Loosing the root password - Security & Cryptography

Users browsing this thread: 2 Guest(s)
venam venam Offline | 08-09-2016, 12:39 AM | #1
Administrators
Hello fello nixers,
This thread is about what to do if you lost your root password.

Context: My friend lost his root password and his current user automatically logs into the system without entering any password, so he doesn't remember this one either.

The solutions I could think of:
  • Boot from a live CD and edit the /etc/passwd to make his default user have root privileges, check validity of the file with pwck, log back in to change the root password, set everything back to normal.
  • Boot from a live CD and edit /etc/shadow to put a hash I'm sure of or an empty one. (I've been looking but couldn't find a tool that generates that password so I'm just going to copy it from another box).
  • Boot from a live CD and change the sudoers file to allow his user to be root without entering a password.
  • This doesn't apply here but for BSDs booting into single user mode allows changing the root password. ( https://www.openbsd.org/faq/faq8.html )

This will only work if the hard disk is not encrypted, and it's not so it's fine.

I have found those too:
https://access.redhat.com/documentation/...asswd.html
This one is a way to boot into single user mode linux by appending to the GRUB line:
Code:
ro root=LABEL=/
It then gives you a root shell where you can change the password.

http://askubuntu.com/questions/24006/how...e-password
https://help.ubuntu.com/community/LostPassword

Kind of the same spirit, choosing to boot into a rescue mode and then mounting the file system and changing the password.

There's also a mention to add this line to the grub:
Code:
init=/bin/bash
Which I assume will use bash as the init process and thus letting you have full control over the OS (source and here).
Parameters of the linux kernel:
Code:
parameter     Description
root=     Root filesystem.
rootflags=     Root filesystem mount options.
ro     Mount root device read-only on boot (default1).
rw     Mount root device read-write on boot.
initrd=     Specify the location of the initial ramdisk.
init=     Run specified binary instead of /sbin/init (symlinked to systemd in Arch) as init process.
init=/bin/sh     Boot to shell.
systemd.unit=     Boot to a specified target.
nomodeset     Disable Kernel mode setting.
zswap.enabled     Enable Zswap.
video=<videosetting>     Override framebuffer video defaults.

Do you have any other tips or suggestions?

Here's a bunch of resources on the topic.
citrus citrus Offline | 08-09-2016, 04:18 AM | #2
Members
Although this isn't the answer your friend is looking for, if I were them, I would create a new user password, add myself to sudoers, and then lock the root account. It seems like a security hole to allow logging in as root at all.

Another technique for changing the password could be using a live CD / USB to chroot in and then change the password. I believe you have root permissions at that point.
venam venam Offline | 01-02-2018, 05:40 AM | #3
Administrators
(08-09-2016, 04:18 AM)citrus Wrote: Another technique for changing the password could be using a live CD / USB to chroot in and then change the password. I believe you have root permissions at that point.
This actually saved me today.
Using single usermode didn't cut it, it was mounting the file system in read-only mode which didn't let me access anything.
evbo evbo Offline | 01-02-2018, 01:30 PM | #4
Members
Like citrus said, my first go-to would be systemrescuecd and a chroot
xero xero Offline | 02-02-2018, 01:37 PM | #5
Long time nixers
if you still have an account on the system, you could also go the privilege escalation route. there are a number of tools to help you identify vulns on your current machine. i've recently been taken to using the MIDA-Multitool since i actually pulls and runs multiple other tools. once you get root you can just change the password.


View a Printable Version