Re: Reseting root password Was: user name from security logs

From: Steven McIntosh (s.mcintosh_at_compserv.gla.ac.uk)
Date: 06/02/05

  • Next message: KillKenny: "Re: Resetting the root password (was: user name from security logs)" 
    Date: Thu, 02 Jun 2005 12:53:04 +0100
To: Robert Reed <rreed567@earthlink.net>

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Like wise, remove the "x", which references the shadow file, from the
    root entry in the passwd file and hey presto. Instant access for root on
    reboot with no password.

    Robert Reed wrote:
    > yes there is a way to get control back..... I'm not clear if you are
    > referring to a Linux box or windows.... please clarify?
    >
    > for windows boxes there are live Linux distros that will allow you to change
    > the admin password....... with Linux you can attack the shadow password file
    > and delete the admin password... then log on as root and create a new
    > password for the root account
    >
    > ----- Original Message -----
    > From: "Alexander Klimov" <alserkli@inbox.ru>
    > To: "Emmanuel Goldstein" <goldstein101@gmail.com>
    > Cc: <security-basics@securityfocus.com>
    > Sent: Tuesday, May 31, 2005 1:33 AM
    > Subject: Reseting root password Was: user name from security logs
    >
    >
    >
    >>On Sun, 29 May 2005, Emmanuel Goldstein wrote:
    >>
    >>>I have physical access to the computer and i can also access all hd's
    >>>files using a LiveCD linux distribution.
    >>>
    >>>So, here's my question: Is there anyway to change the admin password
    >>>and/or get the machine's control back?
    >>
    >>Boot a LiveCD, mount the root partition:
    >>
    >>mkdir /tmp/a; mount /dev/hda1 /tmp/a
    >>
    >>chroot to it:
    >>
    >>chroot /tmp/a
    >>
    >>and change the password:
    >>
    >>passwd
    >>
    >>Depending of authentication method used you can do it more directly,
    >>e.g., changing a line in /etc/shadow:
    >>
    >>root:password-hash:....
    >>
    >>to
    >>
    >>root::....
    >>
    >>--
    >>Regards,
    >>ASK
    >
    >

    - --
    Steven McIntosh
    Information Systems Security Officer
    Computing Service
    James Watt North Building
    University of Glasgow
    Glasgow
    G12 8QQ
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (MingW32)

    iD8DBQFCnvMg82gHNv0z+WwRAmDJAJ9ckquPxMGO8aCTXobgHYdwZx3yXgCfUNCN
    UaHNUMH4+j+TUqLWqjUiPhM=
    =NZWM
    -----END PGP SIGNATURE-----

  • Next message: KillKenny: "Re: Resetting the root password (was: user name from security logs)"

    Relevant Pages

    • Re: Vista makes me crazy, please help.
      ... You obviously have not worked with systems other then windows - or you ... mainstream platform allows it's users to run as an admin by default. ... I don't use Linux or Mac. ... Any applications that need root access will usually prompt for a password. ...
      (microsoft.public.vb.general.discussion)
    • Re: Warnmeldung nach Abschalten der Benutzerkontensteuerung
      ... Lieber kaufe ich mir einen Mac oder ... installiere Linux. ... Root arbeiten. ... Auch dort wirst du bei Bedarf aufgefordert, dich als Admin ...
      (microsoft.public.de.windows.vista.sonstiges)
    • 2008 server monitoring
      ... In Linux, there is a "logwatch" file that gets emailed daily to the root ... admin. ...
      (microsoft.public.windows.server.general)
    • RE: Have I been hacked? Shadow file deleted
      ... Only I have the root password, that I change every time the shadow file is ... Last resort is to do a complete bare metal install again and keep root ... To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list -- ...
      (Fedora)
    • Re: root password gone AWOL!
      ... I know if you remove the "x" from the passwd file in the line ... the root account without asking for a password. ... which is responsible for the shadow file, ... AeoN wrote: ...
      (comp.os.linux.networking)