How to crack Root with Grub

Protecting your Linux box

How to crack Root with Grub

Postby squid » Fri Sep 05, 2003 10:41 am

Ne way out to crack the root password where Grub is installed :roll: i know there is one way .. but forgotten that
squid
Lance Naik
 
Posts: 20
Joined: Fri Sep 05, 2003 10:15 am

Postby Faraz.Fazil » Fri Sep 05, 2003 12:18 pm

If your system administrator has not disabled, the single user mode feature, then u can easily reset the root password.

To do so,

At the grub screen , in the end of the kernel line add a -s swiitch and press b to boot

It will start linux in single user mode and will not require a password.when it has loaded, type passwd.

It will ask for a new root password.enter a new password for root and press enter.It will change the password and say All tokens updated.

Type reboot to reboot the pc.And use the new root password.

This is not a security hole in linux, coz single user mode can be disabled thru /etc/inittab.

If u used lilo u could do something like linuximage 1 and press enter for e.g linux 1 to start in single user mode and follow same procedure.

I am warning you, use this only for legitimate reasons, and not to hack any other persons root password.
Faraz.Fazil
Major General
 
Posts: 1024
Joined: Thu Jul 04, 2002 5:31 pm
WLM: faraz7476@hotmail.com
Location: Karachi/Pakistan/Earth/Universe

Postby squid » Fri Sep 05, 2003 1:23 pm

thx dude :roll: :shock: tooo prompt ofcourse its not for hacking purpose .. i know the lilo how to not the grub one so just aksi for the information... thx newayz dude.
squid
Lance Naik
 
Posts: 20
Joined: Fri Sep 05, 2003 10:15 am

but there may be the passsword to break through lilo & g

Postby farhanksa » Fri Sep 05, 2003 4:13 pm

but there may be the passsword to break through lilo & grub
i mean there may be the password for loli or grub ...if u had set the password at the time of instalation or later....then i cant go single user mode...
u can enable the password for lilo or grub in the /etc/lilo.conf and /etc/grub.conf files
farhanksa
Subedar
 
Posts: 359
Joined: Sun Nov 03, 2002 6:40 am
ICQ: 116765501
WLM: farhan12@msn.com
Yahoo Messenger: commdsl@yahoo.com
Location: Lahore

Postby Faraz.Fazil » Sat Sep 06, 2003 9:46 am

And yes if ur bootloader i.e lilo or grub has a password, even then ur root password can be changed.But in that case u would first have to play with /etc/lilo.conf or /etc/grub.conf file based on which loader u use and then use the same procedure as before.You can even uninstall a bootloader and install it again to disable the loader password.

A simple fdisk /mbr in dos restores your previous loader.
Faraz.Fazil
Major General
 
Posts: 1024
Joined: Thu Jul 04, 2002 5:31 pm
WLM: faraz7476@hotmail.com
Location: Karachi/Pakistan/Earth/Universe

Postby Faraz.Fazil » Sat Sep 06, 2003 9:47 am

Np.
Anytime

B.T.W your avatar is cool.

squid wrote:thx dude :roll: :shock: tooo prompt ofcourse its not for hacking purpose .. i know the lilo how to not the grub one so just aksi for the information... thx newayz dude.
Faraz.Fazil
Major General
 
Posts: 1024
Joined: Thu Jul 04, 2002 5:31 pm
WLM: faraz7476@hotmail.com
Location: Karachi/Pakistan/Earth/Universe

Postby Faraz.Fazil » Sat Sep 06, 2003 9:58 am

Also u could edit the /etc/inittab file with any editor and enable/disable any run level from there.You can also change the default run level from there.
Faraz.Fazil
Major General
 
Posts: 1024
Joined: Thu Jul 04, 2002 5:31 pm
WLM: faraz7476@hotmail.com
Location: Karachi/Pakistan/Earth/Universe

Postby squid » Sat Sep 06, 2003 6:53 pm

Faraz.Fazil wrote:And yes if ur bootloader i.e lilo or grub has a password, even then ur root password can be changed.But in that case u would first have to play with /etc/lilo.conf or /etc/grub.conf file based on which loader u use and then use the same procedure as before.You can even uninstall a bootloader and install it again to disable the loader password.

A simple fdisk /mbr in dos restores your previous loader.


yaar faraz can u plz tell me the how to if the lilo/grub has its own password.
squid
Lance Naik
 
Posts: 20
Joined: Fri Sep 05, 2003 10:15 am

Postby farhanksa » Sat Sep 06, 2003 7:07 pm

fdisk /mbr will restore ur old loader wt ever ws it...which is beaig emgeded with (im)ur linux loader....
in linux u have lots of ways to do....u can do it by upgarding the instalation..chose other boot loader...but i didnt tried it(any my exp for upgrading is not good with rh 9)

other way is that u boot from bootalble cd and procede
mount ur linux partitions by chroot /mnt/sysimage and u r now in ur linux partiton ..go to cd /etc
vi lilo.conf or vi grub.conf wt ever u had used...and change wt ever u want to chage in it ......and dont forget to write the loader with new setting when u save after editing the loader confiuration file
farhanksa
Subedar
 
Posts: 359
Joined: Sun Nov 03, 2002 6:40 am
ICQ: 116765501
WLM: farhan12@msn.com
Yahoo Messenger: commdsl@yahoo.com
Location: Lahore

Postby Faraz.Fazil » Sat Sep 06, 2003 9:15 pm

The simplest way would be to boot from the linux cd and start linux in rescue mode.
Then chroot /mnt/sysimage

Then edit /etc/lilo.conf or /etc/grub.conf with an editor like vim, and change the options from there, these options include the option to set or disable a loader password.

An alternative but bigger method would be to restore the previous loader thru fdisk/mbr and reinstall lilo or grub although this is not effecient and not required when the same can be don by the previous method.

The third method would be to start linux setup in upgrade mode and reinstall the loader.

As evident the first method i.e the one in which u boot from the cd in rescue mode and edit the loader's .conf file is the simplest and most efficient.

Rest procedure as i already told.
Faraz.Fazil
Major General
 
Posts: 1024
Joined: Thu Jul 04, 2002 5:31 pm
WLM: faraz7476@hotmail.com
Location: Karachi/Pakistan/Earth/Universe

Postby afridi » Sun Sep 07, 2003 7:25 am

This is only recommended if you are not used to editing etc/*.conf files and do not have the instalation disk for the distro you are using. Then you can take a cdrom mounted distro and initialise it ..... (I am not sure if demo supports it....), having editted permissions (effectively allowing yourself root...) you then anchor the distro.

That will allow you access to mountable formats. Then you have access to edit files, effectively allowing yourself single user run level and if there is a bootloader password, edit etc/*.conf file for your specific bootloader.

That long winded process over, you should be able to reboot and get in......

Now if you are talking about someone else's machine....... and they know how to protect it.... this will not work as your distro will not anchor without their root password to start with.....so no joy there for any frolicking ........
Last edited by afridi on Mon Sep 29, 2003 10:23 am, edited 1 time in total.
afridi
Cadet
 
Posts: 7
Joined: Tue Jul 02, 2002 4:31 am

Postby squid » Sun Sep 07, 2003 9:34 am

kewl guys and thx as well. Well if i am on a system withour cdrom and bootoptions and i got grub what can i do.. rest can be done when u have ur home pc with all access... :roll:
squid
Lance Naik
 
Posts: 20
Joined: Fri Sep 05, 2003 10:15 am

Postby Faraz.Fazil » Sun Sep 07, 2003 1:43 pm

Squid, read my posts carefully.
In the first post i already explained how to crack/change the root password even if u cant boot from cdrom and cannot access the bios setup and only can see the grub screen.

As i said before, higlight the linux entry on the grub screen.Press e to edit.
HIghligh the kernel line and press e again to edit.

Add a -s switch at the end of the kernel line and press b to boot

It will start linux in single user mode and will not require a password.when it has loaded, type passwd.

It will ask for a new root password.enter a new password for root and press enter.It will change the password and say All tokens updated.

Type reboot to reboot the pc.And use the new root password.

squid wrote:kewl guys and thx as well. Well if i am on a system withour cdrom and bootoptions and i got grub what can i do.. rest can be done when u have ur home pc with all access... :roll:
Faraz.Fazil
Major General
 
Posts: 1024
Joined: Thu Jul 04, 2002 5:31 pm
WLM: faraz7476@hotmail.com
Location: Karachi/Pakistan/Earth/Universe

Postby lambda » Sun Sep 07, 2003 3:17 pm

Faraz.Fazil wrote:In the first post i already explained how to crack/change the root password even if u cant boot from cdrom and cannot access the bios setup and only can see the grub screen.


at least on some distributions (debian comes to mind), you can't go single-user without the root password. for all i know, redhat's init can be configured to ask for a password as well.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby Faraz.Fazil » Sun Sep 07, 2003 3:20 pm

Yup thats rite.
As i said before, You can use the method only if your administrator has not disabled the run level 1 (single user mode) in inittab or if he has not put a password on the init.

As stated before, this is not an exploit or hack.It is only a feature that linux offers to system admins to reset their password if they forget it.This feature can well be enabled or disabled by the administrators.

lambda wrote:
Faraz.Fazil wrote:In the first post i already explained how to crack/change the root password even if u cant boot from cdrom and cannot access the bios setup and only can see the grub screen.


at least on some distributions (debian comes to mind), you can't go single-user without the root password. for all i know, redhat's init can be configured to ask for a password as well.
Faraz.Fazil
Major General
 
Posts: 1024
Joined: Thu Jul 04, 2002 5:31 pm
WLM: faraz7476@hotmail.com
Location: Karachi/Pakistan/Earth/Universe


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 1 guest

cron