Category Archives: Linux

My Linux Access Recovery Technique on Linux CentOS

Some time ago I got an idea on granting access to my Linux machine which had the passwd and shadow files CRC protected, the SSH and Single User Mode both disabled.

To apply this method, the user needs some sort of physical access to the machine. So, finally I put together a script – all the other instructions are included in description (see below the link from the end of this article). You may also want to read the following post too: http://www.techtipsforsmartchicks.com/recover-root-password-single-user-mode-disabled/

Before going ahead with the reading, please also read the disclaimer below.

DISCLAIMER: This technique is presented for educational purposes only and you take full responsibility for all your actions.

You can download the script from here: http://pastebin.com/pbJ5iCJR

How to recover root password when single user mode is disabled

Before reading this further, please note that the information below is provided for educational purposes only and you take full responsibility for all your actions.

I have decided to write this article after doing some research for a personal security project. Basically, the goal was to change the root password of a machine which was running Linux and had the Single User mode disabled.

Below you can find the steps that describe how I achieved what I had in my (very sick) mind. Before going ahead, it is important for you to burn a Clonezilla Live CD ISO on a optical-disk or on a USB stick and once you’re all set, do the following:

–        When the Linux machine boots up, let is boot from the Clonezilla Live CD/USB.

–        Choose “Clonezilla live” when the Clonezilla Boot Menu appears and hit ENTER.

Clonezilla Boot Menu

Clonezilla Boot Menu

–        When you are asked to choose a language, select whatever language you wish (I chose English) and then select <OK>.

Choose Language

Choose Language

–        In the “Configuring console-data” window, select “Don’t touch keymap” and then <OK>

Configuring console-data

Configuring console-data

–        When the “Start Clonezilla” window shows up, choose “Enter_shell” and then <OK>

Start Clonezilla

Start Clonezilla

–        Then within the “Choose mode” window, select “cmd” and then <OK>

Choose mode

Choose mode

–        Now Clonezilla returns a Linux user shell “$”, but we want to run everything as “root”. So, we will have to use the following command to make ourselves “root”: sudo su -

Running: sudo su -

Running: sudo su -

–        Ok, so now that we’re “root” (we have administrator privileges) we want to have a look at the partitions of the Linux machine (NOT the Clonezilla Live CD, but the Linux machine that we want to change the “root” password from). Therefore, one way to achieve this is running the following command: fdisk -l |grep /dev/sd

fdisk command

fdisk command

–        Then we have to check which partition contains the File System. One way to find this out is by trying to mount each partition at a time and then check what it contains.

In the example above, we have /dev/sda2 (which was the Linux Swap, so this is excluded from the very beginning) and then there are /dev/sda1 and /dev/sda3. I used the following steps to check what kind data those partitions were holding:

mount /dev/sda1 /mnt (this mounted the /dev/sda1 in /mnt)

ls /mnt (shows what /mnt contains)

umount /dev/sda1 (unmounted /dev/sda1)

mount /dev/sda3 /mnt (mounted the /dev/sda3 in /mnt)

ls /mnt (now this showed the correct file system)

(u)mount examples

(u)mount examples

–        After the File System is mounted, then the File System of Clonezilla has to be changed to the File System of the actual Linux machine (the one that was mounted in /mnt above). For that type: chroot /mnt (you can then check if you’re on the right file system to be on the safe side).

–        Once you are sure that the File System was correctly changed, the “root” password can be changed by using the “passwd” command.

Changing file system

Changing file system+reboot

–        Once the “root” password was changed, reboot and check if the new “root” password works.

I hope you found this useful. If you did, please share this article with your friends.

PEACE!

Monitoring Performance in Linux

1. top – Display Linux Tasks

This is a very used tool by any Linux administrator because it provides real-time information about the running tasks, system and about the tasks which are managed by the kernel.

top

More examples about how to use the “top” utility can be found here: http://www.cyberciti.biz/faq/tag/top-command/

2. vmstat – Report Virtual Memory Statistics

The command “vmstat” provides very useful statistics that relates to: CPU activity, virtual memory, kernel threads, IO blocks, kernel threads, processes, etc.  For more examples about how to use vmstat, you can read: http://www.cyberciti.biz/faq/tag/vmstat-command/

vmstat

3. lsof – List Open Files

The full name of this command is self-explanatory. Basically, the “lsof” command helps a sysadmin to find the open files and the processes that keeps them opened.  You can read more about it here: http://www.catonmat.net/blog/unix-utilities-lsof/

lsof

4. tcpdump – Dump Traffic On a Network

This tool is a network packet analyzer and a sniffer that can be used to capture the packets transferred through a specific network interface. A detailed tutorial can be found here: http://www.danielmiessler.com/study/tcpdump/

tcpdump

5. netstat – Network Statistics

When you want to use “netstat” it means that you’re looking for information about the inbound/outbound in terms of interface statistics. Many of us already know it from Windows. More useful practical examples using netstat can be found here: http://www.cyberciti.biz/tips/tag/netstat

netstat

6. iostat – IO Statistics

The name of this tool is also self-explanatory. It is designed to provide statistics about the input/output of different storage devices and it also provide info about the CPU status. Some useful examples on how to use this tool can be found here: http://linux.101hacks.com/unix/iostat/

iostat

In order to make this tool available, you have to install the sysstat package from the repository.