[chinacrisis]

I have a laptop running "Red Hat nash version 6.0.52"

When I boot it up, I am asked to "Enter LUKS passphrase for /dev/sda2"

I do not know this. The laptop belongs to my company (new job etc), and the previous user of the laptop has left, and is refusing to divulge this passphrase.

I come from an XP background - and know very little of Linux

I have an "Ophcrack" boot CD, that has successfully worked for me on XP machines to recover passwords

It (the same CD) also works with Linux - but my problem is that in my current setup (described above) I cannot get the CD to boot before the HDD

In XP I'd just press F2 and go into setup and change the boot order

How can I do similar in Linux, and make the laptop boot from the CD?

Many thanks

[waterhead]

I believe that OPHcrack is only for retrieving lost Windows passwords. If you know the root password, you can login as root and access the previous users files. You can then also create a new user for you to login to.

I would not do any of this without a supervisor present, and with his consent.

[chinacrisis]

Hi Paul,

Many thanks for your reply. I agree 100% with your "supervisor" comment - but my situation is a bit different. I am the "supervisor"!

I have started a new job - responsible for all hardware and software in my company. I'm the only IT person here

My predecessor has left things in a bit of a mess - not least by walking off with most key passwords in his head. I have already had to use it to retrieve the Admin passwords from several XP machines here (successfully).

I am slowly getting things organised now - but there is certain information on this Linux laptop that I really need to access. If I try something and it fails - then it will not make things worse - as I cannot get into the laptop now anyway...

The reason I posted in this forum was that I thought Ophcrack actually DID work with Linux systems - certainly it's website seems to say that - just look at Ophcrack - it says Ophcrack "Runs on Windows, Linux/Unix, Mac OS X" - that's why I was hopeful it would work on this Redhat laptop

On this page Ophcrack I can download (with an XP laptop) a "ophcrack-3.0.1.tar.bz2" file - but my problem then is what to do with this?

I can burn it to a CD, sure

But if I then insert this CD into the drive of my (Redhat) laptop - will this then automatically boot first when I start the laptop?

Or (as in XP) - do I need to somehow make the laptop look at the CD first when it's booting? (by changing a setting etc)

That is my basic problem - any more help and advice gratefully received!


Many Thanks,
Ron

[waterhead]

Ophcrack will run on Linux, but it will only recover Windows passwords from a Windows installation. There is a Live CD version that you would boot into, but again it won't find the Linux passwords.

It sounds as if you will need to reset the root password, and then change the user's password. Read through this How-To:
http://www.linuxforums.org/forum/lin...-password.html

If you get a screen showing the Linux distro and kernel version, hit the up/down arrows to get a menu screen to come up. Then follow the steps to boot into single user mode.

I think that you may need to use the "Not Easy Method". This requires booting with a Linux Live CD or installation CD. Use a major Linux version like Fedora, Ubuntu, Knoppix or SUSE, Ophcrack Live CD is not the best to use in this situation.

[chinacrisis]

Thanks for clarifying about Ophcrack

I do have an Ubuntu installation CD (Hardy Heron). I'll give that a go - and also read the "How to" you mention

[waterhead]

A typical Ubuntu installation doesn't have root, I don't know about the Live/Installation CD, you'll most likely need to use the sudo prefix in your commands.

[bigtomrodney]

I'd just like to add to this that LUKS is the passphrase utility for encrypted disks. I don't think you'll be getting very far with this to be honest. The whole idea is to prevent data from being recovered so you would have better luck getting the passphrase from the employee than trying to crack it. I'm almost 100% certain Ophcrack will be of no use to you in this situation.

[waterhead]

This could be a BIG problem.

I have found info about using the genuserkey for access, not sure if it applies to this case.

KeyRecoveryGenuserkey

If the boot partition is encrypted, it will make it even harder. I bet that there is a way to retrieve data, but a professional computer forensics service may be needed to do this.

Try the Live disk, and see if anything can be accessed, otherwise Good Luck!