you have, and be sure
> > I will not criticize
> > you for doing so.
> >
> >
> > -
> > To unsubscribe from this list: send the line
> > "unsubscribe linux-newbie" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at
> > http://vger.kernel.org/majordomo-info.html
> > Please read the FAQ at
> > http://www.linux-learn.org/faqs
> >
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Personals - Better first dates. More second dates.
> http://personals.yahoo.com
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>

--
Infinite complexity begets infinite beauty.
Infinite precision begets infinite perfection.
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: root password

am 03.04.2005 07:05:45 von jma5

Re: root password

am 03.04.2005 07:14:11 von GrantC

On Sat, 2 Apr 2005 20:39:40 -0800 (PST), Ankit Jain wrote:

>i started the question not to hack any system but i
>was curious to know that in linux its easy to change
>the root passwd

>in this case the authenticity is a problem. still it
>can be changed by a boot CD even i think so u have
>apasswd for boot loader. so in this case what should
>be done?

Startup password for machine in BIOS, disable boot from
removable media in BIOS. The truly paranoid may have an
encrypted filesystem with say a smart card hold the keys.

> and also is there any other flaws which are
>openly known i am not intrested to destruct any system
>but want to know which is already known to ppl that if
>root passwd can be changed any other way also?

Not flaws as such -- if there is physical access to
computer it is not secure. That's why fileservers live
in locked machine rooms.

You see that past a certain point, software security
cannot help? But they come close in large systems where
user data is held on network server -- start the machine
but cannot access private data until login.

Cheers,
Grant.

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: root password

am 03.04.2005 07:14:11 von GrantC

Re: root password

am 04.04.2005 04:48:47 von Glynn Clements

Ankit Jain wrote:

> i started the question not to hack any system but i
> was curious to know that in linux its easy to change
> the root passwd

It's easy *if* you have physical access to the machine. But in that
situation, you could just remove the hard drive and take it home. Or
install a keystroke logger into the keyboard to capture the root
password.

If an attacker can get physical access to the system, you lose.

--
Glynn Clements
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: root password

am 04.04.2005 04:48:47 von Glynn Clements

Re: Re[2]: root password reset root password with grub

am 04.04.2005 05:39:56 von Glynn Clements

joy merwin monteiro wrote:

> My Debian System asks for a password even in single mode...
> Your solutino would probably work on RH and variants....
> Which is OK in this case, but in case somesone needs to know...

That's why I suggested using "init=/bin/sh". That will never ask for a
password.

--
Glynn Clements
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: root password

am 04.04.2005 13:42:08 von Andrew

Glynn Clements wrote:

>If an attacker can get physical access to the system, you lose.
>
>
>
This has been amply demonstrated to me by my three-year-old.

Andrew
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: root password

am 04.04.2005 16:24:47 von Scott Taylor

Ankit Jain said:
> Thanks a lot for help.
>
> i started the question not to hack any system but i
> was curious to know that in linux its easy to change
> the root passwd

It is only "easy" if you have access to the server.

> in this case the authenticity is a problem. still it
> can be changed by a boot CD even i think so u have
> apasswd for boot loader. so in this case what should
> be done?

Lock your server room tight? Don't let people access to your servers?

> and also is there any other flaws which are
> openly known i am not intrested to destruct any system
> but want to know which is already known to ppl that if
> root passwd can be changed any other way also?

What makes you think this is a flaw? I guess you could reinstall the
operating system to change your root password. LOL

--
Scott
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

root password

Re: root password

RE: root password

RE: root password

Re: root password

Re: root password

Re: root password

Re: root password

Re: root password

Re: root password

Re: root password

Re: root password

Re: root password

Re: root password

Re: root password

Re: root password

Re: root password

Re: root password

Re: root password

Re[2]: root password *reset root password with grub*

Re[2]: root password *reset root password with grub*

Re: Re[2]: root password *reset root password with grub*

Re: root password

Re: root password

Re: root password

Re: root password

Re: root password

Re: root password

Re: root password

Re: Re[2]: root password *reset root password with grub*

Re: root password

Re: root password

Re[2]: root password reset root password with grub

Re[2]: root password reset root password with grub

Re: Re[2]: root password reset root password with grub

Re: Re[2]: root password reset root password with grub