44e8 Root password recovery - Telecomix Crypto Munitions Bureau

Root password recovery

From Telecomix Crypto Munitions Bureau

Jump to: navigation, search

Assuming that you can not log in as root at all.

Contents

[edit] Linux

This is about changing passwords in Linux.

[edit] Simple

  1. Reboot the computer.
  2. When GRUB appears, select the kernel to be booted and press 'e'
  3. Add "single" to the end of the line, and press enter
  4. boot the system by selecting the kernel and pressing 'b'.

Now you should be able to just type "passwd".

If that does not work, it is likely because the root file system is read only. You can remount the file system as read-write by typing "mount -n -o remount,rw /"

[edit] If that does not work

If that does not work, because you are asked to give the root password to enter the shell in single user mode, you can do this:

  1. Reboot the computer.
  2. When GRUB appears, select the kernel to be booted and press 'e'
  3. Add "init=/bin/sh" to the end of the line, and press enter
    • you need to remove "splash" if it exists, otherwise you might get stuck with that "Ubuntu booting"-picture instead of getting to any terminal.
  4. boot the system by selecting the kernel and pressing 'b'.
  5. Only the kernel and your shell should now be running.
    • In some computers, no prompt at all is shown even though the shell has started. Try typing "ls" or something to check if this is the case. This will not be a problem if you have a little bit of imagination (type blindly, as if you were given results back.).
  6. Remount the root file system as read-write: mount -n -o remount,rw /
  7. Type passwd and enter your new password.
  8. IF you can not restart the computer without pressing the Big Button: Type "sync" to synchronize the hard disc (so that the shadow files are actually updated) and then press the button. OTHERWISE do a normal reboot.
  9. Done.

[edit] If that does not work either

You can mount the file system on another computer. This is especially easy if it is a virtual machine, otherwise you will have to move the hard disc physically.

Mount the file system as read-write, and :

  • chroot to the disk, then type passwd

or

  • change the root entries in /etc/shadow and /etc/shadow- to something that you know works. For example, if you know the root password to any other machine, just replace the "root-line" with the root-line you know the password for. Then re-insert the hard drive into the original computer and boot it up.

If you suspect that the root password was changed by someone hacking you (unlikely, but possible), then at least pull out the network cable from the computer you are going to save.

[edit] Your filesystem is encrypted

lol pwnd!

Maybe it is possible to mount it by using LUKS tools, if you remember the password. Otherwise you are locked out.


[edit] MacOS

[edit] Create new Admin-account

Some global system settings might get reset. So only do this when there's no other way around.

  1. Reboot
  2. Hold Apple(Command) + s keys down after startsound
  3. do the following to create a new admin account: 
mount -uw / 
rm /var/db/.AppleSetupDone 
shutdown -h now
  • Startup again and setup new admin account.
Retrieved from "https://cryptoanarchy.org/wiki/Root_password_recovery"
Personal tools
0