1
00:00:01,230 --> 00:00:04,050
Hello, everyone, and welcome to this lesson.

2
00:00:04,530 --> 00:00:12,720
So in the previous lesson, we saw that how we can reset the root password or any other users password

3
00:00:12,810 --> 00:00:14,730
directly from the grub menu.

4
00:00:15,240 --> 00:00:21,960
Now you may be thinking that if someone has a physical access to your computer or your device, they

5
00:00:21,960 --> 00:00:25,860
could possibly reset your password and get into your computer.

6
00:00:26,730 --> 00:00:34,170
And you must be thinking there should be an additional layer of security that he or she or maybe any

7
00:00:34,170 --> 00:00:43,290
attacker or a third party person should not be able to access the grub menu and modify those entries.

8
00:00:43,740 --> 00:00:46,110
So for that, we have a solution.

9
00:00:46,290 --> 00:00:50,760
We can basically put a password or lock our grub itself.

10
00:00:51,120 --> 00:00:58,680
So in this lesson, you're going to see how you can keep an additional layer of security by making a

11
00:00:58,680 --> 00:01:02,320
password for the grub, which is basically protecting it.

12
00:01:02,340 --> 00:01:05,970
So it will be a two factor authentication for you.

13
00:01:06,000 --> 00:01:12,540
That is, whenever you need to start your computer, you need to give the authentication that is the

14
00:01:12,540 --> 00:01:15,180
correct username and password for the grub.

15
00:01:15,180 --> 00:01:21,060
And then the final login screen, which is the user login that is root and the password.

16
00:01:21,210 --> 00:01:22,350
So let's see this.

17
00:01:22,350 --> 00:01:26,790
How to set up a grub based authentication mechanism.

18
00:01:28,200 --> 00:01:33,030
So first I'm going to open up my terminal, as you can see over here.

19
00:01:33,090 --> 00:01:38,820
And in the terminal, first, let's verify which is the user currently logged in.

20
00:01:39,210 --> 00:01:40,800
So I am route.

21
00:01:41,250 --> 00:01:44,250
These are the steps to set up the password.

22
00:01:44,850 --> 00:01:50,430
The first step is to generate an encrypted hash value.

23
00:01:50,670 --> 00:01:58,590
So for that, the command is grub mic password in the format, which is PB CD F two.

24
00:01:59,070 --> 00:02:07,740
Now if you're not aware about what what is PB F two, then it is basically a hashing algorithm.

25
00:02:08,220 --> 00:02:15,900
So it applies a pseudo random function, such as a hash based message authentication code, which is

26
00:02:15,900 --> 00:02:20,670
a smack to the input password or passphrase that we are going to provide.

27
00:02:20,880 --> 00:02:27,750
That is, let's say my password is going to be root with a salt value which is random and repeats the

28
00:02:27,750 --> 00:02:33,570
process many times to produce a derived key which is basically secure.

29
00:02:34,050 --> 00:02:43,290
Now it utilizes that specific key for further subsequent operations or other actions wherein it needs

30
00:02:43,290 --> 00:02:45,600
to provide the authentication.

31
00:02:45,900 --> 00:02:48,390
So let's see this how it actually works.

32
00:02:49,350 --> 00:02:52,650
So I need to type this command and hit enter.

33
00:02:52,800 --> 00:02:58,230
Now this is asking for the password or passphrase that you need to provide.

34
00:02:59,040 --> 00:03:06,150
As you can see over here, I have provided my password as root and it has generated successfully a hash

35
00:03:06,150 --> 00:03:09,570
of my password as can be seen under the screen.

36
00:03:10,380 --> 00:03:10,680
Alright.

37
00:03:10,680 --> 00:03:17,070
So we have successfully generated the hash for my password using the cryptographic algorithm which is

38
00:03:17,100 --> 00:03:18,960
PB CD F two.

39
00:03:20,280 --> 00:03:23,340
Quickly, let's open up a new terminal window.

40
00:03:23,640 --> 00:03:30,630
And now in the new terminal window, what we are going to do is we are going to modify a file which

41
00:03:30,630 --> 00:03:32,430
is 40 custom.

42
00:03:33,150 --> 00:03:35,280
What is the reason to modify this file?

43
00:03:35,310 --> 00:03:37,620
You will come to know in just a few seconds.

44
00:03:37,620 --> 00:03:43,860
So let's first go into the directory of Grab, which is under the EDC home directory.

45
00:03:44,850 --> 00:03:51,630
Once we are over here, we will quickly create a backup file of this 40 underscore custom file.

46
00:03:51,660 --> 00:03:56,280
In case anything goes wrong, we can rollback all our changes.

47
00:03:56,730 --> 00:04:03,780
Now, once you are into this file, you need to modify this so you can use nano or vim I'm using currently

48
00:04:03,780 --> 00:04:04,350
nano.

49
00:04:05,220 --> 00:04:12,540
This is basically the configuration file which is required to give instructions that we need to set

50
00:04:12,540 --> 00:04:16,350
up a username password into our grub.

51
00:04:17,160 --> 00:04:24,180
We have already generated a hash and we will now use that hash as password while we log in into the

52
00:04:24,180 --> 00:04:26,250
machine at the grub screen.

53
00:04:26,550 --> 00:04:30,840
So you can specify the name of the user over here.

54
00:04:30,840 --> 00:04:36,600
So I'm specifying the root user because I want to authenticate as the root user.

55
00:04:36,990 --> 00:04:40,410
So set super users as root and the password.

56
00:04:40,920 --> 00:04:48,480
So password underscore pb cd f to the username once more that is root and the hash here.

57
00:04:48,690 --> 00:04:55,350
This is basically the hash that we have generated in the previous step, which is this you need to keep

58
00:04:55,350 --> 00:05:04,440
in mind that you need to copy the hash from your password is after that string complete and grub dot

59
00:05:04,470 --> 00:05:04,980
starts.

60
00:05:04,980 --> 00:05:09,870
You need to copy that which is highlighted currently on the left terminal.

61
00:05:10,560 --> 00:05:15,180
So I'll just copy this quickly and you need to paste it over here.

62
00:05:15,450 --> 00:05:22,650
I already have an older hash which I will remove and I will replace it with the newer hash that we have

63
00:05:22,650 --> 00:05:24,330
generated recently.

64
00:05:37,250 --> 00:05:42,980
So we have successfully deleted the old hash and replaced it with a new hash value.

65
00:05:43,130 --> 00:05:44,450
Looks perfect.

66
00:05:44,480 --> 00:05:51,740
Now we are going to save this file, this hash and the new hash is exactly the same.

67
00:05:51,740 --> 00:05:53,410
So we need to save that file.

68
00:05:53,420 --> 00:05:58,940
So we'll quickly just say control SX and we'll come out of the file.

69
00:06:00,070 --> 00:06:03,520
The next step is to make config.

70
00:06:03,520 --> 00:06:07,930
So we are going to give this command which is grep make config hyphen.

71
00:06:07,930 --> 00:06:15,790
Oh, the configuration file of grub by doing this command grub will automatically verify that whatever

72
00:06:15,790 --> 00:06:19,990
changes that we have done in the configuration file are correct or no.

73
00:06:20,470 --> 00:06:28,210
It will also try to load the new changes that we have created in the 40 underscore custom file.

74
00:06:28,960 --> 00:06:31,750
You can see it verified everything was correct.

75
00:06:31,750 --> 00:06:34,920
So now we are going to do a restart onto the computer.

76
00:06:34,930 --> 00:06:37,390
So we have used the command that is in it six.

77
00:06:37,960 --> 00:06:43,870
You can see the computer is going to boot in 4 seconds as can be seen over here and it will present

78
00:06:43,870 --> 00:06:45,910
us a grub menu.

79
00:06:46,630 --> 00:06:56,080
Now, previously it used to just load the grub menu and start the Kali Linux machine where it would

80
00:06:56,080 --> 00:06:58,000
ask the username and password.

81
00:06:58,860 --> 00:07:05,700
But now here you can see it is asking a username and password at the group screen itself.

82
00:07:05,880 --> 00:07:12,990
Now we need to give the correct username and password to the grub screen to verify that yes, we have

83
00:07:12,990 --> 00:07:18,540
the access to modify changes into this machine or the grub entry as well.

84
00:07:19,080 --> 00:07:26,940
Once we verify this correctly, this computer will now start and will present a new login screen for

85
00:07:26,940 --> 00:07:32,490
us, which is basically the user login to which we want to log in.

86
00:07:33,390 --> 00:07:39,840
So I have provided the correct username and password for the grub menu, which was root and root and

87
00:07:39,840 --> 00:07:40,680
hit enter.

88
00:07:41,400 --> 00:07:49,710
Now you can see the famous Curly team logo has successfully loaded and here I need to log in so I will

89
00:07:49,710 --> 00:07:54,330
use my username password which is root and a BCD and hit enter.

90
00:07:54,810 --> 00:07:56,460
You can successfully verify.

91
00:07:56,460 --> 00:07:58,830
I have successfully logged in into my computer.

92
00:07:58,830 --> 00:08:00,630
So this is it for this lesson.

93
00:08:00,630 --> 00:08:05,550
I hope you guys understood how you can configure a password for your computer.

94
00:08:05,850 --> 00:08:06,570
Thank you.