IT Related stuff

Reset a lost password

A lost password can be a pain in the ass. Even on linux – but there are ways around it as long as the system is not crypted or other weird stuff has been done there. Here’s a way getting into your system again without being a hacker. All you need is physical access to the computer.

First of all, get yourself a livecd. I would recommend Knoppix, Backtrack or the Gentoo livecd (minimal should be enough) as the kernels used there are known to be able to deal with a lot of different hardware. In fact, any livecd should do. Now boot it and become root as everything done afterwards needs to be done as root.

The first step is having a look at the current disc layout. This is done via fdisk -l

pavilion ~ # fdisk -l
Disk /dev/sda: 100.0 GB, 100030242816 bytes
255 heads, 63 sectors/track, 12161 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x247c247b
Device Boot      Start         End      Blocks   Id  System

/dev/sda1   *           1        3825    30724281    7  HPFS/NTFS
/dev/sda2            3826        4677     6843690    7  HPFS/NTFS
/dev/sda3            4678        8314    29214202+   f  W95 Ext'd (LBA)
/dev/sda4            8315       12161    30901027+  83  Linux
/dev/sda5            4678        4690      104391   83  Linux
/dev/sda6            4691        4820     1044193+  82  Linux swap / Solaris
/dev/sda7            4821        5202     3068383+  83  Linux
/dev/sda8            5203        6391     9550611   83  Linux
/dev/sda9            6392        8314    15446466   83  Linux

If you are planing to do some fancy stuff, it is recommended turning swap on using the current swap partition. In our example this would be done with swapon /dev/sda6.

Now we need to mount the other partitions of the system. To do that, we just need an empty directory. Usually there is a directory /mnt which can be used for. Our first partition we have to find is the root filesystem. If you do not know which partition holds this data, trial and error is the only way to find out. But after you got it, the other partitions are easy to find, as they are registered in /etc/fstab.

As all partitions are correctly mounted, feel free to do backups. Now we are going to switch to the mounted partitions using the chroot command: chroot /mnt/system – /mnt/system is the directory where I have mounted the root filesystem.

Now you can use the command passwd for setting a new password.

Author: ToeiRei

Previous post Hardening
Next post Learning

4 thoughts on “Reset a lost password”

  • genstef says:

    you do not even need a livecd, just add init=/bin/sh to the grub cmdline and then run the following commands:

    mount -o remount,rw /
    passwd
    reboot

    much easier :)

  • Ed Wiget says:

    genstefs commands should work, I do it all the time too. However, I usually add the physical device to the mount command and I also specify the user for the passwd command.

Leave a Reply

Your email address will not be published. Required fields are marked *