Linux文件恢复与密码破解

一、忘记管理员密码怎么破解呢?
红帽6的系统:
第一步:看到引导菜单按e键进行编辑
Linux文件恢复与密码破解
第二步:编辑内核
Linux文件恢复与密码破解
第三步:进入单用户级别模式
Linux文件恢复与密码破解
回车退出,然后按b键启动系统

第四步:修改密码
Linux文件恢复与密码破解

红帽7的系统破解密码:
第一步:编辑引导界面的grub
Linux文件恢复与密码破解
第二步:编辑
找到linux16这一行,在行尾加上rd.break,然后按ctrl+x启动系统
Linux文件恢复与密码破解
第三步:修改密码
1)mount -o remount,rw /sysroot //重新挂载根目录
2)chroot /sysroot //切换到根目录
3)修改root密码
4)touch /.autorelabel //创建一个selinux所需要的文件夹
5)输入两次exit退出
Linux文件恢复与密码破解

给grub菜单加密
第一步:生成密码
Linux文件恢复与密码破解
第二步:编辑grub文件
Linux文件恢复与密码破解
在文件的最后一行添加一下信息:
Linux文件恢复与密码破解

第三步:重读grub文件,并重启验证
Linux文件恢复与密码破解
Linux文件恢复与密码破解
输入用户名和密码:
Linux文件恢复与密码破解
进入成功:
Linux文件恢复与密码破解

磁盘损坏的修复
我们使用dd命令模拟磁盘被损坏来进行修复操作
1)创建分区,格式化文件系统,挂载并拷贝一些文件到目录中
分区

[root@www ~]# lsblk 
NAME            MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sda               8:0    0   20G  0 disk 
├─sda1            8:1    0  500M  0 part /boot
└─sda2            8:2    0 19.5G  0 part 
  ├─centos-root 253:0    0 17.5G  0 lvm  /
  └─centos-swap 253:1    0    2G  0 lvm  [SWAP]
sdb               8:16   0   10G  0 disk 
└─sdb1            8:17   0    5G  0 part 
sr0              11:0    1    4G  0 rom  
[root@www ~]# 
[root@www ~]# 
[root@www ~]# 
[root@www ~]# fdisk /dev/sdb
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.


Command (m for help): n
Partition type:
   p   primary (1 primary, 0 extended, 3 free)
   e   extended
Select (default p): 
Using default response p
Partition number (2-4, default 2): 
First sector (10487808-20971519, default 10487808): 
Using default value 10487808
Last sector, +sectors or +size{K,M,G} (10487808-20971519, default 20971519): 
Using default value 20971519
Partition 2 of type Linux and of size 5 GiB is set

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.
[root@www ~]# 

格式化并挂载

[root@www ~]# mkfs.ext4  /dev/sdb2
mke2fs 1.42.9 (28-Dec-2013)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
327680 inodes, 1310464 blocks
65523 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=1342177280
40 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376, 294912, 819200, 884736

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done 

[root@www ~]# mkdir /sdb2
[root@www ~]# mount /dev/sdb2 /sdb2
[root@www ~]# 
[root@www ~]# df -h 
Filesystem               Size  Used Avail Use% Mounted on
/dev/mapper/centos-root   18G  1.7G   16G  10% /
devtmpfs                 475M     0  475M   0% /dev
tmpfs                    487M     0  487M   0% /dev/shm
tmpfs                    487M  7.6M  479M   2% /run
tmpfs                    487M     0  487M   0% /sys/fs/cgroup
/dev/sda1                497M  141M  357M  29% /boot
tmpfs                     98M     0   98M   0% /run/user/0
/dev/sdb2                4.8G   20M  4.6G   1% /sdb2
[root@www ~]# 
[root@www ~]# cd /sdb2
[root@www sdb2]# ls
lost+found
[root@www sdb2]# cp /etc/ -r . 
[root@www sdb2]# cp /etc/passwd .
[root@www sdb2]# cp /etc/group .
[root@www sdb2]# ls
etc  group  lost+found  passwd
[root@www sdb2]# 

