Let’s get this straight: This is just a tutorial for a competition I am participating in called India Capture The Flag or InCTF for short. I do not like, nor do I endorse cracking of other people’s systems and/or stealing of private and confidential data. I believe in building stuff, not tearing down things like password-protections.
Now that the disclaimer is out of the way, let’s do this!
There’s a really easy way to hack (or what I prefer to call “crack”) a person’s Linux machine, even if they have a Grub password in order to prevent someone from editing the files on their filesystem and getting access to their machine.
And all it needs is a Live CD. Any distro should do but generally people prefer to use the Live CD of the same distro they are trying to crack into.
Just insert the live CD into your disk tray and reboot the system, making sure that booting from disk is at a higher priority that booting from hard-drive. Then, on boot-up, select “Try Live CD without any change” and enter into the Live boot.
The first thing you should do is what every Linux lover does: Run the Terminal. Type into the terminal “sudo fdisk -l” to list out all the active drives in your system. You should be able to see which disk is the one that is being used as the primary one by the original Linux installation. Make sure you note down this drive. For this hack, we’ll assume it to be /dev/sda1.
Now comes the easy part. Having obtained the path to the primary disk partition, we create a folder/directory using “mkdir /media/temp”. Since this is a live boot, this file is not created on your hard-drive, just your RAM. Still not breaking anything.
This is where it gets interesting. We now mount the primary drive to our temporary folder, thus effectively creating a logical connection between the two. Just type “sudo mount /dev/sda1 /media/temp” into the terminal and we’re done.
Finally!! We’ve done all the preparation. We’ve stalked our prey like the merciless hunters we are. It’s now time to go in for the kill. Runnig “sudo chroot /media/temp” creates a shell with a different root directory, and passing /media/temp as the parameter gives us our primary partition as that new filesystem. So any changes now made in this shell, will be reflected directly in the primary partition. OH YEAH!!
Now it’s just a trivial matter of running “sudo passwd” to change our password to the desired one. Then all we have to do is reboot, and we’ll have complete control over the machine.
Congratulations! You are now a Linux Hacker.