0

My company has a Debian server that holds and runs some important stuff that cannot be shut down... The previous Joe before me, didn't seem to have a password logged or even passed on the information about it, so we're at a loss. Is there a way to recover/change/get into the computer files without resetting the server?

jon compton
  • 3
  • 3
  • @Freddy If it was a local account then sure that would be great, but this is a server which runs relatively vital applications for my company, and it would be a major bother for it to be even temporarily shut down. (yes, it is a very dumb way of doing things, I'll be fixing that bit later, I just started here) – jon compton Jun 24 '20 at 17:09

1 Answers1

0

No, of course not! That would made Debian Linux very untrustworthy :)

You could try to crack/hack the server. If you're lucky and a non-complicated password for root (or a sudoer user, if it's a system without root user) was used, and no advanced security mechanisms applied, you could use John the Ripper to crack passwords.
Another option would be to locate vulnerabilities, especially if it's an older version and was left unpatched. The latter seems highly possible, since nobody even cared to log in - what are the odds to be set to auto update; surely it wasn't updated manually without someone logging in. You could use metasploit for this task. Exploit one or more vulnerabilities and gain access.
You could start with a simple port scan using nmap. Sometimes daemons, services run without anybody noticing which could give you some access, somewhere.

A clarification, you need access to files only, you don't care about logging in to the server? Don't you have anything, not even a user/passwd for ssh, or samba? NFS shares to at least access some part of the filesystem?

Krackout
  • 2,642
  • 12
  • 26
  • Much appreciated! I think using John the Ripper will help immensely. For your clarification, I literally have almost nothing, sadly I was given a blank Win10 computer and a admin user/pw and have been told to do a pretty good amount of things with that. New to the field, joined as a programmer (which I am good at thankfully), but they needed a wondertech to do pretty much everything from administration to cybersecurity. Wish me luck!

    Yeah and none of the passwords given worked for either directory access or user access... fun times

     – jon compton Jun 24 '20 at 16:19