13 Comments → You’re in the front of a Linux computer, you need a root access. What do you do?

1. G April 15, 2013 at 4:03 pm

   Unless of course the system is properly configured with a password for Grub, preventing you from selecting a different option.

   Reply ↓
   1. jole April 15, 2013 at 4:06 pm

      And if there’s no any BIOS password :) It’s not any attack method (although it could be, on a weakly protected systems, f.e. without Grub pass protection). It’s more a cool trick which can be handy sometimes.

      Reply ↓
2. Paolo April 15, 2013 at 4:24 pm

   If the boot loader is password protected but the BIOS isn’t, you could always boot the computer with a live CD, mount the partition with /etc and reset the root password. This also isn’t possible if /etc is inside an encrypted partition… In that case you’re kinda screwed: with an encrypted root partition the recovery mode would also be tricky (you’d need the partition password in order to boot the system properly).

   Reply ↓
3. jason April 15, 2013 at 4:25 pm

   It is possible to gain root/admin access to any system you have local control over.

   Reply ↓
   1. droope April 16, 2013 at 2:15 am

      If a bad guy can has unrestricted physical access to your PC, it’s not your PC anymore. ;)

      http://technet.microsoft.com/library/cc722487.aspx#EIAA

      Reply ↓
4. 4x April 16, 2013 at 11:51 am

   In grub menu press “e” on a boot menu item you’re interested in, then add init=/bin/bash to the end of kernel’s command line

   Reply ↓
5. Anony Mouse April 16, 2013 at 2:29 pm

   Or, you could pull the drive, connect it to a USB to SATA (assuming SATA, for RAID arrays, this gets more interesting…) dongle, plug that into a booted machine that you have control over, mount the disk to /mnt/root.me, chroot /mnt/root.me and then do “passwd” to change the root password.

   Unless someone encrypted their root disk, in which case you’re pretty much SOL.

   Reply ↓
   1. Paolo Bernardi April 16, 2013 at 6:01 pm

      In that case you could always at least have fun experimenting with cold boot attacks. Or you could try to “social engineer” your way to the root account (assuming that root is hostile)

      Reply ↓
6. Dylan March 14, 2014 at 5:53 pm

   A restart via command line requires a root password. Usually the system you want root access too is also in a remote location, so manually restarting isn’t an option either…. how do you gain access to it? Obviously if its your own box this isnt a problem ;)

   Reply ↓
7. pschepenaar March 24, 2014 at 2:29 pm

   @Dylan
   Alt+Magic-sysreqkey+r

   Instant reboot.

   So we need to be root – does it have to be the running OS?

   Reply ↓
8. Anes Lihovac March 24, 2014 at 2:50 pm

   Most Distros nowadays will still prompt you for a Password even in recovery mode.
   Another solution:
   Get an USB Stick and install e.g. Damn Small Linux via Unetbootin on it. Reboot the PC and boot from USB. Mount the harddisk partition and edit /etc/passwd. Delete the garbage between the two colons e.g root:khdfkj887676!dsd:/bin/bash…..
   Reboot, and log into as root without a password
   OR !!! Look under the keyboard, maybe someone scribbled a hint ;)

   Reply ↓
9. baldfat March 24, 2014 at 3:14 pm

   Missing #1 security rule.

   ANY computer that someone has physical contact with is already broken. No matter if BIOS and GRUB is password protected or not.

   What policy is in place to protect the physical computer besides passwords that can be hammered?

   Reply ↓
10. Eric Merritt March 24, 2014 at 5:54 pm

    If you have physical access to the box things are over before they begin from a security standpoint.

    Reply ↓