ffe0dedfae75df5f87bdd716292b51ac.png

0. Preface

This is a very different post than the usual HackTheBox/VulnHub write-ups on this site. I managed to brick my Kali VM while testing out an exploit locally, which unfortunately, involves manually editing /etc/sudoers.

I realised I done goofed when I couldn’t run sudo, and I also didn’t set a password for the root user.

…and the last snapshot of the VM was taken a month ago.

Note that there will be some swearing involved.


1. How to Goof

Simply (and stupidly), editing your /etc/sudoers file without testing it out using visudo first.

If you edit /etc/sudoers via visudo, it will warn you if you made a mistake, and will ask you what to do next.

276a40356353d33736977364656a603b.png

Stupidly, I just ran the following:

sudo sed -i -e '$akali ALL=[ALL:ALL] NOPASSWD:ALL' /etc/sudoers

Notice the mistake?

It’s supposed to be ( ) instead of [ ].

And this is when you know you’ve fucked up.

c820aa6bbeabc3a2d5b05b327c36fb46.png

Now you can P A N I C.

2. The Fix

I desperately tried to su root with every password I can think of, but of course, it doesn’t work because there’s no password set in the first place.

c3f578ead4d0195cdba712b07341191f.png

So, I tried to boot into single user mode in the hopes that I can edit /etc/sudoers with the root user.

To do so, I had to edit the bootloader script.

f4c6f0613193fc5b794ec9170b463a8e.png

Press e to edit.

Find the following line and add a 1 behind it.

linux	/boot/vmlinuz-5.7.0-kali3-amd64 root=UUID=114c498f-de75-44bb-a5ec-6339282d4171 ro quiet splash

3f1324f16c29657d2bfe1bd88d2ae948.png

Press Ctrl+X to boot.

332dcebeedabe51191cc888591dbfcfa.png

F u c k.

Cue more P A N I C.

After some research, I found that you could append init=/bin/bash instead, and change ro to rw to boot into bash directly with a writable filesystem.

2fb93f28b97fe222a2db5d5efea61abc.png

Ctrl+X.

4587e63559bb1922561630211d2f365c.png

6f7487dbbb1d674405e1c0710f72dc66.png

Now to revert the sudoers file, this time using visudo.

bcc79fa455492ca5a8f484a4cde93e4f.png

Next to power off the machine and boot it again normally.

42cce469fc2db134949bace2ee2521b4.png

Lesson learnt.