root のパスワードをつぶす / clear root's password

LS-WSGL/R1
root のパスワードをつぶす。

構想

SATA2 の HDD をいつも通り、LS-GL にマウントし、 /etc/shadow の root のパスワードフィールドを 消してしまえばいいのだが、、、、

/etc/shadow は /boot/conf_save.tgz 納められていて、 起動時に展開されている。
/etc/shadow を編集するのではなく、 conf_save.tgz 内の /etc/shadow を編集する必要がある。

conf_save.tgz 内の /etc/shadow の編集

マウント

ude:~# mkdir /tmp/boot
ude:~# mount /dev/sdb1 /tmp/boot
ude:~#

conf_save.tgz の展開

ude:~# ls /tmp/boot
SATA2  conf_save.tgz  hddrootfs.buffalo.updated.done  initrd.buffalo  log.tgz  lost+found  uImage.buffalo
ude:~# mkdir /tmp/conf
ude:~# cd /tmp/conf
ude:/tmp/conf# tar zxvf /tmp/boot/conf_save.tgz
etc/resolv.conf
etc/atalk/
etc/atalk/AppleVolumes.default
etc/atalk/AppleVolumes.system
etc/atalk/atalkd.conf
etc/atalk/netatalk.conf
etc/atalk/papd.conf
etc/atalk/afpd.conf
etc/cron/crontabs/root
etc/melco/
etc/melco/crontabs/
etc/melco/pdcuserinfo
etc/melco/timer_status
etc/melco/raidscan
etc/melco/email
etc/melco/lcdled
etc/melco/usbshareinfo
etc/melco/userinfo
etc/melco/autoadduserinfo
etc/melco/pdcgroupinfo
etc/melco/caution
etc/melco/DirectCopy
etc/melco/lcd_status
etc/melco/ups
etc/melco/groupinfo
etc/melco/ls_list
etc/melco/msdfs
etc/melco/seach_list
etc/melco/bootsrvconf
etc/melco/dlnaserver
etc/melco/ituneserver
etc/melco/shareinfo
etc/melco/shareinfo.hidden
etc/melco/shareinfo.vfs
etc/melco/offlinefile
etc/melco/info
etc/melco/backup_dstlist
etc/melco/diskinfo
etc/melco/backup1
etc/melco/backup2
etc/melco/backup3
etc/melco/backup4
etc/melco/backup5
etc/melco/backup6
etc/melco/backup7
etc/melco/backup8
etc/pam.d/
etc/pam.d/sudo/
etc/pam.d/sudo/sudo.pam
etc/pam.d/other
etc/pam.d/groupdel
etc/pam.d/samba
etc/pam.d/system-auth
etc/pam.d/shadow
etc/pam.d/chsh
etc/pam.d/su
etc/pam.d/useradd
etc/pam.d/ftp
etc/pam.d/groupmod
etc/pam.d/passwd
etc/pam.d/cron
etc/pam.d/netatalk
etc/pam.d/groupadd
etc/pam.d/chage
etc/pam.d/login
etc/pam.d/newusers
etc/pam.d/chpasswd
etc/pam.d/chfn
etc/pam.d/usermod
etc/proftpd/
etc/proftpd/proftpd.conf
etc/samba/
etc/samba/lock/
etc/samba/lock/gencache.tdb
etc/samba/lock/registry.tdb
etc/samba/lock/group_mapping.tdb
etc/samba/lock/account_policy.tdb
etc/samba/lock/perfmon/
etc/samba/lock/printing/
etc/samba/lock/printing/lp.tdb
etc/samba/lock/ntdrivers.tdb
etc/samba/lock/ntprinters.tdb
etc/samba/lock/ntforms.tdb
etc/samba/lock/share_info.tdb
etc/samba/secrets.tdb
etc/samba/smb.conf
etc/samba/smbpasswd.tdb
etc/ftpusers
etc/group
etc/gshadow
etc/hosts
etc/localtime
etc/passwd
etc/shadow
modules/webaxs/etc/
modules/webaxs/etc/usbshare.pl
modules/webaxs/etc/webaxs.conf
ude:/tmp/conf#

/etc/shadow の編集

ude:/tmp/conf# cd etc/
ude:/tmp/conf/etc# mv shadow shadow.orig
ude:/tmp/conf/etc# cp shadow.orig shadow
ude:/tmp/conf/etc# ls -l shadow*
-rw-r--r-- 1 root root 370 Sep  6 09:50 shadow
-rw-r--r-- 1 root root 370 Mar 24 18:44 shadow.orig
ude:/tmp/conf/etc# vi shadow
	:
	:
ude:/tmp/conf/etc# diff -c shadow.orig shadow
*** shadow.orig Mon Mar 24 18:44:31 2008
--- shadow      Sat Sep  6 09:51:03 2008
***************
*** 1,4 ****
! root:$1$$Yab.IC0XLDvJlIi3/A8E40:11009:0:99999:7:::
  bin:*:11009:0:99999:7:::
  daemon:*:11009:0:99999:7:::
  halt:*:11009:0:99999:7:::
--- 1,4 ----
! root::11009:0:99999:7:::
  bin:*:11009:0:99999:7:::
  daemon:*:11009:0:99999:7:::
  halt:*:11009:0:99999:7:::
ude:/tmp/conf/etc#

conf_save.tgz の作成

ude:/tmp/conf/etc# cd /tmp/boot
ude:/tmp/boot# mv conf_save.tgz conf_save.tgz.orig
ude:/tmp/boot# cd /tmp/conf/
ude:/tmp/conf# tar zcvf /tmp/boot/conf_save.tgz *
etc/
etc/resolv.conf
etc/atalk/
etc/atalk/AppleVolumes.default
etc/atalk/AppleVolumes.system
etc/atalk/atalkd.conf
etc/atalk/netatalk.conf
etc/atalk/papd.conf
etc/atalk/afpd.conf
etc/cron/
etc/cron/crontabs/
etc/cron/crontabs/root
etc/melco/
etc/melco/crontabs/
etc/melco/pdcuserinfo
etc/melco/timer_status
etc/melco/raidscan
etc/melco/email
etc/melco/lcdled
etc/melco/usbshareinfo
etc/melco/userinfo
etc/melco/autoadduserinfo
etc/melco/pdcgroupinfo
etc/melco/caution
etc/melco/DirectCopy
etc/melco/lcd_status
etc/melco/ups
etc/melco/groupinfo
etc/melco/ls_list
etc/melco/msdfs
etc/melco/seach_list
etc/melco/bootsrvconf
etc/melco/dlnaserver
etc/melco/ituneserver
etc/melco/shareinfo
etc/melco/shareinfo.hidden
etc/melco/shareinfo.vfs
etc/melco/offlinefile
etc/melco/info
etc/melco/backup_dstlist
etc/melco/diskinfo
etc/melco/backup1
etc/melco/backup2
etc/melco/backup3
etc/melco/backup4
etc/melco/backup5
etc/melco/backup6
etc/melco/backup7
etc/melco/backup8
etc/pam.d/
etc/pam.d/sudo/
etc/pam.d/sudo/sudo.pam
etc/pam.d/other
etc/pam.d/groupdel
etc/pam.d/samba
etc/pam.d/system-auth
etc/pam.d/shadow
etc/pam.d/chsh
etc/pam.d/su
etc/pam.d/useradd
etc/pam.d/ftp
etc/pam.d/groupmod
etc/pam.d/passwd
etc/pam.d/cron
etc/pam.d/netatalk
etc/pam.d/groupadd
etc/pam.d/chage
etc/pam.d/login
etc/pam.d/newusers
etc/pam.d/chpasswd
etc/pam.d/chfn
etc/pam.d/usermod
etc/proftpd/
etc/proftpd/proftpd.conf
etc/samba/
etc/samba/lock/
etc/samba/lock/gencache.tdb
etc/samba/lock/registry.tdb
etc/samba/lock/group_mapping.tdb
etc/samba/lock/account_policy.tdb
etc/samba/lock/perfmon/
etc/samba/lock/printing/
etc/samba/lock/printing/lp.tdb
etc/samba/lock/ntdrivers.tdb
etc/samba/lock/ntprinters.tdb
etc/samba/lock/ntforms.tdb
etc/samba/lock/share_info.tdb
etc/samba/secrets.tdb
etc/samba/smb.conf
etc/samba/smbpasswd.tdb
etc/ftpusers
etc/group
etc/gshadow
etc/hosts
etc/passwd
etc/localtime
etc/shadow.orig
etc/shadow
modules/
modules/webaxs/
modules/webaxs/etc/
modules/webaxs/etc/usbshare.pl
modules/webaxs/etc/webaxs.conf
ude:/tmp/conf#
アンマウント 
ude:/tmp/conf# cd /
ude:/# umount /tmp/boot
ude:/# sync
ude:/# sync
ude:/#

root でログイン

HDD を LS-WSGL に戻して起動

root でログイン!!

BUFFALO INC. LinkStation series
LS-WSGL678 login: root
Password:
Login incorrect
LS-WSGL678 login:
あれ?

不可解

LS-WSGL678 login: admin
Password:
sh: /etc/profile: Permission denied
sh-2.05b$ grep root /etc/shadow
root:$1$$Yab.IC0XLDvJlIi3/A8E40:11009:0:99999:7:::
sh-2.05b$
パスワードが残っている。

boot のログを見てみると、、、 

	:
	:
Restore previous configuration files
	:
	:
/bin/tar: etc/ftpusers: time stamp 2008-03-24 18:44:31 is 12507065.46065 s in the future
/bin/tar: etc/group: time stamp 2008-03-24 18:44:31 is 12507065.460122 s in the future
/bin/tar: etc/gshadow: time stamp 2008-03-24 18:44:31 is 12507065.458076 s in the future
/bin/tar: etc/passwd: time stamp 2008-03-24 18:44:31 is 12507065.456989 s in the future
/bin/tar: etc/shadow: time stamp 2008-03-24 18:44:31 is 12507065.456437 s in the future
/bin/tar: modules/webaxs/etc/usbshare.pl: time stamp 2008-07-18 10:09:23 is 22498557.455797 s in the future
	:
	:
/etc/shadow のタイムスタンプが変っていないし、 バックアップの /etc/shadow.orig もない。

/boot を見てみると、、、 

sh-2.05b$ ls /boot
SATA2                           initrd.buffalo
conf_save.tgz                   lost+found
hddrootfs.buffalo.updated.done  uImage.buffalo
sh-2.05b$
バックアップの conf_save.tgz.orig もない。

なんで?
今度は、SATA1 がマスタになった?

一筋縄ではいかんのが、また楽し。

LinkStation Mini
LS-WSGL
楽天市場
Amazon
Yahoo!ショッピング
Livedoor デパート
Sofmap
TSUKUMO ネットショップ
ムラウチドットコム
ヤマダ電機WEB
パソQ

どっちが sda ? 		ハックの記録
LinkStation/玄箱 をハックしよう
root のパスワードをつぶす(2) / clear root's password (retry)
Copyright (C) 2003-2008 Yasunari Yamashita. All Rights Reserved.
yasunari @ yamasita.jp 山下康成@京都府向日市