Jump to content











Photo
- - - - -

SOLVED: Grub MD Password


  • Please log in to reply
24 replies to this topic

#1 st-dv

st-dv

    Frequent Member

  • Members
  • 121 posts
  •  
    Germany

Posted 20 May 2008 - 08:35 AM

hello,

I added in the CREATE-ISO-Script the line

TXTAddLine,"%MenuFile%","password -md5 xxxxxxxxxxxxxxxxxxxxxxx"

(xxxx stands for the md5-hash!)


but this takes no effect....


what's wrong??

#2 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 20 May 2008 - 09:33 AM

In which project are you using this? ;)

#3 st-dv

st-dv

    Frequent Member

  • Members
  • 121 posts
  •  
    Germany

Posted 20 May 2008 - 10:22 AM

In which project are you using this? ;)




I use VistaPE11 Multiboot.... with winbuilder074.........

In the Create-ISO-Script I add these lines under the "GRUB4DOS"-Sector....... a little bit after "timeout" and "default" and these things....

#4 st-dv

st-dv

    Frequent Member

  • Members
  • 121 posts
  •  
    Germany

Posted 21 May 2008 - 08:06 AM

No changes:

password --md5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


takes no effect in Grub-Boot-Loader


Or do I have to set such a password for every menu-entry?? and how do I do that?

#5 was_jaclaz

was_jaclaz

    Finder

  • Advanced user
  • 7101 posts
  • Location:Gone in the mist
  •  
    Italy

Posted 21 May 2008 - 08:27 AM

Read this thread:
http://www.boot-land...?showtopic=2984
and this:
http://ubuntuforums....read.php?t=7353

You either password protect a sub-menu, or single entries or it should be first item.

jaclaz

#6 st-dv

st-dv

    Frequent Member

  • Members
  • 121 posts
  •  
    Germany

Posted 21 May 2008 - 09:27 AM

Read this thread:
http://www.boot-land...?showtopic=2984
and this:
http://ubuntuforums....read.php?t=7353

You either password protect a sub-menu, or single entries or it should be first item.

jaclaz



Ok, now I got my first menu-entry (VistaPE) password-protected..... but after entering the password, the screen freezes.... and there is a kind of white grafic to be seen.....

If I uncomment the passwort entry in menu.lst with ";" VistaPE starts fine......

Is this a known problem with the password-protection of grub?

#7 tinybit

tinybit

    Gold Member

  • Developer
  • 1175 posts
  •  
    China

Posted 21 May 2008 - 10:47 AM

It is likely a buffer overflow or such. Could you post your password here?

#8 was_jaclaz

was_jaclaz

    Finder

  • Advanced user
  • 7101 posts
  • Location:Gone in the mist
  •  
    Italy

Posted 21 May 2008 - 11:04 AM

It is likely a buffer overflow or such. Could you post your password here?


To clarify, try with a "stupid" password, like "admin", and if it does not work, post it.
(we do not want to know your "real" password ;))


Try with a non-encrypted password first....

.... and please also post the EXACT version of grub4dos you are using.

jaclaz

#9 st-dv

st-dv

    Frequent Member

  • Members
  • 121 posts
  •  
    Germany

Posted 21 May 2008 - 11:32 AM

To clarify, try with a "stupid" password, like "admin", and if it does not work, post it.
(we do not want to know your "real" password ;))


Try with a non-encrypted password first....

.... and please also post the EXACT version of grub4dos you are using.

jaclaz


Oh, how can I add an unencrypted password???

do I have to add:

"password -admin" or how do I have to?

I only know the syntax

password --md5 xxxxxxxxxxxxxxxxxxxxxxxxxx

PS: I really tried it with the md5-hash of "admin"..... for first.... but this did not work.....

after having inserted the passwort it's like a grafical error.... there's something like a black/white screensaver (that does not move).... and the vistape-boot-sequence freezes....

It will try to attach some screenshots here, ok ?

Attached Thumbnails

  • screen1.jpg
  • screen2.jpg
  • screen3.jpg


#10 was_jaclaz

was_jaclaz

    Finder

  • Advanced user
  • 7101 posts
  • Location:Gone in the mist
  •  
    Italy

Posted 21 May 2008 - 12:31 PM

Post your menu.lst.

Plain password:
password admin
(set this as first line in your menu.lst)

or as first line after the "title" label of the single entry you want to protect.

(from the screenshot you posted, the message "Will boot NTLDR...." should mean that you have the line AFTER the "root" and "chainloader" commands)


jaclaz

#11 st-dv

st-dv

    Frequent Member

  • Members
  • 121 posts
  •  
    Germany

Posted 21 May 2008 - 12:48 PM

Post your menu.lst.

Plain password:

password admin
(set this as first line in your menu.lst)

or as first line after the "title" label of the single entry you want to protect.

(from the screenshot you posted, the message "Will boot NTLDR...." should mean that you have the line AFTER the "root" and "chainloader" commands)


jaclaz




Ok, with only

password admin (or something else) it works....
So the problem would be the md5 thing...... are there known problems????????

PS: Thank for helping til now......... would be great if you could help me again......

#12 tinybit

tinybit

    Gold Member

  • Developer
  • 1175 posts
  •  
    China

Posted 21 May 2008 - 02:03 PM

I think it is a bug. I'll try to fix it soon, in several hours or days. You may keep an eye on http://grub4dos.jot.com/

It is not a known problem. Thanks for this report.

#13 was_jaclaz

was_jaclaz

    Finder

  • Advanced user
  • 7101 posts
  • Location:Gone in the mist
  •  
    Italy

Posted 21 May 2008 - 02:22 PM

@st-dv

Just to make sure, please:

Create a menu.lst/add to it two entries:

#Password is "admin", NOT encrypted

title Test_password

password admin

geometry (hd0,0)



#Password is "admin", MD5 encrypted

title Test_password MD5

password --md5 <MD5_hash_for_admin>

geometry &#40;hd0,0&#41;

(change <MD5_hash_for_admin> with the actual hash, output of the command md5crypt for admin or use the small .cmd + md5 encryptor in the thread I already referenced)

Does first entry work?

Does second one? (or does it give the same error)?

If there are still problems, post your menu.lst.

jaclaz

#14 st-dv

st-dv

    Frequent Member

  • Members
  • 121 posts
  •  
    Germany

Posted 24 May 2008 - 04:49 AM

Hello,

thanks..... with first entry it works......... with password encrypted it does not........

my md5 is: 21232f297a57a5a743894a0e4a801fc3

Heres my menu:

splashimage /Boot/gentleblue.gz
timeout 120
default 0

title Vista PE
chainloader /BOOTMGR
password admin

title
title iso boot
map --mem (cd0)/acronis.iso (hd32)
map --hook
chainloader (hd32)
boot

title Damn Small Linux
find --set-root /Boot/grldr
kernel /Boot/isolinux/linux24 ramdisk_size=100000 init=/etc/init lang=us apm=power-off vga=791 initrd=minirt24.gz nomce noapic qemu quiet BOOT_IMAGE=knoppix frugal
initrd /Boot/isolinux/minirt24.gz

title Windows XP SP2 Recovery Console
chainloader /RECC/SETUPLDR.BIN

title Parted Magic
kernel /Boot/plinux/kernel.pml noapic root=/dev/ram0 squashfs=/Boot/plinux/pmagic.fs init=/linuxrc ramdisk_size=100000 skip
initrd /Boot/plinux/initrd.pml

title MemTest86+
kernel /Boot/memtest.bin

title Neustart
reboot

title Rechner ausschalten
halt

#15 was_jaclaz

was_jaclaz

    Finder

  • Advanced user
  • 7101 posts
  • Location:Gone in the mist
  •  
    Italy

Posted 24 May 2008 - 10:59 AM

my md5 is: 21232f297a57a5a743894a0e4a801fc3


Hmmm, ;)

A grub4dos MD5 password is something like this (for "admin"):
$1$A$bz02E9ZNFw0ZSXi3.3u731
some more:
$1$6$ftCQWsyP7jK5sUt/JMHMi/
$1$5$v1NoiV.uQUgcvqo/NNGnQ.

How the heck did you generate the MD5 hash? :thumbup:

(change <MD5_hash_for_admin> with the actual hash, output of the command md5crypt for admin or use the small .cmd + md5 encryptor in the thread I already referenced)


Read this thread:
http://www.boot-land...?showtopic=2984


Try THIS:
#Password is &#34;admin&#34;, NOT encrypted

title Test_password

password admin

geometry &#40;hd0,0&#41;



#Password is &#34;admin&#34;, MD5 encrypted

title Test_password MD5

password --md5 $1$A$bz02E9ZNFw0ZSXi3.3u731

geometry &#40;hd0,0&#41;

and report.

jaclaz

#16 tinybit

tinybit

    Gold Member

  • Developer
  • 1175 posts
  •  
    China

Posted 25 May 2008 - 02:07 PM

Thanks, jaclaz.

The latest of 2008-05-25 will issue an error message instead of hang with a crash.

And thank st-dv for providing the password 21232f297a57a5a743894a0e4a801fc3.

#17 st-dv

st-dv

    Frequent Member

  • Members
  • 121 posts
  •  
    Germany

Posted 26 May 2008 - 05:01 AM

Hello Jaclaz,

uuuppps..... ;)

I thought that I could take every tool to creat a md5-hash... cause a md5 always would be same.......... I took a tool named "hash calculator"..........

You think I got to create the MD5 with grub? I don't know how this works..... Maybe we got the solution here....

I am gogin to read about creating MD5 with grub..........

#18 st-dv

st-dv

    Frequent Member

  • Members
  • 121 posts
  •  
    Germany

Posted 26 May 2008 - 05:51 AM

Hello Jaclaz,

uuuppps..... ;)

I thought that I could take every tool to creat a md5-hash... cause a md5 always would be same.......... I took a tool named "hash calculator"..........

You think I got to create the MD5 with grub? I don't know how this works..... Maybe we got the solution here....

I am gogin to read about creating MD5 with grub..........



Ok, now I created the md5 passwort, for example for "nimda1" = $1$gMpWW$dSSja3q25ComELW9J18Pt

with the tool "grub-md5-crypt" from the knoppix-dvd............

Now I got the following error message when booting VistaPE:

Attached Thumbnails

  • screen6.jpg


#19 was_jaclaz

was_jaclaz

    Finder

  • Advanced user
  • 7101 posts
  • Location:Gone in the mist
  •  
    Italy

Posted 26 May 2008 - 07:17 AM

Try the example I posted, with password "admin".

The md5 hash you posted, $1$gMpWW$dSSja3q25ComELW9J18Pt , DOES NOT seem to verify for "nimda1", maybe you have wrongly copied a character.

I do not see where the problem is. ;)

I told you TWO different ways to generate a proper MD5 hash, tested and known to be working, you need to re-read "common sense advice":
http://www.boot-land...?act=boardrules
expecially points #f3. and #f4. :thumbup:

If both methods are too complex for you, there is a third way:
1) Get Aerostudio here:
http://aerostudio.bo....net/?page_id=4
2) install and run it
3) use Tools->Grub MD5 password
with it you can both generate and verify a MD5 hash :thumbup:

jaclaz

#20 st-dv

st-dv

    Frequent Member

  • Members
  • 121 posts
  •  
    Germany

Posted 26 May 2008 - 08:49 AM

Jaclaz,


thank you very much again.


Using Aerostudio to create the md5-hash did solve the problem...

Thanks!

#21 was_jaclaz

was_jaclaz

    Finder

  • Advanced user
  • 7101 posts
  • Location:Gone in the mist
  •  
    Italy

Posted 26 May 2008 - 08:57 AM

Jaclaz,


thank you very much again.


Using Aerostudio to create the md5-hash did solve the problem...

Thanks!


No prob. ;)

jaclaz

#22 ireneuszp

ireneuszp

    Frequent Member

  • Advanced user
  • 191 posts
  •  
    Poland

Posted 28 January 2010 - 01:03 PM

Nothing to say ,just download it.
http://bbs.wuyou.com...=31...=3&page=1

http://bbs.wuyou.com..._1112836070.zip


md5crypt

Posted Image

:lol:

#23 steve6375

steve6375

    Platinum Member

  • Developer
  • 7566 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films
  •  
    United Kingdom

Posted 13 February 2011 - 10:00 AM

I am just trying this md5 password function in grub4dos but cannot get it to work.

If I generate an md5 hash from the password 'steve' I get a different answer every time !!! - both under grub4dos shell running via QEMU or running md5crypt from an admin command shell under Win 7. Is the md5 hash supposed to be different every time? ;)

OK, figured out the problem! I was using someone;s guide on how to add a password and it gave several examples using

password -md5 xxxxxx

instead of

password --md5 xxxxxx


so it is all working now. The original poster also seems to have used -md5 instead of --md5 ??

and md5 hashes do change as a different 'salt' is used each time, so I have answered my own Q!

#24 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 13 February 2011 - 10:15 AM

I am just trying this md5 password function in grub4dos but cannot get it to work.

If I generate an md5 hash from the password 'steve' I get a different answer every time !!! - both under grub4dos shell running via QEMU or running md5crypt from an admin command shell under Win 7. Is the md5 hash supposed to be different every time? ;)

SURE :heh:, that's EXACTLY the idea.
If you have a 1-to-1 correspondence between a password and it's HASH it would be easy to make a "reverse".

Read here:
http://reboot.pro/2984/
http://reboot.pro/2984/page__st__15
http://reboot.pro/2984/page__st__24
http://reboot.pro/2984/page__st__28
a SALT (or SEED) makes the difference :).

;)
Wonko

#25 steve6375

steve6375

    Platinum Member

  • Developer
  • 7566 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films
  •  
    United Kingdom

Posted 16 July 2021 - 09:29 PM

Old post but this may help some...

 

nimda1  = $1$gMpWW$dSSja3q25ComELW9J18Pt.

 

Note the dot at the end which seems to be missing from earlier post.

 

See https://unix4lyfe.org/crypt/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users