Hack Ubuntu Account Password

In the tutorial Hack Windows 7 Account Password, I showed that having a account password on a Windows computer does not mean that it is unbreakable. In this tutorial, we are going to have a look at how to do something similar on the Linux based system – Ubuntu, by hacking the GNU GRUB loader.

loginunsucess_edited

We have a system running Ubuntu 12.10, which we cannot log in to because we do not have the correct password. The object is to remove the password and gain access.

1. At boot press Shift to bring up the GRUB loader

2. Mark the boot option you want to use – here Ubuntu and press e

GRUB1

3. Navigate down to the text linux /boot/vmlinuz-3.5

We are now going to trick the GNU GRUB loader to drop the normal boot process and instead boot straight into a shell with root privileges.

GRUB3_edited

4. Change the argument ro to rw

5. Remove the text splash $vt_handoff

6. Add the text init=/bin/sh

GRUB4_edited

Changing ro (read only) to rw (read write) allow the root account to change system files doing boot instead of just reading the files. We don’t need the line splash $vt_handoff since it has to do with the graphics showed doing a boot. Finally we add the line init=/bin/sh to tell the kernel to execute a shell instead of the standard init.

7. Press F10 to reboot

We have rebooted in to a shell, let’s check who we are logged in as.

8. Type whoami

Nice, we are logged in as root – Unlimited power is at our fingertips! Now we want to remove the password for the account hegelund. This can be done in a number of ways, in this tutorial we going to do it by editing the password hash directly from the shadow file.

9. Type nano /etc/shadow

shell1

10. Navigate to the desired username – here hegelund

shell2_edited

11. Remove the hash value of the password ($hashtype$salt$password$)

12. Press Ctrl + X to exit

13. Press Y to save the changes and confirm by pressing Enter

shell5_edited

14. Reboot the computer

15. Chose boot option you want to use – here Ubuntu and press Enter

The changes made to the GNU GRUB loader is not permanent, so after the reboot the system should boot up as normal.

16. Log in as the user hegelund without a password

loginsucess_edited

The method should work on all Debian based systems using the GNU GRUB loader. This tutorial serves to prove that if you store sensitive information on you system, you should not rely on an account password alone. Credit for the method goes here.

Share Button

Comments

comments

Bookmark the permalink.

0 Responses to Hack Ubuntu Account Password

  1. Pingback: Dark screen after Ubuntu boot screen | Ubuntu InfoUbuntu Info

Leave a Reply

Your email address will not be published. Required fields are marked *