Highlighted
Cadet
Cadet
  • 3,698 Views

Crack root password

Jump to solution

Has anyone found a way to crack ROOT....listed on the RHSCA exam objectives?

I have found many videos...but I can not replicate.

I tried using a RHEL 7.5 VM in VirtualBox and VMware and get the same result....

Boots back up and NONE of the passwords work. Its like they all got erased during the process.

Anyone know a fix? Sound familiar?

THanks- R

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
Highlighted
Flight Engineer Flight Engineer
Flight Engineer
  • 3,686 Views

Re: Crack root password

Jump to solution

What steps have you followed ? 

Once you have added the rd.break to your linux16 kernal command entry you do the following:

Press Ctrl+x to boot, 

Remount sysroot:     mount -oremount,rw /sysroot

Chroot:  chroot /sysroot

Change pass:   passwd root

Relabel shadow:  touch /.autorelabel                   --- This is important 

then you can exit and it will perform the selinux relabel and reboot

View solution in original post

Reply
Loading...
19 Replies
Highlighted
Flight Engineer Flight Engineer
Flight Engineer
  • 3,687 Views

Re: Crack root password

Jump to solution

What steps have you followed ? 

Once you have added the rd.break to your linux16 kernal command entry you do the following:

Press Ctrl+x to boot, 

Remount sysroot:     mount -oremount,rw /sysroot

Chroot:  chroot /sysroot

Change pass:   passwd root

Relabel shadow:  touch /.autorelabel                   --- This is important 

then you can exit and it will perform the selinux relabel and reboot

View solution in original post

Reply
Loading...
Highlighted
Starfighter Starfighter
Starfighter
  • 3,629 Views

Re: Crack root password

Jump to solution

@NunoMartins wrote:

 

Relabel shadow:  touch ./autorelabel                   --- This is important 


This is 100% wrong.

Firstly, you aren't relabeling shadow, per se -- you are relabeling the entire file system.

What is completely wrong, though, is the command:

The correct command is: touch /.autorelabel

The dot goes before "autorelabel" not before the "/".

The file that must be created for this to work must be a hidden file that resides in / -- hence, /.autorelabel

 

 

 

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College
Reply
Loading...
Highlighted
Starfighter Starfighter
Starfighter
  • 3,614 Views

Re: Crack root password

Jump to solution

I think describing the response as 100% wrong, is a bit ... dramatic.  Yes there was a typo.  Also, while, yes, /.autorelabel does kick off an entire system relabel, the reason it's done here is to relabel /etc/shadow (and, consequently any other files that have had their SElinux contexts mangled by being adjusted in an environment without SElinux enforcement active).  But the main reason is /etc/shadow as without correct contexts, when root attempts to log in, the process verifying the password will be refused from accessing an /etc/shadow with incorrect/invalid SElinux contexts.  [resulting in not being able to authenticate as users listed in this file]  I have a suspicion that the lack of this relabeling is why the original author is having difficulty logging in as any defined user after their attempt to reset the root password.

-STM

--
Principle Technical Marketing Manager, Red Hat Enterprise Linux
Red Hat Certified Engineer (100-000-264)
Reply
Loading...
Highlighted
Starfighter Starfighter
Starfighter
  • 3,603 Views

Re: Crack root password

Jump to solution

@Scott wrote:

I think describing the response as 100% wrong, is a bit ... dramatic.  Yes there was a typo.  


Yes, it was dramatic -- and in this case, intentionally so. (And let's not forget that I only quoted the relevant portion that was incorrect.) I was trying to make certain that the OP understood what was going awry.

I felt this was even more important because it was marked as a solution -- when it was incorrect.

Scott is absolutely correct as to the specifics of the relabeling process and why it needs to be done: Specifically, /etc/shadow needs to have its SELinux context fixed.

@NunoMartins: I apologize for being dramatic. It wasn't intended as a slight towards you. Again, I simply wanted to make certain that the OP got the point. I see that you've edited it since my previous reply Smiley Happy

------

Incidentally, I tried it with the incorrect command (touch ./autorelabel) for the first time. (Sometimes, I don't do something because I know it is incorrect.) The results were interesting. When it rebooted, it allowed me to log in -- as a completely new user (this was on CentOS 7.6).

