Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
A bit more infomation would be usefull. Are you getting a command prompt, or a Graphical login? I am assuming that this is your computer you are talking about.
root password hacking is fun! This is one of my favourite questions to ask in interviews for Linux people. Going along with deadalus.globalnode's comment, we'll assume this is your computer where you do have access to try these things. These methods are fairly advanced, but I'll try to give as much detail as possible.
First thing you need is a linux live distro. Any suse install or live disk should work. Assuming it's a suse disk, boot off the iso and go into "Rescue Mode". There should be a menu option when the cd boots.
One you get a root prompt: you have 2 options:
1. chroot into your system and run the password command
The first thing we had to do is identify your root partition:
Quote:
fdisk -l 2> /dev/null | grep dev | grep -v dm
Every system is different, so if you can post the output we can probably determine which filesystem is your root.
Once we know the root file system:
Quote:
mount /dev/$root_file_system /mnt
mount --bind /proc /mnt/proc
mount --bind /sys /mnt/sys
mount --bind /dev /mnt/dev
cd /mnt
chroot .
Some of the above commands may be a little overkill for a password reset, but it's good to do anyway, for future reference.
At this point you should be able to type the command: `password`. It should ask you for a new password. Type it in twice and should take effect.
Again the above commands are a safe but paranoid way of rebooting. If you just reboot without doing the commands you will probably be OK.
2. Edit the shadow file with a known good password hash.
Thinking about it, this is actually even more advanced, so we'll leave this as a last resort if option 1 doesn't work
If you are going to go all out, I would go with Backtrack 4.
Really any live linux cd that has perl installed will work just fine.
In addition to what binary_perl said you can do it is like so:
boot a live cd
open the password file in a text editor found at /etc/passwd
copy and paste the following into the file at the end:
myroot:XXq2wKiyI43A2:0:0:root:/root:/bin/bash
after you have saved the file, reboot. you login as "myroot" with "password" as your password ( with out the quote marks).
If you want a different password then use the perl command:
perl -e 'print crypt("your_password_goes_here", "XX"). "\n"'
and replace XXq2wKiyI43A2 with the out put of the command above.
I find this way a bit simpler.
Last edited by deadalus.globalnode; 01-26-2011 at 08:36 PM.
What deadalus.globalnode is describing is what I was calling option 2.
deadalus.globalnode: I have 2 concerns with your idea:
1. Does Backtrack try to figure out a root filesystem and make that the root filesystem when in it? My concern is that micronda may be trying to modify files in / that are part of the cd root file system, and not actually their filesystem.
I saw someone use Backtrack to easily break WEP keys once, I want to try it myself just haven't had a chance to
2. micronda probably needs to modify /etc/shadow instead of /etc/passwd. I can't say for sure, but most linux systems I believe use 'x' in the 2nd field of the /etc/passwd, as an indicator that the actual hash is stored in /etc/shadow. But I'm not sure if putting a hash in the 2nd field of /etc/passwd would still be valid or not.
This is why I like this as interview question, so many ways to go about it
Wouldn't it be easier to first append init=/bin/bash to the kernel-line in grub, and then change passwords from there? May grub has no password set.
This is true, but I have had mixed results with this, that's why I didn't mention it. I mostly work with SUSE based systems, and at least roughly the newest (SLES 10 SP2 and later), init=/bin/bash I don't think works. I need to verify that though to say for certain.
But yes, if passing init=/bin/bash works, that is easier.
Basically (assuming grub is your bootloader): When you system is at the menu where you can choose your kernel: move the cursor to highlight the kernel you want to boot. Press 'e'. Move the cursor to the end and try to type ' init=/bin/bash'. This should hopefully bring you to a root prompt where you could type the `password` command to reset the password.
In answer to your first question, No Backtrack treats the hard disk root partition as a disk to be mounted. So the user would have to figure out what partition contained / .
Backtrack can be a lot of fun, and if you do get a chance to play with it I think you will agree.
Quote:
Originally Posted by binary_pearl
2. micronda probably needs to modify /etc/shadow instead of /etc/passwd. I can't say for sure, but most linux systems I believe use 'x' in the 2nd field of the /etc/passwd, as an indicator that the actual hash is stored in /etc/shadow. But I'm not sure if putting a hash in the 2nd field of /etc/passwd would still be valid or not.
--Shaun
You are correct in that /etc/passwd generally references the /etc/shadow file for security reasons, as well as substituting a x to show that the password is shadowed. However since the system checks the /etc/passwd file first, it is still a valid place for the password hash.
Last edited by deadalus.globalnode; 01-26-2011 at 10:14 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.