All tech blog posts »
  • Security
Access to a computer from USB key
Somebody with USB key can take control of your computer
  • March 01, 2019
  • 5 min
Creative Commons Attribution 4.0 International License:
Table of contents

Imagine that you are in one of the following situations:

  1. You have forgotten your password to connect to the personal workspace of your computer, and you want to reset it.
  2. After a wrong manipulation, you can not access to personal data of your computer, and you want to retrieve this access.
  3. You found a computer without supervision for whom you are not the owner but want to see the file system’s content.

With a bootable USB key on Ubuntu, you can resolve these situations, first by mounting the file system of the targeted computer with all permissions, then by changing the password of any local user, and finally by connecting to the targeted workspace and exploring the file system.

First, plug your USB drive into the target computer, and choose your key as the boot device for the target computer to boot to the Ubuntu system on your USB drive. On a DELL computer, press F12 to access this selection. This information is visible on the welcome screen of your computer’s manufacturer.

DELL welcome screen
DELL welcome screen

Start by choosing the following option:

Advanced startup options
Advanced startup options

Then select the recovery mode:

Getting started in recovery mode
Getting started in recovery mode

Launch a root shell:

Choosing the root shell
Choosing the root shell

You access a device as a root user.

If you need to access the internet, select the network entry before. To verify that you have access to the web you can ping 8.8.8.8 on the Google DNS server, then make nslookup  8.8.8.8 to check that the DNS resolution works. If that does not work, add this line nameserver 8.8.8.8 to the file /etc/resolv.conf (this will be deleted when you restart the computer) and restart your service network-manager with service network-manager restart.

For the moment, the file system is only in read only, type the following command to mount the file system in read / write at the root of your key:

mount -o remount, rw /

Now you can copy the file system to an external hard drive, and then you can choose the new user password by typing:

passwd <username>

If you do not know the users on this machine, you can do ls /home. Certainly, a user of this machine corresponds to a directory name in /home/, or even view the file /etc/passwd, or else you can create a user as you are root.

Type in the new password and confirm.

You can shut down the computer.

shutdown -h now

You can now turn on the computer normally and log in with the chosen user and password.

Beware, the morality of this article is that a person physically accessing your computer does not need login/password to access your computer. If you want to protect yourself from this attack, you must encrypt your hard drive.

Well done :smile:!

  • Category:
    • Security
Creative Commons Attribution 4.0 International License:
Author
picture of glegoux Gilles LEGOUX (glegoux)
Staff software engineer @Criteo

Also read
2021-04-20-time-management
Time management
How to optimize your time & work?
  • Methodology
April 20, 2021
10 min
2020-05-04-java-ecosystem
Java ecosystem
What is the Java ecosystem from Sun to Oracle?
  • Development
May 04, 2020
10 min
2024-01-10-top-five-ways-to-beat-blue-monday
Top Five Ways to Beat Blue Monday
Don’t panic. Overcome the Blue Monday, the third Monday of each year. Neither an advertising campaign, nor a pseudo-s...
  • News
January 10, 2024
4 min
Comments