Perderabo has made posted a good thread in the FAQ section here: Lost root password / Can't login as root

Sorry if this is the wrong place, but this version of linux is not covered and it is a little different.

I have bought a NAS box: Freecom FSG-3. It has a linux file system that I can get to through PuTTY via SSH. The file system looks and behaves as one might expect a linux box to...

I want to play; improve things like their screwed up web pages etc. However Freecom are playing Big Brother on me and won't give me the root password. (no supprise there). I did offer to let them connect and change it to something and give the new one to me.

Anyway, from PuTTY I have done a "uname -a" to find the kernel. it returns:

Linux ANAS01 2.4.27-uc1 #1185 Fr Nov 18 11:37:24 CET 2005 armv5b unknown

ANAS01 is the hostname of the box. I took the date and time out of it and googled it. The most likely result was: http://www.uclinux.org. It appears to be an embedded version of linux.

Doing a "cd /", "ls" I get:

/ $ ls
bin etc lib root tmp var
dev home proc sbin usr zImage
/ $


I've tried "vi -R /etc/passwd" changing admin 0:0 but ":w!" doesn't write. (not supprised)

I've gone through the forum looking for help, but as i'm not at the console (as it were) I can't see the suggestions will work.

I have though about taking the drive out of the NAS and booting it like a normal drive however, forgive me for my ignorance, but i presume an embedded system referes to the OS being an a chip, therefore removing the drive would not help.

If anybody has any ideas, I'd greatly appreciate it. If you hadn't already guessed i'm a novice at linux so answers for dummies would be appreciated.

Many thanks in advance.

Woter

PLEASE NOTE: I do not condone the cracking of other people's passwords for anything other than authorised penetration testing and security analysis.

However, if you have 'forgotten' a password for one of your own boxes and still have telnet/SSH access to the box via another account you could try this:

[Summary]
You'll need an offline copy of /etc/passwd and something to generate hashes against a wordlist or brute-force strings.

[Method]
You could 'cat /etc/passwd' and copy/paste from puTTY to (e.g.) Notepad [I assume you're SSH'ing from a Windoze box since you're using puTTY]

You then need something like John The Ripper, a quick machine, and patience.

thanks for the above but don't have access via another box how can i recover the password

You're basically trying to get hold of /etc/passwd. This is a text file which has to be readable by ANY user account on that box, try telnet, SSH or ftp to attach. Another way in (usable on equisys netpilots, for instance, where there are no shell accounts and ftp sessions are chroot'ed), check to see if you have an httpd server with SSI (that's server-side includes, not SSL: secure socket layer) enabled and 'hash-bit-exec' enabled (this can all be switched on from a .htaccess file with apache, see apache.org) you cat put a "<!--#exec cmd='/bin/cat /etc/passwd' -->" in an HTML page which, when viewed, will show the result of cat'ing /etc/passwd, i.e. the contents thereof.

If you have no other way of getting access via a shell, ftp client, browser etc. then it's a case of pull the HDD out of the production server, bang it into a friendly (i.e. your) *NIX box and mount it thereon.

P.S. These are obviously generic instructions. For the NAS box that started this thread you evidently have some form of shell access so no probs.