2)模拟文件系统故障

[root@www sdb2]# cd
[root@www ~]# dd if=/dev/zero of=/dev/sdb2 bs=4k count=10
10+0 records in
10+0 records out
40960 bytes (41 kB) copied, 0.000409843 s, 99.9 MB/s
[root@www ~]# cd /sdb2
[root@www sdb2]# ls         //此时文件都已经不见了
[root@www sdb2]# 
[root@www sdb2]# 

3)卸载文件系统并修复

[root@www ~]# umount /sdb2/
[root@www ~]# fsck /dev/sdb2 
fsck from util-linux 2.23.2
e2fsck 1.42.9 (28-Dec-2013)
ext2fs_open2: Bad magic number in super-block
fsck.ext2: Superblock invalid, trying backup blocks...
/dev/sdb2 was not cleanly unmounted, check forced.
Resize inode not valid.  Recreate<y>? yes
Pass 1: Checking inodes, blocks, and sizes

Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
Free blocks count wrong for group #0 (23896, counted=23897).
Fix<y>? yes
Free blocks count wrong for group #1 (32127, counted=32125).
Fix<y>? yes
Free blocks count wrong for group #16 (24544, counted=23941).
Fix<y>? yes
Free blocks count wrong for group #18 (32768, counted=23718).
Fix<y>? yes
Free blocks count wrong (1252001, counted=1242347).
Fix<y>? yes
Free inodes count wrong for group #0 (8181, counted=8179).
Fix<y>? yes
Free inodes count wrong for group #16 (8192, counted=5753).
Fix<y>? yes
Directories count wrong for group #16 (0, counted=601).
Fix<y>? yes
Free inodes count wrong (327669, counted=325228).
Fix<y>? yes

/dev/sdb2: ***** FILE SYSTEM WAS MODIFIED *****
/dev/sdb2: 2452/327680 files (0.2% non-contiguous), 68117/1310464 blocks
[root@www ~]# mount /dev/sdb2 /sdb2 
[root@www ~]# 
[root@www ~]# df -h 
Filesystem               Size  Used Avail Use% Mounted on
/dev/mapper/centos-root   18G  1.7G   16G  10% /
devtmpfs                 475M     0  475M   0% /dev
tmpfs                    487M     0  487M   0% /dev/shm
tmpfs                    487M  7.6M  479M   2% /run
tmpfs                    487M     0  487M   0% /sys/fs/cgroup
/dev/sda1                497M  141M  357M  29% /boot
tmpfs                     98M     0   98M   0% /run/user/0
/dev/sdb2                4.8G   58M  4.5G   2% /sdb2
[root@www ~]# cd /sdb2/
[root@www sdb2]# ls            //文件以及全部回来啦
etc  group  lost+found  passwd
[root@www sdb2]# 

使用文件系统的超级块来恢复
1)查看文件的超级块编号

[root@www ~]# dumpe2fs  /dev/sdb2 |more 
dumpe2fs 1.42.9 (28-Dec-2013)
Filesystem volume name:   <none>
Last mounted on:          <not available>
Filesystem UUID:          1ab8a3d6-3a1f-4555-807c-ce048670f507
Filesystem magic number:  0xEF53
Filesystem revision #:    1 (dynamic)
Filesystem features:      has_journal ext_attr resize_inode dir_index filetype needs_recovery extent 64bit flex_bg spars
e_super large_file huge_file uninit_bg dir_nlink extra_isize
Filesystem flags:         signed_directory_hash 
Default mount options:    user_xattr acl
Filesystem state:         clean
Errors behavior:          Continue
Filesystem OS type:       Linux
Inode count:              327680
Block count:              1310464
Reserved block count:     65523
Free blocks:              1242347
Free inodes:              325228
First block:              0
Block size:               4096
Fragment size:            4096
Group descriptor size:    64
Reserved GDT blocks:      639
Group 0: (Blocks 0-32767) [ITABLE_ZEROED]
  Checksum 0x183d, unused inodes 8179
  Primary superblock at 0, Group descriptors at 1-1
  Reserved GDT blocks at 2-640
  Block bitmap at 641 (+641), Inode bitmap at 657 (+657)
  Inode table at 673-1184 (+673)
  23897 free blocks, 8179 free inodes, 2 directories, 8179 unused inodes
  Free blocks: 8871-32767
  Free inodes: 14-8192
Group 1: (Blocks 32768-65535) [INODE_UNINIT, ITABLE_ZEROED]
  Checksum 0x0788, unused inodes 8192
  Backup superblock at 32768, Group descriptors at 32769-32769      //这是文件系统的超级块编号
  Reserved GDT blocks at 32770-33408
  Block bitmap at 642 (bg #0 + 642), Inode bitmap at 658 (bg #0 + 658)
  Inode table at 1185-1696 (bg #0 + 1185)
  32125 free blocks, 8192 free inodes, 0 directories, 8192 unused inodes
  Free blocks: 33411-65535
  Free inodes: 8193-16384

