With the recent introduction of Windows 2000 to the regular Joe user along with the increasing popularity of Linux with the masses, the problem of what to do when the superuser password is forgotten is likely to become more than a casual concern.

In short, you can't easlily recover the password, you need to change it.

(Note that this is not intended as a "How to hack into a computer" lesson. Following these instructions on a system on which you shouldn't doesn't make you l33t, it makes you a script kiddie. Nobody likes weenies.)

Fear not, brave user! the solution is not as difficult as you may imagine.

To get around a lost Windows 2000 Administrator password:
(This also works for Windows NT 4.0)

You need to get hold of a specialized Linux boot disk. Don't let this part put you off, they're easy to find on the net. These disks contain support for both VFAT32 and NTFS partitions, and an automated script and utilities to alter the password file with a new password. Early versions had difficulty handling the obfuscator that Windows 2000 employs for its password hashes. Make sure you find a recent one. A quick search on your favorite search engine ought to provide a starting point. As a reference, finding one when I last needed it took around five minutes.

To get around a lost Linux root password:

You must have access to the console for this to work. Follow these steps:

  • Power off the system
  • Power on the system, wait for the LILO/SILO/MILO prompt (platform dependent)
Depending on how lucky you are, or rather how ancient your linux distribution is, you might be able to get away with the following:

  • At the prompt, type <kernel> 1 (where <kernel> is the label you use to boot linux normally) and thus boot to single user mode.
  • In single user mode, linux never used to prompt for the superuser password. If this is the case with your system, simply use mount -o remount -n / and then use the passwd command to change the superuser password.
If you're blessed with a somewat more secure system, you need to do this:
  • At the prompt, type in <kernel> init=/bin/sh (where <kernel> is the label you use to boot linux normally).
  • Once the system dumps you at a "# " prompt, type: mount -o remount -n /
  • echo root2:x:0:0:::: >> /etc/passwd
  • echo root2:::::::: >> /etc/shadow
  • sync
  • Power cycle the system.
  • Once the system has booted, log in as root2 (you shouldn't be prompted for a password) and use the command passwd root to change the root pasword, then userdel to remove the root2 user.
  • Problem solved.

There are of course many variations on the linux version. For example, you could edit /etc/shadow directly. This requires knowledge of text editors such as ed (most of the time, you won't have a normal terminal when you boot like this and vi won't work!) which may or may not be an unreasonable expectation. YMMV.