How-To Recover password under Ubuntu
Turn your computer on.
Press ESC at the grub prompt.
Press e for edit.
Highlight the line that begins kernel ........., press e
Go to the very end of the line, add rw init=/bin/bash
press enter, then press b to boot your system.
Your system will boot up to a passwordless root shell.
Type in passwd username
Set your password.
Type in reboot
You used to be able to type in the boot command: “linux single” and it would kick you to a root prompt. Not sure if this still works or not though.
Very nice step list.
Unfortunately that can be done because of a “huge” security issue with the typical Linux installations. Because using this same procedure you can also change the “root” password. So basically be aware that from your console anyone with some basic knowledge of Linux can enter in your computer. So don’t assume your data is that safe. I don’t store that important data in my computer, so I have not looked around for some solution. The BIOS password is not enough. So maybe some extra password in GRUB before entering in edition mode?
@Kubunteando: Protecting from edit kernel parameter lines or from complete menu selections in grub can be done by using “password” and “lock” directives in grub configuration file (nornally /boot/grub/menu.lst).
Check this link: http://www.gnu.org/software/grub/manual/html_node/password.html#password
my 2 cents – the polarizer
To The Polarizer
Thanks. I will try it.
I guess it is time to switch back to a secure OS like windows. I can’t believe such a glaring security hole exists. I’m glad I at least wasn’t stupid enough to claim that Linux was more secure than windows.
It depends what is the type of security you value.
I value that when I access my bank on the Internet I feel safe. That I did not get any “keyloggers” that steal my passwords, and I did not get that malware that who knows what is spying/doing while I am browsing the Net. That feeling of security I have it with Linux.
I never access my bank account under Windows.
Linux is far more secure than Windows.
Telling that Windows is secure is a really good joke! 🙂
Yesterday I forgot my password, and after searching about a way, all what I needed to do is just pressing Esc to enter Grub to the kernel then write this:passwd userName (replace the userName with the account name) and you wil be asked to wright a new password
So much for security!
Well it all depends because if someone has physical access, they can just crack the windows password with Knoppix or another live cd by mounting your windows partition. So at least you can prevent this with a bootloader password.
Well it all depends because if someone has physical access, they can just crack the windows password with Knoppix or another live cd by mounting your windows partition. So, at least you can prevent this with a bootloader password.
To all the windows trolls, it is as (in)secure as you choose it to be…
Just configure grub in a secure way (that prevents edits by example)…
Amazing, right…?! ^_^
FOMG. What a huge security hole. Thanks for the warning. I had no idea this was possible.
It is possible to password-protect the interactive startup. Follow the link to find out how to put a password on GRUB, and lock certain boot options [like recovery mode]
wow.. fr33d0m is mentally retarded! to say windows is more secure than linux is like saying hell is a better place than haven..
sorry for being so nasty, but my dad is a propaganda hitler dude when it comes to picking linux over windoze!
so.. before making a statement like that, go check the facts, a nice Python programmed firewall running in linux will make you
impossible to be found .. and also, i think you would have be booting the machine when he/she tries to hack you?? im unsure..
LINUX POWAH!! PLEASE BRING GAMING TO LINUX!!
To the gamer guy, you do realize that linux has awesome games (nexuiz..also is cross-platform for the windows users)
This is how to reset your password; not how to recover it…
I have ubuntu 7. I tried to reset passwd and found two kernel lines….ummm, which one to use? OK, the second one got me to a prompt, but typing a new passwd allowed me one letter only, said it was changed, but no, wrong wrong wrong, no sir, didn’t work. no go. Ummm, help?
I need to update linux and can’t without a password. I don’t have a “questions.dat” file, so finding it there isn’t an option. I need it changed, not recovered, not how to change from the old one to a new one, not how to type passwd at the prompt……get my meaning? Do you understand now? Or need I explain it a LOT more?
I need it wiped clean, so there IS NO PASSWORD!!!!! Hello?
For all those M$ supporters who think Windows is more secure:
A sweet, 60-second procedure.
your process of system recovery did work for the password to be reset thanks very much
For the people which believe this is security issue, try to imagine how would you implement it better. I can always boot a system with a different OS to look at the existing partitions, or even manipulate it in order to boot next time in a root shell.
If you really think this is a security threat, it means you enjoy more “trusted computing” which does not allow such circumvention but on the other side restrict the usage capabilities of the system.
You can consider encrypting the sensitive partitions, but you will need a way to provide the encryption passphrase each time you mount the partition. If you automate the process, the attacher will find your passphrase if he or she will be allowed to reboot the system.
These instructions do not seem to work anymore. I do get a root prompt (keystrokes not echoed, no problem).
Typing passwd [username]
returns “New Password”. After typing two characters, I’m thrown back to the command line, with two errors, one about not being able to change authentication information, the other saying passwords do not match.
Fortunately, I was able to look at the names in /etc/passwd, and DEDUCE the password for one account.
(ubuntu 8.04 server)
Set a bios password so you cannot even make it to Grub, this will protect against this kind of attack.
Most bios versions have backdoor passwords so that’s not save. Nothing’s gona save you if someone wants to get in
Please, folks, this is nothing new. *Someone* is right when they say it’s a matter of physical access. If an attacker has physical access to a system, it is already essentially compromised. Though the process described here is ridiculously easy, getting into a machine you have physical access to has never been hard. Simple password protection is mostly only effective against remote attacks: if you want to protect your computer from someone with physical access to it, you’ll need to encrypt the entire hard drive and/or encrypt on a per user basis, i.e. encrypt each home folder individually. Even then the encryption key will be stored in RAM while the encrypted data is in use, and therefore only a RAM dump away from recovery.
Please, this is not new. The issue is not Linux vs. Windows, (which has never really been a contest: see footnote#1) it’s physical access. If an attacker has physical access, you’re pretty much toast any way you look at it, the only solution being to encrypt everything, and even that has its caveats.
(footnote#1: for those of you who thought Windows passwords were secure, I suggest you do a search for “ophcrack”, then re-evaluate. Not only can they be reset, they can be recovered)
need a knoppix or dsl for my old machine of about 1gig.
Ubuntu is almost as easy to hack as Mac OS X is, LOL!
Well …. from the moment that anyone has physical access to your pc consider it exposed.
Do you think it is any harder for windows ?
All you need is a …….
Well i leave that for you to find out.
And wonder which one gets easier hack from non physical access !!!!!
To all those that think Windows is more secure than Linux……
I can crack windows in second – as can anyone who knows how to use Google!!!
1 simple command can crack any users account on Windows…
Same with Ubuntu… Sad part is that no matter how good security gets, there will always be a way around it.