[TriLUG] best way to hack root...

[Steve Litt]

And what I've done each of the 172 times I've forgotten the password
was to disconnect from the network, boot a live CD, mount the root
partition, and edit /etc/passwd, and from user number 0 remove the star
in the password position, leaving two colons up against each other.
Then I reboot, log in a root, enter a passwword with the passwd
command, make a password for my normal user if I don't remember that
one either, then log out, reconnect the network, and log in with my
regular username.

On Thu, 21 Feb 2013 15:10:19 -0500
Kevin Otte <nivex at nivex.net> wrote:

> I would propose one small modification to the procedure. Rather than 
> hand edit the mounted /etc/shadow, change root into the mounted 
> partition and use the passwd tool to change it to something known.
> This way you can recover the root password (if there is one) and/or
> the user's password.
> 
> eg:
> rescue# mount /dev/root_part /tmp/mnt
> rescue# chroot /tmp/mnt
> chroot# passwd root (or username)
> [follow prompts]
> chroot# exit
> rescue# exit (or reboot)
> 
> On 02/21/2013 02:07 PM, Alan Porter wrote:
> >
> >> I can "su" as I have the system
> >> auto-logging into my user account.
> >
> > "su" requires root's password (which you don't know).
> > "sudo" requires YOUR password (which you also don't know).
> >
> > In this situation, I boot using a liveCD or liveUSB, then mount the
> > root filesystem and edit /mnt/etc/shadow, removing the encrypted
> > password for root or the user in question.  Reboot and log in using
> > your now-empty password.
> >