5

I am having a ubuntu server and forgot the root password. I could not find the pass in any documentation (My fault). Now I have another user which is in the sudo list but the password of that user is saved in kitty which I also dont remember, I can login with that but when I login and execute some admin commands with sudo its needs the password for that user which I can not see it. The question is how I can see that kitty password which is saved in hidden characters??

Toqeer
  • 1,241
  • 3
  • 14
  • 20

3 Answers3

20

To recover your password, saved in KiTTY follow this simple steps:

  1. Load the session with the stored password into KiTTY
  2. Go to the Session -> Logging -> Session logging
  3. Enable logging for SSH packets and raw data
  4. Uncheck the Omit known passwords fields box
  5. Start the session, wait until it logs you in
  6. Close the KiTTY window
  7. Go to your KiTTY folder and open the log file
  8. Find the "Send automatic password" block to get your plain-text password.

It will look like this, where "YourPassword" in the password stored in KiTTY:

Event Log: Send automatic password
Outgoing packet #0x7, type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
  00000000  00 00 00 04 72 6f 6f 74 00 00 00 0e 73 73 68 2d  ....root....ssh-
  00000010  63 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 08 70 61  connection....pa
  00000020  73 73 77 6f 72 64 00 00 00 00 0c 59 6F 75 72 50  ssword.....YourP
  00000030  61 73 73 77 6F 72 64                             assword
Tomblarom
  • 115
  • 1
  • 8
Anubioz
  • 3,677
  • 18
  • 23
  • 2
    Gold! Worked like a charm. :) – harvest316 Jan 29 '16 at 05:34
  • This is truly gold! Even today! Thanks man. :) – Tomblarom Jun 03 '21 at 13:00
  • 1
    @Tomblarom you're welcome, btw you should really start using ssh keys, since they are much more convenient and provide password-less authentication in most apps, which can connect to port 22. 1. Generate your key with putty/kittygen. 2. Enable pageant auth & forward in SSH settings of your connection. 3. [put your putty/kitty agent to startup folder](https://talesfromthedatacenter.com/2019/12/how-to-automatically-load-pagent-keys-when-windows-10-boots/) so it will autoload on boot. 4. Finally run `ssh-add -L >> ~/.ssh/authorized_keys` on the target server - password-less from now on ... – Anubioz Jun 04 '21 at 21:13
1

While reading the plaintext password from logs is great for emergency, it is not easy to automate or for big number of passwords, so I made program to decrypt/unobfuscate KiTTY saved passwords:

https://github.com/PetrP/kitty-decryptpassword

Usage: PASSWORD=<password> kitty-decryptpassword.exe <mode> <host> [<termtype>]

E.g. PASSWORD=b10bpHb0bKT5LArR9P kitty-decryptpassword.exe 0 localhost xterm and result would be hunter2.

PetrP
  • 11
  • 1
0

It's encrypted, so you can't.

However, you can reset the root password by booting into single-user mode. In GRUB add the word single to the end of the boot command and it'll allow you to set the root password.

If it's a remote server, that's definitely more difficult as single-user mode = no network access. You'd need to get a console somehow.

EDIT: Since it's an amazon instance you could attach the EBS volume to a different instance and modify the passwd file manually.

Nathan C
  • 15,059
  • 4
  • 43
  • 62
  • its a remote server on Amazon EC2 so I could not get any console. – Toqeer Jun 19 '13 at 13:17
  • You could always mount it to a new instance and place your ssh key into `/root/.ssh/authorized_keys` so you don't even need a password. – Nathan C Jun 19 '13 at 13:49