Comments on: Recover Your Forgotten Password In Linux.

By: UbuntuLinuxHelp

UbuntuLinuxHelp — Sun, 27 Apr 2008 21:49:01 +0000

@dsh – Thanks! “Recover ‘From’ Your Forgotten Password In Linux” might have been a bit more descriptive.

@ BWhitU – I think strong passwords would take too long to brute force as ‘dsh’ (above) rightly pointed out. Better to simply use the bootcd and change the password.

Cheers!

By: dsh

dsh — Sun, 27 Apr 2008 21:43:10 +0000

I believe that Rainbow tables can’t crack salted passwords that easily. Correct me If I’m wrong.

Also dictionary-based brute-force isn’t too effective when users choose strong passwords.

By: BWhitU

BWhitU — Sun, 27 Apr 2008 12:49:35 +0000

Yes, you can crack (/etc/shadow) passwords using john the ripper. It’s a brute force method and it does work: http://www.openwall.com/john/

The decryption is one-way. Most systems use md5sum encryption which is a 1 way sum of the password.

To use brute force, make sure you have a better diectionary than the defaults (special characters).

Also, http://www.plain-text.info/ and there’s an interesting script here: http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/325204

By: dsh

dsh — Sat, 26 Apr 2008 22:33:49 +0000

The bootcd always does the trick. More precisely you have to do ‘chroot’ and then passwd.It doesn’t have to be the same (that you have installed) distro’s bootcd. Just mount your root partition to a directory /mnt/XXX and then type “chroot /mnt/XXX /bin/bash”.

It’s the well-known method for breaking into a machine that you have physical access to (usually for the purpose of nasty jokes).

What’s more I think that the post is bad-titled. I clicked only because I thought – OMG – he writes how to decrypt /etc/shadow. In most linux/unix flavour passwords are salted and hashed what renders them virtually unrecoverable.

By: Tara

Tara — Tue, 08 Apr 2008 13:40:18 +0000

Here is another: http://www.psychocats.net/ubuntu/resetpassword
But I do know the CD boot should work.