MobileRead Forums - View Single Post

geekmaster · 01-09-2012, 03:12 AM

After some questions appeared in the irc channel about this, I did a test on my touch.

While logged in as user framework:

ssh framework@192.168.15.244

I was able to see the contents of /etc/shadow:

cat /etc/shadow

Only the root and framework accounts had a string of "random" password characters in them.

The easy way to copy this file out so it can be cracked with john is through the clipboard. Copy what you see on the screen after the "cat" command. Then paste it in a file on the host PC, save it, and crack it with "John the Ripper".

The whole reason for this thread was the the original poster changed the root password and forgot what it was.

So, here are two solutions:

On k4nt only, boot from diags and start ssh, login as root, and fix or copy and crack /etc/shadow.

On any kindle, login as user framework with password mario, cat and copy /etc/shadow to the clipboard, then on the host PC paste the clipboard to a file, save it, and crack it. Then you will know your forgotten root password. Or it would be simple to edit shadow and copy the hashed password from diags root to main root. Whatever you want, you know? You have the power!

Quote:

Originally Posted by geekmaster

...
For general poking around, or for making backups, all kindles let you login to a user account (no write access): username framework, password mario. It works on all my kindles.

After some questions appeared in the IRC channel about this:

Code:

01:15 < dionoea> and permissions were more what I was worried about. 
                 /etc/shadow is usually only readable by the shadow group 
                 and writable by the root user
01:17 < geekmstr> dionoea : framework has read-only access. That would 
                  let you copy shadow and use john to crack it.
01:17 < geekmstr> on any kindle.
01:18 < dionoea> and the framework user has sufficient rights to read 
                 /etc/shadow?

... I did a test on my kindle touch. While logged in as user framework:

ssh framework@192.168.15.244

I was able to see the contents of /etc/shadow:

cat /etc/shadow

Only the root and framework accounts had a string of "random" password characters in them.

The easy way to copy this file out so it can be cracked with john is through the clipboard. Copy what you see on the screen after the "cat" command. Then paste it in a file on the host PC, save it, and crack it with "John the Ripper".

The whole reason for this thread was the the original poster changed the root password and forgot what it was.

So, two solutions:

On k4nt only, boot from diags and start ssh, login as root, and fix or copy and crack /etc/shadow.

On any kindle, login as user framework with password mario, cat and copy /etc/shadow to the clipboard, then on the host PC paste the clipboard to a file, save it, and crack it. Then you will know your forgotten root password. Or it would be simple to edit shadow and copy the hashed password from diags root to main root. Whatever you want, you know? You have the power!

P.S. I posted similar content in another thread, because it "needed it", you know?