Total Pageviews

100,756

Sunday, 16 February 2014

Root Password Recovery !!!

This post is regarding Root Password Recovery. 

In simple root passwd is recovered by booting server with cdrom to single user mode and then we need to edit root entry in /etc/shadow file.

RSC version 2.2.3 

rsc>
rsc>
rsc> console

console login: root
Password:

rsc>
rsc> help
RSC Help

password           Change password.
poweron            Power on host system.
poweroff           Power off host system.
reset              Reset host system.
xir                Send XIR reset to host system.
resetrsc           Reboot RSC.
console            Connect to system console.
break              Send break to system console.
environment        Print environment information.
showenvironment    Print environment information.
                   (Synonymous with 'environment'.)
shownetwork        Show current network configuration.
set <variable> <value>
                   Set configuration variable <variable> to value <value>.
show [<variable>]  Show the value of all variables or a specific variable.
date [[mmdd]HHMM | mmddHHMM[cc]yy][.SS]
                   Set/Show the current date and time.
showdate           Show the current date and time.
                   (Synonymous with 'date'.)
setdate [mmdd]HHMM | mmddHHMM[cc]yy[.SS]
                   Set the current date and time.
                   (Synonymous with 'date <date-string>'.)
bootmode [-u] [normal|forth|reset_nvram|diag|skip_diag]
                   Set the host firmware boot mode.
setlocator [on|off]
                   Turn the system locator LED on or off.
showlocator        Show the state of the system locator LED.
consolehistory [boot|run|oboot|orun] [index [+|-]<n>] [pause <n>]
                   Dump console history log.
consolerestart     Set current console log to be original console log.
loghistory [index [+|-]<n>] [pause <n>]
                   Dump Event log.
useradd <username> Add a new user.
userdel <username> Delete a user.
usershow [ <username> ]
                   Show all users (or a specific user).
userpassword <username>
                   Change password for a specific user.
userperm <username> [c][u][a][r]
                   Set permissions for a user.
version [-v]       Print revision of RSC firmware.
showsc             Print revision of RSC firmware.
                   (Synonymous with 'version'.)
logout             Log out of the RSC shell.


rsc> break                                ----  to bring down server to OK prompt
rsc>
rsc>
rsc> console

{3} ok
{3} ok
{3} ok
{3} ok devalias
net                      /pci@9,700000/network@2
rootdisk                 /pci@9,600000/SUNW,qlc@2/fp@0,0/disk@0,0
rootmirror               /pci@9,600000/SUNW,qlc@2/fp@0,0/disk@1,0
disk1                    /pci@9,600000/SUNW,qlc@2/fp@0,0/disk@1,0
disk0                    /pci@9,600000/SUNW,qlc@2/fp@0,0/disk@0,0
disk                     /pci@9,600000/SUNW,qlc@2/fp@0,0/disk@0,0
ide                      /pci@8,700000/ide@6
scsi                     /pci@9,600000/SUNW,qlc@2
cdrom                    /pci@8,700000/ide@6/cdrom@0,0:f
net                      /pci@9,700000/network@2
net1                     /pci@9,600000/network@1
net0                     /pci@9,700000/network@2
flash                    /pci@9,700000/ebus@1/flashprom@0,0
idprom                   /pci@9,700000/ebus@1/i2c@1,2e/idprom@4,a4
nvram                    /pci@9,700000/ebus@1/i2c@1,2e/nvram@4,a4
i2c1                     /pci@9,700000/ebus@1/i2c@1,30
i2c0                     /pci@9,700000/ebus@1/i2c@1,2e
bbc                      /pci@9,700000/ebus@1/bbc@1,0
rsc-console              /pci@9,700000/ebus@1/rsc-console@1,3083f8
rsc-control              /pci@9,700000/ebus@1/rsc-control@1,3062f8
ttya                     /pci@9,700000/ebus@1/serial@1,400000:a
pci9b                    /pci@9,700000
pci9a                    /pci@9,600000
pci8b                    /pci@8,700000
pci8a                    /pci@8,600000
ebus                     /pci@9,700000/ebus@1
name                     aliases
{3} ok
{3} ok
{3} ok
{3} ok
{3} ok printenv
Variable Name           Value                          Default Value

test-args
diag-passes             1                              1
local-mac-address?      true                           false
scsi-initiator-id       7                              7
oem-logo                                               No default
oem-logo?               false                          false
oem-banner                                             No default
oem-banner?             false                          false
ansi-terminal?          true                           true
screen-#columns         80                             80
screen-#rows            34                             34
ttya-rts-dtr-off        false                          false
ttya-ignore-cd          true                           true
ttya-mode               9600,8,n,1,-                   9600,8,n,1,-
output-device           rsc-console                    ttya
input-device            rsc-console                    ttya
auto-boot-on-error?     true                           true
load-base               16384                          16384
auto-boot?              true                           true
network-boot-arguments
boot-command            boot                           boot
diag-file
diag-device             rootdisk rootmirror            net
boot-file
boot-device             rootdisk rootmirror            disk net
use-nvramrc?            true                           false
nvramrc                 devalias rootmirror /pci ...
security-mode           none                           No default
security-password                                      No default
security-#badlogins     0                              No default
verbosity               normal                         normal
fcode-debug?            false                          false
diag-out-console        true                           false
diag-trigger            error-reset power-on-res ...   error-reset power-on-res ...
service-mode?           false                          false
diag-script             normal                         normal
diag-level              max                            max
diag-switch?            true                           false
error-reset-recovery    sync                           sync
{3} ok setenv auto-boot? false
auto-boot? =            false
{3} ok
{3} ok
{3} ok
{3} ok
{3} ok boot cdrom -s
Boot device: /pci@8,700000/ide@6/cdrom@0,0:f  File and args: -s
hsfs-file-system
Loading: /platform/sun4u/boot_archive
ramdisk-root ufs-file-system
Loading: /platform/SUNW,Sun-Fire-V490/kernel/sparcv9/unix
Loading: /platform/sun4u/kernel/sparcv9/unix
SunOS Release 5.10 Version Generic_142909-17 64-bit
Copyright (c) 1983, 2010, Oracle and/or its affiliates. All rights reserved.
os-io Booting to milestone "milestone/single-user:default".
Configuring devices.
Using RPC Bootparams for network configuration information.
Attempting to configure interface ce1...
Skipped interface ce1
Attempting to configure interface ce0...
Skipped interface ce0
Requesting System Maintenance Mode
SINGLE USER MODE
#
#
#
# df -kh
Filesystem             size   used  avail capacity  Mounted on
/ramdisk-root:a        197M   175M   2.3M    99%    /
/devices                 0K     0K     0K     0%    /devices
ctfs                     0K     0K     0K     0%    /system/contract
proc                     0K     0K     0K     0%    /proc
mnttab                   0K     0K     0K     0%    /etc/mnttab
swap                    31G   344K    31G     1%    /etc/svc/volatile
objfs                    0K     0K     0K     0%    /system/object
sharefs                  0K     0K     0K     0%    /etc/dfs/sharetab
swap                    31G   592K    31G     1%    /tmp
/tmp/dev                31G   592K    31G     1%    /dev
fd                       0K     0K     0K     0%    /dev/fd
/devices/pci@8,700000/ide@6/sd@0,0:f
                       2.1G   2.1G     0K   100%    /cdrom
df: cannot statvfs /platform/sun4u-us3/lib/libc_psr.so.1: Operation not applicable
df: cannot statvfs /platform/sun4u-us3/lib/sparcv9/libc_psr.so.1: Operation not applicable
swap                    31G     8K    31G     1%    /tmp/root/var/run
#
#
#
#
# echo |format
Searching for disks...done


