Welcome to the SecurityisFutile blog

I welcome comments and suggestions, I take criticism very lightly (at least most of the time). My goal for this blog is to document various experiments and research projects I feel are both relevant and prominent in the field of computer security (or lack there of) and share my results and experiences with other fellow computer security enthusiests. Most of my topics are based soley on open source technology and methodology, mostly due to availability and cost. I believe that effective security measures help keep people honest with their technology, for the most part. Security is futile (usless) or at least it feels that way when an inspired opportunist comes around and exploits your weaknesses. With that being said I leave you with a quote of inspiration; There is no security on this earth, there is only opportunity.-- General Douglas MacArthur

Tuesday, June 1, 2010

BackTrack Hacks - Lost Passwd

Today I had a brain fart (starting to happen more often as I get older) and forgot the 'root' password for my BackTrack 4 virtual machine.  After contemplating a few minutes on how to recover the lost password, I remembered from way back in my old Solaris admin days of using the installation CD to wipe out the original password hash for 'root'.  I decided to give a similar concept a try but rather than using a CD I would be using the original bt4.iso image I used to build my BackTrack 4 virtual machine.  Here is how I did it.....

(Use at your own risk!!!!)

Step-by-step Process:
  1. Open up VMware Player then load your backtrack VM you lost the 'root' password for, then start the virtual machine
  2. Click inside the VMware Player window and when the virtual machine starts to load, hit your "Esc" key a bunch of times to enter the Boot Menu
  3. On the VMware Player menu bar Click "Devices" then "CD/DVD" then "Connect to Disk Image File (.iso)..."
  4. The Choose Image window will appear.  Select the original bt4.iso you used to build your VM with.  After your select the .iso image, the window will close.
  5. In the Boot Menu window, use your arrow keys and select CD-ROM Drive (this will boot the .iso image that is attached to our virtual CD-ROM) then hit the "Enter" key
  6. The default bt4.iso image will boot up and eventually dump you into a root shell prompt (if using final version of bt4)
  7.  Create a temporary directory to mount the local hard drive to
    • mkdir /a
  8. Mount your local hard drive to the new temporary directory
    • mount /dev/sda1 /a
  9. Now remove the hash value for root in your local hard drives /etc/shadow file
    • vi /a/etc/shadow
    • Remove the hash contents (should look similar to example below:)
      • root:(remove contents between these colons):11111:0:99999:7:::
  10. Now unmount /a, disable the .iso boot image, and reboot your system
    • umount /a
    • Click "Devices" then "CD/DVD" then "Disable Disk Image..."
    • sync; init 0
  11. Open up VMware Player again, load your bt4 virtual machine and login with root and NO password!
  12. That's it!!!
This process should work for most/all versions of back track however, I have only tested this process using BackTrack version 4.2 (Final v4 release).
Posted by at

5 comments:

  1. SKSDecember 11, 2011 at 2:27 PM

    Ray,

    Wow, thanks brother! Worked like a charm. (on BT 5 GNOME). Strangely enough, I couldn't find anything else like this on the web (didn't look too terribly hard). I got a VM from a lab and then realized that they changed the default password. :/ Thanks for your help.

    ReplyDelete
  2. Ray NuttingDecember 23, 2011 at 10:35 AM

    No problem, glad it worked for you! There are other ways of doing it (like, using strings and pattern searching against the vmdk) but I thought this way was the most practical.

    ReplyDelete
  3. SharikFebruary 19, 2012 at 10:45 AM

    good catch..
    But after removing hash content. I duno what to do..i can move cursor through out the file but i dont know how to save changes. Sorry thats a noob question but i really want a work around..

    P.S: i am using BT5 GNOME - 64 bit.

    cheers

    ReplyDelete
  4. Ray NuttingFebruary 29, 2012 at 5:32 AM

    Sounds like you need to practice some vi kungfu ;-) 1.) Remove the hash 2.)Save the file by hitting the "Esc" key, then type ":wq!" and hit "Enter". The wq! means to write the changes and quit out of the vi editor. You can always fall back on the man pages for vi. Hope this helps.

    ReplyDelete
  5. AnonymousJanuary 9, 2013 at 7:04 PM

    Thank you very much Ray! worked like a charm, in VirualBox.

    ReplyDelete

Subscribe to: Post Comments (Atom)