There may be times when it can be beneficial to an investigation for the investigator to be able to login to a suspect machine as the root user to explore. Such access may allow an investigator access to items that may be locked without root access to the machine.
Boot Linux into single-user mode
- Reboot the machine.
- Press the ESC key while GRUB is loading to enter the menu.
- If there is a ‘Recovery Mode’ option, select it and press ‘B’ to boot into single user mode. Otherwise, the default boot configuration should be selected. Press ‘E’ to edit it.
- Highlight the line that begins with ‘kernel’. Press ‘E’ again to edit this line.
- At the end of the line, add an additional parameter: ’single’. Hit Return to make the change and press ‘B’ to boot.
Change the admin password
The system should load into single user mode and you will be left at the command line automatically logged in as root. Type ‘passwd’ to change the root password or ‘passwd username’ to change the password for your “username” admin account. Reboot and you now have Linux root access.