AVAILABLE DISK SELECTIONS:
       0. c1t0d0 <SUN146G cyl 14087 alt 2 hd 24 sec 848>
          /pci@9,600000/SUNW,qlc@2/fp@0,0/ssd@w21000014c3cfccbf,0
       1. c1t1d0 <SUN146G cyl 14087 alt 2 hd 24 sec 848>
          /pci@9,600000/SUNW,qlc@2/fp@0,0/ssd@w21000014c3cfb67a,0
Specify disk (enter its number): Specify disk (enter its number):
#
#
# ls -ld /dev/dsk/c1t0d0s0
lrwxrwxrwx   1 root     root          70 Apr 13 01:06 /dev/dsk/c1t0d0s0 -> ../../devices/pci@9,600000/SUNW,qlc@2/fp@0,0/ssd@w21000014c3cfccbf,0:a
# prtconf -vp |grep -i boot
        bootarchive:  '/ramdisk-root'
        bootfs:  fff49f10
        bootargs:  '-s'
        bootpath:  '/pci@8,700000/ide@6/cdrom@0,0:f'
        auto-boot-on-error?:  'true'
        auto-boot?:  'false'
        network-boot-arguments:
        boot-command:  'boot'
        boot-file:
        boot-device:  'rootdisk rootmirror'
#
#
#
# mount /dev/dsk/c1t0d0s0 /a
# cd /a/etc
# EDITOR=vi
# export EDITOR
#
# TERM=vt100
# export TERM
#
#
#
# cat shadow
root:$1$8W5IYpSB$8H2TDgCqbs2dllasqplsh/:14412:7:56:7:::
daemon:*LK*NP:14247::::::
bin:*LK*NP:14247::::::
sys:NP:6445::::::
adm:*LK*NP:14247::::::
lp:*LK*NP:14247::::::
uucp:*LK*NP:14247::::::
nuucp:*LK*NP:14247::::::
smmsp:*LK*NP:14247::::::
listen:*LK*:::::::
gdm:*LK*:::::::
webservd:*LK*:::::::
postgres:NP:::::::
svctag:*LK*:6445::::::
nobody:*LK*:6445::::::
noaccess:*LK*:6445::::::
nobody4:*LK*:6445::::::
#
#
#
#
# vi shadow                   -------Below entry is the password info of root user , so remove it.
root:$1$8W5IYpSB$8H2TDgCqbs2dllasqplsh/:14412:7:56:7:::
daemon:*LK*NP:14247::::::
bin:*LK*NP:14247::::::
sys:NP:6445::::::
adm:*LK*NP:14247::::::
lp:*LK*NP:14247::::::
uucp:*LK*NP:14247::::::
nuucp:*LK*NP:14247::::::
smmsp:*LK*NP:14247::::::
listen:*LK*:::::::
gdm:*LK*:::::::
webservd:*LK*:::::::
postgres:NP:::::::
svctag:*LK*:6445::::::
nobody:*LK*:6445::::::
noaccess:*LK*:6445::::::
nobody4:*LK*:6445::::::
~
~
~
"shadow" 17 lines, 378 characters
#
#
# pwd
/a/etc
#
# more shadow
root::14412:7:56:7:::
daemon:*LK*NP:14247::::::
bin:*LK*NP:14247::::::
sys:NP:6445::::::
adm:*LK*NP:14247::::::
"shadow" [Read only] 23 lines, 524 characters
uucp:*LK*NP:14247::::::
nuucp:*LK*NP:14247::::::
smmsp:*LK*NP:14247::::::
listen:*LK*:::::::
gdm:*LK*:::::::
webservd:*LK*:::::::
postgres:NP:::::::
svctag:*LK*:6445::::::
nobody:*LK*:6445::::::
noaccess:*LK*:6445::::::
nobody4:*LK*:6445::::::
#
#
# cd
#
# umount /a
#
#
# init 0
# syncing file systems... done
Program terminated
{13} ok
{13} ok
{13} ok
{13} ok
{13} ok boot -rv
Resetting ...

After reboot you can login with no password and can reset the root password.

No comments:

Post a Comment