Fix “Sorry, try again sudo: 3 incorrect password attempts” in WSL

Posted on by

Fix “Sorry, try again sudo: 3 incorrect password attempts” in WSL

You might have encountered similar errors to the ones below while using Windows Subsystem for Linux (WSL). The two errors demonstrated and FIXED below occur under different but related instances, that trace back to the Linux utility named “sudo“, used for privilege escalation.

When a user in the “sudo” group in some Linux distributions or “wheel” group in other distros, uses the “sudo” utility they are asked to enter their password to escalate privileges for tasks that require administrative permissions.

In the case of our error here, when a NON-ROOT user in either of the groups discussed above runs a “sudo” command, Error 1, is thrown;
e.g.:

sudo apt-get check
sudo su -

Error 1:

Sorry, try again
Sorry, try again
sudo: 3 incorrect password attempt

wsl-sudo-error-3-incorrect-password-attempts-thetqweb

 

On the other hand, when a ROOT user runs a “sudo” command (for whatever reason they would wanna do that), , Error 2, is thrown;
e.g.:

sudo su thetqweb

Error 2:

sudo: account validation failure, is your account locked?

wsl-sudo-error-account-validation-failure-thetqweb

 

The root cause of Error 1 & 2 above is an error (configuration or dependency) in the package “libcrypt1“. This package is a modern shared library for one-way hashing of passwords in Debian GNU/Linux and all Debian-based Linux distributions. It has support  for:- bcrypt-based password hashes; SHA-2-512; SHA-2-256; NTHASH; SUNMD5; MD5; && DES. To find out more about the package/library, check out “https://packages.debian.org/stable/libcrypt1“!

 

[SOLUTION]

[DOWNLOADING]

To fix the “libcrypt1” configuration/dependency errors, you first need to download the package from Debian server of choice [North America; South America; Asia; Africa; Europe; Oceania];

sudo wget http://http.us.debian.org/debian/pool/main/libx/libxcrypt/libcrypt1_4.4.18-4_amd64.deb -O libcrypt1_4.4.18-4_amd64.deb

To avoid the Certificate Error below, use “http://” instead of “https://” for the “wget” command.

Resolving http.us.debian.org (http.us.debian.org)... 64.50.233.100, 64.50.236.52, 208.80.154.139, ...
Connecting to http.us.debian.org (http.us.debian.org)|64.50.233.100|:443... connected.
The certificate's owner does not match hostname 'http.us.debian.org'

wsl-sudo-error-download-thetqweb

There are ways to verify integrity, provided by Debian, and specific to this package (in case you got your package from elsewhere);

libcrypt1_4.4.18-4_amd64.deb INTEGRITY
Exact Size: 87504 Byte (85.5 kByte)
MD5 checksum: d7fd14a5ed9019abe12024988b23bf30
SHA256 checksum: f617952df0c57b4ee039448e3941bccd3f97bfff71e9b0f87ca6dae15cb3f5ef

 

[INSTALLING]

Next step involves installing the downloaded package “libcrypt1_4.4.18-4_amd64.deb” using the “dpkg” utility;

dpkg -i Downloads/kali-packages/libcrypt1_4.4.18-4_amd64.deb

wsl-dpkg-install-2-libcrypt1-thetqweb

The above command did NOT run successfully due to Dependency problems in “libc6“, which was found YET to be configured. Therefore, the NEXT step was to CONFIGURE the affected package.

dpkg --configure libc6

After a successful configuration, the NEXT step was to repeat the INSTALLATION command;

dpkg -i Downloads/kali-packages/libcrypt1_4.4.18-4_amd64.deb

wsl-dpkg-install-3-libcrypt1-thetqweb

 

[Proof of Concept (PoC)]

At this point, what was left was just to prove that the problematic commands that resulted in Errors 1 && 2 were now FIXED. Below are commands and their resultant output in screen snips that prove that the FIX WORKED. The first “sudo” command was run as a NON-ROOT user, and the second as a ROOT user.

Error 1 FIXED::

sudo su -

wsl-sudo-su-fixed-thetqweb.png

wsl2-sudo-su-fixed-thetqweb.png

Error 2 FIXED::

sudo su thetqweb

wsl-sudo-passwd-fixed-thetqweb

 

Fix “Sorry, try again sudo: 3 incorrect password attempts” in WSL
Forum [ WSL ] | thetqweb