Hack the password protected “single user ” mode on Linux January 22, 2011Posted by Tournas Dimitrios in Linux.
My previous article demonstrated how to bypass the login screen and reset the root password . The “single user ” mode could be used to bypass the security layer . Well single user mode can also be password protected , just append the following line in the “/etc/inittab ” file :
su:S:wait:/sbin/nologin #Single level will be skipped —> goes directly to the default runlevel ie 5
su:S:wait:/sbin/sulogin #Single level will demand root password
Now your machine will demand the root password even if Linux is start on “single user ” mode . This extra layer of protection will only prohibit a newbie to break in to your Linux box . The following 4 steps show how to bypass the protected “single user ” mode :
- While booting pass this kernel parameter : init=/bin/bash
This parameter will prevent the kernel to run the /sbin/init and proceed with the usual /etc/rc.d/* procedure , it will just give us a shell (no password checks , no filesystem checks , no startup environment) . THE FILESYSTEM WILL BE IN READ -ONLY MODE .
- The following command will remount the / filesystem writable .
mount -o remount , rw /
- Now the password can be changed with the “passwd ” command . Do not reboot yet until :
- mount -o remount , ro /
- Now press the reset button