From owner-freebsd-questions@FreeBSD.ORG Sat Nov 27 18:12:37 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DB70D16A4CE for ; Sat, 27 Nov 2004 18:12:37 +0000 (GMT) Received: from internet.potentialtech.com (h-66-167-251-6.phlapafg.covad.net [66.167.251.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id A57C643D2D for ; Sat, 27 Nov 2004 18:12:37 +0000 (GMT) (envelope-from wmoran@potentialtech.com) Received: from working.potentialtech.com (pa-plum-cmts1e-68-68-113-64.pittpa.adelphia.net [68.68.113.64]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by internet.potentialtech.com (Postfix) with ESMTP id 3989469A3F; Sat, 27 Nov 2004 13:12:36 -0500 (EST) Date: Sat, 27 Nov 2004 13:12:35 -0500 From: Bill Moran To: Nikolas Britton Message-Id: <20041127131235.7025033b.wmoran@potentialtech.com> In-Reply-To: <41A8A94C.8070509@nbritton.org> References: <1101392541.29769.409.camel@localhost.localdomain> <41A8A94C.8070509@nbritton.org> Organization: Potential Technologies X-Mailer: Sylpheed version 0.9.99 (GTK+ 1.2.10; i386-portbld-freebsd4.10) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-questions@freebsd.org cc: al@xms.co.za Subject: Re: Breaking password on FreeBSD 5.2.1 box X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Nov 2004 18:12:38 -0000 Nikolas Britton wrote: > Andrew Lewis wrote: > > >Hi list, > > > >We have a client running a fBSD 5.2.1 box that needed its root password > >hacked. > > > >I couldn't boot into single user mode w/o the root password, so I > >installed fBSD 5.3 on another machine, and slaved the drive from the > >5.2.1 box in mine. > > > What? > > Step 1: Boot the computer. > Step 2: At the FreeBSD boot menu select "Escape to loader prompt" > Step 3: Type in "boot -s" and hit enter. > Step 4: Hit enter when it asks you what shell you want to use. > Step 5: Type in "cat /etc/fstab" and hit enter. > Step 6: Mount / and /usr, "mount /dev/foobar /", "mount /dev/foobar /usr". > Step 7: Type in "passwd" and hit enter. > Step 8: Type in new password and hit enter. > Step 9: Retype in new password and hit enter. > Step 10: type in "reboot" and hit enter. > > I just try'ed it with FreeBSD 4.10 and 5.3 and it worked for both of them. Edit /etc/ttys and mark the console "insecure" and try it again. You'll find you can't get in without the password when that change has been made. That configuration is the correct thing to do when you can't guarantee the physical security of the machine. -- Bill Moran Potential Technologies http://www.potentialtech.com