*the sexiest word in the G33k’s Vocabulariy!
Tech Level 8/10
Years ago, in the infancy of my (The Server Guy) IT career (back in high school) I was swallowed up by the idea of causing havoc (read: hacking) on the school’s LAN. By causing havoc, I meant exploiting mistakes that out LAN admin had made.. the only problem was – I had no idea where to begin or what to do..
..since then, my skills have developed and interests have moved on ;)
Back in the day, Linux was a scary notion that only the reclusive explored. Now-a-days, there really is no reason not to give it a bash (pun (okay, so if you’re not into it, you’d not pick up on it – this’ a G33k post after all lol))!
Before I start down the long road of preaching about the Pros of Ubuntu (a FREE, no strings attached Linux Distrobution, driven mainly by South Africa’s own Mark Shuttleworth), I thought I’d show you a little hacking trick to get the juices flowing :D
How to change the Root Password of any Ubuntu Desktop or Server
There are a few ways of doing this, however, I am only going to show you how to do it if you have direct access to the machine. Bare in mind that anyone who knows what they are doing can reset ANY linux Server’s password, no matter what the encription, if they have direct access to the box. Anybody.
# turn off the server/desktop & power it on again
# from here, you are root. You can create users, delete users, edit groups, change user passwords ;) etc..
# press esc (escape) key, or the equvilant to get into the grub menu. If you can’t get into the grub menu, you can boot with a livd CD, mount the /boot/grub/menu.lst
# once in the GRUB Menu, seclect recovery mode
# this will bring up the recovery menu, select root – drop to root shell prompt
# you should now see something like root@christopher-laptop:~#
If you need any further help, feel free to contact me and I’ll help where I can. The last thing I want to do is give too much information and give iMod a bad reputation ;) Lesson learnt today: Be very careful who you let mear your PC/Server!
The basic tenet to be learned here is that physical access to a box dictates that all security can be thrown out the window.
Boot access is root access.
That’s pretty hectic. My knowledge of linux distros is not very good, but the topic of “hacking” (finding) the Root Password will always catch my eye!
Exciting article!
haha, root = God.
Shaun, that’s right on mate. The worste thing you could do is let a ‘friend of a friend’ play around on your server while you’re in the loo ;)
That will land you in the.. haha.
For the non-technical people, think about it this way. You own a MK1 Golf, you have an alarm and immobilizer. It’s safe, right? Sure, if no one is around to see some pleb cutting the power cable from your battery, smashing the window and hot-wiring it ;)
Anyhow, next week I will start the intro to Ubuntu and how to get your hands dirty!
Ahoy. We just got a new I.T teacher at school. Unfortunately the server is running on windows server 2003. Any way to have some fun with the new guy?
Absolutely. But there’s also absolutely no way that I’m going to help there ;)
What you could do is chat to him and perhaps get involved in the school’s LAN. Something like that will help you with your CV should you want to head into IT.
Dam. I was hoping for some to have some fun with this guy. He seems very switched on tho so I don’t think we would be able to get very far before he noticed :P
A quicker way to do on an installed ubuntu machine is open up a terminal and type “sudo passwd root” and enter in a new password for root and done.
Howzit Steve T,
“sudo passwd root” would change the password for root in a terminal – 100%. However..
..to get this senario, you’d need to be logged into the server already. IE you’d need the password. Or if someone has left a server session open (1D10T) you would still need the sudo password (you’re prompted for it if not in sudo -i mode) after you enter “sudo passwd root”.
So in conclusion, although that command would change the password, at the end of the day – it’s not going to be helpful here ;)
Yup thats correct, I also have a pretty good script that I use on a custom version of system rescue cd that backs up the shadow file and then overwrites the specific users password hash, but you would obviously need to reboot the server in order to do this.
“Lesson learnt today: Be very careful who you let mear your PC/Server!” ;)
If you have access to it, you have ACCESS to it!