Linux Hack of the Week #11 - Reset Lost Root Password
e’ve all been in this place: you can’t log in to one of your Linux boxes, and you’re not sure how to proceed. Although there are many reasons this might happen, it could be because your old admins left without sharing the password, you are hacking a machine, or you simply typo’d something. Actually, forget that I said you were hacking a machine. Moving on…
So, how do we reset a lost root password? For this example, I will use Fedora 28, but the process is similar, if not the same, on most flavors of unix.
Step 1: Reboot and Edit
Reboot the machine and interrupt the grub boot process. Navigate to your kernel and select “e” to edit the line:
Find the line that begins with linux16 and go to the end of the line. Add “rw init=/bin/bash” to the line. I prefer to also remove the option “quiet” to get more verbose messaging, but that is a personal preference. When finished editing, hit CTRL-X to boot:
Step 2: Everything Works as Planned
If everything is working correctly you can now simply run passwd to supply a new password:
At this point you will have to power cycle the box and log in as usual. In the case that passwd did not work, continue on to the next step.
Step 3: The Hard Way
If things didn't go as planned the next step shows you how to edit the shadow file to blank out root’s password. Be careful, as you are now editing a tricky file. Edit /etc/shadow:
You now need to delete the letters between the first and second colon. Save the changes, and reboot:
DANGER, WILL ROBINSON! Your password for root is now blank. Reboot into runlevel 1 and change the password immediately. If you are not on the network you can reboot normally, login as root and run passwd. Otherwise, enter the grub edit screen and add a 1 to the end of your kernel line, similar to before. This will point in to single user mode with no network:
When the OS boots up simply hit enter and type passwd:
Now you have reset your password and you are ready to continue on to your default run level.
We have all had to do this on our Linux boxes once or twice, and hopefully this will save you a few minutes of googling. As always feel free to let me know if you have any questions firstname.lastname@example.org.
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.