Thursday, May 29, 2008

How to Break Linux password ... !

Dear friends!

Did you know that default Linux installation is vulnerable?

Linux root password can be broke easily by modifying ‘/etc/shadow’ file.

In Linux/Unix ‘shadow’ file used to store user name, password, account validity period etc.

User password is stored into 3rd column in encrypted form and each column is delimitated by :, e.g.

Root:x:/qwYnM6ulk … :9999:7:1:::

You can not change the shadow file from running Linux.

Only you need to boot up the target system with a live Linux cd ( may be Knopix, backtrack ) and log into the system as root user.

If you empty the 3rd field it implies that no password is set against root account. After modifying the field will look like this,


Save the file and reboot your system.

Try to log into system as root, you will no need of password at all.

I tried it in different version of Linux (Red Hat 9, Fedora 7, Mandrake 10.0) it worked successful. But in harden Linux system it may not work.

Note: You must take a back up copy of ‘/etc/shadow’ file for emergency shadow file recovery.

Change TTL value for Linux ...

You can change your Default TTL value of LINUX by editing the /etc/sysctl.conf file and add the line ,

net.ipv4.ip_default_ttl = <0-255>


Reboot your system ...