What algorithms Splunk use for password encryption - splunk

Please help me to restore or change my Splunk enterprise password. I forgot Splunk username and password and I don't want to reinstall it cause I am having my data on it. So please help me to crack it. I tried all available ways which I got in google search, But nothing works.

Splunk doesn't disclose their encryption algorithm.
There is an established procedure for "recovering" the admin password. Stop Splunk and rename the $SPLUNK_HOME/etc/passwd file. Start Splunk and sign in using the default password. Change your password. If you have no other users, you are done. If you do have other users, stop Splunk, copy the encrypted password from $SPLUNK_HOME/etc/passwd to the passwd file you renamed earlier. Put the renamed file back in its original name and location, then start Splunk.

Related

Does bin/bash access allow the user to find the server password?

I had a server that had a lot of users on it, its operating system was cloudlinux and had cpanel!
This server is used for Python projects and had bin/bash!!! access
Suddenly the command rm -rf * was typed on the server and all the data was deleted !!!
We quickly uploaded the backups and hacked the possibility and restricted ssh access to the root server!
But the next night we were hacked again, this time with the monitoring we had at whm! , we noticed that someone enters whm and quickly changes the password !!!
My question is whether users with access to bin/bash! can find the root password ???
We are now giving users access to JailShell in CPanel and full SSH access is closed. Do you have any idea how this happened?
Did you encounter a similar case?
Does bin/bash access allow the user to see the password?
Thank you for sharing your comments with us
It's difficult to obtain a Linux password, even with full access to the computer. That's because the passwords are stored in hashed form. Probably the only reliable way to get a password is to install a trick password change program, which does the change, but also sends the password somewhere else.
However, you don't need the password to get full access to a computer. There are several other ways in, and anyone who can access /bin/bash is likely to be able to test them and probably find one that works. Once they get full access, most intruders will install some other program that will let them in in the future, even if the original security hole is patched.
Once a machine is compromised, it's pretty important to burn it and start fresh. You can't trust it otherwise.

Is there a way to decrypt a password using Argon2i Encryption?

So I have a password that my password manager overwrote, and I self host the server (NextCloud) and I would like to know if it is possible to revert the hashed password with the salt key I have, I heard NextCloud uses Argon2i when using PHP 7.0 and later (and I'm running PHP 7.0 or later) so is it possible to revert my password back to it's original state and put it back into the password manager (Sorry I'm a bit of a noob when it comes to dehashing/decrypting passwords because I've never needed to dehash/decrypt my passwords before)
Edit: If I were to provide my argon'd password, could someone crack it or better yet tell me how to crack it, based on the mysql database it seems to have the parameters used to make the password by argon (probably to de-argon it to check if the password is actually correct)
This is a very specific solution but in the event that you are using nextcloud and you have access to the account when losing your password, just download all the files, make a new account and upload them to that account and delete the old account

SSH 2FA not working with Google Authenticator

Ssh with 2FA using Google Authenticator worked well for many months. My cellphone broke and I had to use the backup codes. All backup codes were used.
I fixed the phone, I'm able to use the Google Authenticator, but the codes don't work. I tried using the 'Time correction for codes' but it didn't help.
The administrator of the servers can't access the root account of the server (they are using VMWare but they don't know how to login as root without the password, yes, they are a little stupid).
So, I can't access the server. What can I do, consider my limitations?
Thanks.
I don't see a way besides reset root's password.
To reset root's password: reboot the host, edit Grub boot options and add init=/bin/bash to the kernel line. This will drop you into a bash command prompt where you can run passwd to reset the password
See this full guide with images here.
After successfully reset of root's password, reconfigure Google Authenticator for your user.
P.S:
Authy is a good alternative for Google Authenticator. It syncs your codes between all your devices. So, if your phone gets broken or lost again you won't have these troubles anymore.
Authy has a ssh integration, you may give it a try.

Protect VPS,WHM,cPanel

Please guys help me, I want prevent my old developer from access to my VPS,WHM and cPanel what I should do. I don't want to lose my work.
I saw there is password for Virtuozzo Power Panel, WHM and cPanel there is my thing i need to change it.
like how I know if he have SSH access or not. or any recovery can he recover the passwords
If you have given Password, SSH and FTP access to your developer you can consider doing the following:
Change your WHM's root password
Change all of your cPanel accounts' passwords (or those that your
developer had access to, if he had access to the whole WHM - you
might want to change all passwords)
Make sure there aren't any authorized SSH keys for the root user.
This can be seen through WHM's interface, docs here
Make sure there aren't any authized SSH keys for any cPanel user as
well. This can be done through each cPanel account's SSH Access
tool
Check all cPanel accounts for unauthorized FTP accounts.
You can also take a look at the cron jobs that are running as well.
Ultimatively you should also consider looking for any backdoors that
might be present in the scripts that your developer was working on.

Batch | Net use Password

Sorry for my bad English, but if you can help my it will be great.
I have couple of file system over my network and every night I need to take one file from another file system to mine.
for that to happen i'm using a Batch script how mapping me the drive with net use command.
my problem is that i don't want the password will go through clear text
( To see my password or to sniff it).
my questions is :
there is any way that i can encrypt my password and still login with the same credentials.
Thank You
If you can set up a Domain controller using either one of your Windows machines, or Samba, then you could use Trusted authentication based on the user executing the scheduled job that executes the batch file.
Alternately, you could encrypt the password and have a program decrypt it and execute the net use, but you're always* going to be faced with the fact that if your computer can send the password out when you don't type it in, then your computer knows your password, and anyone with physical access to that computer can get your password.
*Unless your computer doesn't know the password, and instead relies on an HSM (Hardware Security Module).
I had the same thing but found a nice workaround.
The passwords are not stored in DOS so I went from the run menu and simply typed the name of the path like "\server\files".
When it asked for credentials I ticked the checkbox "Save credentials"
The password will then be stored in your Windows Credential Manager (control panel) and this way your dos batch file fwill always now the password.