Recover root access and all other user account passwords
In this demonstration, we are going to be looking at how you can recover root access back on your device if you have forgotten your password. We are also going to be looking at how you can recover all of the passwords from other accounts on the system.
The first thing to do is start up the computer and at the Grub boot menu, you want to go ahead and press e to enter the edit the commands before booting window. The Grub boot menu should look something like the picture below:
When you have entered the editing window, use the keyboard to scroll down until you find the line with “Linux /boot/… ”, on the line under that change the “ro” to “rw”. This is changing it for read-only to read and write, which is exactly what we want. We also need to change the “quiet” that is and the end of the same boot entry to “init=/bin/bash”. Now just press Ctrl + x or F10 to boot into a root bash console.
Now we check that we have got read and write permission, we can do this by running the command:
Now that we know we have got read and write permission we can go ahead and change the root password by running the command:
Now we have changed the password of the root account, we can restart the computer and login as root.
If you need to recover the passwords for the other user accounts on the computer as well, then this can be done by un-shadowing the password and shadow file into one file. We do this by running the command: unshadow /etc/passwd /etc/shadow > passfile. This new file will contain all the hash values of the user accounts and passwords on the computer. Like shown below:
Now we have got a file with all the user’s password hash values, we can run them through the John the ripper tool. We can do this with the command:
This will start john the ripper with the input of the file passhash. This can take a long time depending on the complexity of the password, the account hash values to crack of and the hardware of the device performing the cracking.
When John has finished cracking the passwords, it will output them to the screen. we can then use the –show option then the file name to display all of the cracked password hashes. we can then send that information over to a new file by running the command:
john --show passhash > crackedpasswords.txt
There you go, you have now successfully recovered root access back on your machine and extracted and cracked all your forgotten passwords. Note: This should only be done on computers that you own and accounts that are yours, This demonstration is only for recovery and educational purposes.