[TriLUG] best way to hack root...

Kevin Otte nivex at nivex.net
Thu Feb 21 15:10:19 EST 2013


I would propose one small modification to the procedure. Rather than 
hand edit the mounted /etc/shadow, change root into the mounted 
partition and use the passwd tool to change it to something known. This 
way you can recover the root password (if there is one) and/or the 
user's password.

eg:
rescue# mount /dev/root_part /tmp/mnt
rescue# chroot /tmp/mnt
chroot# passwd root (or username)
[follow prompts]
chroot# exit
rescue# exit (or reboot)

On 02/21/2013 02:07 PM, Alan Porter wrote:
>
>> I can "su" as I have the system
>> auto-logging into my user account.
>
> "su" requires root's password (which you don't know).
> "sudo" requires YOUR password (which you also don't know).
>
> In this situation, I boot using a liveCD or liveUSB, then mount the root
> filesystem and edit /mnt/etc/shadow, removing the encrypted password for
> root or the user in question.  Reboot and log in using your now-empty
> password.
>



More information about the TriLUG mailing list