How To Hack / Reset / Recover Ubuntu Password

Care to Share?

Hacking Ubuntu Linux Username PasswordThis might be a shocker for the beginner Linux enthusiast. All the big talks about Linux being secured and all, but in reality it takes less than 5 minutes to hack in to world’s most popular Linux distribution Ubuntu. Shocked! I am not bragging here. Its true. Lets see how can you hack login password to gain access in to Ubuntu. Lets see step by step how to hack Ubuntu password.

Step 1:

Switch the computer on. Go to Grub menu. Generally it appears automatically, if not then hold down the shift key until the boot menu appears. In the grub menu, choose for the “recovery mode” option.

It will bring you a black screen with several lines of output being displayed in a flash. Wait for few seconds here.

Step 2:

Now you will be present with different options of recovery mode. Here you need to choose “Root Drop into root shell prompt“. Like in the picture below:

Step 3:

Here, you will be presented with root access (why? Is this not a security fault?) without prompting any password. Use the following command to list all the users available:

ls /home

From the previous command choose the “username” for which you want to reset or (say) hack the password. Now, use the following command to reset the password for the selected “username“:

passwd username

It prompts for new password. Enter the new password twice:

Enter new UNIX password:
Retype new UNIX password:

Voilà! There you go. You have just cracked it and now you can easily enter into the system.

Possible Troubleshoot:

While entering the new password you might be prompt with Authentication manipulation error like this:

passwd username
Enter new UNIX password:
Retype new UNIX password:
passwd: Authentication token manipulation error
passwd: password unchanged

The reason for this error is that file system is mounted with read access only. Change the access and remount the file system in the following manner:

mount -rw -o remount /

Now try to reset the password again. It should work now.

Were you successful in this hacking attempt? Or did you face any problem? Do let me know. Cheers :)

  • Pingback: How To Disable USB Ports In Ubuntu [Quick Tip]

  • Guoan

    I changed my password in ubuntu recovery mode,but after that I can’t log into my ubuntu system with the new password.I entered my new password correctly,but after I hit ENTER on the keyboard,it returned to the login screen.Can you explain why?

    • http://www.computerandyou.net/ Abhishek Prakash

      Hi Guoan,
      May be try to change the password one more time, just to verify that everything went fine.

      • Guoan

        I booted my computer into recorey mode again,and changed the password to a new one,but still can’t log into my ubuntu system.I googled and found that some other people is having this problem too.

        • http://www.computerandyou.net/ Abhishek Prakash

          I tried it again.. and it worked for me this time as well. Won’t be able to help if I cannot reproduce it.

          • Richard Betel

            I think the problem is home-directory encryption. When you create the account, the encryption key is stored in a keyring, encrypted with your password, and the login process uses the password you enter to recover the key. When you follow the procedure above, they keyring is no longer useable, and X logins fail. If you hit CTRL-Alt-F1 and log in with a text-only shell, you’ll get in and see an error about ecryptfs.

            Ubuntu tries to protect you against this. When you first log in, it gives you a message about how to get a copy of the key, and encourages you to keep a copy elsewhere. Once you have forced the new password, assuming you kept the key, you need to do the following:

            1) switch to a text console and login as the user.

            2) run this command with substitutions:

            printf “%sn%s” “disk encryption key” “password” | ecryptfs-wrap-passphrase ~/.ecryptfs/wrapped-passphrase

            3) try logging in on another console. You should be golden.

          • http://www.computerandyou.net/ Abhishek Prakash

            Thanks for the detailed answer Richard.

          • GuiMaster

            I’ve seen several websites with similar articles to this one. I even found a video on this topic on Youtube. Amazingly, not once did anyone – who wrote instructions about how to hack Ubuntu – mention Home Folder Encryption or Full Disk Encryption in their article / video! That simply baffles my mind as anyone who would follow these instructions – if Encryption does indeed prevent this hack – would get locked out of their computer by following them, as happened to Chris.

            Anyway, other than to chastise you for not mentioning Encryption in the article you wrote, I want to ask and confirm the following: Will Home Folder Encryption 100% prevent these hacks from working or is there a way to circumvent that also? That’s the only really important question after-all. If people are too unconcerned to use Encryption, then they shouldn’t be too surprised if their data is hack-able.

