Sponsored Content
Full Discussion: Password Recovery
Special Forums Cybersecurity Password Recovery Post 302070016 by jallport on Thursday 30th of March 2006 02:21:09 PM
Old 03-30-2006
You're basically trying to get hold of /etc/passwd. This is a text file which has to be readable by ANY user account on that box, try telnet, SSH or ftp to attach. Another way in (usable on equisys netpilots, for instance, where there are no shell accounts and ftp sessions are chroot'ed), check to see if you have an httpd server with SSI (that's server-side includes, not SSL: secure socket layer) enabled and 'hash-bit-exec' enabled (this can all be switched on from a .htaccess file with apache, see apache.org) you cat put a "<!--#exec cmd='/bin/cat /etc/passwd' -->" in an HTML page which, when viewed, will show the result of cat'ing /etc/passwd, i.e. the contents thereof.

If you have no other way of getting access via a shell, ftp client, browser etc. then it's a case of pull the HDD out of the production server, bang it into a friendly (i.e. your) *NIX box and mount it thereon.

P.S. These are obviously generic instructions. For the NAS box that started this thread you evidently have some form of shell access so no probs.

Last edited by jallport; 03-30-2006 at 03:26 PM..
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

How to password recovery on Ultrix

I got myself a dec 5100 running ultrix with unknow password, how do i recover or change the root password on it? (10 Replies)
Discussion started by: cybermike
10 Replies

2. UNIX for Dummies Questions & Answers

Password recovery

We recently terminated a developer at my place of employment who created scripts on a windows server (that i do not have access to) that invoke FTP sessions on my UnixWare 7.1.1 servers. I need to know the password that is being used. Does anyone know of a good password crack? (8 Replies)
Discussion started by: rm -r *
8 Replies

3. Shell Programming and Scripting

help for db password recovery

hi,all my database (.db) is created by sysbase adaptive server anywhere7.0 ! the user id is DBA. but I lost the password . Could you recovery the passwrod of this db file? thanks ! iwind (1 Reply)
Discussion started by: northwind
1 Replies

4. UNIX for Dummies Questions & Answers

Password Recovery

Hi, I am new to unix and I set a password for a user and now I need to recover what that password was. Is there a way, where as root, I can view what a users passwords is? Thanks, Eric (2 Replies)
Discussion started by: ejbrever
2 Replies

5. Forum Support Area for Unregistered Users & Account Problems

password recovery

hello, my password got lost - and your service to generate new passwords does not work -ive tried it out 50 times the last week or so, never got a single mail from it... please generate a new password for my account "congo" with mailadress. thanks. Thomas (3 Replies)
Discussion started by: congo00000001
3 Replies

6. UNIX for Dummies Questions & Answers

Solaris 8 password recovery plz HELP!!!!!

Hello board, I'm new to Solaris Linux world, trying to learn on my onw, as I notice the windows is a big fraud.... OK let me get to my issue: I have a SOlaris 8 X86 that I don;t have a password and even the screen is disabled(assuming for the security reasons) I just see a... (8 Replies)
Discussion started by: nexOne
8 Replies

7. Solaris

Password Recovery From /etc/shadow file

Is it possible to reset a normal user password , by editing password field in /etc/shadow file? Thanks (6 Replies)
Discussion started by: ksvaisakh
6 Replies

8. Cybersecurity

password recovery

I am trying to access an old email account but cannot recall the password and the backup email account has been closed, also. I need instructions or an expert who can assist recovering my password for web-based email account. (4 Replies)
Discussion started by: pp_mcgee
4 Replies

9. Shell Programming and Scripting

bash script for password recovery

Hi all, I'm a complete newbie to bash scripting, although I have some experience in programming. The thing is that I have a .dmg file on my mac which I protected with a password, and now I've forgotten it. I remember the first few letters of the password and the characters that represent the... (4 Replies)
Discussion started by: sujay.jauhar
4 Replies

10. Homework & Coursework Questions

Password recovery in login script help

Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted! 1. The problem statement, all variables and given/known data: Hi guys. My case study is about creating a script that includes password recovery whenever a user forgets... (1 Reply)
Discussion started by: jenimesh19
1 Replies
krb5_auth_rules(5)					Standards, Environments, and Macros					krb5_auth_rules(5)

NAME
krb5_auth_rules - Overview of Kerberos V5 authorization DESCRIPTION
When a user uses kerberized versions of the ftp, rdist, rcp, rlogin, rsh, or telnet clients to connect to a server, even if the user's claimed Kerberos V5 identity is authenticated, the user is not necessarily authorized. Authentication merely proves that the user is "who he says he is" to the Kerberos V5 authentication system. Authorization also needs to be done, since it determines if that Kerberos identity is permitted to access the Solaris user account that the client wants to access. Each user may have a private authorization list in a file ~/.k5login in his login directory (on the server). Each line in this file should contain a Kerberos principal name of the form principal/instance@realm. If the server finds a ~/.k5login file, then access is granted to the account if and only if the originating user is authenticated to one of the principals named in the ~/.k5login file. If there is no ~/.k5login file, the originating user will then be checked against the gsscred table (see gsscred(1M)). If the originating user's Kerberos V5 identity is in the gsscred table, and if the UNIX user id in the gsscred table corresponds to the user account the client is trying access, then the originating user is granted access to the account on the server. If the UNIX user id does not match, then the originating user is denied access. For example, suppose the originating user has a principal name of jdb@ENG.ACME.COM and the target account is jdb-user. If jdb@ENG.ACME.COM appears in the gsscred table with uid 23154 and if jdb-user appears in the user account database (see passwd(4)) with uid 23154, then access to account jdb-user is granted. Of course, normally, the target account name in this example would be jdb and not jdb-user. Finally, if there is no ~/.k5login file and if the originating user's Kerberos V5 identity is not in the gsscred table, then the user will be granted access to the account if and only if all of the following are true: o The user part of the authenticated principal name is the same as the target account name specified by the client. o The realm part of the client and server are the same. o The target account name exists on the server. For example, if the originating user has a principal name of jdb@ENG.ACME.COM and if the server is in realm SALES.ACME.COM, then even if jdb is a valid account name on the server, the client would be denied access. This is because the realms SALES.ACME.COM and ENG.ACME.COM differ. FILES
~/.k5login Per user-account authorization file. /etc/passwd System account file. This information may also be in a directory service. See passwd(4). ATTRIBUTES
See attributes(5) for a description of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Interface Stability |Evolving | +-----------------------------+-----------------------------+ SEE ALSO
ftp(1), rcp(1), rdist(1), rlogin(1), rsh(1), telnet(1), gsscred(1M), passwd(4), attributes(5), gss_auth_rules(5) NOTES
To avoid security problems, the ~/.k5login file must be owned by the remote user. SunOS 5.10 13 Apr 2004 krb5_auth_rules(5)
All times are GMT -4. The time now is 07:45 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy