CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 15 of 15

Thread: How to recover Gaia Admin password on VMware for Management server

  1. #1
    Join Date
    2012-06-13
    Posts
    368
    Rep Power
    7

    Default How to recover Gaia Admin password on VMware for Management server

    Hi Guys,

    I need your help desperately; somehow I changed the password for admin user of Operating System and dang the same is not working I gave all the possibilities but not sure what went wrong. Can someone please help me how to recover the password on R77.30 Open Server Gaia which is on VMware?

  2. #2
    Join Date
    2012-06-13
    Posts
    368
    Rep Power
    7

    Default Re: How to recover Gaia Admin password on VMware for Management server

    Or I have set admin user to login to /bin/bash so user admin used to login to # prompt then my password aged and changed but I am not able to login then. By the way its there any way I can force login vm to gaia mode next time? I mean by doing file level changes? What I am thinking here boot the machine from another live cd make the changes and reboot so that it wil be boot in Gaia mode?

  3. #3
    Join Date
    2012-06-13
    Posts
    368
    Rep Power
    7

    Default Re: How to recover Gaia Admin password on VMware for Management server

    By the way any idea what hash mechanism Gaia uses?Can we just replace has in /config/db/initial by mounting the hard drive on Linux Live CD? I am giving a try on test vm. Lets see if that succeed..

    Not sure though the Hashing mechanism being used.

  4. #4
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,494
    Rep Power
    16

    Default Re: How to recover Gaia Admin password on VMware for Management server

    As I recall, the hash is the same that would exist in /etc/shadow on a standard Linux machine--should be MD5.
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  5. #5
    Join Date
    2012-06-13
    Posts
    368
    Rep Power
    7

    Default Re: How to recover Gaia Admin password on VMware for Management server

    Nah I guess my clish and expert password are separate? so if somehow I can boot my machine into clish prompt I can do that since my shell is /bin/bash.

  6. #6
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    6

    Default Re: How to recover Gaia Admin password on VMware for Management server

    Quote Originally Posted by blason View Post
    Nah I guess my clish and expert password are separate? so if somehow I can boot my machine into clish prompt I can do that since my shell is /bin/bash.
    I don't think you can change the "boot shell" since you don't have access to that VM.
    Now on really resetting this, I looked over the documentation and it's pretty nasty:
    - you need to create an EmergenDisk: details here.
    - add this "so called disk" to your VMware and boot from it, then follow this.

    All on all, I can't believe how HARD is to solve this. Good luck!

  7. #7
    Join Date
    2012-06-13
    Posts
    368
    Rep Power
    7

    Default Re: How to recover Gaia Admin password on VMware for Management server

    By the way what is the maintenance mode password in Gaia? is it a Clish password of Expert mode password?

  8. #8
    Join Date
    2012-06-13
    Posts
    368
    Rep Power
    7

    Default Re: How to recover Gaia Admin password on VMware for Management server

    Ok - Guys

    I just tested couple of things with my test VM and it worked perfectly. Let me see if that worked in production as well. Even I tried changing shell from /bin/bash to /etc/cli.sh and passwd hash using method in Exhibit 2 and it worked perfectly.

    Can someone please share your comments on it?

    cp -v /config/db/initial_db /config/db/initial_db_ORIGINAL
    rm /config/db/initial_db
    conv2db /config/db/initial /config/db/initial_db
    chown -v admin:root /config/db/initial_db
    chmod -v u=rw,g=r,o=r /config/db/initial_db
    reboot


    Exhibit 2

    echo 'blason@123' | openssl passwd -1 -stdin
    $1$Z8Q3/Kz0$pwO1tBkmw6SGITss7BURh/


    Then entered the same in initial and followed above procedure and it worked perfectly.

  9. #9
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,647
    Rep Power
    9

    Default Re: How to recover Gaia Admin password on VMware for Management server

    Quote Originally Posted by blason View Post
    Ok - Guys

    I just tested couple of things with my test VM and it worked perfectly. Let me see if that worked in production as well. Even I tried changing shell from /bin/bash to /etc/cli.sh and passwd hash using method in Exhibit 2 and it worked perfectly.

    Can someone please share your comments on it?

    cp -v /config/db/initial_db /config/db/initial_db_ORIGINAL
    rm /config/db/initial_db
    conv2db /config/db/initial /config/db/initial_db
    chown -v admin:root /config/db/initial_db
    chmod -v u=rw,g=r,o=r /config/db/initial_db
    reboot


    Exhibit 2

    echo 'blason@123' | openssl passwd -1 -stdin
    $1$Z8Q3/Kz0$pwO1tBkmw6SGITss7BURh/


    Then entered the same in initial and followed above procedure and it worked perfectly.
    Interesting, i didn't know about that command to build the sqlite database.

    Just going to point out if you're in a system that is already up and your in as admin you can change the database with

    dbset
    dbset :save

    This is documented in
    sk92770

    so you can for example use that to reset the hash for the expert password or anything else really.

    Nice job finding that command btw.

  10. #10
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,647
    Rep Power
    9

    Default Re: How to recover Gaia Admin password on VMware for Management server

    oh.. and if you boot off a linux based OS and mount / then you can set /etc/passwd an /etc/shadow like you want then

    chattr +i /etc/passwd
    chattr +i /etc/shadow

  11. #11
    Join Date
    2012-06-13
    Posts
    368
    Rep Power
    7

    Default Re: How to recover Gaia Admin password on VMware for Management server

    Yeah that seems to have worked directly. Here is what I did.

