password recovery f...
 
Notifications
Clear all

password recovery for ubuntu login  

  RSS
khalloud
(@khalloud)
New Member

hi guys

I wonder how can know the password of Ubuntu login to can examine the real evidence ??

is there tool like alcomsoft for windows password ??

Quote
Posted : 13/03/2019 9:20 am
(@legion)
Member

Someone might be able to correct me here

But would it not be possible to mount the system in a live linux enviroment, and there copy out the /etc/shadow and /etc/passwd.
Combining them into one file for John the ripper to read using unshadow. unshadow passwd.txt shadow.txt > passwords.txt
And from there use John to crack it? )

/LeGioN

ReplyQuote
Posted : 13/03/2019 9:38 am
(@marky-mark)
New Member

Hi khalloud,

We would need more information to help you. Are you doing live forensic directly on the PC (on another account)? Did you do an acquisition of the hard drive (e01 etc)? Is the hard drive encrypted, or you have some kind of access? Which version of Ubuntu is running on the PC? Are you sure the information you are trying to retrieve directly on the user partition/folder? Is the user partition/folder encrypted?

Or is it more like a theoretical question?

You need to give us a more global view of the situation if you want useful answers!

Have a nice day.

M.

ReplyQuote
Posted : 14/03/2019 5:02 pm
(@watcher)
Active Member

If you have access to the drive contents already, why do you want the password?

ReplyQuote
Posted : 15/03/2019 1:54 am
(@hwallbanger)
Junior Member

Dear khalloud,

I understand that you are a Newbie, but have you had some training and if you have, then you should know that you can use Forensic tools to accomplish your investigation after having gained access via Read Only connection.

Marky.Mark and Watcher make some very appropriate comments,

We would need more information to help you. "

and

" … why do you want the password ? "

You also have not provide the Distro's version that you are looking at. This can make a difference.

Why do you need to login for your investigation ? This has not been really explained. I say this because a method that you could use is to take the drive image and (in general) then place it into a Virtual Machine and accomplish an investigation as if you were sitting in-front of the PC/Server and possibly also accomplish Memory Forensic, too. Are you doing Digital Forensics - or - Network Forensic's/ Incident Response ? It all depends upon what are you trying to accomplish.

I hope that this has help to clarify why there is a need for more information. )

HWallbanger
Systems Integrator since late 1980's

ReplyQuote
Posted : 18/03/2019 11:12 pm
Share: