root password problem

adi007 · 19-11-2007, 05:01 PM

I have forgotten my root password.
Now,I know that i can change the root password by using single user mode.But i don't want to chage the root password.Instead,I want to know the root password.Is it possible??

ray|raven · 19-11-2007, 05:02 PM

No.AFAIK

Regards,
ray

adi007 · 19-11-2007, 05:14 PM

I beleive if one can change the root password,then one can know the exisiting root password in single user mode.But i don't know how??

ray|raven · 19-11-2007, 05:17 PM

You cant.
When u start as single user mode it automatically logs you in.
There u can change ur password by supplying a new password.
But there's no way to know ur old one.
Why do u need to know anyways?

Regards,
ray

adi007 · 19-11-2007, 05:20 PM

just curious to know whether i can know my old root password.

By the way,i know that the root password is encrpted in some file...Can't we decrypt the file containing root password??

ray|raven · 19-11-2007, 05:23 PM

If you knew the exact algorithm they used and the key which might be a 64bit one then yea maybe

,
Dont even think of brute-force,u would have grand-kids before it broke

Regards,
ray

adi007 · 19-11-2007, 05:24 PM

^^can u tell me where the root password is stored....

ray|raven · 19-11-2007, 05:27 PM

/etc/shadow AFAICR.

Regards,
ray

adi007 · 19-11-2007, 05:30 PM

^Thanks.Will try to hack...

ray|raven · 19-11-2007, 05:38 PM

G'Luck

May the force be with you

Regards,
ray

QwertyManiac · 19-11-2007, 06:10 PM

One can use john to view shadow files if he/she knows the root password.

Code:

sudo apt-get install john

And:

Code:

sudo john /etc/passwd

praka123 · 19-11-2007, 06:32 PM

^but it wont work 100% with a good passwd

QwertyManiac · 19-11-2007, 06:34 PM

Yeah at-least it can guess a bit

adi007 · 21-11-2007, 12:26 PM

Quote:

Originally Posted by QwertyManiac

One can use john to view shadow files if he/she knows the root password.

Code:

sudo apt-get install john

And:

Code:

sudo john /etc/passwd

downloaded john and used it but no result.
It's just mere guessing all the possibilites.I just ran it for 2 hrs and even then it was unable to find out.I think it is immpossible to detect good root password by this....
The one thing i liked int it was we can resume our search by using

Code:

 ./john --resume

and we can add custom rules

praka123 · 21-11-2007, 12:27 PM

^yes,ofcourse

Quote:

Description: active password cracking tool
john, mostly known as John the Ripper, is a tool designed to help systems
administrators to find weak (easy to guess or crack through brute force)
passwords, and even automatically mail users warning them about it, if it
is desired.
.
It can also be used with different cyphertext formats, including Unix's
DES and MD5, Kerberos AFS passwords, Windows' LM hashes, BSDI's extended DES,
and OpenBSD's Blowfish.
.
Homepage: http://www.openwall.com/john/

adi007 · 21-11-2007, 12:29 PM

I just did some R&D on shadow file.
I think the password is encrpted under MD5 algorithm or Blow fish.
So is there any software that converts the md5 encrpted or blow fish encrpted text into decrpted text

And the second thing i noticed was
i just backed up the file shadow and changed my root password.I again changed the root password to the first one.Now i compared the backed up file with shadow file and noticed that the two encrypted text are not same..
Even though the password is same,the encrpted text was not same

.
Will that means it is taking time consideration also

praka123 · 21-11-2007, 12:31 PM

^that is hard.afaik it will take yrs to crack a really good passwd that too not for sure

adi007 · 22-11-2007, 12:13 PM

Quote:

Originally Posted by adi007

is there any software that converts the md5 encrpted or blow fish encrpted text into decrpted text

no reply to this

QwertyManiac · 22-11-2007, 02:09 PM

LMAO, no software exists to do that, it'd take years to decrypt on a very fast computer! If decrypting MD5 were so easy, Raaabo would already know all our passwords.

And even after years, the final string would just be *near* to the actual one. No way to guess what it was exactly.

And about MD5 Hashes, you do know collisions in hash tables right? Read on: http://www.mathstat.dal.ca/~selinger/md5collision/

The_Devil_Himself · 22-11-2007, 07:27 PM

yea man these hashing algorithms are pretty good.They are almost perfect specially md5hash(thats why it is so much used).

Faun · 22-11-2007, 07:43 PM

yeah thats MD5 hash used in linux to store password,
Check out wikipedia , we hav encryption in our syllabus this sem.

A seed is required to make 128 bit hash and depending upon keys and S functions ur password will vary considerably(cascading effect) even for one letter difference.

Brute force is the only way to decrypt and it will take ages to get password. If u remember the hash is in hex.