    I rebooted my test VM from Kali, then mounted _current and changed the shadow file and then chattr. That seems to have put me in.
    Not sure what would be consequences though.

    root@kali:~# mkdir /tmp/test
    root@kali:~# mount /dev/mapper/vg_splat-lv_current /tmp/test/
    root@kali:~# cd /tmp/test/etc/
    root@kali:/tmp/test/etc# vi shadow
    Put my passwd which I generated on my other linux machine using command e.g. [ echo 'ABCdef@123' | openssl passwd -1 -stdin]

    root@kali:/tmp/test/etc# chattr +i shadow
    root@kali:/tmp/test/etc# chattr +i passwd
    root@kali:/tmp/test/etc# reboot


    What could be the consequences you guys can think of this?

  12. #12
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    6

    Default Re: How to recover Gaia Admin password on VMware for Management server

    Quote Originally Posted by blason View Post
    Yeah that seems to have worked directly. Here is what I did.

    I rebooted my test VM from Kali, then mounted _current and changed the shadow file and then chattr. That seems to have put me in.
    Not sure what would be consequences though.

    root@kali:~# mkdir /tmp/test
    root@kali:~# mount /dev/mapper/vg_splat-lv_current /tmp/test/
    root@kali:~# cd /tmp/test/etc/
    root@kali:/tmp/test/etc# vi shadow
    Put my passwd which I generated on my other linux machine using command e.g. [ echo 'ABCdef@123' | openssl passwd -1 -stdin]

    root@kali:/tmp/test/etc# chattr +i shadow
    root@kali:/tmp/test/etc# chattr +i passwd
    root@kali:/tmp/test/etc# reboot


    What could be the consequences you guys can think of this?
    Apart from reboot how did you get to the mounting phase?

  13. #13
    Join Date
    2012-06-13
    Posts
    368
    Rep Power
    7

    Default Re: How to recover Gaia Admin password on VMware for Management server

    you mean after changes or before I made changes? I am sorry I did not get your question. Does that mean whether CP service came up successfully after changes?

  14. #14
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,647
    Rep Power
    9

    Default Re: How to recover Gaia Admin password on VMware for Management server

    Quote Originally Posted by blason View Post
    Yeah that seems to have worked directly. Here is what I did.

    I rebooted my test VM from Kali, then mounted _current and changed the shadow file and then chattr. That seems to have put me in.
    Not sure what would be consequences though.

    root@kali:~# mkdir /tmp/test
    root@kali:~# mount /dev/mapper/vg_splat-lv_current /tmp/test/
    root@kali:~# cd /tmp/test/etc/
    root@kali:/tmp/test/etc# vi shadow
    Put my passwd which I generated on my other linux machine using command e.g. [ echo 'ABCdef@123' | openssl passwd -1 -stdin]

    root@kali:/tmp/test/etc# chattr +i shadow
    root@kali:/tmp/test/etc# chattr +i passwd
    root@kali:/tmp/test/etc# reboot


    What could be the consequences you guys can think of this?
    Thats really only to get into the system once its up. After you reboot and get back in you need to chattr -i those files then get into clish and fix things or do what you listed above, etc

  15. #15
    Join Date
    2012-06-13
    Posts
    368
    Rep Power
    7

    Default Re: How to recover Gaia Admin password on VMware for Management server

    Great news Guys!!!

    I just now carried out this method on my Production mgmt server and hurray I was able to reset the password with this. Sigh It did not even take 10 mins to reset it due to this method.

    Probably this would help others if they locked out like me.

    I think CheckPoint should put this method as sk to reset the password ;-D LOL!!

    In short what I did is

    1. Rebooted Mgmt VM with any Live linux CD, I used Kali
    2. Create test directory as mount point
    3. cd /tmp/test
    4. Then mounted /dev/mapper/vg_splat-Current
    5. mount /dev/mapper/vg_splat-Current /tmp/test
    6. cd /tmp/test/
    7. cd etc
    8. echo 'ABCxyz@123' | openssl passwd -stdin -1
    9. This will give you hash, copy it
    10. vi etc/shadow
    11. delete the hash between : :
    12. Paste the new hash
    13. save the file and
    14. chattr +i shadow
    15. chattr +i passwd
    16. reboot



    Login with new password and once in
    chattr -i /etc/shadow
    chattr -i /etc/passwd

    and you are done!!!

Similar Threads

  1. Reset admin CLI password in Gaia
    By rclyne in forum R75.40 (GAiA)
    Replies: 4
    Last Post: 2013-04-10, 08:26
  2. admin password different to smartdashboard admin logon password
    By trackhappy in forum Check Point UTM-1 Appliances
    Replies: 4
    Last Post: 2009-02-19, 20:19
  3. Resetting admin password on Nokia Mgmnt Server
    By gladiatorkev in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 1
    Last Post: 2008-09-01, 16:56
  4. Forgot Admin Password to SmartCenter Server
    By gladiatorsword in forum Check Point Backup Procedures
    Replies: 2
    Last Post: 2008-01-30, 05:57
  5. Recover Nokia Cluster admin password
    By longname in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 9
    Last Post: 2006-08-15, 17:43

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •