HELP URGENT:Lost /etc/shadow on SVR4 Unix any backdoor?

HELP URGENT:Lost /etc/shadow on SVR4 Unix any backdoor?

Post by Raghu De » Fri, 08 Jun 2001 04:30:31



I'm trying to help system admins regain access to a box whose /etc/shadow is
blown away (don't know how?) . Nobody on the system.  Any help would be
appreciated


 
 
 

HELP URGENT:Lost /etc/shadow on SVR4 Unix any backdoor?

Post by Michael T Pi » Fri, 08 Jun 2001 05:34:39



>I'm trying to help system admins regain access to a box whose /etc/shadow is
>blown away (don't know how?) . Nobody on the system.  Any help would be
>appreciated

The same way you fix all problems like this?

Boot from CD, break out into a shell, mount the drive that /etc is on,
create an /etc/shadow that contains root, reboot, restore /etc/shadow from
backups.

Although, if they don't know how it was blown away, they have larger
problems than a missing shadow file.

--
**************************************************************************


*     ftp://ftp.nndev.org/pub        |     #include <std.disclaimer>     *

 
 
 

HELP URGENT:Lost /etc/shadow on SVR4 Unix any backdoor?

Post by Felix Gavin » Fri, 08 Jun 2001 00:24:35



> I'm trying to help system admins regain access to a box whose /etc/shadow
is
> blown away (don't know how?) . Nobody on the system.  Any help would be
> appreciated



boot from cd and copy the default shadow file from the cd in with a blank
root password and then boot up and restore original shadow password file.

1. boot cdrom -s
2. fsck -y /dev/rdsk/c0t?d0s0
3. mount /dev/dsk/c0t?d0s0 /a
4. TERM=vt100;export TERM; EDITOR=vi; export EDITOR
5. cp /etc/shadow /a/etc/shadow
6. vi /a/etc/shadow.
7. then reboot.....

 
 
 

HELP URGENT:Lost /etc/shadow on SVR4 Unix any backdoor?

Post by Rolf Bl » Fri, 08 Jun 2001 08:36:05


I suggest you move the drive physically to another (working) unix box,
 change the drive id so it won't conflict with those already in use,
 mount the root directory as a temporary directory and edit away.
(Frontdoor access is better than backdoors IMO.)

/Rolf



>I'm trying to help system admins regain access to a box whose /etc/shadow is
>blown away (don't know how?) . Nobody on the system.  Any help would be
>appreciated



 
 
 

1. URGENT!lost shadow file!

I have Solaris 2.5.1 x86.
I was in the process of adding a user password when the PC "locked-up"
crashed.
After reboot my root password would not work.
I believe it was in the process of writing to the /etc/shadow and the
shadow file
was lost.

Is there a way to get in to Solaris with out a password "Maint mode" or
init single user level
at boot time.


2. Asus P/I P65UP8 & Linux

3. CDE vs. /etc/passwd, /etc/shadow and /etc/group

4. Building XFree 4.0.1 from scratch...

5. Need Unix Backdoors/Security Info!! HELP!

6. Ensoniq Soundscape

7. HELP!!installed shadow--lost root!! HELP!!!!!

8. gcc-2.7.0 and linuxaout

9. changing passwd on NIS server updates /etc/shadow only and not shadow.byname map

10. help - please urgent help needed to get back the lost or corrupted partition table

11. Comment out a line in /etc/passwd & /etc/shadow

12. restricted http acces with /etc/passwd and /etc/shadow

13. rconsiling the /etc/shadow and /etc/passwd files