(BackTrack: Lesson 2)

{ BackTrack Reset Root Password }

Section 0. Background Information

Overview
- This labs shows you a quick and easy way reset the root password on a VMware BackTrack5R1 instance using a live CD.
- It's embarrassing enough to forget, lose, or simply not know the root password to your machine. It's even more embarrassing to forget, lose, or mistake the root password to your penetration testing machine. :)
Prerequisite
- BackTrack: Lesson 1: Installing BackTrack 5 R1
Lab Notes
- In this lab we will do the following:
  1. Use a BackTrack Live CD/iso to mount up disk partition that contains /etc/shadow
  2. We will clear out the root password
  3. We will reset the root password
Legal Disclaimer
- As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
- In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
- In addition, this is a teaching website that does not condone malicious behavior of any kind.
- Your are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
- © 2012 No content replication of any kind is allowed without express written permission.
YouTube Video

Section 1: Startup the BackTrack Virtual Machine

Start Up BackTrack.
- Instructions:
  1. Start Up your VMware Player
  2. Play virtual machine
Use the WRONG password to Login to BackTrack
- Instructions:
  1. Login: root
  2. Password: Type in the wrong password on purpose!!!

Section 2: Edit Virtual Machine Settings

Make sure your CD/DVD Drive is connected.
- Instructions:
  1. Virtual Machine --> Removable Devices --> Connect
Make sure your CD/DVD Drive is connected.
- Instructions:
  1. Virtual Machine --> Virtual Machine Settings...
Set Machine to Boot From CD/DVD
- Instructions:
  1. Select CD/DVD (IDE)
  2. Device status: Click the Checkbox "Connect at power on"
  3. Select the "Use ISO image file" radio button.
  4. Browse to the location of your BT5R1-GNOME.iso or other Live CD.
  5. Select OK.
Reset BackTrack
- Instructions:
  1. Virtual Machine --> Power --> Reset
Booting from the ISO (Step 1)
- Instructions:
  1. At the same time, Click the right mouse key and the press the ESC button, when the screen starts to change to the VMware screen below.
- Note(FYI):
  - This might take you a few times so be patient!!!
Booting from the ISO (Step 2)
- Instructions:
  1. Arrow Down to "CD-ROM Drive"
  2. Press Enter
Boot
- Instructions:
  1. Press Enter
Boot BackTrack Live CD
- Instructions:
  1. Select "BackTrack Text - Default Boot Text Mode"
  2. Press Enter
BackTrack5 Command Line
- Note:
  - This is the screen you will see to begin the reset process.

Section 3: Mounting the Boot Disk

Discover the Boot Disk
- Instruction:
  1. fdisk -l
- Note(FYI):
  - This server was built with all the directories under the same partition.
  - Typically, productions servers will have a partition per file system. In our case, this server was built with all the directory and filesystems under one partition.
  - In the next step, we will mount up the /dev/sda1 partition.
Mount the Boot Partition
- Instruction:
  1. mount /dev/sda1 /mnt
  2. df -k
- Note(FYI):
  - Since, all filesystems and directories are located under /dev/sda1 we will be able to access any file.
Navigate to the etc directory
- Instruction:
  1. cd /mnt/etc
  2. ls -l | grep shadow
  3. md5sum /mnt/etc/shadow > /mnt/var/tmp/before.txt
    - This is part of the proof of lab.
- Note(FYI):
  - By mounting /dev/sda1 to the /mnt directory, we now have access to the shadow file.
Edit the shadow file
- Instruction:
  1. vi shadow
Edit the shadow file
- Instruction:
  1. Right arrow over to the immediate next right position of the first colon.
  2. Press the "x" to delete all the characters, until you get to the second colon. Note, do not delete the colons.
Saving the shadow file
- Instruction:
  1. Press the "Esc" key
  2. Press <Shift> and the ":" key.
  3. Type wq!
  4. Press enter
- Note(FYI):
  - Congratulations, You effectively cleared out the root password.
Post Lab Verification
- Instruction:
  1. md5sum /mnt/etc/shadow > /mnt/var/tmp/after.txt
  2. ls -l /mnt/var/tmp/*.txt
  3. cat /mnt/var/tmp/*.txt
- Note(FYI):
  - The above command are not required to reset/clear the root password.
  - This is only part of our pre-proof of lab instructions.

Section 4: Reboot BackTrack

Reboot the server
- Instruction:
  1. shutdown -r now
  2. Press <Enter> when you see the line that says "Please remove the disc and close ..."
Login as root
- Instruction:
  1. Type "root" at the bt login: prompt.
- Note:
  - After you press enter, you will not be prompted for the root password.
Change Root Password
- Instruction:
  1. passwd root
    - Set the root password to our standard classroom password.

Section 5: Proof of Lab

Proof of Lab
- Instruction:
  1. ls -l /var/tmp/*.txt
  2. md5sum /etc/passwd
  3. md5sum /var/tmp/*.txt
  4. date
  5. echo "Your Name"
    - Replace "Your Name" with your actual name.
    - e.g., echo "John Gray"
- Proof of Lab Instructions
  1. Press both the <Ctrl> and <Alt> keys at the same time.
  2. Do a <PrtScn>
  3. Paste into a word document
  4. Upload to Moodle

Section 6: Post Lab Clean Up

Change Back the Virtual Machine Settings
- Instruction:
  1. Virtual Machine --> Virtual Machine Settings...
Change CD/DVD Settings
- Instruction:
  1. Select CD/DVD (IDE)
  2. Select radio button "Use physical drive:" and make sure "Auto detect" is selected.