password recovery f...
 
Notifications
Clear all

password recovery for ubuntu login

5 Posts
5 Users
0 Likes
988 Views
(@khalloud)
Posts: 6
Active Member
Topic starter
 

hi guys

I wonder how can know the password of Ubuntu login to can examine the real evidence ??

is there tool like alcomsoft for windows password ??

 
Posted : 13/03/2019 9:20 am
LeGioN
(@legion)
Posts: 51
Trusted Member
 

Someone might be able to correct me here

But would it not be possible to mount the system in a live linux enviroment, and there copy out the /etc/shadow and /etc/passwd.
Combining them into one file for John the ripper to read using unshadow. unshadow passwd.txt shadow.txt > passwords.txt
And from there use John to crack it? )

/LeGioN

 
Posted : 13/03/2019 9:38 am
marky.mark
(@marky-mark)
Posts: 22
Eminent Member
 

Hi khalloud,

We would need more information to help you. Are you doing live forensic directly on the PC (on another account)? Did you do an acquisition of the hard drive (e01 etc)? Is the hard drive encrypted, or you have some kind of access? Which version of Ubuntu is running on the PC? Are you sure the information you are trying to retrieve directly on the user partition/folder? Is the user partition/folder encrypted?

Or is it more like a theoretical question?

You need to give us a more global view of the situation if you want useful answers!

Have a nice day.

M.

 
Posted : 14/03/2019 5:02 pm
watcher
(@watcher)
Posts: 125
Estimable Member
 

If you have access to the drive contents already, why do you want the password?

 
Posted : 15/03/2019 1:54 am
Hwallbanger
(@hwallbanger)
Posts: 32
Eminent Member
 

Dear khalloud,

I understand that you are a Newbie, but have you had some training and if you have, then you should know that you can use Forensic tools to accomplish your investigation after having gained access via Read Only connection.

Marky.Mark and Watcher make some very appropriate comments,

We would need more information to help you. "

and

" … why do you want the password ? "

You also have not provide the Distro's version that you are looking at. This can make a difference.

Why do you need to login for your investigation ? This has not been really explained. I say this because a method that you could use is to take the drive image and (in general) then place it into a Virtual Machine and accomplish an investigation as if you were sitting in-front of the PC/Server and possibly also accomplish Memory Forensic, too. Are you doing Digital Forensics - or - Network Forensic's/ Incident Response ? It all depends upon what are you trying to accomplish.

I hope that this has help to clarify why there is a need for more information. )

HWallbanger
Systems Integrator since late 1980's

 
Posted : 18/03/2019 11:12 pm
Share: