Home / server / Questions / 150083
Accepted
s.mihai
Asked: 2010-06-11 06:25:54 +0800 CST

Restore passwd for root on a server

  • 772

      I have a DVR server with linux embeded. It has some telnet functions but i don't have the password for it (the chinese manufacturer refuses to give me the password). I did get a upgrade folder from them and found a passwd file inside.
      So i assume that when i upgrade the firmware the password in that file will be used.
      Now i am trying to modify the file so taht i can insert a password i already know.
      The problem is that i don't know how to create the password hash from what i figured the password hash is $1$1/lfbDKX$Hmd.FqzB8IZEohPesYi961
      The file is named rom.ko and i found a command 

telnetd
/mnt/yaffs/web/boa -c /mnt/yaffs/web &
/bin/cp -f /mnt/yaffs/rom.ko /etc/shadow

in a script file so i assume this is the right way.
      Can you help me reconstruct a password that i know already? Tell me how or make one for me :) ?...

passwd file:
root:$1$1/lfbDKX$Hmd.FqzB8IZEohPesYi961:0:0:99999:7:-1:-1:33637592
bin::10897:0:99999:7:::
daemon::10897:0:99999:7:::
adm::10897:0:99999:7:::
lp::10897:0:99999:7:::
sync::10897:0:99999:7:::
shutdown::10897:0:99999:7:::
halt::10897:0:99999:7:::
mail::10897:0:99999:7:::
news::10897:0:99999:7:::
uucp::10897:0:99999:7:::
operator::10897:0:99999:7:::
games::10897:0:99999:7:::
gopher::10897:0:99999:7:::
ftp::10897:0:99999:7:::
nobody::10897:0:99999:7:::
next::11702:0:99999:7:::

password telnet shadow passwd

2 Answers

  1. Best Answer

    If you are going to reset the password to your own, just remove the password hash for root in the rom.ko file and update the system. As long as there is not some update / integrity hash check on the update bundle this will effectively remove the root password/make it blank. You may still have to telnet in as a normal user and do a 'su' since direct root telnet / ssh is often disabled(a good thing).

    John the Ripper is one of the most popular password crackers out there. If the update is hash protected / validated give it a try.

    Good Luck!

    • 1

  2. You will need the makepasswd command for this to work, but you should be able to do the following:

    %echo "mypassword" | makepasswd --clearfrom=- --crypt-md5

    Which should yield the following:

    mypassword $1$ihlrowCw$45PvXmJvoJksKqNkoFi8s/

    And you should be able to paste that into the root: area in the /etc/shadow file. However, don't come knocking on my door if this hoses your DVR.

    • 0