Recover your Kali Linux after…
A friend had issues with their Kali installation recently and decided to help.
They had accidentally deleted the /etc/passwd
file from their system and now they cant do anything.
So after helping them (not solve their problem 🤣) this guide came out, in hopes it will help others.
Table of Contents
… deleting your /etc/passwd
Ok so somehow you ended up with either a corrupt or non existent /etc/passwd
file and you see something like this
Not to worry things are fairly easy to fix. Boot into single user mode
Once the system is booted you can recover your password file from a previous backup and adapt to your needs.
Best case scenario all you have to do is the following
The steps you need to do are as following:
- get the numeric id/gid numbers from your home folder and write them down (most likely
1000
for both but could be different)root@(none):/# ls -lan /home drwxr-xr-x 49 1000 1000 4096 May 23 22:39 username ^^^^ ^^^^ ^^^^^^^^ UID GID HOME
- mount your file system as read-write since by default the line you modified had the
ro
(read-only) optionroot@(none):/# mount -o rw,remount /
-
check the system backup and confirm its contents (eg make sure your id or username is not already there like the following example)
Now depending on whether or not your details exist or not in the backup file you have to
- If the backup file includes your id already, simply copy the backup over to your passwd
root@(none):/# cp -p /etc/passwd- /etc/passwd
- if your user id is there but with a different username (eg
kali
) copy the contents excluding the offending UIDroot@(none):/# grep -v 1000 /etc/passwd- > /etc/passwd
- if neither your username nor your user id is there simply add a new entry (also if you did the
grep -v
case above)root@(none):/# echo "username:x:1000:1000::/home/username:/usr/bin/zsh" >> /etc/passwd
Reboot your system and you should be up and running.
If you reboot and the system gets stuck at loading gnome or other similar services then you mixed some UID and/or GID numbers.
- check again that there is only 1 entry with your username and UID number
- check the entries for typos or missing
:
- check your come folder matches your uid/gid numbers and change them to match
chown -R 1000.1000 /home/username
… if you still didnt recover then you messed more than just your /etc/passwd
file 🤣
… deleting your /etc/shadow
Single user mode on Linux
Most of the recovery options that follow depend on entering in single user mode. The process for booting into it is as follows
- Reboot your system and right after the Kali boot screen apears press the Escape key to stop the automatic boot.
-
You will be presented with a menu similar to the following. Highlight the first option and press
e
(edit) -
You will then be presented with the various grub settings for this option. Move by pressing the arrow keys and go to the line starting with
linux /boot
, go at the end of the line and add ` init=/bin/bash` like the screenshot, and press Ctrl+X or F10