How to hack password of a user if you have hard drive access on Debian
Hello everybody,
Today I had forgotten the password of my user on a Debian system and wasn’t able to start the computer. Fortunately, I had physically to the hard drive.
Path to follow
Plug the hard drive in another computer and open the file /etc/shadow which should look like this:
root:$6$ZaTxGAyN$J1V.L.bwqtcd.aGF3JKq0g1:17268:0:99999:7:::
daemon:*:17268:0:99999:7:::
bin:*:17268:0:99999:7:::
sys:*:17268:0:99999:7:::
sync:*:17268:0:99999:7:::
games:*:17268:0:99999:7:::
man:*:17268:0:99999:7:::
lp:*:17268:0:99999:7:::
mail:*:17268:0:99999:7:::
news:*:17268:0:99999:7:::
uucp:*:17268:0:99999:7:::
proxy:*:17268:0:99999:7:::
www-data:*:17268:0:99999:7:::
backup:*:17268:0:99999:7:::
list:*:17268:0:99999:7:::
irc:*:17268:0:99999:7:::
gnats:*:17268:0:99999:7:::
nobody:*:17268:0:99999:7:::
systemd-timesync:*:17268:0:99999:7:::
systemd-network:*:17268:0:99999:7:::
systemd-resolve:*:17268:0:99999:7:::
systemd-bus-proxy:*:17268:0:99999:7:::
messagebus:*:17268:0:99999:7:::
avahi:*:17268:0:99999:7:::
Debian-exim:!:17268:0:99999:7:::
statd:*:17268:0:99999:7:::
avahi-autoipd:*:17268:0:99999:7:::
colord:*:17268:0:99999:7:::
saned:*:17268:0:99999:7:::
hplip:*:17268:0:99999:7:::
user:$6$hkoHudOi$Ar7Wms0RBFLTWxvO7cQUh/:17268:0:99999:7:::
dnsmasq:*:17270:0:99999:7:::
geoclue:*:17272:0:99999:7:::
usbmux:*:17272:0:99999:7:::
_apt:*:17348:0:99999:7:::
rtkit:*:17691:0:99999:7:::
pulse:*:17691:0:99999:7:::This file contains the passwords of your system but of course, they are not stored in clear… They are hashed. The idea is to generate a new password and replace the previous one. To do so, run:
mkpasswd --method=sha-512This command will ask you a password a return something like:
$6$K3Z7gmanHU$ZXrt1FBsPggg3F1a8OWCs2/dPYqGHtNbHeetJXBlQ3SOcmB2TlOZsOcELrJoJfZqCASTYP9IaYEv53yS.oPQK0Copy it and reopen the file /etc/shadow. Inside, you should be able to see a like the below one that begins with the name of your user. For example:
user:$6$hkoHudOi$Ar7Wms0RBFLTWxvO7cQUh/:17268:0:99999:7:::This line is divided into 9 parts separated by a “:” sign. The second is part is the hash of your password. Remove it and paste the one that you just made.
Save, close, replug your hard drive, start and… That’s all!
Don’t hesitate to leave a comment if you want to say or ask something ;-).
