Security Basics mailing list archives
Re: Root account desactivated
From: Adam Brewster <asb () bu ued>
Date: Thu, 11 Mar 2004 18:10:20 -0500
MARTIN M. Bénoni wrote:
Hi community! I have a really stupid trouble: on a Redhat 9.0, the line matching the root account in the file /etc/passwd has been changed from ".../bin/bash" to ".../sbin/nologin". We have the root password, but when performing a "su" command, the system replies that the account is not currently available. So the question is: how from an user's account and knowing the root's password but having the root account disabled can we reactivate this root's account? Any suggestion would be appreciated, I do not want to reinstall the box :( Thanks a lot in advance!
Reboot the machine and have your boot loader pass "init=/bin/sh" to the kernel. Instant root shell. Use your favorite editor to fix the passwd file. Note that anybody with physical access to the machine can do this without the root password, so securing the boot loader is a good idea. If your boot loader has been secured, and you can't pass init=/bin/sh, get a boot disk. Almost any linux install CD will do. Once you're looking at the first screen of the installer, Alt-F2 will usually give you a root shell. From this shell, you can mount your root partition and make any changes you need. Note that anybody with physical access and a CD can do this without the root password, so securing your BIOS is probably a good idea. If your boot loader and your BIOS are secure, you'll need to be more creative. Rumor has it there's a mremap bug in the kernel bug that will give any user root. If you haven't updated your kernel in the last week, maybe it would be helpful. Hope this is helpful, Adam Brewster --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Re: Root account desactivated, (continued)
- Re: Root account desactivated Paul Mohr (Mar 12)
- Re: Root account desactivated sil (Mar 12)
- Re: Root account desactivated Michael Gale (Mar 12)
- Re: Root account desactivated Dan Trainor (Mar 12)
- Re: Root account desactivated - confirmed Alvin Oga (Mar 12)
- Re: Root account desactivated Michael Gale (Mar 12)
- Re: Root account desactivated Patrice Neff (Mar 15)
- Re: Root account desactivated Paul Mohr (Mar 12)
- Re: Root account desactivated Ansgar -59cobalt- Wiechers (Mar 12)
- Re: Root account desactivated Paul Mohr (Mar 12)
- Re: Root account desactivated mike (Mar 12)
- Re: Root account desactivated Adam Brewster (Mar 12)
- Re: Root account desactivated Torry Crass (Mar 12)
- Re: Root account desactivated Leif Ericksen (Mar 12)
- Re: Root account desactivated Suramya Tomar (Mar 12)
- Re: Root account desactivated Mike Dresser (Mar 12)
- Re: Root account desactivated Andreas (Mar 12)
- Re: Root account desactivated Andreas (Mar 12)
- RE: Root account desactivated Burton M. Strauss III (Mar 12)
- RE: Root account desactivated Harshul Nayak (Mar 12)
- FW: Root account desactivated Jimmy Godbout (Mar 12)
- Re: FW: Root account desactivated Iván Eguiguren (Mar 17)