Root shell

**knoppix00** · 05-08-2006, 12:53 PM

What is this script that allows knoppix not to have a root password?

Could it be implanted into installed linux versions, like Suse or something?

**maxIT** · 05-10-2006, 05:19 PM

I guess that isn't the case to talk about 'scripts'.
Passwords are usually stored in the /etc/shadow file. This file has many lines how many accounts there are, every line has many fields delimited by columns ":". Passwords (encrypted) normally are stored in the second field, while if the password isn't setted an asterisks appears:
Examples of root fields in /etc/shadow:
root:*:13278:0:99999:7::: -->knoppix
root:$1$7bEBaK/w$nYdrrhuEbW1KKVkX2GY0Y.:13278:0:99999:7::: -->password enabled

So if you want to have a root account without password just edit this file and replace the encrypted password with an "*"

**knoppix00** · 05-19-2006, 12:30 PM

Thanks for your answer.

And if there is no password, as in 'NOT EMPTY', there is no way you could ever connect to the machine, right?
You'd have to set the root password in order to connect to the machine from the outside world, right?

'Empty' as in just hitting 'return' (enter).

**Dave_Bechtel** · 05-19-2006, 06:02 PM

See ' man passwd '

" /etc/passwd " is the 1st file; " /etc/passwd- " is somehow related
" /etc/shadow " is the secure password file

" /etc/group " is also related, along with its " /etc/group- " file (I dunno if it's a backup, or what.)

--Best practices involve editing " /etc/ssh/sshd_config " to NOT allow root login directly; NOT run telnet *at all*; and NOT allowing root to login as an FTP user. ( See " /etc/ftpusers " )

BEGIN /etc/ftpusers

Code:

# /etc/ftpusers: list of users disallowed FTP access. See ftpusers(5).

root
daemon
bin
sys
sync
games
man
lp
mail
news
uucp
nobody

sshd_config line:
" PermitRootLogin no " (w/o the quotes) ++ bounce ssh: ' /etc/init.d/ssh restart '

--Check knoppix " /etc/inittab " on the livecd to see what it's doing at startup.

--Also check ' ps 1 ' to see the default runlevel, then (for example runlevel 5: )
' /bin/ls /etc/rc5.d ' == These files run when runlevel 5 is called. S?? means Start, K?? means Kill.

--Things in " /etc/rcS.d " run in Single user mode, and also are called before the numeric runlevels; i.e. they run regardless.

See ' man init '.

Originally Posted by knoppix00

Thanks for your answer.

And if there is no password, as in 'NOT EMPTY', there is no way you could ever connect to the machine, right?
You'd have to set the root password in order to connect to the machine from the outside world, right?

'Empty' as in just hitting 'return' (enter).

**knoppix00** · 05-19-2006, 07:21 PM

Thanks, but what I ment was that when you run knoppix without any additional settings at the start.
That there is no password so you wouldn't be able to connect to the machine from the outside world, i.e. the internet, correct?

**Dave_Bechtel** · 05-19-2006, 08:58 PM

--Not necessarily. Try running ' nmap localhost ' on a default Knoppix boot, and see what's running.

--If ssh or other services such as email are running at boot, someone *could* possibly hack the box. Best bet is to run behind a firewall, and not "assume" it's secure out of the box.

--You can always ' passwd root ' and ' passwd knoppix ' and set them to a long, difficult string - such as the first letters of every word in a sentence.
"ycaprapkasttaldssatfloewias" == ^

--Anyhow, you asked if that capability could be ported to other distros; and you need to know the things I listed in order to do that.

Originally Posted by knoppix00

Thanks, but what I ment was that when you run knoppix without any additional settings at the start.
That there is no password so you wouldn't be able to connect to the machine from the outside world, i.e. the internet, correct?

**knoppix00** · 05-19-2006, 10:05 PM

--Anyhow, you asked if that capability could be ported to other distros; and you need to know the things I listed in order to do that.

Yea yea, thanks a million times

.

Since there is a password, you of course would always be able to hack into the machine, but if there isn't, how would you log into the machine as root...? You know.

Of course, no services are running. But supposedly, I had 'ssh' running without a root password, would it be possible to hack into it using 'root'?

**Dave_Bechtel** · 05-20-2006, 12:39 AM

Reread my previous post regarding "best bet."

My suggestion is to try it, and see if *you* can hack the box while it's running under the conditions you describe. You can't expect non-paid volunteers to do all your research for you.

Originally Posted by knoppix00

--Anyhow, you asked if that capability could be ported to other distros; and you need to know the things I listed in order to do that.

Yea yea, thanks a million times

.

Since there is a password, you of course would always be able to hack into the machine, but if there isn't, how would you log into the machine as root...? You know.

Of course, no services are running. But supposedly, I had 'ssh' running without a root password, would it be possible to hack into it using 'root'?