2)再次模拟文件系统故障并修复

[root@www ~]# dd if=/dev/zero of=/dev/sdb2 bs=4k count=10
10+0 records in
10+0 records out
40960 bytes (41 kB) copied, 0.000367326 s, 112 MB/s
[root@www ~]# cd /sdb2/
[root@www sdb2]# ls
[root@www sdb2]# 
[root@www sdb2]# 
[root@www sdb2]# umount /sdb2
umount: /sdb2: target is busy.
        (In some cases useful info about processes that use
         the device is found by lsof(8) or fuser(1))
[root@www sdb2]# cd 
[root@www ~]# umount /sdb2
[root@www ~]# e2fsck -b 32768  /dev/sdb2 
e2fsck 1.42.9 (28-Dec-2013)
/dev/sdb2 was not cleanly unmounted, check forced.
Resize inode not valid.  Recreate<y>? yes
Pass 1: Checking inodes, blocks, and sizes

Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
Free blocks count wrong for group #0 (23896, counted=23897).
Fix<y>? yes
Free blocks count wrong for group #1 (32127, counted=32125).
Fix<y>? yes
Free blocks count wrong for group #16 (24544, counted=23941).
Fix<y>? yes
Free blocks count wrong for group #18 (32768, counted=23718).
Fix<y>? yes
Free blocks count wrong (1252001, counted=1242347).
Fix<y>? yes
Free inodes count wrong for group #0 (8181, counted=8179).
Fix<y>? yes
Free inodes count wrong for group #16 (8192, counted=5753).
Fix<y>? yes
Directories count wrong for group #16 (0, counted=601).
Fix<y>? yes
Free inodes count wrong (327669, counted=325228).
Fix<y>? yes

/dev/sdb2: ***** FILE SYSTEM WAS MODIFIED *****
/dev/sdb2: 2452/327680 files (0.2% non-contiguous), 68117/1310464 blocks
[root@www ~]# 

3)再次挂载文件系统

[root@www ~]# mount /dev/sdb2  /sdb2/
[root@www ~]# 
[root@www ~]# df -h 
Filesystem               Size  Used Avail Use% Mounted on
/dev/mapper/centos-root   18G  1.7G   16G  10% /
devtmpfs                 475M     0  475M   0% /dev
tmpfs                    487M     0  487M   0% /dev/shm
tmpfs                    487M  7.6M  479M   2% /run
tmpfs                    487M     0  487M   0% /sys/fs/cgroup
/dev/sda1                497M  141M  357M  29% /boot
tmpfs                     98M     0   98M   0% /run/user/0
/dev/sdb2                4.8G   58M  4.5G   2% /sdb2
[root@www ~]# cd /sdb2
[root@www sdb2]# ls
etc  group  lost+found  passwd          //文件存在!
[root@www sdb2]# 

