Linux BootLoader and Passwords Hacked!
Guys this is a startup article so I did not put something fancy, though I'll get on with something more informative next time. For new users of Linux this is a really cool thing as you donot need any specific software to hack into the linux administrator account, that is the root account.
The bootstrap loader of Linux is called GRUB which is stored in the file /boot/grub/grub.conf and has a shortcut in the folder /etc, so you can actually view the file in the text editor by typing
#vi /etc/grub.conf
Once you have entered the file you can see something like this:
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,1)
# kernel /vmlinuz-version ro root=/dev/hda3
# initrd /initrd-version.img
#boot=/dev/hda2
default=0
timeout=10
splashimage=(hd0,1)/grub/splash.xpm.gz
title Red Hat Linux (2.4.7-10)
root (hd0,1)
kernel /vmlinuz-2.4.7-10 ro root=/dev/hda3 hdc=ide-scsi
initrd /initrd-2.4.7-10.img
title Windows 2000
rootnoverify (hd0,0)
chainloader +1
The title's are the names of the operating system that are shown when you see GRUB. And the rest of the statements in each title are executed as soon as the OS loads and they constitute of the stage two of the booting process. (Two know more about these statements, Just comment).
Now since you are in the VI editor, changes can be made by pressing:
i To enter insert mode
:wq! To save and quit after doing any changes
CHANGING ROOT PASSWORDS:
As soon as the OS loads, you stop at the GRUB, press e after selecting linux (donot press enter) and in the second line (which starts from the word kernel) press e again. Notice that these lines were same as the lines of execution you see in grub.conf. Give a space add the digit 1 and press enter. Then press b to boot.
We have pressed 1 because the system runs in single user mode run level here, which skips the password program here called mingetty. (Run levels are similar to different modes in Windows such as safe mode.. etc.)
In run level one you get all the root priveledges. In the text terminal type:
passwd root
The terminal will ask you the new root password. Once you have done that, you can easily login with the new root password with all the administrative power.
Sometimes although you might encounter GRUB asking for passwords by typing 'p' with no 'e' option. Now this can also be overridden by using the Linux DVD by running it in recovery mode and booting to the root by using the GRUB of the DVD.The details of this would be given in the next blog if you guys like this one.
There are other ways of removing root and user passwords, for example, deleting the password feild 'x' in the file /etc/passwd for any user in the file. You need administrative priveledges for it which can easily be obtained by running the system in run level 1 as discussed above.
ADDITIONAL INFORMATION:
To know more about run levels, check out the file /etc/inittab by typing:
cat /etc/innittab
or just comment to know more...
I hope this article is informative, please comment for encouraging me to write more and give some higher level useful information.
Cheers!
:)
The bootstrap loader of Linux is called GRUB which is stored in the file /boot/grub/grub.conf and has a shortcut in the folder /etc, so you can actually view the file in the text editor by typing
#vi /etc/grub.conf
Once you have entered the file you can see something like this:
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,1)
# kernel /vmlinuz-version ro root=/dev/hda3
# initrd /initrd-version.img
#boot=/dev/hda2
default=0
timeout=10
splashimage=(hd0,1)/grub/splash.xpm.gz
title Red Hat Linux (2.4.7-10)
root (hd0,1)
kernel /vmlinuz-2.4.7-10 ro root=/dev/hda3 hdc=ide-scsi
initrd /initrd-2.4.7-10.img
title Windows 2000
rootnoverify (hd0,0)
chainloader +1
The statements with # sign are the comments. Now lets start r*Ping this file:
default: This value tells us which OS should boot if not selected manually in the list given at the end of the file. You can set it to windows by setting the value to 1 here.
timeout: This is one feature which tells us the amount of time in seconds the bootloader should wait for the user to select which OS to boot before it loads the default OS set in default.
splashimage:Now here you can do something fancy. You can actually supply a path of any image which you want to see in the background as soon as the GRUB loads. That is when the computer is switched on.default: This value tells us which OS should boot if not selected manually in the list given at the end of the file. You can set it to windows by setting the value to 1 here.
timeout: This is one feature which tells us the amount of time in seconds the bootloader should wait for the user to select which OS to boot before it loads the default OS set in default.
The title's are the names of the operating system that are shown when you see GRUB. And the rest of the statements in each title are executed as soon as the OS loads and they constitute of the stage two of the booting process. (Two know more about these statements, Just comment).
Now since you are in the VI editor, changes can be made by pressing:
i To enter insert mode
:wq! To save and quit after doing any changes
CHANGING ROOT PASSWORDS:
As soon as the OS loads, you stop at the GRUB, press e after selecting linux (donot press enter) and in the second line (which starts from the word kernel) press e again. Notice that these lines were same as the lines of execution you see in grub.conf. Give a space add the digit 1 and press enter. Then press b to boot.
We have pressed 1 because the system runs in single user mode run level here, which skips the password program here called mingetty. (Run levels are similar to different modes in Windows such as safe mode.. etc.)
In run level one you get all the root priveledges. In the text terminal type:
passwd root
The terminal will ask you the new root password. Once you have done that, you can easily login with the new root password with all the administrative power.
Sometimes although you might encounter GRUB asking for passwords by typing 'p' with no 'e' option. Now this can also be overridden by using the Linux DVD by running it in recovery mode and booting to the root by using the GRUB of the DVD.The details of this would be given in the next blog if you guys like this one.
There are other ways of removing root and user passwords, for example, deleting the password feild 'x' in the file /etc/passwd for any user in the file. You need administrative priveledges for it which can easily be obtained by running the system in run level 1 as discussed above.
ADDITIONAL INFORMATION:
To know more about run levels, check out the file /etc/inittab by typing:
cat /etc/innittab
or just comment to know more...
I hope this article is informative, please comment for encouraging me to write more and give some higher level useful information.
Cheers!
:)