Void's Forums

[Buzza24]

I have read some articles on the net, but I wanted to get you guys opinions.

I have recently discovered that someone has changed my root password. I would hate to say it but with the recent increase of activity my web server has gotten recently i cant exclude the possibility of a cracker.

What is the easiest method I can remote change the root password?
If it isnt possible to do it remotely (over ssh), then just the easiest way I can do it locally.

Thanks.

[Void Main]

If your system is configured properly I shouldn't be able to tell you how to change your root password remotely without being root. The only proper way that I can think of without exploiting some unpatched root exploit or backdoor that you may have put in is if you have set your account up with root equivalence using sudo.

Changing it locally with physical access to the box is trivial. Just boot it into single user mode and change it using the passwd command. To do that all you have to do is append a "1" or the word "single" as a parameter to the kernel command line. If you are using grub you would arrow to the kernel line you want to boot on the grub boot menu and then press the "a" key (for append) where you would add the new parameter, then press ENTER to boot it. Adding that parameter at boot time will not be a permanent change, it will only effect that boot. It will take you to a root shell where you can change the password. Type "exit" to exit the shell when finished and continue the boot in the normal run level.

[Buzza24]

Thanks for that.

Looks like I will be doing it locally. In the future I might be looking to setting up sudo(which i Know isn't hard), or even a backdoor.