Reset Linux Root Password

There are a couple of reasons why you might want to reset a Linux root password. If the current password is known to you, just log in as root and issue the passwd command. What if you’ve forgotten the password and can’t log in? Resetting a Linux root password is simple if you have access to the machine. There are 2 main methods.

Method #1

First, we boot the machine up. If LILO is in use, enter linux init=/bin/bash at the ‘LILO:’ prompt. If GRUB is in use, then press key ‘e’. We’ll need to edit the kernel line, beginning ‘linux’, and append init=/bin/sh:

Boot Step #3 Boot Step #1 Boot Step #2

 

The machine will boot straight into a shell prompt – no login required:

Boot Final

Now, bear in mind that the GRUB layout, kernel options and text may look significantly different on your particular Linux install. If I issue the mount command, I can see that my root filesystem has been mounted as read only:

# mount
[...]
/dev/disk/by-uuid/45bba583-3259-4626-ba7e-62873eee3295 on / type ext4 (ro,relatime,data=ordered)
# 

The key above, being the mount point ‘/’ and the ‘ro’ keyword. In order to modify the password file, we’ll need to remount the filesystem for read and write access:

# mount / -oremount,rw

Before issuing the passwd command to set a new password:

# passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
#

Now to remount the filesystem readonly again:

# mount / -oremount,ro

Finally – we’ll need to reboot, however as we are outside of the standard system, issuing reboot will fail. Instead, issue Ctrl-Alt-Del. There’s nothing wrong with this, as the filesystem has already been remounted read only – no data will be lost.

Method #2
Now, in some cases, GRUB is configured to prevent modifying the kernel command line, or another boot loader may be in use that prevents such an option. In this case, we’ll need a slightly different method, and some external support. We’ll need to either boot off a Linux CD or USB stick. Once booted, we’ll need to gain access to the hard disk partition containing the Linux installation whose root password we want to reset.

Issue fdisk -l to show disks and partitions found on the system:

root@kali:~# fdisk -l

Disk /dev/sdb: 32.2 GB, 32212254720 bytes
255 heads, 63 sectors/track, 3916 cylinders, total 62914560 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00057814

   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1   *        2048    60229631    30113792   83  Linux
/dev/sdb2        60231678    62912511     1340417    5  Extended
/dev/sdb5        60231680    62912511     1340416   82  Linux swap / Solaris

Disk /dev/sda: 32.2 GB, 32212254720 bytes
255 heads, 63 sectors/track, 3916 cylinders, total 62914560 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000dcc91

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048    60262399    30130176   83  Linux
/dev/sda2        60264446    62912511     1324033    5  Extended
/dev/sda5        60264448    62912511     1324032   82  Linux swap / Solaris
root@kali:~# 

In this case, we can see that /dev/sdb1 is our internal hard disk’s Linux partition.

Let’s make a temporary directory and mount /dev/sdb1 in to it:

root@kali:~# mkdir /mnt/harddisk
root@kali:~# mount /dev/sdb1 /mnt/harddisk
root@kali:~# ls /mnt/harddisk/
bin    dev   initrd.img  media  opt      root     share  tmp  vmlinuz
boot   etc   lib         mnt    pentest  sbin     srv    usr
cdrom  home  lost+found  nis    proc     selinux  sys    var

Excellent, issuing an ls confirms that this is indeed a Linux root partition. Now we’ll need to pivot in to it with chroot before changing the password:

root@kali:~# chroot /mnt/harddisk/
root@kali:/# passwd
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
root@kali:/# exit
exit
root@kali:~# 

And lastly, unmount, remove the temporary directory, and reboot:

# umount /mnt/harddisk
# rm -rf /mnt/harddisk
# reboot

Tags: , , ,

4 Responses to “Reset Linux Root Password”

  1. johnny says:

    mount / -oremount,rw
    should have a space after the -o
    mount / -o remount,rw

    and again:
    mount / -oremount,ro
    should be:
    mount / -o remount,ro

    • Adam Palmer says:

      Hi Johnny,

      No space is required – at least on Debian/Ubuntu and any mount version I’ve used before. Either way works fine.

  2. Paul says:

    After half an hour of scratching my head, this saved my life.

Leave a Reply