            Thanks!

          • http://itsfoss.com/ Abhishek Prakash

            Thank you for scolding me :P

            I think this answers your second question: http://askubuntu.com/questions/120206/encrypted-home-forgotten-password-but-no-passphrase

          • Rebecca Steinke

            hi,

            I forgot my password on my Ubuntu 12.04 work computer. I tried selecting recovery mode from the grub menu and dropping down to a root shell but it asks me for a root password, which is the password I need to recover/change. So I can’t get very far. What can I do?

          • Chris

            Richard,
            I’m having a similar issue. The only diferance is that I don’t get the error message. My password is rejected via x login and when I hit alt-ctrl

          • Richard Betel

            Ok, first: when I did an X login, I didn’t see an error message either. It *acts* like you entered an incorrect password and takes you back to the login screen, but you get no error message.

            I did see ecryptfs error messages when I did a console login, but maybe that’s a specific to my setup?

            Anyhow, you need two things. one is your *NEW* password. Lets assume you used p@ssw0rd as your password. The next thing you need is the passphrase, which is basically the encryption key used to encrypt your home dir. Its a big long string of numbers and letters. I think its 32 characters long. For sake of conversation, lets say its ABC123DEF456ABC123DEF456.

            So you login as the user once you have forced the new password, and type:

            printf “%sn%s” “ABC123DEF456ABC123DEF456″ “p@ssw0rd” | ecryptfs-wrap-passphrase ~/.ecryptfs/wrapped-passphrase

            Use all the quotes, they’re necessary.

            Logging in under a different console:

            You switched from graphical mode to text mode by hitting ctrl-alt-F1. That lets you use one virtual console. You can now switch to other virtual consoles with alt-f2, alt-f3,alt-f4,alt-f5, and alt-f6. If memory serves, alt-f7 takes you back to the graphical console. What I’m basically saying is: test logging in before you log out. Since, in my experience, using a text console gives you a useful error message while an X login does not, I advocate using the text console to make sure it works.

          • Chris

            It worked great, i got confirmation and I’ve logged in via x login too! Thanks Richard!

          • Chris

            Also, I’m not sure exactly what test to substitute in step 2. Can you help clarify what areas to substitute?

  • Guoan

    Hi,I just found a way to prevent ubuntu from being hacked like this.Why not set a strong password for the root account? If you setted a password for root,you have to first enter the root password in recovery mode before you make any changes. Sorry about my poor English,I am not a native English speaker.

  • Getu

    That is a nice pretty hack to the King of linux distros, Ubuntu.But is it possible to read the actual (root) password without changing in to the new password?

    • http://www.computerandyou.net/ Abhishek Prakash

      Not that I know of.

  • Pingback: How To Disable Guest Account Session In Ubuntu 13.04

  • Pingback: Official Ubuntu Forum Website ubuntuforum.org Hacked!

  • navin kumar

    hey friends in step 3 what is that command is it “is/home” or “ls/home

    • http://www.computerandyou.net/ Abhishek Prakash

      ls /home

  • vikaztiwari

    hi abhishek!!i just want to know authenication code to install software on ubuntu 12.04.you can reply onn my gmail id:[email protected]

    • http://www.computerandyou.net/ Abhishek Prakash

      Not sure if I get your question.

  • fred

    got a simpler way to recover go to users and groups enter passwd there

    • http://random-gary.blogspot.com/ Gary

      How do I do that? All I can find is to change where su and/or sudo do not prompt for password. What about user login?

  • Ali

    /ls home

    didn’t list any user names for me(which I’m actually happy about). Also, how can I prevent this from happening?

  • Pingback: Aprenda a como hackear, resetar ou recuperar a senha root Ubuntu

  • Josh

    Worked fine for me, but when I booted into the login screen and signed on to my user account, it looped backed to the login screen. Any ideas why?

  • Jettyke

    it workt great for me thanks. ;)

  • Anonymous dude/gal o-o SeeU~

    When I add

    mount -rw -o remount /it doesn’t work…. HELP!!!! T^T^T^T^T^T