Poking a hole in that pesky firewall.

Poking a hole in that pesky firewall.

There are more than a few ways to access a firewall.  I will be giving a brief tutorial for one of the more common methods. Called “poking a hole”, or professionally called an SSH back door.  Please, please be careful with this, any script kiddy with 30 lines of code can exploit an SSH server.

This is a great post by IBM detailing it pretty well. If you have any question feel free to leave a comment and I will assist you.

  1. SSH from ginger to blackbox.example.com with the -R flag. I’ll assume that you’re the root user on ginger and that tech will need the root user ID to help you with the system. With the -R flag, you’ll forward instructions of port 2222 on blackbox to port 22 on ginger. This is how you set up an SSH tunnel. Note that only SSH traffic can come into ginger: You’re not putting ginger out on the Internet naked.You can do this with the following syntax: ~# ssh -R 2222:localhost:22 thedude@blackbox.example.com

    Once you are into blackbox, you just need to stay logged in. I usually enter a command like:

    thedude@blackbox:~$ while [ 1 ]; do date; sleep 300; done

    to keep the machine busy. And minimize the window.

  2. Now instruct your friends at tech to SSH as thedude into blackbox without using any special SSH flags. You’ll have to give them your password: root@tech:~# ssh thedude@blackbox.example.com .
  3. Once tech is on the blackbox, they can SSH to ginger using the following command: thedude@blackbox:~$: ssh -p 2222 root@localhost
  4. Tech will then be prompted for a password. They should enter the root password of ginger.

Thanks IBM.

How To: Reset Admin/Root Password

How To: Reset Admin/Root Password

Anyone who has been in the IT business for any length of time knows literally hundreds of passwords. As we get older though it becomes harder and harder to remember each password and continue with safe security practices. Many companies have gone to centralized password systems. But such software is not always compatible with every OS there is. In such cases as the four year old FreeBSD server sitting in the corner that serves one application. So, here is a large list on ways to reset the root password or administrative user on many operating systems. Keep in mind that these instructions all assume you have physical access to the server in question.

FreeBSD (all versions)

  1. Turn Server off. Hitting the Power Button should start a shutdown cycle.
  2. Hit ESC when the OS starts booting
  3. Choose option 4 to boot into Single User Mode
  4. When asked for a shell, hit enter to default to /bin/sh
  5. Once the machine is booted and you see the hash, type
    1. mount -u /
    2. mount -a
  6. Type passwd to reset the password
  7. Enter new password and confirm it. “pam_chauthok(): error in service module” means that the filesystem is not mounted. Follow step 5 again.
  8. Type reboot or hit the power button again to reboot the machine normally.

Linux (Lilo Loader)

  1. Reboot machine
  2. Hit Esc to get to boot prompt if it doesn’t to it automatically
  3. type: linux single
  4. type: passwd
  5. Enter in and confirm new password
  6. type: sync
  7. type: reboot

Linux (GRUB loader)

  1. Reboot machine
  2. Hit Esc to get to boot prompt if it doesn’t to it automatically
  3. Select the Kernal. Hopefully there is only one or two and the names are descriptive. But any one SHOULD work.
  4. type: e
  5. Select the line that starts with “Kernal”
  6. type: e (again)
  7. Add the letter s (in lower case) to the very end of the line
  8. Hit Enter
  9. type the letter b to start booting
  10. Mount the drives type:
    1. mount -t proc proc /proc
    2. mount -o remount,rw /
  11. type: passwd
  12. Enter in new password and confirm it
  13. type: sync
  14. type: reboot

OS X (All Versions) OS X has two ways to reset the Administrator Password.

Option 1:

  1. Find the computer’s original boot disc. These are system specific. If it’s not available, any OS X retail boot disk will work. The wrong disc will give an error message.
  2. Boot off the disc. Accomplish by holding down the c key during power up.
  3. At the Menu go to: Utilities
  4. Choose “Reset Password”
  5. Enter in new password and confirm
  6. Click on Installer
  7. Choose Quit

Option 2:

  1. Hold Down Apple+S while booting computer
  2. Type: sh /etc/rc
  3. Type: passwd root (if that doesn’t work try admin or administrator instead of root)
  4. Enter in new password and confirm
  5. Type: reboot

Solaris (On Sun Hardware)

You must have the Solaris CDRom to do this. If you do not have physical media, get it here. Note that this download is for Ver10, so may not work on older versions.

  1. Reboot Machine
  2. Hit Stop +A to get to the OK prompt
  3. Type: boot cdrom -s
  4. Once booted off the CDRom, type: mount /dev/disk/c0t0d0s0 /a (those are Zeros)
  5. Type: vi /a/etc/shadow
  6. Use the h,j,k,l keys to move around in vi (or go here for more commands)
  7. On the second line, which says root:<bunch of random letters/numbers> type: dd
  8. Type: :wq! to save and quit out of vi
  9. Type: umount /a
  10. Type: boot ok -s (to boot into single user mode)
  11. Type: passwd
  12. Enter in new password and confirm it
  13. Type: reboot

Note that many Solaris systems may have mirrored volumes, a volume manager or other method of copying the full filesystem. If this is the case these instructions will need to be followed for both volumes, otherwise corruption can easily occur.

Solaris (i386/Intel Hardware)

Again you should have the CDRomto boot off of.

  1. Reboot Computer
  2. Enter Bios and Change Boot Order to CDRom first if needed
  3. Boot Computer
  4. On Boot Menu choose Single User mode, which is Option 6 on Solaris 10
  5. Choose Yes when asked to mount the root filesystem
    1. If you choose “No” it can still be mounted with the same command, /dev/disk/c0t0d0s0 /a (those are Zeros)
  6. Type: vi /a/etc/shadow
  7. Use the h,j,k,l keys to move around in vi (or go here for more commands)
  8. On the second line, which says root:<bunch of random letters/numbers> type: dd (to delete whole line)
  9. Type: :wq! to save and quit out of vi
  10. Typ: cd /
  11. Type: umount /a
  12. Type: init s
  13. At password prompt hit enter key
  14. Type: passwd root
  15. Enter in new password and confirm it
  16. Type: reboot

General Windows

Amazingly Windows Server does not have an easy way to recover the password. Microsoft would call this security, but do provide a package of recovery software that does the job. But it costs $199. Tech Trax has an article on reseting the password on XP system via the XP install disc. Or you can download an emergency boot cd from here, here, or buy a password cracker from here. Be extremely careful with downloading Windows password crackers from the Internet. Yes they may work, but it’s more likely they are actually a Virus or a Trojan and could cause more problems then you have already.

*edit* Hiren’s BootCD has several utilities that will allow the reseting of Windows passwords.

Windows 7
This does not reset the password, but allows you to make a new Administrative user who can then change the password in the control panel for the other user.

  1. Boot off your Windows 7 DVD
  2. Choose “Repair your computer”
  3. Go to the recovery environment
  4. Open command prompt
  5. Type “cd windowssystem32”
  6. Type “Rename Utilman.exe Utilman.exe.bak”
  7. Type Copy cmd.exe Utilman.exe
  8. Reboot Computer
  9. At Login Screen, hold down the Windows and “U” keys
  10. Type net user /add NewAccount mypassword (use your own name for NewAccount)
  11. Type net localgroup administrators NewAccount /add (replace NewAccount with the name used above
  12. Login with new user
  13. Go to Start -> Control Panel -> User Accounts and Family Safety
  14. Click on User Accounts
  15. At the bottom of “Make changes to your user account area” click “Manage another account”
  16. Choose old user
  17. Click “Change Password”
  18. Enter the new password
  19. Logout of the current account
  20. Login to the old account with the new password

Windows 8
User the Microsoft Diagnostic and Recovery Tools (download here) to reset the password.

How To: Enable Disk Mode for iPod

How To: Enable Disk Mode for iPod

This is a cool little hack. Enabling Disk Mode for iPods allows it to become just that, a nice USB Disk drive, or a way to get those MP3’s back after a hard drive crash.

In Terminal type: defaults write com.apple.finder AppleShowAllFiles TRUE

Then type: killall Finder (make sure to capitalize Finder)

When the iPod if plugged in it’ll automatically mount on the Desktop like any other USB drive and your files will be accessible.