Introduction
We wil be using a live linux usb, if dont know how go here and learn to make one.http://greyhatsspeak.blogspot.com/2013/01/creating-live-linux-usb.html
We are going to boot in from a live usb and access the os in the hard disk with root privileges and edit the file storing the password information. We will use pre-calculated hash of a password and use it to edit the password.
We will be dealing with breaking into linux os at the practical level only, to understand what is actually going on it is highly recommended that you read the article below.
http://greyhatsspeak.blogspot.com/2013/02/user-authentication-in-linux.html
So first we will use the crypt() function to generate the hash of a string which we want to set as password. Here is the code, If you dont want to do the program-compilation part browse down and use the pre-calculated hash.
ATTACK
We are simply using a preset salt as it has nothing to do with our password. To compile it first copy and paste the code into a plain text file(say at desktop) and name it to hash.c. Now open terminal and use cd command to goto the folder where you placed the c program.Compile it using the command
gcc -lcrypt -o hash hash.c
Now the compiled file will be named as hash.
To obtain the hash of a string, type at the terminal
./hash "password"
Replace password with the new password you want to set. Now you will get a long combination of some character just copy it
If you want to use ready-made hashes, here is a few
password hash
a $6$srH15BRC$WHvbRrqIMDe3Nc38pTwTxFrHPVBVlIdNs0.R/oqsM5Devh4aTkyLIA.RuPGURzfntVcumO6QpDqKcrc6rG12h.
Now at terminal type
sudo nautilus
This will launch a file browser with root permissions, now browse to the hard disk where the linux is installed you can find the hard disk at the side pane.
goto /etc folder
Now just backup the shadow file to somewhere if you need to reset the old password back after use(maybe you want to install a back-door in it). Now open the shadow file and find the row containing the username, you will see some fields separated by semicolons, now we want to replace the second field(just after username) with the previously copied hash.
The work is over now boot from the hard-disk and login using your new password!!
Dont forget to make it clean after use, just put back the shadow file which you have backed-up. Again use the command sudo nautilus at the terminal to do it.
tags:hack, linux, ubuntu, undetectable, shadow, hash, salt, crypt, live, usb, password, reset, change