Home page logo
/

basics logo Security Basics mailing list archives

Re: Root account desactivated
From: Adam Brewster <asb () bu ued>
Date: Thu, 11 Mar 2004 18:10:20 -0500

MARTIN M. Bénoni wrote:

Hi community!

I have a really stupid trouble: on a Redhat 9.0, the line matching the
root account in the file /etc/passwd has been changed from ".../bin/bash"
to ".../sbin/nologin". We have the root password, but when performing a
"su" command, the system replies that the account is not currently
available.

So the question is: how from an user's account and knowing the root's
password but having the root account disabled can we reactivate this
root's account?

Any suggestion would be appreciated, I do not want to reinstall the box :(

Thanks a lot in advance!


Reboot the machine and have your boot loader pass "init=/bin/sh" to the
kernel.  Instant root shell.  Use your favorite editor to fix the passwd
file. Note that anybody with physical access to the machine can do this
without the root password, so securing the boot loader is a good idea.

If your boot loader has been secured, and you can't pass init=/bin/sh, get a
boot disk.  Almost any linux install CD will do.  Once you're looking at
the first screen of the installer, Alt-F2 will usually give you a root
shell.  From this shell, you can mount your root partition and make any
changes you need. Note that anybody with physical access and a CD can do
this without the root password, so securing your BIOS is probably a good
idea.

If your boot loader and your BIOS are secure, you'll need to be more
creative.  Rumor has it there's a mremap bug in the kernel bug that will
give any user root.  If you haven't updated your kernel in the last week,
maybe it would be helpful.

Hope this is helpful,
Adam Brewster

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault