UnixArena

How to Break/Recover Solaris root Password ?

By 3 Comments

Every organization may have their own way to secure the root passwords for their servers. According to their security polices ,Unix administrators need to change the servers root’s password on routine basis.But sometimes due to human error, there may be chance to loose root password.Unless some of the normal user had sudo root access, you need to recover the root password by booting the system in to failsafe mode. Here we will see how to recover the Solaris SPARC and Solaris X86 server root password recovery with step by step.


Note:This procedure is applicable to Solaris 10 SPARC/X86.

Recovering root password on Solaris SPARC server:

1.Bring the server to OK prompt. 
If the server is up and running then login to server console,you can initiate the reset or send break signal to bring the server to OK prompt.

2.Boot the OS in failsafe mode from OK prompt.
#ok boot -F failsafe
3.Once the server is booted up in failsafe mode,then mount the root disk in /mnt .
If you don’t know the root disk,then execute format command and check one by one.
#mount /dev/dsk/c1t1d0s0 /mnt


4.Take a backup of /mnt/etc/passwd & /mnt/etc/shadow file before removing the root password from it.

# cp -p /mnt/etc/passwd /mnt/etc/passwd.13092013
# cp -p /mnt/etc/shadow /mnt/etc/shadow.13092013

5.Now remove the encrypted password entry for root from /mnt/etc/shadow file using vi editor.You may need to set term to edit the file.(For bash shell — >#export TERM=vt100)

Before Modifications:
#grep root /a/etc/shadow
root:XD9erIqDGXYM.:12192::::::

After Modifications:
#grep root /a/etc/shadow
root::12192::::::

6. Update the boot archive to ensure boot archive is up to date.
# bootadm update-archive -R /mnt
Creating boot_archive for /mnt
updating /a/platform/sun4u/boot_archive
7.  Reboot your system using init command.
# init 6

Recovering root password on Solaris X86 server:

Solaris X86 servers doesn’t have OK prompt like SPARC machines.As an alternative ,it has grub boot loader to boot the server in to failsafe mode.

1.Reboot the server in failsafe mode.



2.By default , Solaris x86 will ask for mounting the root filesystem.



3.You can see that system is booted in RAM disk.


4.If not asking ,you can mount it using cxtxdxsx name if its UFS root filesystem.

5.If its ZFS ,then you need to stretch little bit to mount the root filesystem.
    i . Import the rpool forcefully 
    zpool import -f rpool

    ii. Modify the mountpoint (Dataset name can be found using zfs list for root)
    zfs set mountpoint=/a  rpool/ROOT/s10x_u9wos_14a 
      
    iii.Mount the root dataset 
        zfs mount rpool/ROOT/s10x_u9wos_14a

6.Take a backup of /a/etc/passwd & /a/etc/shadow file before removing the root password from it.

# cp -p /a/etc/passwd /a/etc/passwd.13092013
# cp -p /a/etc/shadow /a/etc/shadow.13092013


7.Go to /a/etc/ directory and edit shadow file like below.

Before Modifications:
#grep root /a/etc/shadow
root:XD9erIqDGXYM.:12192::::::

After Modifications:
#grep root /a/etc/shadow
root::12192::::::

8.Reboot the system 
#init 6 

You may face some issue to edit the shadow file.Set the term as vt100 and use vi commands to navigate and delete the password. Typical arrows will not work to navigate it.

Hope now you are familiar to recover Solaris root password without any trouble. 
Thank you for reading this article. Please leave a comment if you have any doubt. 

Reader Interactions

Comments

  1. Ammar Eldin says

    after editing the /etc/shadow file and rebooting the server
    i got this error when booting up
    ok boot
    Boot device: disk:a File and args:
    Warning: Fcode sequence resulted in a net stack depth change of 1

    The file just loaded does not appear to be executable.
    ok

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *