Linux Password Recovery
You have inadvertently forgotten your Linux password and can’t log in to your system. You really need to obtain access to your system. You also need to figure out passwords for others in the system. (The steps below will only work in the lab). You are NOT required to find all other user passwords, just the ones mentioned below.
Begin by obtaining the image If you boot it, you won’t be able to login since you don’t have any password. Instead of booting it normally, let’s boot it from the ’D’ drive, with any ubuntu disk inserted (xenial_server)here. Boot to rescue mode. In rescue mode, you should be able to drop to a shell in the root filesystem (maybe something like
/dev/sda1). You should be able to find what users exist in the system. (Hint: look in /etc/passwd). To blank a users password, you essentially delete the hash in
/etc/shadow. Careful not to delete any of the other fields or colons (:).
You should blank the password for the
Then, reboot and see if you can login as the
rubio user. Take a screenshot being logged in as the
rubio user. (I know you could give any user root permissions here, but let’s pretend we can’t)
As you are hopefully now logged in, you can see what other users exist. You could use john to try and crack the passwd file, but as we have already done this, let’s skip it.
This system has at least 3 setUID vulnerabilities. See if you can figure out how to exploit 2 of them. Here are soem potential resources:
Take screenshots of what you did to get root.
Hint: vim.basic has a setuid vulnerability, so basically, you can now edit
/etc/sudoers and add rubio in the user specification setting. You will have to save your changes in vi with
:w!. Then, as the rubio user, you should be able to do a
sudo bash and get a root shell (A root shell ends with a #).
Online password attack
Once you have root privileges, you can edit your network settings so that your machine can connect to the internet. It is already set to dhcp. I will show you how to easy connect.
Use hydra to attack the ssh port of your machine. You should be able to crack the password for
tom using the password list from the previous assignment. You should be able to find how to run the hydra command to attack your ssh port by searching on google.
You can’t run hydra from oxygen to your virtual machine. The easiest way to run hydra against the vm will be to create a second vm that has hydra installed. I recommend using the most current version of Kali linux. You can then see the ip address of your vms with
ip a. You may need to modify some network stuff from Virtualbox.
Take screenshot of discovered passwords.
- Prove to me that you did all of the above. (Maybe some print screens, or other descriptions)
- One document please (preferrably PDF). No zip or tar.
Last Updated 01/24/2021