[TriLUG] best way to hack root...

Robert Dale robdale at gmail.com
Thu Feb 21 16:20:28 EST 2013


On Thu, Feb 21, 2013 at 4:15 PM, Joseph S. Tate <dragonstrider at gmail.com> wrote:
> And this, my friends, is why, if you don't have physical security, you
> don't have any security.  :)

Or run an encrypted filesystem.




> On Thu, Feb 21, 2013 at 3:10 PM, Kevin Otte <nivex at nivex.net> wrote:
>
>> I would propose one small modification to the procedure. Rather than hand
>> edit the mounted /etc/shadow, change root into the mounted partition and
>> use the passwd tool to change it to something known. This way you can
>> recover the root password (if there is one) and/or the user's password.
>>
>> eg:
>> rescue# mount /dev/root_part /tmp/mnt
>> rescue# chroot /tmp/mnt
>> chroot# passwd root (or username)
>> [follow prompts]
>> chroot# exit
>> rescue# exit (or reboot)
>>
>>
>> On 02/21/2013 02:07 PM, Alan Porter wrote:
>>
>>>
>>>  I can "su" as I have the system
>>>> auto-logging into my user account.
>>>>
>>>
>>> "su" requires root's password (which you don't know).
>>> "sudo" requires YOUR password (which you also don't know).
>>>
>>> In this situation, I boot using a liveCD or liveUSB, then mount the root
>>> filesystem and edit /mnt/etc/shadow, removing the encrypted password for
>>> root or the user in question.  Reboot and log in using your now-empty
>>> password.
>>>
>>>  --
>> This message was sent to: Joseph Tate <dragonstrider at gmail.com>
>> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
>> address.
>> TriLUG mailing list : http://www.trilug.org/mailman/**listinfo/trilug<http://www.trilug.org/mailman/listinfo/trilug>
>> Unsubscribe or edit options on the web  : http://www.trilug.org/mailman/**
>> options/trilug/dragonstrider%**40gmail.com<http://www.trilug.org/mailman/options/trilug/dragonstrider%40gmail.com>
>> TriLUG FAQ          : http://www.trilug.org/wiki/**
>> Frequently_Asked_Questions<http://www.trilug.org/wiki/Frequently_Asked_Questions>
>>
>
>
>
> --
> Joseph Tate
> --
> This message was sent to: Robert Dale <robdale at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  : http://www.trilug.org/mailman/options/trilug/robdale%40gmail.com
> TriLUG FAQ          : http://www.trilug.org/wiki/Frequently_Asked_Questions



-- 
Robert Dale



More information about the TriLUG mailing list