VideoHelp Forum
+ Reply to Thread
Results 1 to 17 of 17
Thread
  1. Got a new customer whose previous tech left. They have a Linux server, showing a Login prompt. I have what is supposed to be the password, but no idea what the login name is. "root" does not work. Apparently, when the Pc boots up, the name is supplied, the password entered manually, it boots and returns to the login prompt. Only reason I need this is to change a users password which was allowed to expire. The boot process reportedly takes well over 15 minutes.

    It is Ubuntu 8.04, there appear to be two clustered Linux servers? Acting as domain servers, apparently.

    The drive appears to be failing, at least access to files stored on the server is intermittant at best. I have already copied the files over. My next step would be to format, replace drives if necessary, and install Windows. I am just not comfortable administering a Linux server at this time. Possibly with a re-install wherein I know all the passwords and variables, maybe...

    This company, in the past, had some extreme security needs, but most of that is no longer needed. Previous tech had them buy Three seperate internet connections, over a $1000 monthly hosting service that is not being used, an expensive server located far away that is not used, their website has been down for months, he bought Google apps just to host an e-mail domain, there's more.

    I need to run a hard drive test, also check the network card, the event log or similar for errors, and I can't even log in to the damn thing. Every PC in the shop has My Documents pathed to the Linux server, and the path is often unaccessible. All Pc's are XP logging in to the domain server, which are apparently running DNS, as well.

    Other than cracking the workstation passwords, which I can do, and copying all documents and files, which is already done, are there any hidden "gotcha's" which I am likely to run into? Keep in mind that the original design was done with extreme security in mind. Think offshore banking, it's similar.
    Quote Quote  
  2. Man of Steel freebird73717's Avatar
    Join Date
    Dec 2003
    Location
    Smallville, USA
    Search PM
    The following info was taken from here
    http://www.psychocats.net/ubuntu/resetpassword
    Hope it helps.

    you can press the Escape key during bootup in order to see the boot menu.
    From the boot menu, select recovery mode, which is usually the second boot option.

    After you select recovery mode and wait for all the boot-up processes to finish, you'll be presented with a few options. In this case, you want the Drop to root shell prompt option so press the Down arrow to get to that option, and then press Enter to select it.
    The root account is the ultimate administrator and can do anything to the Ubuntu installation (including erase it), so please be careful with what commands you enter in the root terminal.
    Once you're at the root shell prompt, if you have forgotten your username as well, type
    ls /home
    That's a lowercase L, by the way, not a capital i, in ls. You should then see a list of the users on your Ubuntu installation.
    Donadagohvi (Cherokee for "Until we meet again")
    Quote Quote  
  3. Is there any way to get any useful information at the login prompt? I really don't want to even reboot until I am absolutely sure all useful data has been copied.

    A list of user names should do it, one of them should match the password I have.

    Would a (linux) password reset disk meant for XP work? Guess that involves a reboot, anyway.
    Quote Quote  
  4. I'm no linux expert, but if it were me I would assume that the server is sharing with XP boxes using samba and so there's a possibility that the samba usernames and pwds are the same as the linux ones. if you know a user name and password for one of the XP machines try using puTTY to log into the linux machine with them. If you get a command prompt you can list what's in the /home directory and see what other users there are.
    Quote Quote  
  5. Man of Steel freebird73717's Avatar
    Join Date
    Dec 2003
    Location
    Smallville, USA
    Search PM
    Originally Posted by Nelson37 View Post
    Is there any way to get any useful information at the login prompt? I really don't want to even reboot until I am absolutely sure all useful data has been copied.
    Not to my knowledge. In a situation like this you need to be able to access the command line and you can't do that from the login screen.

    Would a (linux) password reset disk meant for XP work? Guess that involves a reboot, anyway.
    [/quote]
    I doubt that would work. But you could use an ubuntu live cd.
    I didn't do this tutorial by the way
    Donadagohvi (Cherokee for "Until we meet again")
    Quote Quote  
  6. Thanks, guys, I kinda thought so.

    There is no Samba, they just have mapped drives. I didn't know you could use Linux as a domain server, though

    What I'm gonna do is make sure everything is backed up, and just disconnect the suckers from the network. Point the DNS to the router, re-create some users and we should be good to go. And if we ain't, just plug the cable back in and THEN try to reset the password.
    Quote Quote  
  7. Well, some new info has surfaced. Apparently, this thing is set to wipe the drives if it ever reboots.

    Having found out some more about what was on this thing and what it was used for, I definitely want those drives formatted.

    Is it possible for the system to detect an unplugged Network cable and initiate a format?

    Is there a Format or drive wipe program for Linux that gives a large, clear screen display that the drive is being wiped, such as would be visible on a security camera?

    This system had two different things going on, one an encryption system that got the attention of some serious government agencies, the other a strong connection to a major profit for certain organized families.

    I know there are companies that will come over and shred your documents, anybody know of any that secure wipe hard drives?
    Quote Quote  
  8. Ubuntu 8.04, guess Gusty or Hardy.
    There is utility bootable disk for Linux which has hash-algorithm to retrieve admin password.

    Once, I had a same problem, but, after few emails with distro support, they posted a short procedure in their forum which reseted password to root and admin - as default. using the distro live CD.
    Last edited by Bonie81; 2nd Sep 2010 at 20:17.
    Quote Quote  
  9. Man of Steel freebird73717's Avatar
    Join Date
    Dec 2003
    Location
    Smallville, USA
    Search PM
    Originally Posted by Nelson37 View Post
    Is it possible for the system to detect an unplugged Network cable and initiate a format?

    Is there a Format or drive wipe program for Linux that gives a large, clear screen display that the drive is being wiped, such as would be visible on a security camera?
    I honestly don't know. Too bad that disturbed1 hasn't been seen here in a while. He knows a lot more about linux than I do.

    This system had two different things going on, one an encryption system that got the attention of some serious government agencies, the other a strong connection to a major profit for certain organized families.
    That would definitely be enough to make me nervous. I don't need any clients with those kind of ties...


    I know there are companies that will come over and shred your documents, anybody know of any that secure wipe hard drives?
    Don't know about companies that do that (although I'm sure there are some) but if you really wan't to wipe those drives completely then download dban (dariks boot and nuke) and burn it to a disc. Let that puppy do a DOD style format and all data will be gone.

    Good luck man.
    Donadagohvi (Cherokee for "Until we meet again")
    Quote Quote  
  10. Member
    Join Date
    Jan 2011
    Location
    Island Off The US.
    Search Comp PM
    Originally Posted by Nelson37 View Post
    Is there a Format or drive wipe program for Linux that gives a large, clear screen display that the drive is being wiped, such as would be visible on a security camera?

    This system had two different things going on, one an encryption system that got the attention of some serious government agencies, the other a strong connection to a major profit for certain organized families.
    You can try a kernel vulnerability to drop in to root from a user account(If its not set to install patch's to the kernel with out rebooting, most patch's tho need a reboot to apply.) for 1. Two if there are "Government Agencies" looking in to a crime that took place on thes drives you have the Depo of Justice FBI/cybercrimes is going to need that drive in there case an if your format there data evidence thay can and more than likely will arrest you for obstruction or tampering with evidence.

    Originally Posted by Nelson37 View Post
    Is it possible for the system to detect an unplugged Network cable and initiate a format?
    YES this can be writeing in to a bash script to check network pings and set it to the cron system task manger ever 5mins to test network stability.(if the guy thinks like me >.<)
    Quote Quote  
  11. Member
    Join Date
    Aug 2004
    Location
    PA USA
    Search Comp PM
    If the computer drives are at that level of serious, they should be pulled and metal shredded beyond recognition, IMHO.
    It's not important the problem be solved, only that the blame for the mistake is assigned correctly
    Quote Quote  
  12. Member
    Join Date
    Jan 2011
    Location
    Island Off The US.
    Search Comp PM
    Originally Posted by sum_guy View Post
    If the computer drives are at that level of serious, they should be pulled and metal shredded beyond recognition, IMHO.
    well usely the drive will be confiscated an stuck at quantico for along time due to building an inditement also decrypton / data restoration can take from one month to hell ten years (decrypting im sure thay woud give up after 6months or so) but never the less im sure the cybercrimes devison woud run a zero-fill tool on the drive a fue times if its classified or child porn befor retruning it or keep it locked up for good in a evidence locker just to be jackass's.
    Quote Quote  
  13. The Government folks just told them to stop doing what they were about to do, and not to ever try that again. This was sort of a side business.

    The "family" connection was already investigated and SFAIK they are all done with that.

    The system is still up and running, but all important data has been copied. The reboot and Secure Erase is next step. I've been somewhat keeping my distance on this one.
    Quote Quote  
  14. Member
    Join Date
    Aug 2004
    Location
    PA USA
    Search Comp PM
    Since when does the government say "please don't do that", unless your interned in Guantanimo and represented by Holders law firm...I'd hand it all back to them, wish them good luck, and hopefully there is never a next time. Since all "important" data has been copied, such as important wedding aniversary dates, birthdays, relatives phones, NSA secure passkey encryption codes etc...

    Step 1. Reboot, let it happen, the chips are gonna fall.
    Step 2. Drive wipe, linux boot disk style.
    Step 3. Question to client, where do you want to go from here?
    Step 4. Don't pay me, it's on the house.
    Step 5. This never happened.
    It's not important the problem be solved, only that the blame for the mistake is assigned correctly
    Quote Quote  
  15. They didn't say "please". They said "we will not allow you to offer this service." It involved providing secure voice communications, using what appeared to be a modified version of dish-video-type encryption equipment. I did not actually witness this conversation, but I have seen quite a bit of hardware which is now deemed worthless and is being disposed of.

    The more important stuff involved ROM codes which carry built-in "odds" subject to regulations. Some owners of certain types of machines have an interest in lowering those odds, and apparently had made some attempt to do so, with the help of a former employee. These codes remain in-house and I DO NOT have any copies, and never have. Given a choice between possessing these, or NSA stuff, no question, I'd rather have the NSA stuff. This hardware I've seen in action, legit and legal as long as it's un-modified.
    Quote Quote  
  16. Member AlanHK's Avatar
    Join Date
    Apr 2006
    Location
    Hong Kong
    Search Comp PM
    If any of this story is real, you're insane to discuss it on a open forum like this.
    Quote Quote  
  17. Member
    Join Date
    Jan 2011
    Location
    Island Off The US.
    Search Comp PM
    hmm ya the NSA are tight ass's about cell sites with encrypton.
    Quote Quote  



Similar Threads

Visit our sponsor! Try DVDFab and backup Blu-rays!