A few days ago, a client tasked us to recover the password of an Ubuntu server 20.04LTS
. The machine owner only knew the username but had no idea about the complexity of the password. We’ve asked the client if it was OK for us to reset the password instead of recovering it (meaning that we would not even try to crack the mystery of what the previous password was and just set a new one), and thankfully, the client accepted our request.
The client set up the server using Ubuntu server edition 20.04LTS, and the disk partitions were using LVM
(Logical Volume Manager). To our good luck, they were not using encrypted partitions. The procedure we followed to reset the password of that server was like so:
First of all, we shut down the server and booted it with a Live USB of an Ubuntu desktop 20.04LTS. Then we started a terminal and executed the following to get root access on the live system:
sudo su;
Then, we executed pvscan
to list all physical volumes and gain some intelligence on which disk we needed to work on:
pvscan;
root@ubuntu:/home/ubuntu# pvscan /dev/sdc: open failed: No medium found PV /dev/sda3 VG ubuntu-vg lvm2 [<3.64 TiB / 3.44 TiB free] Total: 1 [<3.64 TiB] / in use: 1 [<3.64 TiB] / in no VG: 0 [0 ]
Following that, we used vgscan
to search for all volume groups:
vgscan;
root@ubuntu:/home/ubuntu# vgscan /dev/sdc: open failed: No medium found Found volume group "ubuntu-vg" using metadata type lvm2
From these two commands, it was clear that the disk /dev/sda3
contained an LVM
partition with the logical volume group name ubuntu-vg
. That logical volume group held the server’s filesystem, and it was the place we needed to access to change the user’s password.
So, we used vgchange
to change the attributes of the volume group and activate it like so:
vgchange -a y;
root@ubuntu:/home/ubuntu# vgchange -a y /dev/sdc: open failed: No medium found /dev/sdc: open failed: No medium found 1 logical volume(s) in volume group "ubuntu-vg" now active
Using lvscan
, we were able to list all logical volumes in all volume groups and verify that we activated the volume group of interest successfully.
lvscan;
root@ubuntu:/home/ubuntu# lvscan /dev/sdc: open failed: No medium found ACTIVE '/dev/ubuntu-vg/ubuntu-lv' [200.00 GiB] inherit
After these steps, we were ready to reset the password of the user finally. We continued to mount
the logical volume group like any other disk on the /mnt
folder:
mount /dev/ubuntu-vg/ubuntu-lv /mnt/;
Then, we used chroot
to change the apparent root directory for the currently running process (and its children). This command allowed our terminal to work inside the logical volume as if we had booted the server OS itself.
chroot /mnt/;
Finally, using the passwd
command, we changed the user password as so:
passwd -S bob;
To clean up, we exited the chroot
environment:
exit;
Then, we unmounted the logical volume group:
umount /mnt;
And finally, we set the active flag of the volume group to no.
vgchange -a n;
After the above steps, we had safely applied all changes, so we rebooted the machine using its hard drive.