误删除文件怎么恢复删除的文件呢
1)首先安装extundelete软件包

[root@www ~]# ls
0.sh             ansible-2.4.2.0-2.el7.noarch.rpm  extundelete-0.2.4.tar.bz2  n.sh
anaconda-ks.cfg  ansible-2.7.5-1.el7.src.rpm       hellow.py                  rpmbuild
[root@www ~]# tar  xf extundelete-0.2.4.tar.bz2 
[root@www ~]# cd extundelete-0.2.4
[root@www extundelete-0.2.4]# ls
acinclude.m4  autogen.sh   configure     depcomp     LICENSE      Makefile.in  README
aclocal.m4    config.h.in  configure.ac  install-sh  Makefile.am  missing      src
[root@www extundelete-0.2.4]# ./configure 
Configuring extundelete 0.2.4
configure: error: Can't find ext2fs library
[root@www extundelete-0.2.4]# yum provides */ext2fs 
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
base/x86_64/filelists_db                                                                         | 7.1 MB  00:00:00     
jyy/filelists_db                                                                                 | 2.9 MB  00:00:00     
e2fsprogs-devel-1.42.9-7.el7.x86_64 : Ext2/3/4 filesystem-specific libraries and headers
Repo        : jyy
Matched from:
Filename    : /usr/include/ext2fs
[root@www extundelete-0.2.4]# 
[root@www extundelete-0.2.4]# yum install e2fsprogs-devel -y     //安装所需要的依赖包
[root@www extundelete-0.2.4]# ./configure 
Configuring extundelete 0.2.4
Writing generated files to disk
[root@www extundelete-0.2.4]# make && make install 
make -s all-recursive
Making all in src
extundelete.cc: In function ‘ext2_ino_t find_inode(ext2_filsys, ext2_filsys, ext2_inode*, std::string, int)’:
extundelete.cc:1272:29: warning: narrowing conversion of ‘search_flags’ from ‘int’ to ‘ext2_ino_t {aka unsigned int}’ inside { } [-Wnarrowing]
    buf, match_name2, priv, 0};
                             ^
Making install in src
  /usr/bin/install -c extundelete '/usr/local/bin'
[root@www extundelete-0.2.4]# 

2)执行误删除操作

[root@www ~]# cd /sdb1/
[root@www sdb1]# cp /etc/ -r . 
[root@www sdb1]# 
[root@www sdb1]# cp /etc/passwd .
[root@www sdb1]# cp /etc/group
group   group-  
[root@www sdb1]# cp /etc/group .
[root@www sdb1]# 
[root@www sdb1]# ls
etc  group  lost+found  passwd
[root@www sdb1]# 
[root@www sdb1]# rm -rf * 
[root@www sdb1]# ls
[root@www sdb1]# 

3)卸载挂载点并恢复文件

[root@www ~]# umount /sdb1/
[root@www ~]# extundelete /dev/sdb1 --inode 2
NOTICE: Extended attributes are not restored.
Loading filesystem metadata ... 40 groups loaded.
Group: 0
Contents of inode 2:
0000 | ed 41 00 00 00 10 00 00 6b 84 8e 5c 62 84 8e 5c | .A......k..\b..\
0010 | 62 84 8e 5c 00 00 00 00 00 00 02 00 08 00 00 00 | b..\............
0020 | 00 00 08 00 07 00 00 00 0a f3 01 00 04 00 00 00 | ................
0030 | 00 00 00 00 00 00 00 00 01 00 00 00 a1 22 00 00 | ............."..
0040 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
0050 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
0060 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
0070 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
0080 | 1c 00 00 00 4c 82 6b 63 4c 82 6b 63 e0 44 0a 1e | ....L.kcL.kc.D..
0090 | 2c 84 8e 5c 00 00 00 00 00 00 00 00 00 00 00 00 | ,..\............
00a0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00b0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00c0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00d0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00e0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00f0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

Inode is Allocated
File mode: 16877
Low 16 bits of Owner Uid: 0
Size in bytes: 4096
Access time: 1552843883
Creation time: 1552843874
Modification time: 1552843874
Deletion Time: 0
Low 16 bits of Group Id: 0
Links count: 2
Blocks count: 8
File flags: 524288
File version (for NFS): 0
File ACL: 0
Directory ACL: 0
Fragment address: 0
Direct blocks: 127754, 4, 0, 0, 1, 8865, 0, 0, 0, 0, 0, 0
Indirect block: 0
Double indirect block: 0
Triple indirect block: 0

File name                                       | Inode number | Deleted status
.                                                 2
..                                                2
lost+found                                        11             Deleted
etc                                               131073         Deleted
passwd                                            12             Deleted
group                                             13             Deleted
 [root@www extundelete-0.2.4]# extundelete /dev/sdb1 --restore-all
 [root@www RECOVERED_FILES]# ls
etc  group  lost+found  passwd             //再把文件拷贝到挂载点即可
[root@www RECOVERED_FILES]# 


上一篇:linux 下C++内存泄漏检测工具


下一篇:【DB笔试面试416】Oracle中在SQL提示符下用____命令可以执行OS命令。