[THIN] Re: OT - Linux Root Password Unknown

  • From: Kyle Hutson <hutsonk@xxxxxxxxxxxxxxxxxxx>
  • To: thin@xxxxxxxxxxxxx
  • Date: Wed, 08 Jan 2003 11:54:32 -0600

Gabe Knuth wrote:

>A client of ours lost their IT guy recently.  He was one of those
>"anti-documentation" guys, and was the ONLY ONE who knew the Linux root
>password.  Does anyone know how I can hack and crack my way into the
>system, or even if I can?
>
Sure, just wait for the next sendmail exploit. :-)

The lilo trick posted here by Jon Reynolds will work (the 'su' response 
will not, unless you've already got the root password which you 
obviously don't - if it did, this would be a HUGE security hole, and the 
Linux community takes a little more pride in security than MS does).

If you aren't using lilo, here's what you can do:

1) Boot from an installation floppy or CD (RedHat is fine, and widely 
available), and choose the 'expert install' (on most distributions) so 
that you get a plain command prompt.
2) Mount the root volume ('mkdir harddisk' to create a mount point, then 
'mount /dev/hda1 harddisk' for most IDE disks,  or 'mount /dev/sda1 
harddisk' for most SCSI disks).
3) Edit /etc/shadow as explained in Jon Reynold's e-mail.
4) Reboot, Login as root (no password), and then change the root 
password to something known immediately.

*********************************************** 
This Weeks Sponsor: WM Software
WMS Messenger for TSE
Affordable Instant Messaging for Terminal Servers
http://www.wmsoftware.com/wmsm/
************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link.

http://thethin.net/citrixlist.cfm

Other related posts: