Linux文件恢复与密码破解
作者:互联网
一、忘记管理员密码怎么破解呢?
红帽6的系统:
第一步:看到引导菜单按e键进行编辑
第二步:编辑内核
第三步:进入单用户级别模式
回车退出,然后按b键启动系统
第四步:修改密码
红帽7的系统破解密码:
第一步:编辑引导界面的grub
第二步:编辑
找到linux16这一行,在行尾加上rd.break,然后按ctrl+x启动系统
第三步:修改密码
1)mount -o remount,rw /sysroot //重新挂载根目录
2)chroot /sysroot //切换到根目录
3)修改root密码
4)touch /.autorelabel //创建一个selinux所需要的文件夹
5)输入两次exit退出
给grub菜单加密
第一步:生成密码
第二步:编辑grub文件
在文件的最后一行添加一下信息:
第三步:重读grub文件,并重启验证
输入用户名和密码:
进入成功:
磁盘损坏的修复
我们使用dd命令模拟磁盘被损坏来进行修复操作
1)创建分区,格式化文件系统,挂载并拷贝一些文件到目录中
分区
[root@www ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 20G 0 disk
├─sda1 8:1 0 500M 0 part /boot
└─sda2 8:2 0 19.5G 0 part
├─centos-root 253:0 0 17.5G 0 lvm /
└─centos-swap 253:1 0 2G 0 lvm [SWAP]
sdb 8:16 0 10G 0 disk
└─sdb1 8:17 0 5G 0 part
sr0 11:0 1 4G 0 rom
[root@www ~]#
[root@www ~]#
[root@www ~]#
[root@www ~]# fdisk /dev/sdb
Welcome to fdisk (util-linux 2.23.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Command (m for help): n
Partition type:
p primary (1 primary, 0 extended, 3 free)
e extended
Select (default p):
Using default response p
Partition number (2-4, default 2):
First sector (10487808-20971519, default 10487808):
Using default value 10487808
Last sector, +sectors or +size{K,M,G} (10487808-20971519, default 20971519):
Using default value 20971519
Partition 2 of type Linux and of size 5 GiB is set
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
[root@www ~]#
格式化并挂载
[root@www ~]# mkfs.ext4 /dev/sdb2
mke2fs 1.42.9 (28-Dec-2013)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
327680 inodes, 1310464 blocks
65523 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=1342177280
40 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736
Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
[root@www ~]# mkdir /sdb2
[root@www ~]# mount /dev/sdb2 /sdb2
[root@www ~]#
[root@www ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/centos-root 18G 1.7G 16G 10% /
devtmpfs 475M 0 475M 0% /dev
tmpfs 487M 0 487M 0% /dev/shm
tmpfs 487M 7.6M 479M 2% /run
tmpfs 487M 0 487M 0% /sys/fs/cgroup
/dev/sda1 497M 141M 357M 29% /boot
tmpfs 98M 0 98M 0% /run/user/0
/dev/sdb2 4.8G 20M 4.6G 1% /sdb2
[root@www ~]#
[root@www ~]# cd /sdb2
[root@www sdb2]# ls
lost+found
[root@www sdb2]# cp /etc/ -r .
[root@www sdb2]# cp /etc/passwd .
[root@www sdb2]# cp /etc/group .
[root@www sdb2]# ls
etc group lost+found passwd
[root@www sdb2]#
2)模拟文件系统故障
[root@www sdb2]# cd
[root@www ~]# dd if=/dev/zero of=/dev/sdb2 bs=4k count=10
10+0 records in
10+0 records out
40960 bytes (41 kB) copied, 0.000409843 s, 99.9 MB/s
[root@www ~]# cd /sdb2
[root@www sdb2]# ls //此时文件都已经不见了
[root@www sdb2]#
[root@www sdb2]#
3)卸载文件系统并修复
[root@www ~]# umount /sdb2/
[root@www ~]# fsck /dev/sdb2
fsck from util-linux 2.23.2
e2fsck 1.42.9 (28-Dec-2013)
ext2fs_open2: Bad magic number in super-block
fsck.ext2: Superblock invalid, trying backup blocks...
/dev/sdb2 was not cleanly unmounted, check forced.
Resize inode not valid. Recreate<y>? yes
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
Free blocks count wrong for group #0 (23896, counted=23897).
Fix<y>? yes
Free blocks count wrong for group #1 (32127, counted=32125).
Fix<y>? yes
Free blocks count wrong for group #16 (24544, counted=23941).
Fix<y>? yes
Free blocks count wrong for group #18 (32768, counted=23718).
Fix<y>? yes
Free blocks count wrong (1252001, counted=1242347).
Fix<y>? yes
Free inodes count wrong for group #0 (8181, counted=8179).
Fix<y>? yes
Free inodes count wrong for group #16 (8192, counted=5753).
Fix<y>? yes
Directories count wrong for group #16 (0, counted=601).
Fix<y>? yes
Free inodes count wrong (327669, counted=325228).
Fix<y>? yes
/dev/sdb2: ***** FILE SYSTEM WAS MODIFIED *****
/dev/sdb2: 2452/327680 files (0.2% non-contiguous), 68117/1310464 blocks
[root@www ~]# mount /dev/sdb2 /sdb2
[root@www ~]#
[root@www ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/centos-root 18G 1.7G 16G 10% /
devtmpfs 475M 0 475M 0% /dev
tmpfs 487M 0 487M 0% /dev/shm
tmpfs 487M 7.6M 479M 2% /run
tmpfs 487M 0 487M 0% /sys/fs/cgroup
/dev/sda1 497M 141M 357M 29% /boot
tmpfs 98M 0 98M 0% /run/user/0
/dev/sdb2 4.8G 58M 4.5G 2% /sdb2
[root@www ~]# cd /sdb2/
[root@www sdb2]# ls //文件以及全部回来啦
etc group lost+found passwd
[root@www sdb2]#
使用文件系统的超级块来恢复
1)查看文件的超级块编号
[root@www ~]# dumpe2fs /dev/sdb2 |more
dumpe2fs 1.42.9 (28-Dec-2013)
Filesystem volume name: <none>
Last mounted on: <not available>
Filesystem UUID: 1ab8a3d6-3a1f-4555-807c-ce048670f507
Filesystem magic number: 0xEF53
Filesystem revision #: 1 (dynamic)
Filesystem features: has_journal ext_attr resize_inode dir_index filetype needs_recovery extent 64bit flex_bg spars
e_super large_file huge_file uninit_bg dir_nlink extra_isize
Filesystem flags: signed_directory_hash
Default mount options: user_xattr acl
Filesystem state: clean
Errors behavior: Continue
Filesystem OS type: Linux
Inode count: 327680
Block count: 1310464
Reserved block count: 65523
Free blocks: 1242347
Free inodes: 325228
First block: 0
Block size: 4096
Fragment size: 4096
Group descriptor size: 64
Reserved GDT blocks: 639
Group 0: (Blocks 0-32767) [ITABLE_ZEROED]
Checksum 0x183d, unused inodes 8179
Primary superblock at 0, Group descriptors at 1-1
Reserved GDT blocks at 2-640
Block bitmap at 641 (+641), Inode bitmap at 657 (+657)
Inode table at 673-1184 (+673)
23897 free blocks, 8179 free inodes, 2 directories, 8179 unused inodes
Free blocks: 8871-32767
Free inodes: 14-8192
Group 1: (Blocks 32768-65535) [INODE_UNINIT, ITABLE_ZEROED]
Checksum 0x0788, unused inodes 8192
Backup superblock at 32768, Group descriptors at 32769-32769 //这是文件系统的超级块编号
Reserved GDT blocks at 32770-33408
Block bitmap at 642 (bg #0 + 642), Inode bitmap at 658 (bg #0 + 658)
Inode table at 1185-1696 (bg #0 + 1185)
32125 free blocks, 8192 free inodes, 0 directories, 8192 unused inodes
Free blocks: 33411-65535
Free inodes: 8193-16384
2)再次模拟文件系统故障并修复
[root@www ~]# dd if=/dev/zero of=/dev/sdb2 bs=4k count=10
10+0 records in
10+0 records out
40960 bytes (41 kB) copied, 0.000367326 s, 112 MB/s
[root@www ~]# cd /sdb2/
[root@www sdb2]# ls
[root@www sdb2]#
[root@www sdb2]#
[root@www sdb2]# umount /sdb2
umount: /sdb2: target is busy.
