Nytro Posted March 25, 2013 Report Posted March 25, 2013 Reset Linux root password without knowing the password -By Vaibhav Kaushal So there it goes - Linux is a secure OS. No, really it is. Despite the title of this post, Linux is actually a secure system. Before we proceed to the main topic, let us consider a few points:Linux is flexible to a very large extent. Linux's administrator account is called 'root'. Linux systems never deny access to any resource whatsoever to the root account. If there are any restrictions in place, the root can remove those as well. The root account can set and change the password of any user. To change the password of root, you need to first login as root! It is the 5th point where the problem is. Much like in Windows, you would get locked out of the system. But since Linux is not (as pathetic as) Windows, there are ways to work around it. Let us see some of them. Method 1 - Use 'sudo su' In many systems, a normal user which is added to the system is also added to the list of sudoers. These users can gain the power of root account by running a command prepended with the word sudo. So if the person passes sudo passwd root or passes sudo su to first get the root power and then run the passwd command, he or she would be able to reset the root password. Simple. Easy. Effective. But this does not work everywhere Method 2 - recovery mode The sudo su method works on many systems, but not all. It would work on Ubuntu systems most of the time but other distributions like OpenSUSE, Fedora, Sabayon etc. may not be able to use it because they either do not put the normal users in the list of suoders or they want the password of root (not the same normal account) to give root power. On such systems, one can use the recovery console to reset root password. To do so, one can select 'recovery menu' in the boot menu. Normally every Linux distribution that gets installed will install a 'recovery mode' or a 'failsafe mode' boot entry which allows the user to boot into runlevel 1 where only the root can login. The user can then pass the command passwd to reset the password. Method 3 - override the init file! The recovery mode thing cannot work always because many systems (or should I say 'most' systems) will ask for the root password for logging in. Now, since you do not know the root password in the first place, that trick will fail. In such a case, you can try this: In the boot menu, highlight your Linux menu entry (not the one for recovery mode, but for the normal one) and press 'e' key on the keyboard. This will start an editor where you can change the boot parameter. In most new Linux systems, Grub2 comes as the boot loader. In such systems, the boot menu entry would be a bit complicated. So you might get intimidated by what you see at first. Do not worry, search for the line which starts with the word 'linux'. It would look something like this:linux /boot/vmlinuz-3.7.10-1.1-desktop root=UUID=ba08039b-33ba-4074-857c-9688856c3583 video=1366x768 resume=/dev/disk/by-id/ata-WDC_WD3200BEVT-75ZCT2_WD-WXE1A9033884-part2 splash=silent quiet showoptsYou have to add this to the end of that line: init=/bin/bash. So the line will start looking like this:linux /boot/vmlinuz-3.7.10-1.1-desktop root=UUID=ba08039b-33ba-4074-857c-9688856c3583 video=1366x768 resume=/dev/disk/by-id/ata-WDC_WD3200BEVT-75ZCT2_WD-WXE1A9033884-part2 splash=silent quiet showopts init=/bin/bashNow press the F10 button (or whatever is being shown on the screen for the booting) to boot the system. NOTE: If you do not have Grub2, but a lower version of grub then you should search for the line starting with the word 'kernel' instead of 'linux'. Also, you would have to press the 'b' key to boot the entry in that case.When you boot like that, you would be given the root prompt. You can then run the command passwd root to change the root password. The reason why this happens is because normally when a Linux system boots, the kernel is loaded first. After the kernel is loaded, it loads the ramdisk and gets ready for continuing the rest of the booting. Once it is ready, it runs the init command (usually located at /sbin/init) which would run the rest of the system. When you pass init=/bin/bash to the kernel, it will not load /sbin/init file for booting; instead it will load /bin/bash file which starts the bash shell with the root user's power (because the kernel itself called it) and hence that prompt would allow you to change the root user's password. Actually, this prompt had more power than anything else on Linux because it is running with all the privileges of the system! Method 4 - the ultimate method - change the password hash If none of the above works for you then you can take help of another Live Linux CD/DVD to change the root password. This method is long and is a step by step process. You should follow it carefully. Here are the steps (we will consider that the installed system was OpenSUSE and the Live DVD was that of Ubuntu):Boot into the Live Linux system (Ubuntu) using the DVD. Once the system is up, go to the terminal and type 'sudo su'. This will get you to the root user. Now, mount the partition of the disk which contains the /etc directory of the installed system (i.e. the root partition of the OpenSUSE installation on disk). Usually, it would be /dev/sda1 or /dev/sda2 etc. You would know it better. Assuming it was on /dev/sda2, run the command: mkdir /tmpmnt mount /dev/sda2 /tmpmnt Above command will mount your installed system's root partition on /tmpmnt directory of the live system. Now you run the command: 'passwd root'. It will ask for password twice. Enter the password and remember the password well! Open the file /etc/shadow of live system (use vim or nano) and search for the line which begins with the word 'root'. It will look something like this: root:$6$o9LWR1MJXjmO$IRP3uil/aSsDVR/HoCqXvTMUbp9.91z58MkiZSoHfFv3AuB54xQetmTP6E9Y6k2Wku80O9wbjcXC24kl6zKUz/:15609::::::Now, the gibberish you see after the first colon is your password hash. Copy that hash. (In this case, the hash is $6$o9LWR1MJXjmO$IRP3uil/aSsDVR/HoCqXvTMUbp9.91z58MkiZSoHfFv3AuB54xQetmTP6E9Y6k2Wku80O9wbjcXC24kl6zKUz/Open the /tmpmnt/etc/shadow file and search for the line that begins with 'root'. It will look very much similar to what you saw in step 6. Replace the existing hash in this file (/tmpmnt/etc/shadow) with the one you have copied (from /etc/shadow); i.e. you have to delete the existing text after the first colon in the file /tmpmnt/etc/shadow and paste the copied hash there! Save the file and reboot the system to the installation on the disk. Try to login as root and use the password as what you had used in step 5. You should be able to login! Viola, you have successfully changed the password! The last trick is the master trick of them all. If none of the steps work for you (try them in the order they have been mentioned), please let us know what issues you are facing in the comments. OR you can register at the site and ask specific questions in the forums.Sursa: Reset Linux root password without knowing the password Quote
scorpio2k2 Posted March 25, 2013 Report Posted March 25, 2013 Prea mult Mult mai simplu :Step 1. Reboot the system. Step 2. When the Grub menu comes up, press “e” to edit the menu selections.Step 3. Select the kernel you would usually boot and press “e” to edit the settings.Add single init=/bin/bash” to the end of the existing line. This will set the system to boot in to single user mode and immediately load a bash shell.Stept 4. Finally, press “b” to boot.The system will boot up into single-user mode with the root file system mounted read-only. To set a new password you will first need to re-mount it read/write:mount -o remount,rw /Now you can proceed to set a new root password using passwd command Quote
Gilbert Posted March 26, 2013 Report Posted March 26, 2013 @Nytro: And what is the solution to protect that? Because i thought that this website was about security and not about how to undermine the security protocol systems.But ok, when you set an bios password and remove the option to start from DVD drive, then you can't use this threat. Further is it not smart to keep the Grub menu, normally you remove that one as first after an success full installation. You can replace it simply by an lil programmed script to make an standard start up. The idea from linux is to start it once and let it run for effer..... so you can replace the Grub. Quote
em Posted March 26, 2013 Report Posted March 26, 2013 @Gillbert, having a bios password is good idea.You can even put a password on the grub.The 4th method doesn't work anymore nowadays (in some distributions). If you alter /etc/shadow from a live system (by mounting the partition), it will be discarded and it will be replaced by a default one.None of these methods work remote. Quote
Gilbert Posted March 31, 2013 Report Posted March 31, 2013 Absolutely true, i am an very big fan from encrypted hard-disks and usb sticks ect.. From encryption in general i am an fan. IF the NAVO and governments had used an encryption, then the whole red October attack wouldn't had worked. But the problem is that such organisations work with consumer applications, well then you ask for trouble. Quote