ComputerSecurityStudent (CSS)


|UNIX >> BackTrack |Views: 9814

(BackTrack: Lesson 2)

{ BackTrack Reset Root Password }

Section 0. Background Information
  • Overview
    • This labs shows you a quick and easy way reset the root password on a VMware BackTrack5R1 instance using a live CD.
    • It's embarrassing enough to forget, lose, or simple not know the root password to your machine.  It's even more embarrassing to forget, lose, or mistake the root password to your penetration testing machine.

Section 1. Startup the BackTrack Virtual Machine
 
  1. Start Up BackTrack.
    • Instructions:
      1. Start Up your VMware Player
      2. Play virtual machine

     

  2. Use the WRONG password to Login to BackTrack
    • Instructions:
      1. Login: root
      2. Password: Type in the wrong password on purpose!!!

 

Section 2. Edit Virtual Machine Settings
  1. Make sure your CD/DVD Drive is connected.
    • Instructions:
      1. Virtual Machine --> Removable Devices --> Connect

     

  2. Make sure your CD/DVD Drive is connected.
    • Instructions:
      1. Virtual Machine --> Virtual Machine Settings...

     

  3. Set Machine to Boot From CD/DVD
    • Instructions:
      1. Select CD/DVD (IDE)
      2. Select the "Use ISO image file" radio button.
      3. Browse to the location of your BT5R1-GNOME.iso or other Live CD.
      4. Select OK.

     

  4. Reset BackTrack
    • Instructions:
      1. Virtual Machine --> Power --> Reset

     

  5. Booting from the ISO (Step 1)
    • Instructions:
      1. At the same time, Click the right mouse key and the press the ESC button, when the screen starts to change to the VMware screen below.
    • Note:
      • This might take you a few times so be patient!!!

     

  6. Booting from the ISO (Step 2)
    • Instructions:
      1. Arrow Down to "CD-ROM Drive"
      2. Press Enter

     

  7. Boot
    • Instructions:
      1. Press Enter

     

  8. Boot BackTrack Live CD
    • Instructions:
      1. Select "BackTrack Text - Default Boot Text Mode"
      2. Press Enter

     

  9. BackTrack5 Command Line
    • Note:
      • This is the screen you will see to begin the reset process.

 

Section 3. Mounting the Boot Disk
  1. Discover the Boot Disk
    • Instruction:
      1. fdisk -l
    • Note:
      • This server was built with all the directories under the same partition.
      • Typically, productions servers will have a partition per file system.  In our case, this server was built with all the directory and filesystems under one partition.
      • In the next step, we will mount up the /dev/sda1 partition.

     

  2. Mount the Boot Partition
    • Instruction:
      1. mount /dev/sda1 /mnt
      2. df -k
    • Note:
      • Since, all filesystems and directories are located under /dev/sda1 we will be able to access any file.

     

  3. Navigate to the etc directory
    • Instruction:
      1. cd /mnt/etc
      2. ls -l | grep shadow
      3. md5sum /mnt/etc/shadow > /mnt/var/tmp/before.txt
        • This is part of the proof of lab.
    • Note:
      • By mounting /dev/sda1 to the /mnt directory, we know have access to the shadow file.

     

  4. Edit the shadow file
    • Instruction:
      1. vi shadow

     

  5. Edit the shadow file
    • Instruction:
      1. Right arrow over to the immediate next right position of the first colon.
      2. Press the "x" to delete all the characters, until you get to the second colon.  Note, do not delete the colons.

     

  6. Saving the shadow file
    • Instruction:
      1. Press the "Esc" key
      2. Press <Shift> and the ":" key.
      3. Type wq!
      4. Press enter
    • Note:
      • Congratulations, You effectively cleared out the root password.

     

  7. Post Lab Verification
    • Instruction:
      1. md5sum /mnt/etc/shadow > /mnt/var/tmp/after.txt
      2. ls -l /mnt/var/tmp/*.txt
      3. cat /mnt/var/tmp/*.txt
    • Note:
      • The above command are not required to reset/clear the root password.
      • This is only part of our pre-proof of lab instructions.

 

Section 4. Reboot BackTrack
  1. Reboot the server
    • Instruction:
      1. shutdown -r now
      2. Press <Enter> when you see the line that says "Please remove the disc and close ..."

     

  2. Login as root
    • Instruction:
      1. Type "root" at the bt login: prompt.
    • Note:
      • After you press enter, you will not be prompted for the root password.

     

  3. Change Root Password
    • Instruction:
      1. passwd root
        • Set the root password to our standard classroom password.

     

  4. Proof of Lab
    • Instruction:
      1. ls -l /var/tmp/*.txt
      2. md5sum /etc/passwd
      3. md5sum /var/tmp/*.txt
      4. date
      5. echo "Your Name"
        • Replace "Your Name" with your actual name.
        • e.g., echo "John Gray"

     

  5. Change Back the Virtual Machine Settings
    • Instruction:
      1. Virtual Machine --> Virtual Machine Settings...

     

  6. Change CD/DVD Settings
    • Instruction:
      1. Select CD/DVD (IDE)
      2. Select radio button "Use physical drive:" and make sure "Auto detect" is selected.

     

Section 5. Proof of Lab
  1. Complete Section 4, Step 4, then upload to Moodle.