|
Linux
Elite Grey Hat



Registered: 08/21/08
Posts: 1,787
Loc: Eastpointe, MI 48021
Last seen: 12 years, 8 months
|
Ubuntu Hack
#8970213 - 09/22/08 09:21 PM (15 years, 7 months ago) |
|
|
http://www.paulspoerry.com/2008/09/06/replace-linux-root-password/
Replace Linux root password September 6, 2008
Ubuntu logoImage via Wikipedia
I never realized the it was even easier to replace a lost (or to hack a machine given you have physical access) a Linux machine. Jason Striegel posted this example over at Hackszine.com on how to reset a lost Ubuntu password. It’s surprisingly simple to reset, simply follow the steps outlined below. Here’s how to do it on a typical Ubuntu machine with the GRUB bootloader:
Boot Linux into single-user mode
1. Reboot the machine. 2. Press the ESC key while GRUB is loading to enter the menu. 3. If there is a ‘recovery mode’ option, select it and press ‘b’ to boot into single user mode. 4. Otherwise, the default boot configuration should be selected. Press ‘e’ to edit it. 5. Highlight the line that begins with ‘kernel’. Press ‘e’ again to edit this line. 6. At the end of the line, add an additional parameter: ’single’. Hit return to make the change and press ‘b’ to boot.
Change the admin password The system should load into single user mode and you’ll be left at the command line automatically logged in as root. Type ‘passwd’ to change the root password or ‘passwd someuser’ to change the password for your “someuser” admin account.
Reboot
That’s it, just reboot into your normal configuration with the new root password.
--------------------
I'm just a psychopathic, mass-murdering, schizophrenic clown with zero empathy.
|
HELLA_TIGHT
Madge the Smoking Vag


Registered: 08/19/03
Posts: 84,387
Loc: Afghanistan
|
Re: Ubuntu Hack [Re: Linux]
#8974701 - 09/23/08 06:51 PM (15 years, 7 months ago) |
|
|
Yeah I had to do that on one of my machines. I was all stoned and thought I needed a new password scheme, but then I forgot it and couldn't log in.
Fucking idiot.
--------------------
|
supra
computerEnthusiast
Registered: 10/26/03
Posts: 6,446
Loc: TEXAS
Last seen: 13 years, 1 month
|
Re: Ubuntu Hack [Re: Linux]
#8974873 - 09/23/08 07:24 PM (15 years, 7 months ago) |
|
|
so is this something that just affects ubuntu or all linux installs with GRUB? Makes me glad I don't use ubuntu, because that is super easy, but if it is grub, it may be time for me to go over to LILO...
peace
|
deimya
tofu and monocle


Registered: 08/26/04
Posts: 825
Loc: ausländer.ch
|
Re: Ubuntu Hack [Re: supra]
#8976836 - 09/24/08 02:47 AM (15 years, 7 months ago) |
|
|
That affect any linux system indeed. GRUB and LILO are both vulnerable. You can password protect single-user mode with both of them but again you could then boot using a liveCD or whatnot. Which mean that you need to also deactivate booting from CD or floppy, etc, and protect your BIOS setup with a password. But then again you can reset the password if you have physical access to the motherboard.
In short, there is no security if there's no physical security first.
|
Seuss
Error: divide byzero



Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 3 months, 8 days
|
Re: Ubuntu Hack [Re: Linux]
#8976910 - 09/24/08 04:02 AM (15 years, 7 months ago) |
|
|
> to hack a machine given you have physical access
Physical access to a machine negates all security, period. The best I have seen is Plan 9 where they store a key in CMOS, but even that is breakable by a knowledgeable person.
> so is this something that just affects ubuntu or all linux installs with GRUB?
No, it is something that affects all machines regardless of OS, from Linux to Windows. I doesn't matter if you have ubuntu, grub, lilo, winnt, or anything else. If I have physical access to your computer, then I have access to everything on your computer.
If you want protection, use an encrypting file system that requires you to enter a password. This is the only way to secure your data such that somebody with physical access to your machine cannot read your data.
> In short, there is no security if there's no physical security first.
Correct.
-------------------- Just another spore in the wind.
|
|