Linux Password recovered to our bank

There are many reasons that may result in the loss of user passwords, which may not be a problem for the system administrator. You only need to log on with the Root account and use the Passwd command to change the user password. But what if the Root password is lost? Is there no way to reinstall the system? This not only takes time and effort, but also may cause loss of important data and damage to applications. Obviously, this approach is not desirable.

---- In fact, restoring the Linux Password is not very difficult. There are two ways to restore the Linux Password: one is to generate a new password for the user, so that the user can log on to the system again; the other is to find the user's original password, instead of replacing the old password with a new password. Generally, users only want to log on to the system again, instead of obtaining the original password, which is the first aspect mentioned here. This aspect is relatively easy to implement.

---- Linux Password Recovery is a typical case of system maintenance. Some methods mentioned in this article are not only applicable to Linux Password Recovery from the perspective of system maintenance, it can also be used for maintenance when you cannot log on to the system normally for some reason. It can be used as a reference for Linux system management and maintenance.

---- All the methods mentioned in this article to restore the Linux Password have passed the test in practice. The Linux system used is mainly RedHat Linux For x86. In actual password recovery, linux publishers, Release versions, processors, and hard disks may be slightly different, but the difference is not great. Some of these methods also apply to password recovery for other Unix systems, and even for Windows and other operating systems.

I. Password Recovery Methods

---- The methods for restoring Linux passwords below apply to different situations, with different difficulty levels.

----1. Emergency Repair Mode
---- When Linux cannot be started, you often need to start the basic Linux environment through disks, CDs, or other methods to enter the Linux emergency repair mode. In emergency repair mode, you can access the Linux system files on the hard disk to restore the system to normal, including restoring the password.

----2. single-user mode
---- Linux has multiple running levels, such as single-user mode, multi-user mode without network services, full-user mode, and X11 graphic multi-user mode. In single-user mode, the system runs in the only user-root user mode. When the system enters this mode, the system only loads the minimum software and hardware configurations that can run, and directly enters the system as root, no password verification.

---- In single-user mode, you can use the passwd command to change the user password, or directly read and write the password files of the/etc/passwd account to restore the password.

----3. Modify the password file
---- There are two types of Linux password files: one is to save account information and encrypted passwords in the/etc/passwd file, which is not safe enough, it was used in early UNIX; the other was to separate the account information and password ciphertext, the/etc/passwd file was used to save the account information, and the/etc/shadow file was used to save the password ciphertext. You can use the/usr/sbin/authconfig program to set the storage format and encryption algorithm.

---- For passwd files without shadow, you only need to delete the password field of the corresponding account to directly log on to the system without password verification. For example, the root account of a passwd file is as follows:
---- Root: $1 $ dptzzyke $ zd3vs6ycu
---- Vh8rc1gwkxx01: 0: 0: Root:/root:/bin/bash

---- Change it:
---- Root: 0: 0: Root:/root:/bin/bash

---- If there is a shadow passwd file, its password field should be replaced by an "X" letter, and the password should be saved in the shadow file. You can delete the "X" letter in the passwd file, or delete the password ciphertext in the shadow file, so that the corresponding user can directly log on to the system without password verification, to achieve password recovery.

----4. Password Restoration
---- In some cases, you may want to find the lost original password instead of logging on to the system to generate a new password. However, Linux uses the DES (Crypt as the encryption function) or MD5 (Md as the function) encryption algorithm. Due to the large amount of computing, almost none of them may be reverse cracked. The DES password ciphertext is a string with 13 ASCII characters, while the start character of the MD5 password ciphertext is always "$1 $ ".

---- Although it is difficult to reverse crack the password, it is not impossible to identify the original password through the password ciphertext. Extract strings from a dictionary or a combination of some characters, the extracted string is encrypted using the same encryption algorithm and the generated ciphertext is compared with the password ciphertext. If they are consistent, the string is the original password to restore the password. If the password is complex, it is difficult to find the original password using this method. However, you may have a general impression on the length and characters of your password, this makes it more likely to succeed.

---- There are many tools to Crack Linux passwords, such as John the Ripper, Crack by Alex Muffett and Cracker Jack. Among them, John the Ripper is the most powerful and fast.

----5. System Attack cracking
---- If you can turn off the power and restart the system, it is easy to recover the password. However, sometimes the Linux system runs a very important service and cannot directly turn off the power, otherwise, the system and data will be damaged.

---- It is often difficult to obtain the system password when the system is running, but because the system administrator has a comprehensive understanding of the operating system and application version and configuration, with the absence of protection from firewalls and intrusion detection systems, there are still many opportunities to discover and exploit system vulnerabilities, and there are still opportunities for password recovery success.

---- The content involved in this aspect is too complex, so I will not introduce it more here. If you have such requirements, it is recommended that you use a professional to help avoid damage to the system and data.

Ii. How to enter the Emergency Repair Mode

---- When Linux cannot be started due to software and hardware faults or incorrect configurations, you need to enter the emergency repair mode, which may solve the problem and at least copy important files.

---- The method for entering the emergency recovery mode is not complicated. Enter the following parameters at the boot prompt:
---- Boot: linux rescue

---- You can get the Boot prompt using the following method.

• It is released with the disk in Linux or by boot. the imgfile is written to install the boot floppy disk boot system. Usually this requires urgent disk repair, CD installation, or ISO files on the hard disk to be used together to boot to the emergency repair mode. An Emergency Repair Disk can be written or released with the rescue. imgfile. After RedHat Linux 6.1, RedHat does not provide an Emergency Repair Disk (no rescue. imgfile is available in the image directory of the installation disc). Instead, it is directly installed on the installation disc.
• Install the boot system with a CD.
• The network boot disk written in the bootnet. imgfile or the pcmcia boot disk boot system written in the PCMCIA. imgfile. This method must first ensure that the network connection is normal and determine the network host and transmission type.

---- In RedHat Linux 7.2 and later versions, you can choose whether to automatically load the Linux installed on the hard disk to the directory/mnt/sysimage. Otherwise, you must manually load it using the mount command.

---- In a few simple steps, we enter the emergency repair mode. The prompt is displayed on the virtual console VC 1 and VC 2 to run the command to maintain the system. Press Ctrl + Alt + F1 to switch to VC1, and press Ctrl + Alt + F2 to switch to VC 2.

---- If automatic loading is selected, run the chroot command to change the current operating environment to Linux to be repaired. Then, use the passwd command to directly change the user password:
---- Bash # chroot/mnt/sysimage

---- If the partition is not automatically loaded, run the mount command to load the Linux partition and enter the following command:
---- Bash # mount-t ext3/dev/hda5/foo

---- The directory/foo is created by the user, and/dev/hda5 is the Linux partition we want to load. If the partition type is ext2, the above command line replaces ext2 with ext3.

---- Now, you can use commands such as chmod, vi, and fsck to read and write files and maintain the system, including fixing passwords.

3. How to enter the single-user mode

---- Unlike the emergency repair mode, the file system on the local Linux can only be loaded. The single-user mode is a running level (the running level is 1) after the local Linux kernel boot starts ), you can perform kernel upgrade, device installation, and other maintenance work. During system maintenance, the system administrator usually enters the single-user mode to maintain the system. In the emergency repair mode, the system maintenance method is used when Linux cannot be started.

---- After the Linux kernel is started, start the program init to complete its own boot process. Therefore, the init process is always the first process and the process number is always 1. The Init program has many important responsibilities, such as starting Getty, implementing the running level, and calling sub-processes. It is one of the essential programs in Linux.

---- The method for entering the single-user mode mentioned below is actually to request the runtime Level 1 from the INIT program to enter the single-user mode.

----1. Init program
---- When the system is running, you can use program init on the command line to change the running level (/sbin/telinit is only the symbolic link of program init, which can also be used ), run the following command to enter the single-user mode:
---- # Init 1

---- Because it is on a running system and only the root user has the permission to execute the init command, this method is often used during system maintenance, however, password restoration is of little significance.

----2. Modify the default running level
---- The/etc/inittab file is a configuration file at the system running level. Whenever the INIT process is started, the INIT program reads and runs the corresponding configuration in the/etc/inittab file.

---- When the Linux system is started, the default running level is specified in the/etc/inittab file in the following line. The normal running level is 3 or 5.
---- ID: 3: initdefault:

---- To enable the system to enter single-user mode after startup, you only need to change 3 in the previous line to 1.
---- ID: 1: initdefault:

----3. BOOT disk boot
---- When Linux is started, init reads the/etc/inittab configuration and enters the default running level. However, you can also specify a startup parameter for the kernel, the kernel will set specific devices and environment variables according to this parameter. parameters that cannot be interpreted will be passed to the first program started by the kernel, that is, the INIT program, the INIT program starts to enter a non-default running level based on this parameter. For example, if the specified parameter is 1 or single, it enters the running Level 1, that is, the single user mode. You can specify the kernel startup parameters by specifying the system startup floppy disk, multi-start manager, or program loadlin during execution.

---- When the system is maintained or the kernel is updated, it is often used to start the boot disk of the current Linux system. During system installation, you will be prompted to create a boot disk, which can also be created after the system is installed, the following is a simple example.

---- Put a floppy disk in the drive, run the uname command to view the system kernel version number, and then run the Mkbootdisk command to create the boot disk. The input command is as follows:
---- # Uname-r
---- 2.4.7-10
---- # Mkbootdisk-device/dev/fd0 2.4.7-10

---- Boot from the boot disk and run "linux" at the boot prompt "Syntax form, enter one of the following parameters, You can boot into the single user mode as follows:
---- Boot: linux 1
---- Boot: linux single

----4. Multi-start Manager
---- The multi-Boot manager is a boot program that can be used to load an operating system at system startup. It can load the operating system kernel and initialize the operating system (such as Linux or FreeBSD ), you can also give the boot permission to the operating system (such as DOS or Windows) to complete the boot. Intel is compatible with multiple boot managers on PCs such as LILO and GRUB, while MILO is used on Alpha PCs, and SILO is used on the compatible workstations of the world wide range of Intel.

---- In the Multi-Boot manager, specify the startup parameters for the Linux kernel to boot to the single-user mode. Take Linux on an Intel-compatible PC as an example. If LILO is installed, on the LILO boot screen, press Ctrl + X to switch to the command line, enter one of the same parameters as the Boot prompt at the LILO prompt to Boot to single-user mode:

---- After RedHat Linux 7.2, the multi-startup manager began to replace LILO With GRUB. It has more advantages than LILO and is a substitute for LILO. The following is the process of GRUB booting into the single-user mode.

• When the GRUB boot screen appears, press the e key to enter the GRUB editing status.
• Press the primary key or primary key to select the corresponding boot item, and then press the letter e to enter the command line editing.
• Add "1" or single on the command line that appears, and press Key to return the grub editing status.
• Press the B key to enter the single-user mode.

---- We can see from the preceding figure that the multi-start manager is important for Linux system startup and maintenance. Therefore, we recommend that you install multiple restart managers during Linux installation to facilitate system maintenance in the future, even if only one Linux operating system is installed on the host.

----5. loadlin Guide
---- Loadlin is a loading program that can start the Linux core in DOS. It can boot from DOS to Linux or install Linux. This program is often used if the multi-start manager is not installed or the configuration is incorrect and cannot be entered into Linux.

---- Add the single parameter in the loadlin startup command to enter the single-user mode. If the Windows 9x system is installed on the host, press F8 at system startup to enter the MS-DOS and run the loadlin program to boot into single user mode. The following is a startup instance. Windows 9x is not installed on the host, and DOS is not installed.

• Boot with Windows 98 installation CD boot, select item 2nd on Microsoft Windows 98 Startup Menu: start computer with CD-ROM support .".
• After entering the MS-DOS, in the optical drive into the RedHat Linux installation CD.
• Run the following command on the command line to guide the linux single-user mode:
  A:> D:
  D:> Cd dosutils
  D: dosutils> loadlin autobootvmlinuz root =/dev/hda5 Ro single

---- At the boot prompt guided by the boot disk, you can configure many parameters in the command line of the startup manager such as LILO and GRUB, as well as in the Loadlin program to boot to the system, which is very important for system maintenance, for more information, see BootPrompt-HowTo.

---- The methods mentioned above all need to read and write Linux files such as/etc/passwd and/etc/inittab. But normally, only the root user can log in to read and write. How can I read and write these files when I cannot log on to the system normally?

---- In addition to reading and writing Linux Files in emergency repair mode and single-user mode, the following method is also a good strategy:

• Boot from a Linux system floppy disk to access the Linux system;
• Access through a Linux system CD, such as demolinux;
• Reading and Writing Linux Files in DOS/Windows, almost all versions of DOS/Windows do not provide support for Linux file systems, but many software can be used to achieve this, for example, fsdext2, ext2fsnt, ext2ifs, ext2 tools, ltools, and explore2fs, and Microsoft ifs kit;
• Through the second hard disk.

---- The various Linux Password restoration methods mentioned above, readers can choose one of the easiest and easiest methods to restore their Linux passwords based on their actual conditions. It can be seen that it is easy for others to obtain the Linux Password by restarting the system locally. To enhance system security, it is necessary to set a password in the startup Manager (such as LILO and GRUB) and BIOS, make it difficult for others to succeed. More importantly, strengthen security management.

---- (Author address: 2 floor, Science and Technology Center, Sanxing Road, guicheng district, Nanhai City, Guangdong Province, 528200)
Http://www.pcworld.com.cn/