I got the Welcome, Typing, Privacy, Time Zone screens, and then at asked me to create an account. At that point, I did get a desktop but could really do anything except turn off or restart the machine.

Subsequent reboots simply repeated the scenario.

It was easy enough to fix the system by creating /.autorelabel -- afterwards everything returned to normal.

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College
0 Kudos
Reply
Loading...
Highlighted
Flight Engineer Flight Engineer
Flight Engineer
  • 3,608 Views

Re: Crack root password

Jump to solution

appologies - this was a typo 

0 Kudos
Reply
Loading...
Highlighted
Cadet
Cadet
  • 3,598 Views

Crack root password -v2

Jump to solution

Thanks for all the responses to my initial post "crack root password"....sorry, but I can not reply to your responses. (working on that with tech-suport)

So let me try to reply here......

as for the ./ vs /. ---yes, it needs to be /.

but it still did not fix the problem.

when i look at the 134 course book, on page 26, resetting your lost root password...

it has all the same steps except, when you go to change the root password... instead of:

'passwd'  ...2 times, the text says to put in the followoing command:

'echo redhat | passwd --stdin root'

and it WORKS !!! yeah...happy dance.

But why? These are two different ways of accomplishing the same thing...right?

Can someone explain to me why 'passwd' (2x) does not work for me...(but everyone else on youtube and this chat it does)....but your text book command of 'echo redhat | passwd --stdin root'   does work for me.???

(I'm not trying to come off as flippint...I just want to learn something).

By the way...I'm running RHEL 7.5 as a VM on VMware on a Win10 host. (if that helps)

Thanks to anyone who replies ;-)

0 Kudos
Reply
Loading...
Highlighted
Starfighter Starfighter
Starfighter
  • 3,581 Views

Re: Crack root password -v2

Jump to solution

@Robert1 ,

I'm unable to reproduce the error you're describing, though the VMs I have to try it on are RHEL8Beta.  I'm able to change the root user's password using the procedure outlined above, by manually entering the password (twice as prompted by the passwd utility).

The echo redhat | passwd --stdin root command sends a single string to the passwd utility, which is told to accept it over the stdin filehandle (passed through the |).  The only thing I could imagine of why this is operating differently would be because you're typing the string a single time, and able to see said string on the commandline, which is different than how the passwd utility natively works.

-STM

--
Principle Technical Marketing Manager, Red Hat Enterprise Linux
Red Hat Certified Engineer (100-000-264)
0 Kudos
Reply
Loading...
Highlighted
Starfighter Starfighter
Starfighter
  • 3,576 Views

Re: Crack root password -v2

Jump to solution

@Robert1 wrote:

when i look at the 134 course book, on page 26, resetting your lost root password...

it has all the same steps except, when you go to change the root password... instead of:

'passwd'  ...2 times, the text says to put in the followoing command:

'echo redhat | passwd --stdin root'


This is interesting. I'm looking at the RH134, chapter 1.3 material right now on Gilmore (Red Hat's content portal for Red Hat Academies). This should be the most current version.

It doesn't mention the --stdin method of setting a password. Even so, there isn't any reason why it won't work. (I teach this method to my scripting students when we write scripts for user management.)

It does say to use passwd root , which would have you enter the password twice. This works fine in my physical lab (RHEL 7.0 -- which, incidentally, is what the RHCSA testing environment is), and on my CentOS 7.6 VM.

In any event, it makes no difference which way you use, as long as the password gets changed.

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College
0 Kudos
Reply
Loading...
Highlighted
Flight Engineer Flight Engineer
Flight Engineer
  • 3,563 Views

Re: Crack root password -v2

Jump to solution

Tracy:

We did not use the --stdin method in RH134, only because we sometimes debate about adding something that might be percieved as being too clever, in an attempt to do only that which is widely understood at the RHCSA level.

Having said that, I think the --stdin way of changing passwords is cleaner and nicely clever and absolutely how it should be done in scripts.  Thank you for the feeback.

0 Kudos
Reply
Loading...
Join the discussion
You must log in to join this conversation.