(In some cases useful info about processes that use
the device is found by lsof(8) or fuser(1))
[root@www sdb2]# cd
[root@www ~]# umount /sdb2
[root@www ~]# e2fsck -b 32768 /dev/sdb2
e2fsck 1.42.9 (28-Dec-2013)
/dev/sdb2 was not cleanly unmounted, check forced.
Resize inode not valid. Recreate<y>? yes
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
Free blocks count wrong for group #0 (23896, counted=23897).
Fix<y>? yes
Free blocks count wrong for group #1 (32127, counted=32125).
Fix<y>? yes
Free blocks count wrong for group #16 (24544, counted=23941).
Fix<y>? yes
Free blocks count wrong for group #18 (32768, counted=23718).
Fix<y>? yes
Free blocks count wrong (1252001, counted=1242347).
Fix<y>? yes
Free inodes count wrong for group #0 (8181, counted=8179).
Fix<y>? yes
Free inodes count wrong for group #16 (8192, counted=5753).
Fix<y>? yes
Directories count wrong for group #16 (0, counted=601).
Fix<y>? yes
Free inodes count wrong (327669, counted=325228).
Fix<y>? yes
/dev/sdb2: ***** FILE SYSTEM WAS MODIFIED *****
/dev/sdb2: 2452/327680 files (0.2% non-contiguous), 68117/1310464 blocks
[root@www ~]#
3)再次挂载文件系统
[root@www ~]# mount /dev/sdb2 /sdb2/
[root@www ~]#
[root@www ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/centos-root 18G 1.7G 16G 10% /
devtmpfs 475M 0 475M 0% /dev
tmpfs 487M 0 487M 0% /dev/shm
tmpfs 487M 7.6M 479M 2% /run
tmpfs 487M 0 487M 0% /sys/fs/cgroup
/dev/sda1 497M 141M 357M 29% /boot
tmpfs 98M 0 98M 0% /run/user/0
/dev/sdb2 4.8G 58M 4.5G 2% /sdb2
[root@www ~]# cd /sdb2
[root@www sdb2]# ls
etc group lost+found passwd //文件存在!
[root@www sdb2]#
误删除文件怎么恢复删除的文件呢
1)首先安装extundelete软件包
[root@www ~]# ls
0.sh ansible-2.4.2.0-2.el7.noarch.rpm extundelete-0.2.4.tar.bz2 n.sh
anaconda-ks.cfg ansible-2.7.5-1.el7.src.rpm hellow.py rpmbuild
[root@www ~]# tar xf extundelete-0.2.4.tar.bz2
[root@www ~]# cd extundelete-0.2.4
[root@www extundelete-0.2.4]# ls
acinclude.m4 autogen.sh configure depcomp LICENSE Makefile.in README
aclocal.m4 config.h.in configure.ac install-sh Makefile.am missing src
[root@www extundelete-0.2.4]# ./configure
Configuring extundelete 0.2.4
configure: error: Can't find ext2fs library
[root@www extundelete-0.2.4]# yum provides */ext2fs
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
base/x86_64/filelists_db | 7.1 MB 00:00:00
jyy/filelists_db | 2.9 MB 00:00:00
e2fsprogs-devel-1.42.9-7.el7.x86_64 : Ext2/3/4 filesystem-specific libraries and headers
Repo : jyy
Matched from:
Filename : /usr/include/ext2fs
[root@www extundelete-0.2.4]#
[root@www extundelete-0.2.4]# yum install e2fsprogs-devel -y //安装所需要的依赖包
[root@www extundelete-0.2.4]# ./configure
Configuring extundelete 0.2.4
Writing generated files to disk
[root@www extundelete-0.2.4]# make && make install
make -s all-recursive
Making all in src
extundelete.cc: In function ‘ext2_ino_t find_inode(ext2_filsys, ext2_filsys, ext2_inode*, std::string, int)’:
extundelete.cc:1272:29: warning: narrowing conversion of ‘search_flags’ from ‘int’ to ‘ext2_ino_t {aka unsigned int}’ inside { } [-Wnarrowing]
buf, match_name2, priv, 0};
^
Making install in src
/usr/bin/install -c extundelete '/usr/local/bin'
[root@www extundelete-0.2.4]#
2)执行误删除操作
[root@www ~]# cd /sdb1/
[root@www sdb1]# cp /etc/ -r .
[root@www sdb1]#
[root@www sdb1]# cp /etc/passwd .
[root@www sdb1]# cp /etc/group
group group-
[root@www sdb1]# cp /etc/group .
[root@www sdb1]#
[root@www sdb1]# ls
etc group lost+found passwd
[root@www sdb1]#
[root@www sdb1]# rm -rf *
[root@www sdb1]# ls
[root@www sdb1]#
3)卸载挂载点并恢复文件
[root@www ~]# umount /sdb1/
[root@www ~]# extundelete /dev/sdb1 --inode 2
NOTICE: Extended attributes are not restored.
Loading filesystem metadata ... 40 groups loaded.
Group: 0
Contents of inode 2:
0000 | ed 41 00 00 00 10 00 00 6b 84 8e 5c 62 84 8e 5c | .A......k..\b..\
0010 | 62 84 8e 5c 00 00 00 00 00 00 02 00 08 00 00 00 | b..\............
0020 | 00 00 08 00 07 00 00 00 0a f3 01 00 04 00 00 00 | ................
0030 | 00 00 00 00 00 00 00 00 01 00 00 00 a1 22 00 00 | ............."..
0040 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
0050 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
0060 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
0070 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
0080 | 1c 00 00 00 4c 82 6b 63 4c 82 6b 63 e0 44 0a 1e | ....L.kcL.kc.D..
0090 | 2c 84 8e 5c 00 00 00 00 00 00 00 00 00 00 00 00 | ,..\............
00a0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00b0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00c0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00d0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00e0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00f0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
Inode is Allocated
File mode: 16877
Low 16 bits of Owner Uid: 0
Size in bytes: 4096
Access time: 1552843883
Creation time: 1552843874
Modification time: 1552843874
Deletion Time: 0
Low 16 bits of Group Id: 0
Links count: 2
Blocks count: 8
File flags: 524288
File version (for NFS): 0
File ACL: 0
Directory ACL: 0
Fragment address: 0
Direct blocks: 127754, 4, 0, 0, 1, 8865, 0, 0, 0, 0, 0, 0
Indirect block: 0
Double indirect block: 0
Triple indirect block: 0
File name | Inode number | Deleted status
. 2
.. 2
lost+found 11 Deleted
etc 131073 Deleted
passwd 12 Deleted
group 13 Deleted
[root@www extundelete-0.2.4]# extundelete /dev/sdb1 --restore-all
[root@www RECOVERED_FILES]# ls
etc group lost+found passwd //再把文件拷贝到挂载点即可
[root@www RECOVERED_FILES]#
标签:00,blocks,sdb2,www,dev,密码,Linux,root,破解 来源: https://blog.csdn.net/Micky_Yang/article/details/88623001