1. Change Password Root from Bootloader
This is the first step easier to change password root. From the pictures below, the bootloader consist of Grub2, Grub, and Lilo. We can edit/add some script (with rw init=/bin/bash) and execute them. Feel free to see the pictures below.
GRUB2
Press 'e' to edit.
After remove 'ro' and 'splash' to rw init=/bin/bash, press Ctrl-x to boot.
LILO
Add rw init=bin/bash and press enter.
GRUB
Press 'e' to edit.
Press 'e' to edit.
After remove 'ro' to rw init=/bin/bash, press 'b' to boot.
After bootloader edited.
Now, change password root.
After change password, we can execute again with 'reboot' (or press CTRL+ALT+DEL) and turn on the linux like usually. For optional if needed, after change password we can add execution 'sync' before reboot.
2. From 'sudo su'
Not every machines from linux which have many users, who can access to root with 'sudo su'. This is why the 'sudo su' become my second tips. The users who have privilege escalation, can access to the root from 'sudo su' without asked password from operating system.
When 'sudo su' can access the root, then we can change password root.
3.a. From Live USB/CD to /etc/shadow
We know that the account users and passwords on linux, located in /etc/shadow. So, from live USB/CD (after check with 'cfdisk' or 'fdisk -l' in command line), we mount the partition target (/dev/sdxx or /dev/hdxx which already have installed linux) and edit password root from the location mount (like /mnt/etc/shadow) to become empty. More explanation about it, like picture below.
It assumed that /dev/sda2 already have installed linux. So, we mount /dev/sda2 to /mnt and edit /etc/shadow (it means the location now /mnt/etc/shadow) to become empty password. After that, we reboot the linux and run the linux like usually. Login with root and for password just press enter (the password for root now is empty/null).
3.b. From Live USB/CD to chroot
Chroot to my knowledge is change linux root to others directory that already have installed linux too (like installing another operating system inside our existing operating system). From live USB/CD, we can change password root from chroot. Just mount the partition and execution chroot. After that, press 'password' to give new password root.
Now, we reboot and login with password from chroot. For more completedly about execution chroot, can see The Power of Chroot.
4. From local/remote exploit
Change password root can happened when the operating system or applications have vulnerabilities. For example, with kernel >= 2.6.39 the exploitation is succeed. Then, the user have access the root.
Now we check to access root with new password.
SOME EFFORTS TO PREVENTION
1. Change Password from Bootloader
The bootloader such as grub, grub2, and lilo must have password. So, when we want change the bootloader, it must give password first.
- For protection grub, see link here.
- For protection grub2, see link here.
- For protection lilo, add line password="YourPassword" on /etc/lilo.conf. Like in this article. After add password, we must execute again with 'lilo' in the command line.
Don't forget to give access the configuration of bootloder to 600 (-rw-------), that mean only root who can read and write about the configuration. If menu bootloader want to not shown, we can give the timeout to 0 in configuration.
Location about configuration:
- GRUB: /boot/grub/menu.lst
- GRUB2: /boot/grub/grub.cfg
- LILO: /etc/lilo.conf
2. From 'sudo su'
Check about configuration sudoers in /etc/sudoers or in /etc/group if some user have almost same access like root. Fore more information, see link here.
3. From Live USB/CD to /etc/shadow or chroot
We can give password for the both of bios and lock harddisk. Disallow booting from floppy/cdrom/usb drive and network or optional booting must be at the bottom. If the computer have additional security like fingerprint or something else, then turn on it.
Especially for chroot, i heard about chroot jail. For more information about that, we can see articles What is chroot jail anyway and My answer for my mentor (chroot) from Mr. Mada R Perdhana. The articles taken from January 24th, 2008. So, i'm still waiting if the articles already update.. ^
4. From local/remote exploit
It's very familiar for linux user, the system and applications must be frequently updated. And the default setting sometimes must be hardening. For update stable kernel latest version on ubuntu, we can update manually from http://kernel.ubuntu.com/~kernel-ppa/mainline/.
About partition home for users (what we can do to my knowledge), is set partition /home to 'noexec' on /etc/fstab. For certainly, other optional not only 'noexec' can add to the configuration on /etc/fstab. More information about fstab, can see link here
Maybe if in this article the infomations still less, please free to comment. I'll really appreciate hearing from you.
thanks for shared your knowladge above article recover password.
ReplyDeletei things help an you explainning ..
regards
my pleasure, feel free suggest if there something miss
ReplyDelete