Password Recovery in Linux

There are many reasons that may result in the loss of user passwords, which may not be a problem for the system administrator. You only need to log on with the Root account and use the Passwd command to change the user password. But what if the Root password is lost? Is there no way to reinstall the system? This not only takes time and effort, but also may cause loss of important data and damage to applications. Obviously, this approach is not desirable.

---- In fact, restoring the Linux Password is not very difficult. There are two ways to restore the Linux Password: one is to generate a new password for the user, so that the user can log on to the system again; the other is to find the user's original password, instead of replacing the old password with a new password. Generally, users only want to log on to the system again, instead of obtaining the original password, which is the first aspect mentioned here. This aspect is relatively easy to implement.

---- Linux Password Recovery is a typical case of system maintenance. Some methods mentioned in this article are not only applicable to Linux Password Recovery from the perspective of system maintenance, it can also be used for maintenance when you cannot log on to the system normally for some reason. It can be used as a reference for Linux system management and maintenance.

---- All the methods mentioned in this article to restore the Linux Password have passed the test in practice. The Linux system used is mainly RedHat Linux For x86. In actual password recovery, linux publishers, Release versions, processors, and hard disks may be slightly different, but the difference is not great. Some of these methods also apply to password recovery for other Unix systems, and even for Windows and other operating systems.

I. Password Recovery Methods

---- The methods for restoring Linux passwords below apply to different situations, with different difficulty levels.

---- 1. Emergency Repair Mode

---- When Linux cannot be started, you often need to start the basic Linux environment through disks, CDs, or other methods to enter the Linux emergency repair mode. In emergency repair mode, you can access the Linux system files on the hard disk to restore the system to normal, including restoring the password.

---- 2. single-user mode

---- Linux has multiple running levels, such as single-user mode, multi-user mode without network services, full-user mode, and X11 graphic multi-user mode. In single-user mode, the system runs in the only user-Root user mode. When the system enters this mode, the system only loads the minimum software and hardware configurations that can run, and directly enters the system as Root, no password verification.

---- In single-user mode, you can use the passwd command to change the user password, or directly read and write the password files of the/etc/passwd account to restore the password.

---- 3. Modify the password file

---- There are two types of Linux password files: one is to save account information and encrypted passwords in the/etc/passwd file, which is not safe enough, it was used in early Unix; the other was to separate the account information and password ciphertext, the/etc/passwd file was used to save the account information, and the/etc/shadow file was used to save the password ciphertext. You can use the/usr/sbin/authconfig program to set the storage format and encryption algorithm.

---- For passwd files without shadow, you only need to delete the password field of the corresponding account to directly log on to the system without password verification. For example, the root account of a passwd file is as follows:

---- Root: $1 $ dPTzzYkE $ Zd3Vs6yCu

---- VH8RC1gwKXX01: 0: 0: root:/bin/bash

---- Change it:

---- Root: 0: 0: root:/bin/bash

---- If there is a shadow passwd file, its password field should be replaced by an "x" letter, and the password should be saved in the Shadow file. You can delete the "x" letter in the passwd file, or delete the password ciphertext in the shadow file, so that the corresponding user can directly log on to the system without password verification, to achieve password recovery.

---- 4. Password Restoration

---- In some cases, you may want to find the lost original password instead of logging on to the system to generate a new password. However, Linux uses the DES (Crypt as the encryption function) or MD5 (Md as the function) encryption algorithm. Due to the large amount of computing, almost none of them may be reverse cracked. The DES password ciphertext is a string with 13 ASCII characters, while the start character of the MD5 password ciphertext is always "$1 $ ".

---- Although it is difficult to reverse crack the password, it is not impossible to identify the original password through the password ciphertext. Extract strings from a dictionary or a combination of some characters, the extracted string is encrypted using the same encryption algorithm and the generated ciphertext is compared with the password ciphertext. If they are consistent, the string is the original password to restore the password. If the password is complex, it is difficult to find the original password using this method. However, you may have a general impression on the length and characters of your password, this makes it more likely to succeed.

---- There are many tools to Crack Linux passwords, such as John the Ripper, Crack by Alex Muffett and Cracker Jack. Among them, John the Ripper is the most powerful and fast.

---- 5. System Attack cracking

---- If you can turn off the power and restart the system, it is easy to recover the password. However, sometimes the Linux system runs a very important service and cannot directly turn off the power, otherwise, the system and data will be damaged.

---- It is often difficult to obtain the system password when the system is running, but because the system administrator has a comprehensive understanding of the operating system and application version and configuration, with the absence of protection from firewalls and intrusion detection systems, there are still many opportunities to discover and exploit system vulnerabilities, and there are still opportunities for password recovery success.

---- The content involved in this aspect is too complex, so I will not introduce it more here. If you have such requirements, it is recommended that you use a professional to help avoid damage to the system and data.