A few days ago, a client tasked us to recover the password of an
Ubuntu server 20.04LTS. The machine owner only knew the username but had no idea about the complexity of the password. We’ve asked the client if it was OK for us to reset the password instead of recovering it (meaning that we would not even try to crack the mystery of what the previous password was and just set a new one), and thankfully, the client accepted our request.
The client set up the server using Ubuntu server edition 20.04LTS, and the disk partitions were using
LVM (Logical Volume Manager). To our good luck, they were not using encrypted partitions. The procedure we followed to reset the password of that server was like so:
First of all, we shut down the server and booted it with a Live USB of an Ubuntu desktop 20.04LTS. Then we started a terminal and executed the following to get root access on the live system:
Then, we executed
pvscan to list all physical volumes and gain some intelligence on which disk we needed to work on:
root@ubuntu:/home/ubuntu# pvscan /dev/sdc: open failed: No medium found PV /dev/sda3 VG ubuntu-vg lvm2 [<3.64 TiB / 3.44 TiB free] Total: 1 [<3.64 TiB] / in use: 1 [<3.64 TiB] / in no VG: 0 [0 ]
Following that, we used
vgscan to search for all volume groups:
root@ubuntu:/home/ubuntu# vgscan /dev/sdc: open failed: No medium found Found volume group "ubuntu-vg" using metadata type lvm2
From these two commands, it was clear that the disk
/dev/sda3 contained an
LVM partition with the logical volume group name
ubuntu-vg. That logical volume group held the server’s filesystem, and it was the place we needed to access to change the user’s password.
So, we used
vgchange to change the attributes of the volume group and activate it like so:
vgchange -a y;
root@ubuntu:/home/ubuntu# vgchange -a y /dev/sdc: open failed: No medium found /dev/sdc: open failed: No medium found 1 logical volume(s) in volume group "ubuntu-vg" now active
lvscan, we were able to list all logical volumes in all volume groups and verify that we activated the volume group of interest successfully.
root@ubuntu:/home/ubuntu# lvscan /dev/sdc: open failed: No medium found ACTIVE '/dev/ubuntu-vg/ubuntu-lv' [200.00 GiB] inherit
After these steps, we were ready to reset the password of the user finally. We continued to
mount the logical volume group like any other disk on the
mount /dev/ubuntu-vg/ubuntu-lv /mnt/;
Then, we used
chroot to change the apparent root directory for the currently running process (and its children). This command allowed our terminal to work inside the logical volume as if we had booted the server OS itself.
Finally, using the
passwd command, we changed the user password as so:
passwd -S bob;
To clean up, we exited the
Then, we unmounted the logical volume group:
And finally, we set the active flag of the volume group to no.
vgchange -a n;
After the above steps, we had safely applied all changes, so we rebooted the machine using its hard drive.