# how to get password back?

## vito_huang

i installed a gentoo on a old machine ages ago, and now i can't remember the root password for it, so i want the old password back but do not want to reset it like using single mode or live cd to change the password(don't ask me why  :Embarassed:  , cos i really want  to know the old password  :Laughing:  )

here is what i did, i used live cd and copy passwd and shadows, then unshadow them into a new file(passwdfile), finally use john(the ripper password cracker)

john passwdfile

...............

after about 10 hours it still running.

so i want to ask am i doing the right thing(or step), or there are faster way,cos my method seems take ages

thanks

----------

## erik258

vito_huang, 

i don't think there is a better way to crack passwords.  

once a password has been encrypted, the system doesn't decrypt it to authenticate users.  instead, it merely encrypts their supplied password and checks to see if the hash for what they supplied matches the hash for the real password.  thus, the real password is never known to the system.  

i believe john the ripper works the same way.  

see here http://www.openwall.com/john/doc/MODES.shtml for more info about the cracking program you're running.  if your password was strong, you may never actually crack it.  

resetting password from chroot or livecd isn't the  wrong way to do this; i think it's the only way ; )

but i look forward to hearing how somebody's gonna argue with me :)

ps : if your password was strong or if you aren't using a wordlist you'll want incremental mode.  from the online docs...

 *Quote:*   

> This is the most powerful cracking mode, it can try all possible character combinations as passwords. However, it is assumed that cracking with this mode will never terminate because of the number of combinations being too large (actually, it will terminate if you set a low password length limit or make it use a small charset), and you'll have to interrupt it earlier.

 

also...

 *Quote:*   

> 	john mypasswd
> 
> This will try "single crack" mode first, then use a wordlist with rules, and finally go for "incremental" mode. Please refer to MODES for more information on these modes.

 

if you did that, it's probably done with the wordlist now and is running in incremental mode, and will probably never finish unless your password was weak.

----------

## vito_huang

cheers erik258

i guess my password was pretty strong then, just one thought since there is something call rainbow table for crack MD5 HASH and windows password, but why there isn't any thing like that for crack *nix system.

----------

## erik258

if i understood wikipedia correctly,  a rainbow table is a reverse hash lookup table so that you can simply compare your hash to a list of hashes/passwords that hash into them for the cipher you used.

and i think things like that do exist.  

but the applicability of them is limited; there are ways of changing the hashing algorithm a little bit to foil rainbow table cracking ... perhaps wikipedia would say it best.  

 *Quote:*   

> Nearly all distributions and variations of Unix, Linux, and BSD use hashes with salts, though many PHP web applications use just a hash (typically MD5) with no salt. The Windows NT/2000 family uses the LAN Manager and NT LAN Manager hashing method and is also unsalted, which make it one of the more popularly generated tables.

 

salts, as i gather from wikipedia's rainbow table page, function like a simple pre-hashing encryption so that a rainbow file using a different ( or no) salt doesn't give you the right hash->passwd mappings.  

i learned something here!

----------

## defenderBG

well... do you really need to crack it...?

why don't u just change it?

take a linux cd, chroot to your old instalation and do the "passwd" trick  :Wink:  that should do it.

----------

## erik258

 *vito_huang wrote:*   

> i installed a gentoo on a old machine ages ago, and now i can't remember the root password for it, so i want the old password back but do not want to reset it like using single mode or live cd to change the password(don't ask me why :oops: , cos i really want  to know the old password :lol: )
> 
> here is what i did, i used live cd and copy passwd and shadows, then unshadow them into a new file(passwdfile), finally use john(the ripper password cracker)
> 
> john passwdfile
> ...

 

you evidently didn't see that up at the top of the topic, way up there ; )

----------

## XenoTerraCide

I believe rainbow tables applies to all md5 hashes including the ones in the /etc/shadow file. of course you need read access to that file first. and only root should have that. but it's only good up to 8 character which is why my passwords on my system require a minimum of 10. any less I believe to be insecure.

----------

## madisonicus

See app-crypt/rainbowcrack for a Gentoo ebuild.  However, *http://lwn.net/Articles/208418/ wrote:*   

> The best defense against rainbow tables is 'salt', which has been a part of UNIX passwords since near the beginning of time (UNIX epoch time anyway). Salt is a random string that is added to the password before hashing it and then stored with the password. Linux MD5 passwords store the salt between two dollar signs in the password field in /etc/shadow. This random string effectively multiplies the number of tables required to do a dictionary lookup by the number of individual salt values available. Even just eight bits of salt (and Linux uses much more than that) would require nine terabytes of rainbow table.

 

I don't believe John will brute force a password more than 8 characters.  Dictionary attack would be just about the only way to get at anything longer.

I've used both successfully to test my system passwords, and they are effective.

In any case, it's hard for me to wish you luck when your scenario is... well, specious.

-m

----------

## simon_alfie

How badly do you want this password?

Brute force search is c^n (c to the power n) where c is the number of characters to try and n is the number of character in the password.

Say you restrict the search to a 100 char set.

A 4 char password takes on average (100^4)/2 attempts (50,000,000 attempts) 

A 5 char password takes on average (100^2)/2 attempts (5,000,000,000 attempts) 

If you restric the search to say 26 chars:

A 4 char password takes on average (26^4)/2 attempts (228,488 attempts) 

A 5 char password takes on average (26^2)/2 attempts (5,940,688 attempts)

You can see the restricted set takes many less attempts. You best bet is to start the search with some reduced character sets first to find the result quicker. 

If the password was actually created by you then you will know the chars you are likely to use. Restrict the set to those chars. The fewer the better. 

(You can have the best security in the world but social engineering is always the best way to get the passoword)

----------

## Jeremy_Z

Take that old dusty keyboard, and check those which look more dirty   :Laughing: 

----------

## vito_huang

i wish i still have that keyboard  :Laughing: 

i can't even remember what the password like, cos i love to used some random name and number for password

i have been running john to crack my password  for about 2 and half days now(using every single mode) and it crack up to 9 chars atm, however i don't think it can crack it,but i will keep it running see how it goings.

----------

## erik258

sweet.  i too would like to see what happens.

----------

## Robelix

 *vito_huang wrote:*   

> i wish i still have that keyboard 
> 
> i can't even remember what the password like, cos i love to used some random name and number for password
> 
> i have been running john to crack my password  for about 2 and half days now(using every single mode) and it crack up to 9 chars atm, however i don't think it can crack it,but i will keep it running see how it goings.

 

If your password is good it may take years...

...11 million years, and then the answer is forty-two   :Wink: 

----------

## BillSmith

try going to http://plain-text.info/ they have 10 machines running rainbow tables and its free and anonymous so id try that next time you need to crack a password

----------

