Reseting a Linux Password

While in the computer science lab today another student approached me with the following dilemma. They needed to do some programming over Thanksgiving break, but were not going to have Internet access to ssh into the lab machines. The student had installed Ubuntu on their laptop, but had forgotten the password because they had not used it in a while. They wanted to completely reinstall, but I said they would take quite a while when they could probably just reset the password. I offered to help and this sent me down an hour long journey to reset their password ๐Ÿ™‚ mainly because I had to keep getting more and more equipment from my dorm room.

My first attempt was simply to pop in a Linux boot CD and chroot into their existing installation. From there I figured I would be root and could simply passwd my way to victory. This failed because his CD ROM drive, which was in shambles, refused to load the boot CD. Not one to give up easily I resorted to pulling out his hard drive and hooking it up to a little device I have which converts a hard drive to a USB device. Since I have Linux on my laptop I figured I’d just chroot over to his setup and be done with it. Well… that didn’t work because he had a 64-bit machine and when the chroot tried to run his version of bash it failed miserably. This makes sense because I only have a 32-bit machine.

I wasn’t going to give up there either. The next step I took was to change the password on my system and copy the hash out of my /etc/shadow to his /etc/shadow. For those who don’t know /etc/shadow is where Linux stores it’s hashed passwords. The idea behind the hash is that it is sort ofย  a one way encryption. In theory it is impossible to reverse the hash and the only way to figure out what it belongs to would be to hash every possible combination of letters, numbers, punctuation, etc. This works great for passwords though because when validating a password you simply need to hash the users attempt and compare it with the hash of the real password. Since the hash for a given string always comes out the same you know it’s a match if the hashes match.

After a few attempts at typing in the hash correctly I was able to reset his password and we logged into his machine without any troubles ๐Ÿ™‚ .

I always love a good tech support challenge ๐Ÿ˜€


2 Responses to Reseting a Linux Password

  1. Wes says:

    Wow…that is pretty amazing. I think I would have gone for the TRK network boot option. Basically you start up one computer as the TRK “server” and then set up the other computer to do a network boot in the BIOS. Then it starts TRK on the second computer. It’s a handy feature for the case where you have to fix a computer with no CD drive. (Happened to me once.)

  2. jintoreedwine says:

    Hmmm… that would have been handy. I actually was considering the network boot option, but I didn’t have a crossover cable on me. In any case I’ll have to play around with that feature some day ๐Ÿ™‚ .

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: