![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Rooting myself...
Mar. 17th, 2001 08:09 amMy personal Linux box has lain unused in Pagosa for the five weeks I was in Houston, and to tell the truth, it hadn't gotten much use at all since the move at the beginning of January, for various reasons. In any event, upon trying to log into the machine a couple of days ago, it turned out that I had forgotten the password to both my personal account and, more important, to the root account.
I'd never written down these passwords, seeing as how my frequent use of the machine kept them fresh in my mind. And trying to recall them was made more difficult by the fact that I change passwords on a regular basis and that I am the root user on several machines.
As my need to access my files was not acute, I decided to use an old, tried-and-true method of recollection: assign the job as a task for my subconscious.
You may think that's a silly thing to do, but have you ever tried to remember something unsuccessfully, only to have the answer come popping into your mind out of nowhere a few hours (or days) later? That's the subconscious at work. I am convinced it's the same mechanism in operation when, confronted with a task such as shooting a basket, you think to your (subconscious) self: "Watch me screw this up." And proceed to miss the hoop.
Anyway, I got a bit impatient about this password (root is what I'm after; once I have that, I can change other passwords willy-nilly), and that - in my experience - interferes with the ability of the subconscious to deliver an answer. You experience this phenomenon when something is on the "tip of your tongue," and the harder you try to remember, well...you can't. (Later, once you've relaxed and forgotten about what it was you were trying to remember, it comes to you. But I'm repeating myself.)
I began to look at other alternatives, such as breaking into my own machine.
There is an account on my machine that I use for testing how things work for ordinary (i.e., non-root) users. I was able to login to that account, as I rarely change its password.
What did that give me? It gave me a way to crack my own system. All I needed was a boot diskette.
The method, without getting into specifics, is as follows:
(a) boot the system into 'rescue' mode; this puts you at a system prompt as the root user;
(b) mount the partition containing the /etc directory (it contains a file with password info);
(c) edit the password file in the /etc directory, replacing the root user's password info with that of the unprivileged user whose password is known;
(d) save the password file;
(e) reboot the system normally.
It's that easy.
If I hadn't had a known password, the task would have been a bit harder, involving the use of a utility called, appropriately, crack, which basically tries to figure out account passwords by brute-force. The key issue here is that it's not too difficult, given access to the machine, to obtain the password file.
And I don't consider myself to be among those who really know a lot about Linux, so there's probably quicker and slicker methods out there for doing what I did. Ye gods.
Anyway, the problem appears solved, and now I can go in and change my personal password to anything I want. In the meantime, I wonder how one might protect against this kind of fairly simple crack? Would an encrypted file system do the trick? Or is there some other, simpler technique that I am not aware of?
I adore new questions.
Cheers...
I'd never written down these passwords, seeing as how my frequent use of the machine kept them fresh in my mind. And trying to recall them was made more difficult by the fact that I change passwords on a regular basis and that I am the root user on several machines.
As my need to access my files was not acute, I decided to use an old, tried-and-true method of recollection: assign the job as a task for my subconscious.
You may think that's a silly thing to do, but have you ever tried to remember something unsuccessfully, only to have the answer come popping into your mind out of nowhere a few hours (or days) later? That's the subconscious at work. I am convinced it's the same mechanism in operation when, confronted with a task such as shooting a basket, you think to your (subconscious) self: "Watch me screw this up." And proceed to miss the hoop.
Anyway, I got a bit impatient about this password (root is what I'm after; once I have that, I can change other passwords willy-nilly), and that - in my experience - interferes with the ability of the subconscious to deliver an answer. You experience this phenomenon when something is on the "tip of your tongue," and the harder you try to remember, well...you can't. (Later, once you've relaxed and forgotten about what it was you were trying to remember, it comes to you. But I'm repeating myself.)
I began to look at other alternatives, such as breaking into my own machine.
There is an account on my machine that I use for testing how things work for ordinary (i.e., non-root) users. I was able to login to that account, as I rarely change its password.
What did that give me? It gave me a way to crack my own system. All I needed was a boot diskette.
The method, without getting into specifics, is as follows:
(a) boot the system into 'rescue' mode; this puts you at a system prompt as the root user;
(b) mount the partition containing the /etc directory (it contains a file with password info);
(c) edit the password file in the /etc directory, replacing the root user's password info with that of the unprivileged user whose password is known;
(d) save the password file;
(e) reboot the system normally.
It's that easy.
If I hadn't had a known password, the task would have been a bit harder, involving the use of a utility called, appropriately, crack, which basically tries to figure out account passwords by brute-force. The key issue here is that it's not too difficult, given access to the machine, to obtain the password file.
And I don't consider myself to be among those who really know a lot about Linux, so there's probably quicker and slicker methods out there for doing what I did. Ye gods.
Anyway, the problem appears solved, and now I can go in and change my personal password to anything I want. In the meantime, I wonder how one might protect against this kind of fairly simple crack? Would an encrypted file system do the trick? Or is there some other, simpler technique that I am not aware of?
I adore new questions.
Cheers...
