ComputerSecurityStudent (CSS) [Login] [Join Now]




|UNIX >> Ubuntu >> Ubuntu 12.04 Desktop >> Current Page |Views: 9515

(Ubuntu: Lesson 5)

{ Using a Live CD to clear root's password in /etc/shadow }


Section 0. Background Information
  1. Background information.
    • The following lab will show you how to use a Live CD/iso to clear root's password from the /etc/shadow file.
    • Also, this lab will show you how to remove the PAM security to prevent a user from logging in with a blank password.
    • This lab is assuming a power on password is not set.

  2. Prerequisite
  3. Lab Notes
    • In this lab we will how to do the following:
      1. We will show you how to use a live CD/iso to remove a password from the Grub.
      2. We will show you how to disable PAM's security to prevent a user from logging in with a blank password.
      3. We will show you how to change the root password.

  4. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2012 No content replication of any kind is allowed without express written permission.

 

Section 1: Start Ubuntu 12.04
  1. Start Ubuntu 12.04
    • Instructions
      1. For Windows 7
        • Start --> All Programs --> VMware Player
      2. For Windows XP
        • Starts --> Programs --> VMware Player

     

  2. Verify Virtual Machine Settings.
    • Instructions
      1. Click on Ubuntu 12.04
      2. Click on Edit virtual machine settings

     

  3. Set CD/DVD(IDE)
    • Instructions
      1. Click on CD/DVD(IDE)
      2. Select radio button: Use ISO image file:
      3. Click the Browse Button.
      4. Navigate and Select the ubuntu-12.04-desktop.iso file
        • Not this can be any live linux iso.
      5. Click on the OK button.

     

  4. Start the Ubuntu 12.04 VM
    • Instructions
      1. Click on Ubuntu 12.04
      2. Click on Play virtual machine

 

Section 2: Boot From CD-ROM
  1. Access the Boot Menu
    • Instructions
      1. Once you see the below vmware screen, (1) Left Click in the screen and (2) press the <Esc> key.

     

  2. Boot from CD-ROM Drive
    • Instructions
      1. Arrow Down to where CD-ROM Drive is highlighted
      2. Press <Enter>

     

  3. Ubuntu CD
    • Instructions
      1. Click on the Try Ubuntu button

 

Section 3: Mount Hard Drive
  1. Ubuntu Dash
    • Instructions
      1. Click on the Ubuntu Dash

     

  2. Terminal Windows Search
    • Instructions
      1. Type "terminal" in the search box.
      2. Click on the terminal.

     

  3. Become Root
    • Instructions
      1. sudo su -

     

  4. Identify Hard drive name and root partition
    • Instructions
      1. fdisk -l
    • Note(FYI):
      • /dev/sda is the name of the hard drive
      • /dev/sda1 is the boot partition which is notated with a "*" in the boot column.

     

  5. Mount the root partition
    • Instructions
      1. mount /dev/sda1 /mnt

     

  6. Navigate to Hard Drive
    • Instructions
      1. cd /mnt
      2. ls
    • Note(FYI):
      • Changing directory (cd'ing) to /mnt would be the same as changing directory (cd'ing) to / if we did not boot from the CD-ROM.

 

Section 3: Editing the Grub Configuration Files
  1. Navigate to the etc/ configuration directory
    • Instructions
      1. cd etc/

     

  2. Backup the shadow file
    • Instructions
      1. cp shadow shadow.BKP
      2. ls -l shadow*
    • Note(FYI):
      • It's always a good idea to backup sensitive configuration files before editing them.

     

  3. Open the shadow file
    • Instructions
      1. vi shadow

     

  4. Edit the shadow file
    • Instructions
      1. Make sure the cursor is on the first line that starts with root.
      2. Cursor over to the right until the cursor is immediately to the right of the first colon.
      3. dt:
        • This will delete the encrypted password between the first two colons.
      4. Continue to next step.

     

  5. Save the shadow file
    • Note(FYI):
      • Notice that root's encrypted file has been cleared out between the first two colons.
    • Instructions
      1. Press the <Esc> key.
      2. Type ":wq!"

 

Section 5: Remove PAM security to prevent blank passwords
  1. Navigate to pam directory
    • Instructions
      1. cd /mnt/etc/pam.d/

     

  2. Make a backup of the common-auth file
    • Instructions
      1. cp common-auth common-auth.BKP
      2. ls -l common-auth*

     

  3. Allow any user to login with a blank password
    • Instructions
      1. grep nullok_secure common-auth
        • No users are allowed to login with a blank password, when nullok_secure is set for the auth directive.
      2. sed -i 's/nullok_secure/nullok/' common-auth
        • Replace nullok_secure with nullok.
        • Users are allowed to login with a blank password, when nullok is set for the auth directive.
      3. grep nullok_secure common-auth
        • Notice that nullok_secure is no longer in the common-auth file.
      4. grep nullok common-auth
        • Although nullok_secure is not found in the common-auth file, however, nullok is found.

 

Section 6: Reboot and Test Blank Root Password
  1. Reboot Machine
    • Instructions
      1. cd /
      2. umount /mnt
      3. reboot

     

  2. Installation Media Message
    • Instructions
      1. Press the <Enter> key

     

  3. Login to Server
    • Instructions
      1. User: Student
      2. Password: Please supply the student password.

     

  4. Start up a Terminal
    • Instructions
      1. Click on the Terminal

     

  5. Test root's blank password
    • Instructions
      1. su - root
    • Note(FYI):
      • Notice you were not prompted for a password.

 

Section 7: Set Root Password
  1. Set root's password
    • Instructions
      1. passwd root
      2. Enter new UNIX password:
      3. Retype new Unix password:
      4. grep root /etc/shadow
        • Notice the encrypted password between the first two colon delimiters.

 

Section 8: Disallow BLANK password usage
  1. Disallow blank password usage
    • Instructions
      1. cd /etc/pam.d
      2. grep nullok common-auth
      3. sed -i 's/nullok/nullok_secure/' common-auth
      4. grep nullok common-auth

 

Section 9: Proof of Lab
  1. Proof of Lab
    • Instructions
      1. ls -l /etc/shadow*
      2. ls -l /etc/pam.d/common-auth*
      3. grep "Successful su for root by student" /var/log/auth.log | tail -1
      4. date
      5. echo "Your Name"
        • Replace the string "Your Name" with your actual name.
        • e.g., echo "John Gray"
    • Proof of Lab Instructions
      1. Press both the <Ctrl> and <Alt> keys at the same time.
      2. Do a <PrtScn>
      3. Paste into a word document
      4. Upload to Moodle

 



Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth