🌟
Noel's Cyberkshetra Blogspace
LinkedIn ProfileGithub ProfilePersonal Blogspot
  • Welcome to my Gitbooks Page
  • 💽Let's Defend Blue Team Walkthroughs
    • SOC164 - Suspicious Mshta Behavior Alert
    • SOC147 - SSH Scan Activity Alert
    • SOC146  -  Phishing Mail Detected Alert
    • SOC145 - Ransomware Detected Alert
    • SOC144  -  New scheduled task created Alert
    • SOC143 - Password Stealer Detected Alert
    • SOC141  -  Phishing URL Detected Alert
    • SOC141 - Phishing URL Detected Alert
    • SOC137 — Malicious File/Script Download Attempt: A Walkthrough
    • SOC109  -  Emotet Malware Detected Alert
    • SOC104 - Malware Detected Alert
    • SOC101  -  Phishing Mail Detected Alert
    • HTTP Basic Auth: Let's Defend DFIR Challenge
    • ShellShock Attack: Let’s Defend Challenge
    • 2021’s 0-Day MSHTML: Let's Defend Lab
  • 🤺BTLO Walkthroughs
    • BTLO: Network Analysis-Web Shell Challenge
    • BTLO: Suspicious USB Stick Challenge
  • 💒WiCYS CyberStart
    • Chapter 1 - Amsterdam A Running Start
      • WiCYS CyberStart (Amsterdam) Challenge 1
      • WiCYS CyberStart (Amsterdam) Challenge 2
      • WiCYS CyberStart (Amsterdam) Challenge 3
      • WiCYS CyberStart (Amsterdam) Challenge 4
    • Chapter 2 - Tokyo Patterns of Behaviour
      • WiCYS CyberStart (Tokyo) Challenge 1
      • WiCYS CyberStart (Tokyo) Challenge 2
      • WiCYS CyberStart (Tokyo) Challenge 3
      • WiCYS CyberStart (Tokyo) Challenge 4
    • Chapter 3 - Barcelona In the thick of it
      • WiCYS CyberStart (Barcelona) Challenge 1
      • WiCYS CyberStart (Barcelona) Challenge 2
      • WiCYS Cyberstart (Barcelona) Challenge 3
      • WiCYS CyberStart (Barcelona) Challenge 4
  • 📕Technical Cyber articles
    • An in-depth analysis of an Intrusion Prevention System
    • DevSecOps-Making a difference from traditional DevOps
    • CVE - 2020–1472 (Zerologon Vulnerability)-Exploitation & Remediation
    • Computer Forensics Acquisition
    • Cyber Hygiene Tips
    • Hack your System - Linux Edition
    • Markovian Parallax Denigrate-Breaking the cipher
    • SIEM-Incorporating Incident Response into Network Security
    • Social Engineering-A leading cause for vulnerability occurrence
    • Report Writing in Digital & Multimedia Forensics
    • Zero-Day Vulnerabilities: A short overview
    • Zero Trust Network Access-A solution to Network Security
  • 🧑‍💻Hack The Box : Starting Point Machines
    • Meow
    • Fawn
    • Dancing
    • Redeemer
Powered by GitBook
On this page
  • Introduction
  • Hacking into your system
  • Conclusion
  • Your opinion matters
  1. Technical Cyber articles

Hack your System - Linux Edition

Linux - Password Reset

PreviousCyber Hygiene TipsNextMarkovian Parallax Denigrate-Breaking the cipher

Last updated 3 years ago

Hello there,

​Welcome to the first installment of my cyber security article documentation, far away from the world of RangeForce or Try Hack Me, but still close to me. Let's discuss PAM (Privileged Access Management) and grub.

Introduction

Linux OS is the go-to target for any aspiring hacker. Whether it be configuring the pam.d file or cracking the root password, the possibilities are endless. Ask any hacker and they would reply saying Linux is their favorite OS to intrude to.

Let’s discuss why and what makes Linux so revered.

  • Root Authentication-Before a normal user downloads a file from the internet or plays around with the system configuration, care is taken to get the root user’s authentication to carry out the task. The only snag is that the normal user or intruder gets ’n’ chances to brute-force the password before the account gets locked.

  • Centralized Package Management-Unlike Windows, where drivers and software can be downloaded from shoddy, third-party websites, Linux distributions download required software packages from dedicated package managers, such as RPM, yum, etc.

  • Less Audience-With the dwindling amount of users, by the year, the chances of being hit by a virus are remote.

Hacking into your system

Coming to the point, we will see how the root user’s password can be cracked, to gain access to the system. Note that the demonstration is done on CentOS distribution, installed on VMware.

  1. Boot up the Linux OS, by starting the machine, on the VM

  2. After loading the screen, the user is presented with two options to use the installed Linux distribution. Press ‘e’ on the first option.

The grub menu

3. The screen depicting the grub parameters will now load up. The user should edit the line starting with the character ‘f45’.

The rd. break command is used to interrupt the boot process, while the control is given to the kernel.

4. The required editing of parameters, is shown below. The combination of Ctrl+X must be performed, to enforce single-user mode.

5. In emergency mode (without graphical support), the user will need to have the read-write permissions to edit the root password, on the file system. Further, the user needs to specify the name of the user, whose password needs to be reset.

Each command is completed by pressing ‘Enter’

The new password entered is not visible, which is a method called shadowing the password. You don’t want others to peer over your shoulders to see the password, do you?

The working behind the touch /.autorelabel command is interesting. This command creates a hidden file called .autorelabel, under the root’s directory. After the exit command, the system reboots, and SELinux (provider of process-level security) detects this file and relabels all the contents, with the appropriate SELinux contexts (combination of user, role, type of file, sensitivity, and category).

Conclusion

So there you go, a fool-proof method to re-enter your system, in case you forget your master password. Hacking into your system is more like it.

Well, thank you, for spending your precious time, digesting this article and I mean it.

Stay tuned and be on the lookout for other interesting cyber security articles from this blog space

Your opinion matters

My audience has a voice. Feel free to reach out to me, on my socials (links are on top of this page) for any queries to be addressed. Dropping a sweet message would make my day

Let your opinion about this write-up be known, by selecting any one of the emojis below!

📕