Linux

Linux Password Bypass... I mean reset.

Linux passwords got you down? Have no fear, an unsecured physical system is just as scary as bad passwords

Riley A

4 min read
Linux Password Bypass... I mean reset.
Photo by Gabriel Heinzer / Unsplash


 So after all the fanfare of working with Linux for the first time or really any time your probably going to come across a point in which you forget your password or maybe a box your looking at that you are authorized to access and don't have the password and need access.  In this guide I'm going to be going over gaining access to a Linux box that very typically would be setup with little to no protection and show you why its important to protect the GRUB bootloader which is typically installed and not allow external media.  This demonstration however is not comprehensive and would not include cases where the drive is encrypted.  The process specifically has been tested on Ubuntu and will typically work the same or with slight modifications.

Using Grub

Feel free if you don't like reading to simply skip to the video - link

As the video was made many years ago I realized I did not boot into single user mode rather into maintenance mode. At some point I may update the video specifically for this part however the steps are rather similar but instead of adding in single we will update the grub loader to boot to a bash console which we can mount and change the password.

What you need:

  • An unprotected GRUB menu.
  • A System you can't get into and are authorized to be.

When booting up we are going to hold down shift to have grub menu appear or if it does pressing any key to stop the auto boot process

grub

press e to edit

We are then going to locate the line
linux /boot......
grub2-1

and add

init=/bin/bash

to the end of the line.

Now once loaded we can issue the command:

mount -o remount,rw /

This is going to cause us to remount the root filesystem for read/write access.

After complete we should be able to perform the password reset process using passwd just like we can inside the OS. And if you dont know the username you can check for that first.
cat /etc/passwd | tail
passwd username

Thats its! It was that simple and all you need to do now is reboot the system

Video of Process

Using Boot Disk

Same this as before if you wanna skip to the video for this part I have queued the video this process - link

This I would have to say is one of my favorite tricks since most people don't prevent external media from being booted to and it removes the annoyance of having to edit the GRUB entry which 9 times out of 10 I have to quickly look up online where it is needed to be added.

What you need :

  • A System you can't get into and are authorized to be.
  • A Live boot CD/DVD/USB of your Linux distro of choice.
  • System needs to allow external booting

First you need to boot to your media using whatever the key is:

  • Esc
  • Del
  • F12
  • F8

*Some systems like ASUS for instance boot menu can be disabled by default

After booting to your live distro you need to open up a terminal and do some investigation first to figure out what partitions your Linux is installed to as we will need to mount it.

You can use sudo when executing some of the commands but to speed things along I just change into root by using the command:

sudo -i

But similarly can be completed using the command:

sudo su -

To figure out our disk drives we are going to use

fdisk -l

Which should give you something like this, you will see in my case the device in sda5 which will need to keep handy for later:

fdisk

We will now need to mount the partition which can be completed by creating a directory under media and then mount the device using the commands:

mkdir /media/sda5
mount /dev/sda5 /media/sda5/

We are then going to change root to the mounted drive

chroot /media/sda5/

Now that we are in the mounted drive we can change the password of a user using the same command as if you logged in as its going to be executing it under the mounted system and not your Live distro

passwd username

Now say you don't actually know the username of the ID you wanna change you can simply go search for one by inspecting the passwd file

cat /etc/passwd | tail

And its as easy as that. Once your done exit out of the mounted system and reboot which has many ways. One in which I use in the video is the command :

init 6

Video of Process

In Closure

 Hopefully you found something useful in this and maybe might help you.  As you can see why its not just important to have a secure password but also lock down the physical hardware to prevent external tampering.  In future posts I will go over password bypass in an unsecured Windows system.