ComputerSecurityStudent (CSS) [Login] [Join Now]

|UNIX >> Fedora >> Current Page |Views: 17985

(Fedora: Lesson 5)

{ Using a Live CD to clear root's passwd in /etc/shadow }

Section 0. Background Information
  1. Background Information
    • In this lesson, you will learn how to use a Fedora Live CD or any Linux live CD to (1) boot into single user mode, (2) mount the "/" directory which contains /etc, and (3) how to remove root's password from the /etc/shadow file.

  2. Pre-requisites
    1. Fedora: Lesson 1: Installing Fedora 14
    2. Fedora: Lesson 2: Use Fedora 14 Grub to boot into single user mode
    3. Fedora: Lesson 3: Hardening the Boat Loader, /boot/grub/grub.conf
    4. Fedora: Lesson 4: Using a Live CD to crack a password protected grub.conf file

  3. Lab Notes
    • In this lab we will do the following:
      1. Boot the Operating System off a Fedora Live CD.
      2. We will mount the disk partition that contains /etc.
      3. We will delete root's encrypted password from /etc/shadow.
      4. We will test our handy work.

  4. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • Your are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2013 No content replication of any kind is allowed without express written permission.

Section 1: Edit the Fedora14 Virtual Machine

  1. Open Your VMware Player
    • Instructions:
      1. On Your Host Computer, Go To
      2. Start --> All Program --> VMWare --> VMWare Player


  2. Edit Fedora 14 Virtual Machine Settings
    • Instructions:
      1. Highlight Fedora14
      2. Click Edit virtual machine settings


  3. Set Machine to Boot From CD/DVD
    • Instructions:
      1. Select CD/DVD (IDE)
      2. Device status: Check the Connect at power on checkbox.
      3. Select the "Use ISO image file" radio button.
      4. Click the Browse Button.
      5. Navigate to the location of your Fedora14.iso or other Live CD


  4. Edit Network Adapter
    • Instructions:
      1. Highlight Network Adapter
      2. Select Bridged
      3. Click the OK Button


Section 2: Play Virtual Machine
  1. Start the Fedora14 VM
    • Instructions:
      1. Click on the Fedora14 VM
      2. Click on Play virtual machine


  2. Obtain Boot Menu
    • Instructions
      1. Once you see the below vmware screen, (1) Left Click in the screen and (2) press the "<Esc>" key
    • Note(FYI):
      1. This might take you a few times so be patient!!!


  3. Boot Menu Options
    • Instructions:
      1. Arrow Down to CD-ROM Drive
      2. Press <Enter>


  4. Boot Notification
    • Instructions:
      1. Press the <Tab> key


  5. Live Desktop
    • Instructions:
      1. Arrow Down to Boot
      2. Press the <Tab> key


  6. Boot into Single User Mode
    • Instructions:
      1. Type the word single and the end of the line.
      2. Press the <Enter> key
    • Note(FYI):
      1. By adding "single" or "1" to the end of the line, you are telling the CD to boot into single user mode instead of the Graphical User Interface (init 5).


Section 3: Editing the grub.conf from single user mode.
  1. Working in Single User Mode
    • Note(FYI):
      1. In my case, you will notice the drive [sda]
      2. When booting off a CD into single user mode, you will  automatically be the root user


  2. View Partition Table
    • Instructions:
      1. fdisk -l
        • Where "-l" is the lower case letter L.
    • Note(FYI):
      1. The fdisk command will allow you to see the partition table for one or many disk(s).


  3. Notice the highlighted line below.
    • Note(FYI):
      • When we built this image, the mount point "/" was create on partition /dev/sda5
      • Typically, you would not know this information, but you can perform the below sequential steps to find the /etc/shadow file or in our case the /mnt/etc/shadow file.


  4. Let's mount the partition 1 and search for the shadow file.
    • Instructions:
      1. mount -t ext4 /dev/sda1 /mnt
      2. ls -l /mnt/etc/shadow
        • Note: The OS says no such file, so let's try the next partition.
      3. umount /mnt


  5. Let's mount the partition 2 and search for the shadow file.
    • Instruction:
      1. mount -t ext4 /dev/sda2 /mnt
      2. ls -l /mnt/etc/shadow
        • Note: The OS says no such file, so let's try the next partition.
      3. umount /mnt


  6. Let's mount the partition 3 and search for the shadow file.
    • Instruction
      1. mount -t ext4 /dev/sda3 /mnt
      2. ls -l /mnt/etc/shadow
        • Note: The OS says no such file, so let's try the next partition.
      3. umount /mnt


  7. Let's mount the partition 4 and search for the shadow file.
    • Instruction:
      1. mount -t ext4 /dev/sda4 /mnt
    • Note(FYI):
      1. In step 3, the "fdisk -l" command shows that /dev/sda4 is an extended partition.  Naturally, you are probably wonder what the hell is an extended partition.  Well the partition table has room for only four partitions.  One of these four partitions can be subdivided into many logical partitions. So, the extended partition is a place holder for the other logical partitions that it was used to create.


  8. Let's mount the partition 5 and search for the shadow file.
    • Instruction:
      1. mount -t ext4 /dev/sda5 /mnt
      2. ls -l /mnt/etc/shadow
        • Note: The /mnt/etc/shadow file exists.
      3. cd /mnt/etc


  9. Make a backup of the shadow file.
    • Instruction:
      1. cp shadow shadow.bkp
      2. ls -l shadow*
    • Note(FYI):
      1. You should see the below 3 shadow files.


  10. Open up the shadow file.
    • Instruction:
      1. vi shadow


  11. Remove the root password.
    • Instruction:
      1. On the first line, arrow over to where your cursor is to the right of  the first colon (:).  Then press the "x" key to delete all the characters until your reach the second colon (:).  DO NOT DELETE THE SECOND COLON(:)
        • (See Below the Before and After Pictures)
      2. Press the <Esc> key.
      3. Type ":wq!"
      4. Press the <Enter> key.
    • Before Picture
    • After Picture


  12. Un-Mount the /mnt directory
    • Instruction:
      1. cd /
      2. umount /mnt


  13. Before rebooting, we need to tell VMware to boot from the hard drive instead of using the Fedora Live CD Image.
    • Instructions:
      1. Player --> Manage --> Virtual Machine Settings...


  14. Restore Physical Drive Settings
    • Instructions:
      1. Click on CD/DVD(IDE)
      2. Click on the use physical drive: radio button
      3. Select Auto detect from the down drop menu.
      4. Click the OK Button
        • Note: A Disconnect anyway and override the lock? popup window will be displayed.
      5. Click the Yes Button
    • Note(FYI):
      • This will tell VMware to essentially eject the CD/ISO.


Section 4: Configure the grub.conf to provide a root prompt at single user mode
  1. Reboot Machine
    • Instructions:
      • shutdown -r now


  2. Login As student
    • Instructions:
      1. Click on student
      2. Provide student password
      3. Click the Login Button


  3. Start Up A Terminal.
    • Applications --> System Tools --> Terminal


  4. Switch User to root
    • Command: su - root
    • Note: You were not prompted for a root password.


  5. Why were not your prompted for a password?
    • Command: grep root /etc/shadow
    • Note:  Remember is section 4, step 11, you removed root's password from the /etc/shadow file.


  6. Become Root and Reset Password.
    • Instructions:
      1. su - root
        • Notice you were not prompted for a password!!!
      2. grep root /etc/shadow
      3. passwd root
      4. New password: <Provide Password>
      5. Retype new password: <Provide Password Again>
      6. grep root /etc/shadow


Section 5: Proof of Lab
  1. Proof of Lab
    • Instructions:
      1. ls -l /etc/shadow*
      2. grep root /etc/shadow* | awk -F: '{print $3}'
      3. grep "password changed for root" /var/log/secure
      4. date
      5. echo "Your Name"
        • Put in your actual name in place of "Your Name"
        • e.g., echo "John Gray"
    • Proof of Lab Instructions
      1. Press the <Ctrl> and <Alt> key at the same time.
      2. Press the <PrtScn> key.
      3. Paste into a word document
      4. Upload to Moodle

Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth