[TriLUG] best way to hack root...
Kevin Otte
nivex at nivex.net
Thu Feb 21 15:10:19 EST 2013
I would propose one small modification to the procedure. Rather than
hand edit the mounted /etc/shadow, change root into the mounted
partition and use the passwd tool to change it to something known. This
way you can recover the root password (if there is one) and/or the
user's password.
eg:
rescue# mount /dev/root_part /tmp/mnt
rescue# chroot /tmp/mnt
chroot# passwd root (or username)
[follow prompts]
chroot# exit
rescue# exit (or reboot)
On 02/21/2013 02:07 PM, Alan Porter wrote:
>
>> I can "su" as I have the system
>> auto-logging into my user account.
>
> "su" requires root's password (which you don't know).
> "sudo" requires YOUR password (which you also don't know).
>
> In this situation, I boot using a liveCD or liveUSB, then mount the root
> filesystem and edit /mnt/etc/shadow, removing the encrypted password for
> root or the user in question. Reboot and log in using your now-empty
> password.
>
More information about the TriLUG
mailing list