There are a couple of reasons why you might want to reset a Linux root password. If the current password is known to you, just log in as root and issue the passwd command. What if you’ve forgotten the password and can’t log in? Resetting a Linux root password is simple if you have access to the machine. There are 2 main methods.
First, we boot the machine up. If LILO is in use, enter linux init=/bin/bash at the ‘LILO:’ prompt. If GRUB is in use, then press key ‘e’. We’ll need to edit the kernel line, beginning ‘linux’, and append init=/bin/sh:
The machine will boot straight into a shell prompt – no login required:
Now, bear in mind that the GRUB layout, kernel options and text may look significantly different on your particular Linux install. If I issue the mount command, I can see that my root filesystem has been mounted as read only:
# mount [...] /dev/disk/by-uuid/45bba583-3259-4626-ba7e-62873eee3295 on / type ext4 (ro,relatime,data=ordered) #
The key above, being the mount point ‘/’ and the ‘ro’ keyword. In order to modify the password file, we’ll need to remount the filesystem for read and write access:
# mount / -oremount,rw
Before issuing the passwd command to set a new password:
# passwd Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully #
Now to remount the filesystem readonly again:
# mount / -oremount,ro
Finally – we’ll need to reboot, however as we are outside of the standard system, issuing reboot will fail. Instead, issue Ctrl-Alt-Del. There’s nothing wrong with this, as the filesystem has already been remounted read only – no data will be lost.
Now, in some cases, GRUB is configured to prevent modifying the kernel command line, or another boot loader may be in use that prevents such an option. In this case, we’ll need a slightly different method, and some external support. We’ll need to either boot off a Linux CD or USB stick. Once booted, we’ll need to gain access to the hard disk partition containing the Linux installation whose root password we want to reset.
Issue fdisk -l to show disks and partitions found on the system:
root@kali:~# fdisk -l Disk /dev/sdb: 32.2 GB, 32212254720 bytes 255 heads, 63 sectors/track, 3916 cylinders, total 62914560 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00057814 Device Boot Start End Blocks Id System /dev/sdb1 * 2048 60229631 30113792 83 Linux /dev/sdb2 60231678 62912511 1340417 5 Extended /dev/sdb5 60231680 62912511 1340416 82 Linux swap / Solaris Disk /dev/sda: 32.2 GB, 32212254720 bytes 255 heads, 63 sectors/track, 3916 cylinders, total 62914560 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x000dcc91 Device Boot Start End Blocks Id System /dev/sda1 * 2048 60262399 30130176 83 Linux /dev/sda2 60264446 62912511 1324033 5 Extended /dev/sda5 60264448 62912511 1324032 82 Linux swap / Solaris root@kali:~#
In this case, we can see that /dev/sdb1 is our internal hard disk’s Linux partition.
Let’s make a temporary directory and mount /dev/sdb1 in to it:
root@kali:~# mkdir /mnt/harddisk root@kali:~# mount /dev/sdb1 /mnt/harddisk root@kali:~# ls /mnt/harddisk/ bin dev initrd.img media opt root share tmp vmlinuz boot etc lib mnt pentest sbin srv usr cdrom home lost+found nis proc selinux sys var
Excellent, issuing an ls confirms that this is indeed a Linux root partition. Now we’ll need to pivot in to it with chroot before changing the password:
root@kali:~# chroot /mnt/harddisk/ root@kali:/# passwd Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully root@kali:/# exit exit root@kali:~#
And lastly, unmount, remove the temporary directory, and reboot:
# umount /mnt/harddisk # rm -rf /mnt/harddisk # reboot