Date: Sat, 27 Nov 2004 13:12:35 -0500 From: Bill Moran <wmoran@potentialtech.com> To: Nikolas Britton <freebsd@nbritton.org> Cc: al@xms.co.za Subject: Re: Breaking password on FreeBSD 5.2.1 box Message-ID: <20041127131235.7025033b.wmoran@potentialtech.com> In-Reply-To: <41A8A94C.8070509@nbritton.org> References: <1101392541.29769.409.camel@localhost.localdomain> <41A8A94C.8070509@nbritton.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Nikolas Britton <freebsd@nbritton.org> wrote: > Andrew Lewis wrote: > > >Hi list, > > > >We have a client running a fBSD 5.2.1 box that needed its root password > >hacked. > > > >I couldn't boot into single user mode w/o the root password, so I > >installed fBSD 5.3 on another machine, and slaved the drive from the > >5.2.1 box in mine. > > > What? > > Step 1: Boot the computer. > Step 2: At the FreeBSD boot menu select "Escape to loader prompt" > Step 3: Type in "boot -s" and hit enter. > Step 4: Hit enter when it asks you what shell you want to use. > Step 5: Type in "cat /etc/fstab" and hit enter. > Step 6: Mount / and /usr, "mount /dev/foobar /", "mount /dev/foobar /usr". > Step 7: Type in "passwd" and hit enter. > Step 8: Type in new password and hit enter. > Step 9: Retype in new password and hit enter. > Step 10: type in "reboot" and hit enter. > > I just try'ed it with FreeBSD 4.10 and 5.3 and it worked for both of them. Edit /etc/ttys and mark the console "insecure" and try it again. You'll find you can't get in without the password when that change has been made. That configuration is the correct thing to do when you can't guarantee the physical security of the machine. -- Bill Moran Potential Technologies http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041127131235.7025033b.wmoran>