While in the computer science lab today another student approached me with the following dilemma. They needed to do some programming over Thanksgiving break, but were not going to have Internet access to
ssh into the lab machines. The student had installed Ubuntu on their laptop, but had forgotten the password because they had not used it in a while. They wanted to completely reinstall, but I said they would take quite a while when they could probably just reset the password. I offered to help and this sent me down an hour long journey to reset their password 🙂 mainly because I had to keep getting more and more equipment from my dorm room.
My first attempt was simply to pop in a Linux boot CD and
chroot into their existing installation. From there I figured I would be root and could simply
passwd my way to victory. This failed because his CD ROM drive, which was in shambles, refused to load the boot CD. Not one to give up easily I resorted to pulling out his hard drive and hooking it up to a little device I have which converts a hard drive to a USB device. Since I have Linux on my laptop I figured I’d just
chroot over to his setup and be done with it. Well… that didn’t work because he had a 64-bit machine and when the
chroot tried to run his version of bash it failed miserably. This makes sense because I only have a 32-bit machine.
I wasn’t going to give up there either. The next step I took was to change the password on my system and copy the hash out of my
/etc/shadow to his
/etc/shadow. For those who don’t know
/etc/shadow is where Linux stores it’s hashed passwords. The idea behind the hash is that it is sort of a one way encryption. In theory it is impossible to reverse the hash and the only way to figure out what it belongs to would be to hash every possible combination of letters, numbers, punctuation, etc. This works great for passwords though because when validating a password you simply need to hash the users attempt and compare it with the hash of the real password. Since the hash for a given string always comes out the same you know it’s a match if the hashes match.
After a few attempts at typing in the hash correctly I was able to reset his password and we logged into his machine without any troubles 🙂 .
I always love a good tech support challenge 😀