root password problem

[adi007]

I have forgotten my root password.
Now,I know that i can change the root password by using single user mode.But i don't want to chage the root password.Instead,I want to know the root password.Is it possible??

 

[ray|raven]

No.AFAIK

Regards,
ray

 

[adi007]

I beleive if one can change the root password,then one can know the exisiting root password in single user mode.But i don't know how??

 

[ray|raven]

You cant.
When u start as single user mode it automatically logs you in.
There u can change ur password by supplying a new password.
But there's no way to know ur old one.
Why do u need to know anyways?

Regards,
ray

 

[adi007]

just curious to know whether i can know my old root password.
By the way,i know that the root password is encrpted in some file...Can't we decrypt the file containing root password??

 

[ray|raven]

If you knew the exact algorithm they used and the key which might be a 64bit one then yea maybe ,
Dont even think of brute-force,u would have grand-kids before it broke

Regards,
ray

 

[adi007]

^^can u tell me where the root password is stored....

 

[ray|raven]

/etc/shadow AFAICR.

Regards,
ray

 

[adi007]

^Thanks.Will try to hack...

 

[ray|raven]

G'Luck
May the force be with you

Regards,
ray

 

[QwertyManiac]

One can use john to view shadow files if he/she knows the root password.

sudo apt-get install john

And:

sudo john /etc/passwd

 

[praka123]

^but it wont work 100% with a good passwd

 

[QwertyManiac]

Yeah at-least it can guess a bit

 

[adi007]

One can use john to view shadow files if he/she knows the root password.

sudo apt-get install john

And:

sudo john /etc/passwd

downloaded john and used it but no result.
It's just mere guessing all the possibilites.I just ran it for 2 hrs and even then it was unable to find out.I think it is immpossible to detect good root password by this....
The one thing i liked int it was we can resume our search by using

 ./john --resume

and we can add custom rules

 

[praka123]

^yes,ofcourse

Description: active password cracking tool
john, mostly known as John the Ripper, is a tool designed to help systems
administrators to find weak (easy to guess or crack through brute force)
passwords, and even automatically mail users warning them about it, if it
is desired.
.
It can also be used with different cyphertext formats, including Unix's
DES and MD5, Kerberos AFS passwords, Windows' LM hashes, BSDI's extended DES,
and OpenBSD's Blowfish.
.
Homepage: *www.openwall.com/john/

 

[adi007]

I just did some R&D on shadow file.
I think the password is encrpted under MD5 algorithm or Blow fish.
So is there any software that converts the md5 encrpted or blow fish encrpted text into decrpted text

And the second thing i noticed was
i just backed up the file shadow and changed my root password.I again changed the root password to the first one.Now i compared the backed up file with shadow file and noticed that the two encrypted text are not same..
Even though the password is same,the encrpted text was not same.
Will that means it is taking time consideration also

 

[praka123]

^that is hard.afaik it will take yrs to crack a really good passwd that too not for sure

 

[adi007]

is there any software that converts the md5 encrpted or blow fish encrpted text into decrpted text

no reply to this

 

[QwertyManiac]

LMAO, no software exists to do that, it'd take years to decrypt on a very fast computer! If decrypting MD5 were so easy, Raaabo would already know all our passwords.

And even after years, the final string would just be *near* to the actual one. No way to guess what it was exactly.

And about MD5 Hashes, you do know collisions in hash tables right? Read on: *www.mathstat.dal.ca/~selinger/md5collision/

 

[The_Devil_Himself]

yea man these hashing algorithms are pretty good.They are almost perfect specially md5hash(thats why it is so much used).