Cant change or recover password

Question

TL; DR: Went to change password after suspecting my system got compromised, and realized i can't see any users under "User Accounts" and can't change password in terminal with passwd ; how do I fix this ?

After getting kernel panic while on an umprotected network ( public library, that is ) I've realized that the laptopt login screen hangs forever. Once I went to change password I've realized no user ( i have two ) shows up in users and group menus of any desktop environment.

I've successfully changed root password with passwd , but passwd for myself asks for kerberos password ( which is apparently a kde thing ). I currently type on phone , so can't post any screen shots.

Now, I do have ftp and telnet on my laptop enabled so I wouldn't be surprised that my system got compromised.

Any suggestions besides reinstalling the system or nuking it from yhe orbit ? Thanks for any help in advance

Answer 1

I would use a boot CD, and either chroot & change password - make sure you mount --bind the CD $PATH directories though, not use any potentially bad executables - or else just add yourself as a new user, edit the numeric ID's, & copy the current /etc/passwd* to your drive - keeping a copy of the old ones - & re-try; if that doesn't fix it you could download chkrootkit & try that.

I would be less happy about using a USB stick for this purpose.

If it has been hacked, though, there could be any number of hidden things & I'd retrieve my data & wipe the laptop - probably with a cat /dev/random >/dev/sda on the way.

Answer 2

What has happened

• After I've got kernel panic and my lappie crashed on a public wifi, I went to reset password, and realized kerberos would not let me, though the password I entered 100% was correct
• I could not see any users appearing in any graphical app from any desktop environment that allows managing user accounts
• checking with netstat -tpn I noticed an established tcp connection from ssmtp to a chinese ip address

What caused the events

• Last years' spring, when I just started out with Ubuntu, I've commented out line Exec=/usr/lib/accountsservice/accounts-daemon form file /usr/share/dbus-1/system-services/org.freedesktop.Accounts.service. The idea came from a post about changing greeter background.

• I knew of the effect before, but since then forgot what happens.

• apparently disabling this daemon somehow "confused" kerberos

• kerberos itself may have come with kde or from mistakenly installing heimdal instead of heimdall (a program for android), but these are more of a guess than facts

• I've been using newer 3.18 kernel, as well as new wireless card (rtl8192se). Wireless card has been giving much trouble to me: frequent drops of connection and interfering with audio in any playback (youtube, smplayer, etc.), which does not occur with the original card.

• the "chinese-connection" came from long ago , when I experimented with ssmtp before discovering how I can use msmtp with mutt to check my email, which is . . . .chinese.

What I've done to fix the problem

Mainly what has done the job was removing kde and other several packages, among which were heimdal. There may have been other packages, but i didn't exactly document the process well.

Basically, in the last 24 hours, I've bricked the system over and over by removing kde, heimdall, reinstalling ubuntu-desktop and gnome-shell, accidentally removing coreutils (and I've now learned about "Yes, do as I say!" verification message in apt-get, which you should never ignore ). I went on mounting the system on a live usb as told in this article (mainly the Update Failure part). I've reinstalled coreutils, bsdmainutils, network-manager, as well as ubuntu-desktop (again, though didn't seem to make much difference) and gnome-shell. And viola - here i am, typing on a new account, which my home folder still in /home and files all intact, untouched. Small copy of .mozilla and .muttrc files made me feel at home again on this new account. Next step will be just to change ownership of my old folder with sudo chown -hR newAccount.newUsergroup /home/myOldFolder and clean up the mess.

In summary

The whole thing has been just a combination of accidents, which resulted in me panicking. From a more positive outlook, I've learned a few good lessons for future.