With the recent introduction of Windows 2000 to the regular Joe user along with the increasing popularity of Linux with the masses, the problem of what to do when the superuser password is forgotten is likely to become more than a casual concern.

In short, you can't easlily recover the password, you need to change it.

(Note that this is not intended as a "How to hack into a computer" lesson. Following these instructions on a system on which you shouldn't doesn't make you l33t, it makes you a script kiddie. Nobody likes weenies.)

Fear not, brave user! the solution is not as difficult as you may imagine.

To get around a lost Windows 2000 Administrator password:
(This also works for Windows NT 4.0)

You need to get hold of a specialized Linux boot disk. Don't let this part put you off, they're easy to find on the net. These disks contain support for both VFAT32 and NTFS partitions, and an automated script and utilities to alter the password file with a new password. Early versions had difficulty handling the obfuscator that Windows 2000 employs for its password hashes. Make sure you find a recent one. A quick search on your favorite search engine ought to provide a starting point. As a reference, finding one when I last needed it took around five minutes.

To get around a lost Linux root password:

You must have access to the console for this to work. Follow these steps:

  • Power off the system
  • Power on the system, wait for the LILO/SILO/MILO prompt (platform dependent)
Depending on how lucky you are, or rather how ancient your linux distribution is, you might be able to get away with the following:

  • At the prompt, type <kernel> 1 (where <kernel> is the label you use to boot linux normally) and thus boot to single user mode.
  • In single user mode, linux never used to prompt for the superuser password. If this is the case with your system, simply use mount -o remount -n / and then use the passwd command to change the superuser password.
If you're blessed with a somewat more secure system, you need to do this:
  • At the prompt, type in <kernel> init=/bin/sh (where <kernel> is the label you use to boot linux normally).
  • Once the system dumps you at a "# " prompt, type: mount -o remount -n /
  • echo root2:x:0:0:::: >> /etc/passwd
  • echo root2:::::::: >> /etc/shadow
  • sync
  • Power cycle the system.
  • Once the system has booted, log in as root2 (you shouldn't be prompted for a password) and use the command passwd root to change the root pasword, then userdel to remove the root2 user.
  • Problem solved.

There are of course many variations on the linux version. For example, you could edit /etc/shadow directly. This requires knowledge of text editors such as ed (most of the time, you won't have a normal terminal when you boot like this and vi won't work!) which may or may not be an unreasonable expectation. YMMV.

Even though semprini's write-up was not intended as a "How to Hack Into a Computer" lesson, he's brought up two security issues in Linux that could potentially cause you (as a Linux user, right?) problems. This write-up will hopefully help you guard yourself from the aforementioned script kiddies.

The first method he mentioned, using "linux 1" at the LILO prompt, will also work with using "linux single" at the LILO prompt. The only real way to stop people using this method on your box, if you are running a vulnerable system, is to password protect linux single.

  • Open your favourite editor (such as vi) and open /etc/LILO.conf
    (00100 points out that this may be /etc/lilo.conf on some distributions - e.g. his Red Hat 7.1 dist. - and reminds us that unix filenames are case-sensitive)
  • Add a new line, after the first line, and type Restricted blog, where "blog" is the password you wish to use to restrict it.
  • Type lilo at the prompt, to execute the /etc/LILO.conf file.
Now, if anyone tries to use linux single or linux 1 to get into root on your box, they will need this password, but otherwise this change should in no way change the functioning of your box.

Actualy, encryption the entire hard disk will stop anyone from acessing the drive without authorization. Software encryption is possible, it tends to eat up system resources and slow the machine down considerably. It also tends to use a weaker encryption to speed things up, thus its not as secure as it could be. To be totaly secure, you need a hardware encryption module.

Such a device usualy takes the form of a card which plugs into an IDE, SIDE, or SCSI port and has an identical interface on the oposite side. The drive cable is then plugged into the card. All information going into the drive is passed through the encryption system on the card, shifting the actual bits around as they are written to the disk. The disk, if removed from the card, is useless because all of its contents are encrypted, even the file system.

To acess the drive, you must use an encryption card identical to the one the disk was written to with and have the same security key used to write to the disk. The security key can take many forms, usualy a USB pen drive with a large "password" which is the key to the encrypition algorythim. The security key may also use a propriatary connection, other than USB.

The only way to bypass this system is to employ brute force. This means using trial and error to attempt to find the key. This will usualy take a very long time because keys tend to be hundreds of bytes.

Here's another way to change your root password on Linux, which avoids the having to tweak boot options when you use GRUB(a pain to do), instead using a LiveCD. If you have a second Linux system, you can use that instead, and it might even be possible to do it from Windows, but it would probably be much harder.:

1. Get a normal LiveCD. Knoppix will do, as will the Gentoo LiveCD. All that matters is that it boots into some sort of semi-normal Linux from which you can get a normal command prompt, and not some specialized program. If you have a second Linux system, skip this step and boot to it instead.(You'll need root on it though)

2. Mount your directory structure under some subdirectory of the LiveCD system. For the Gentoo LiveCD, there's a /mnt/gentoo designed for this purpose.(You can still use it even if you're not using Gentoo--it's called that because the LiveCD is for Gentoo installation) In Knoppix, apparently the drive will be mounted for you already. However, since I don't use Knoppix, I can't vouch for that.

3. chroot to this subdirectory. To do so, type in chroot (directory) or simply cd to the directory and type in chroot . and you're set. You'll have a root prompt.

4. Run passwd.

To run you through this without the extraneous comments:
1. Get a LiveCD, or boot to root on a second Linux system on the same computer.
2. Mount your Linux system in a subdirectory, if it's not done so already.
3. chroot to said directory.
4. Run passwd.

And that's it!

I own a networking business in Colorado, and this comes up every so often.

We had one instance where a company was going to fire their network admin (for pirating software and downloading gigs of porn on company time, plus telling the owner that he couldn't be fired because he was not replacable). We were called in to prep for the firing, and we needed to get the password sets for the company.

If you can still find it online, I like using a free floppy disk tool called LinNT, which basically does the above steps using a quick automated process. This does not always work, however. We went to the workstation where the employee did his thing, and used a nifty tool from http://www.loginrecovery.com/. There is a free method, but we opted for the paid version, which gave us all the passwords to each of the accounts he used on his computer in less than three minutes.

We installed Spectre Pro, a program that logs and records everything, including screenshots, emails and chats.

I asked the owner to give the employee a series of tasks, which required logging in to different devices, such as the Cisco routers and switches. We ended up capturing his pirating and porn activities, and found out he was cheating on his wife with two women, but that was beyond our professional scope.

Well, he was fired, and he stormed out saying the owner "would be sorry". He did attempt to sabotage the network, but we had already changed the passwords. He tried to get in from his home DSL connection, but he was blocked. They now have a professional administrator, and we helped screen the applicants.

To prevent people from breaking in to machines using these methods, move the hard drive to the first boot device, and if your BIOS supports it, remove the floppy and CD from the bootable devices. Put a BIOS password on the machines. If needed, you can chage them back when you have to boot using removable media.

Log in or register to write something here or to contact authors.