Thursday, December 8, 2011

Hack the password protected “single user ” mode on Linux

The “single user ” mode could be used to bypass the security layer . Well single user mode can also be password protected , just append the following line in the  “/etc/inittab ” file :
su:S:wait:/sbin/nologin #Single level will be skipped —> goes directly to the default runlevel ie 5
#Single level will demand root password

Now your machine will demand the root password even if Linux is start on “single user ” mode . This extra layer of protection will only prohibit a newbie to break in to your Linux box . The following 4 steps  show how to bypass the protected “single user ” mode :
  1. While booting pass this kernel parameter : init=/bin/bash
    This parameter will prevent the kernel to run the /sbin/init and proceed with the usual /etc/rc.d/*  procedure , it will just give us a shell (no password checks , no filesystem checks , no startup environment) . THE FILESYSTEM WILL BE IN READ -ONLY MODE .
  2. The following command will remount the / filesystem writable .
    mount  -o  remount , rw  /
  3. Now the password can be changed with the “passwd ” command . Do not reboot yet until :
  4. mount  -o remount , ro /
  5. Now press the reset button

1 comment: