Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Resetting root password without login

  1. #1
    Member xX_Spiidey_Xx's Avatar
    Join Date
    Jan 2010
    Location
    /dev/urandom
    Posts
    256

    Default Resetting root password without login

    Alright folks, let's say you've lost your root password, or simply cannot log in as root after a hard drive install, and have no privileged users on your system. I'm about to show you how to get back in the game as root with a quick and dirty password-change hack.

    For this tutorial, everything that is italicized is a user action. Anything in <angle brackets> is a keystroke. If it has a + beside it, it means press the keys at the same time.

    // Changing the root password:

    = - = - = - = - = - = - = - = - = - = - =

    Reboot your computer. Wait for the grub screen... Press <ESC> when you're prompted.

    Highlight the first option.

    Press <e>.

    Highlight the kernel line.

    Press <e>.

    Press <TAB>. You'll get an error message.

    Press <ESC>.

    Press <e> again.

    Using your arrow keys, scroll back and change ro to rw

    At the end of the line add: init=/bin/bash

    Press <Enter>

    Press <b>

    Type at the prompt: passwd root

    Enter the new password twice.

    Press <CTRL>+<d> to cause a nice Kernel Panic. This will cause your system to hang.

    Press and hold your power button till it shuts down. Power back up and let it boot into BackTrack normally.

    Log in as root with your new password.
    Last edited by xX_Spiidey_Xx; 02-04-2010 at 10:33 AM. Reason: More housekeeping...
    thou shalt treat all computers as thou wouldst treat thyself, for thou art the creator of thine own problems.

  2. #2
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default re: Resetting root password without login

    Quote Originally Posted by xX_Spiidey_Xx View Post
    Alright folks, let's say you've lost your root password, or simply cannot log in as root after a hard drive install, and have no privileged users on your system. I'm about to show you how to get back in the game as root with a quick and dirty password-change hack.
    This could be considered an exploit to gain root privileges, right?
    As a possible counter-measure, one could enable BIOS password, so that grub will only appear after the password prompt.

    Thanks for sharing, xX_Spiidey_Xx.

  3. #3
    Senior Member lordplagueis's Avatar
    Join Date
    Jan 2010
    Location
    Virginia
    Posts
    106

    Default Re: Resetting root password without login

    uhoh this should be fixed a thief or nosy person can view your files with this vunerability
    HP DV7
    8GB DDR3
    Core i7-720QM
    Nvidia GeForce GT 320M

    BT5-64bit x WIN7-64bit DualBoot

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Resetting root password without login

    Quote Originally Posted by lordplagueis View Post
    uhoh this should be fixed a thief or nosy person can view your files with this vunerability
    Pretty much every Operating System I can think of can be accessed in this way* if the attacker has physical access to the box. And you don't even need to reset a password, you can access the files directly by using an alternative OS and mounting the hard drive. The only way to "fix" a problem like this is to encrypt the locally stored files...

    EDIT: * When I say "this way", I actually meant by resetting the administrative/super user password. Obviously this exact method wont work on a Windows box, but there are alternative ways by which a Windows Administrator account can have its password changed locally without logging on. Ditto for other Operating Systems.

    Also, since physical access to the box is required for this method, physically securing the box will also work to provide security, as an alternative to encryption.
    Last edited by lupin; 02-05-2010 at 01:15 AM. Reason: Clarification
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #5
    Member skinnypuppy's Avatar
    Join Date
    Jan 2010
    Location
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
    Posts
    154

    Default Re: Resetting root password without login

    To disable the xX_Spiidey_Xx hack so that you buddies don't pwn you with this little xploit, do the following:

    1.) From a terminal type "grub-md5-crypt" <enter>
    2.) Enter a password for the grub menu
    3.) Re-enter your password

    This will generate an md5 hash of that password.

    4.) Type "nano /boot/grub/menu.lst" <enter>

    You are looking for this entry:

    ## timeout sec
    # Set a timeout, in SEC seconds, before automatically booting the default entry
    # (normally the first entry defined).
    timeout 3

    Add the following line right below it:
    password --md5 <hash> (replace the <hash> with the md5 hash that was generated, copy and
    paste if you must)

    5.) Hit <ctl & o> to write out the file to menu.lst
    6.) Hit <ctl &x> to exit

    Now when you reboot, hitting <esc> at Grub boot will present the kernel options but you will need to type the letter p to enter a password before passing any args to the kernel.

    Again, it's all useless if one can access your system with an alternative method (LiveCD, etc..) as Lupin stated and setting BIOS password is pointless as there are lists all over of backdoor passwords for Phoenix, AMI, Award, etc.. not too mention removing the battery, changing jumpers on the motherboard...

    The only way to be safe is to encrypt.

  6. #6
    Member xX_Spiidey_Xx's Avatar
    Join Date
    Jan 2010
    Location
    /dev/urandom
    Posts
    256

    Default Re: Resetting root password without login

    @ Snayler: Yes, absolutely. Physical access to machines is the first place I'd look to get into them. THEN I'd aim for remoteness. So yes, a BIOS password would be an efficient deterrant, but bear in mind that BIOS passwords can be dumped quite easily (CMOS battery anybody?).

    @ lupin: Yup, as far as I know, this method, or quite similar can be used to root any *nix box out there.

    @ skinnypuppy: Glad you posted a band-aid; when I wrote this tut I hadn't thought of the scare it could put into people.

    Again, folks, the only "real" way to secure your computers is to keep them under lock and key, and for even greater security, unplugged. There are ways to change any user's passwords on a *nix box just by booting live. Encrypting your disk is one of the best ways to secure your software, but bea in mind that there are several forensics tools offer disk and hash decryption as well.
    thou shalt treat all computers as thou wouldst treat thyself, for thou art the creator of thine own problems.

  7. #7
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default Re: Resetting root password without login

    Quote Originally Posted by xX_Spiidey_Xx View Post
    @ Snayler: Yes, absolutely. Physical access to machines is the first place I'd look to get into them. THEN I'd aim for remoteness. So yes, a BIOS password would be an efficient deterrant, but bear in mind that BIOS passwords can be dumped quite easily (CMOS battery anybody?).
    Yes, i know. Thanks for pointing that out, though. I forgot to mention it and others might not know. Sorry about that.

  8. #8
    Just burned his ISO
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    18

    Default Re: Resetting root password without login

    Between, this helped me to 'recover' my password, so thank you ;D

  9. #9
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    5

    Default Re: Resetting root password without login

    Quote Originally Posted by skinnypuppy View Post
    ...and setting BIOS password is pointless as there are lists all over of backdoor passwords for Phoenix, AMI, Award, etc.. not too mention removing the battery, changing jumpers on the motherboard...

    The only way to be safe is to encrypt.
    Adding a BIOS password is not exactly pointless, not only does it provide another layer of defense but may actually stop some perpetrators in their tracks. I knew this little detail could be worked around somehow but never did it cross my mind, it seemed to be the ultimate physical access defense. Out of curiosity, is the only workaround hardware mods? If so, then just lock up the box.

  10. #10
    Just burned his ISO
    Join Date
    Feb 2010
    Location
    505
    Posts
    10

    Default Re: Resetting root password without login

    Guess I don't everyone's hardware resources.... so I might I go about popping the CMOS battery in a VM?

Page 1 of 2 12 LastLast

Similar Threads

  1. Making a user that has the root appearance BT4
    By Soultaker666 in forum Beginners Forum
    Replies: 13
    Last Post: 02-10-2010, 02:22 AM
  2. Kismet running in root
    By arcutha in forum Beginners Forum
    Replies: 6
    Last Post: 02-05-2010, 12:18 PM
  3. help with password for bt4 in vmware
    By iguana in forum Beginners Forum
    Replies: 1
    Last Post: 01-20-2010, 07:52 PM
  4. Password Manager
    By .rtkd in forum Tool Requests
    Replies: 0
    Last Post: 01-15-2010, 07:50 PM
  5. Replies: 2
    Last Post: 01-12-2010, 05:32 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •