ComputerSecurityStudent (CSS) [Login] [Join Now]




|UNIX >> Ubuntu >> Ubuntu 12.04 Desktop >> Current Page |Views: 18712

(Ubuntu: Lesson 4)

{ Using a Live CD to crack a password protected grub.cfg file }


Section 0. Background Information
  1. Background information.
    • The following lab will show you how to circumvent a password protected grub file using a live CD/iso, assuming a power on password is not set.

  2. Prerequisite
  3. Lab Notes
    • In this lab we will how to do the following:
      1. We will show you how to use a live CD/iso to remove a password from the Grub.
      2. We will show you how to boot into single user mode using the grub menu.
      3. We will show you how to change the root password.

  4. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2012 No content replication of any kind is allowed without express written permission.

 

Section 1: Start Ubuntu 12.04
  1. Start Ubuntu 12.04
    • Instructions
      1. For Windows 7
        • Start --> All Programs --> VMware Player
      2. For Windows XP
        • Starts --> Programs --> VMware Player

     

  2. Verify Virtual Machine Settings.
    • Instructions
      1. Click on Ubuntu 12.04
      2. Click on Edit virtual machine settings

     

  3. Set CD/DVD(IDE)
    • Instructions
      1. Click on CD/DVD(IDE)
      2. Check checkbox: Connect at power on
      3. Select radio button: Use ISO image file:
      4. Click the Browse Button.
      5. Navigate and Select the ubuntu-12.04-desktop.iso file
        • Note this can be any live linux iso.
      6. Click on the OK button.

     

  4. Start the Ubuntu 12.04 VM
    • Instructions
      1. Click on Ubuntu 12.04
      2. Click on Play virtual machine

 

Section 2: Boot From CD-ROM
  1. Access the Boot Menu
    • Instructions
      1. Once you see the below vmware screen, (1) Left Click in the screen and (2) press the <Esc> key.

     

  2. Boot from CD-ROM Drive
    • Instructions
      1. Arrow Down to where CD-ROM Drive is highlighted
      2. Press <Enter>

     

  3. Ubuntu CD
    • Instructions
      1. Click on the Try Ubuntu button

 

Section 3: Mount Hard Drive
  1. Ubuntu Dash
    • Instructions
      1. Click on the Ubuntu Dash

     

  2. Terminal Windows Search
    • Instructions
      1. Type "terminal" in the search box.
      2. Click on the terminal.

     

  3. Become Root
    • Instructions
      1. sudo su -

     

  4. Identify Hard drive name and root partition
    • Instructions
      1. fdisk -l
    • Notes(FYI):
      • /dev/sda is the name of the hard drive
      • /dev/sda1 is the boot partition which is notated with a "*" in the boot column.

     

  5. Mount the root partition
    • Instructions
      1. mount /dev/sda1 /mnt
    • Notes(FYI):
      1. This command will mount the disk partition that contains the /boot directory.

     

  6. Navigate to Hard Drive
    • Instructions
      1. cd /mnt
      2. ls
    • Note(FYI):
      • Changing directory (cd'ing) to /mnt would be the same as changing directory (cd'ing) to / if we did not boot from the CD-ROM.

 

Section 3: Editing the Grub Configuration Files
  1. Navigate to grub configuration directory
    • Instructions
      1. cd etc/grub.d/
      2. ls -lrta
    • Note(FYI):
      1. Change directory into etc/grub.d/
      2. List files and directories by long listing in reverse order by time.

     

  2. Search for the password directive
    • Instructions
      1. grep -i password *
    • Note(FYI):
      • The password directive can be placed in either the *0_customer files or the 00_header file.
      • So, to prevent needless looking, we use a simple grep command to streamline our search.
      • The password directive was found in the 00_header file.

     

  3. Open the 00_header file
    • Instructions
      1. vi 00_header
    • Note(FYI):
      1. This command will open file 00_header

     

  4. Edit the 00_header file
    • Instructions
      1. Press the <Shift> and "g" keys at the same time
        • This will take you to the bottom line of the file.
      2. dd
        • This will delete the line that contains "EOF".
      3. dd
        • This will delete the line that contains "password_pbkdf2"
      4. dd
        • This will delete the line that contains "set superusers".
      5. dd
        • This will delete the line that contains "cat << EOF".
      6. Press the <Esc> button
      7. Type ":wq!"
        • This will save the file.

     

  5. Navigate to boot loader directory
    • Instructions
      1. cd /mnt/boot/grub

     

  6. Open the grub.cfg
    • Instructions
      1. vi grub.cfg

     

  7. Search for the password directive
    • Instructions
      1. Press the "/" key to put the VI editor into search mode.
      2. Type "superusers"
      3. Press <Enter>

     

  8. Edit the grub.cfg file
    • Instructions
      1. dd
        • This will delete the line that contains "superusers"
      2. dd
        • This will delete the line that contains "password_pbkdf2".
      3. <Esc>
      4. :wq!
        • This will save the file

 

Section 4: Reboot and Test Grub Password Removal
  1. Reboot Machine
    • Instructions
      1. cd /
      2. umount /mnt
      3. reboot

     

  2. Press Enter
    • Instructions
      1. Press the <Enter> key

     

  3. Boot to Grub 2 Menu
    • Instructions
      1. Once you see the below vmware screen, (1) Left Click in the screen and (2) press the <Shift> key.

     

  4. Edit the Grub Menu
    • Instructions
      1. Make sure Ubuntu, with Linux 3.2.0-23-generic-pae is highlighted.
      2. Press "e"

     

  5. Cursor Placement
    • Instructions
      1. Cursor down to the line that starts with "linux /boot/vmlinuz-3.2.0-23-generice-pae".
      2. Cursor right until your cursor is positioned directly after $vt_handoff.
      3. Continue to next step
    • Note
      • Notice you were not prompted for the password!!!

     

  6. Delete "o  quite splash $vt_handoff"
    • Instructions
      1. Use the backspace key to delete the following characters:
        • "o  quiet splash $vt_handoff"
      2. Continue to next step.

     

  7. Add the string "w init=/bin/bash"
    • Instructions
      1. Type the follow string after the "r".
        • w init=/bin/bash
      2. Press <Ctrl> and "x" to boot to single mode.

 

Section 5: Resetting the Root Password
  1. Welcome to root
    • Note(FYI):
      1. You are now the root user
      2. Continue to next step.

     

  2. Reset root's password
    • Instructions
      1. passwd root
      2. Supply the password of your choice

 

Section 6: Reboot Machine and Test Root Password Reset
  1. Sync and Reboot
    • Instructions
      1. sync
      2. reboot -f

     

  2. Edit the Grub Menu
    • Instructions
      1. Make sure Ubuntu, with Linux 3.2.0-23-generic-pae is highlighted.
      2. Press "e".

     

  3. Boot Machine
    • Instructions
      1. Press <Ctrl> and "x" to boot the machine.

     

  4. Login to Server
    • Instructions
      1. User: Student
      2. Password: Please supply the student password.

     

  5. Start up a Terminal
    • Instructions
      1. Click on the Terminal

     

  6. Test the new root password
    • Instructions
      1. su - root
      2. Enter your new root password that you created in
        • (Section 5, Step 2)

     

Section 5: Proof of Lab
  1. Proof of Lab
    • Instructions
      1. grep "password changed" /var/log/auth.log
      2. date
      3. echo "Your Name"
        • Replace the string "Your Name" with your actual name.
        • e.g., echo "John Gray"
    • Proof of Lab Instructions
      1. Press both the <Ctrl> and <Alt> keys at the same time.
      2. Do a <PrtScn>
      3. Paste into a word document
      4. Upload to Moodle

     

  2. Re-Harden Grub Menu (Optional)


Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth