Newb move aka shadow remove

Not that i’m newb or anything, but…
Let’s just say i’ve done something terrible:

sudo rm -rf /etc/shadow


Don’t ask! :rofl:

Obviously only TTY now.
Is there a way out of it?

1 Like

Timeshift or equivalent - or a copy from a similarly setup system, and a chroot from a live boot to copy in from a separate USB stick. Beyond that, my limited experience suggests beginning again!

1 Like

That’s what i’m thinking too, since no timeshift here - like to play rough on that machine as you can see lol :slight_smile:

I have no idea how you could restore encrypted passwords. The rest of the /etc/shadow file should be easily reconstructible from /etc/passwd

1 Like

:crazy_face: how comes?
hopefully, you have:

ls /etc/shadow-
and can do a cp /etc/shadow- /etc/shadow


Actually i do have it…So shadow- is just a backup?

Just you know…Having some sudo fun :blush: :sweat_smile:

1 Like

i am not sur ei do never need to do such before, nor someone asking for it :innocent:

Looking at my /etc/shadow-, you might be missing some users if you just copy it, but you can reconstruct those from /etc/passwd (as they don’t have a password).

So, you copy the encrypted passwords from /etc/shadow- (they are the same as in /etc/shadow) and restore the rest from /etc/passwd.

1 Like

yes now i remember… Rebuild /etc/shadow file from /etc/passwd is the way to go …

1 Like


Thx guys, that looks promising :slight_smile:
Will try later today and let you know how it go :yum:

1 Like

in linux everything is a file :wink:



That was surprisingly easy ! :upside_down_face:

  1. Booted from live USB

    cp /etc/shadow- /etc/shadow
  2. Able to boot in system and use user / root passwords already!

  3. Just in case done Step #3: Rebuild /etc/shadow file from /etc/passwd

Thx everyone, today we have learned something totally unnecessary and useless, but you never know! :joy:

Feelin’ like a human pen-test today :sunglasses:
Search & Destory!! :robot:


Most probably will be useful to me for I am a destruction lover

I once “sudo rm -rf” ed my / to see some fun :laughing:

1 Like

What a classics! :partying_face:
Been there, done that :blush: :sweat_smile:

Just wanted to see… :yum:

You know, it’s like in extreme sports they always say - first you learn to fall properly. :snowboarder:


Now planning to use a dedicated machine for the fun of ‘Destruction’ .

Do you have any suggestions ?
Should I start a topic ?
Is there one already ?

I think proper rule for that would be:

  1. Try to get out on your own
  2. If in serious doubt in how to get out or don’t have time - start new topic and ask for suggestions

That should be fair :slight_smile:

Oh and in terms of how exactly to mess things up - your imagination is the limit! :upside_down_face:

1 Like

next one play /usr/lib recursive with mplayer:

mplayer -quiet  -shuffle -playlist <(find /usr/lib -type f)
1 Like

mplayer can play raw binary, don’t it?))

P.S. That’s real thing!
I loved in the past to create samples from raw binaries back on Windows with Sound forge… :heart_eyes: