Submitted by twovests in programming

Part 0: Exposition

So there I was trying to open my computer up to SSH for the first time, and there's all this public key nonsense. The problem is, I'm gonna be SSHing from all these different machines! Some that I don't trust that much. I don't wanna haul around a public/private key pair and keep changing it! I'd rather just change my password daily or something. Easy peasy.

So I decide to at least upgrade my abysmal home machine password to something beefy. Something really really long.

Part 1: Locking myself out

But when I changed my password, something fucky happened! Another screen came up asking me to confirm, but I closed out of it or something. Then the new password I entered didn't work!

Did I mistype it? Did I encounter a bug? Either way, I could not log in to my account. I had to solve this before I logged out of my Ubuntu partition to play games on my Windows partition!

Part 2: Just like the ending of Sonic Adventure 2 Battle, shadow saves the day.

I find out that passwords are stored in a file called /etc/shadow. Just like in the hidden ending of Sonic Adventure 2 Battle, shadow saved the day. Passwords are stored, by default, in MD5! This is trivial to break. Luckily, I already had a terminal with sudo access, the one I was using for ssh stuff. I just had to run the command /etc/shadow, and break my MD5 hashed password!

     cat /etc/shadow

Per the site I was reading, I saw $6 after my username. This meant sha512 hash. All hope was lost. If my new password was mangled due to a bug, I could never hope to break that hash.

Part 3: Just kidding it was really easy to solve

    from crypt import crypt
    print(crypt('hunter2'))

Using trivial Python code, I generated a new hash and edited shadow. Now I am terrified to ever change my password again using a GUI application.

TLDR: I accidentally changed my password, didn't know to what. Fixed it by editing the file the password was stored in. I spent more time writing this than fixing it.

9

Comments

You must log in or register to comment.

mm_ wrote

oo, this is a good linux thriller, i wouldnt have known what to do

4

flabberghaster wrote

I have done this before (realized i forgot my password) and realized it after I'd shut down. Since mu disk is not encrypted i just opened it up in a live CD and did the normal passwd thing. Your way is super slick!

2

twovests OP wrote

my worst linux experiences involve rapidly searching stackexchange on my phone while my ram slowly nears 100% consumption

2