As always said, never leave your system with the default credentials as it is very very critical, it is a must as a Cybersecurity student or a specialist not to leave any of your systems with default usernames and passwords, professional hackers check all of their targets systems default credentials as a first step of their malicious attempts, and if they managed to find one of your systems with its default credentials, it is a game over.
In this blog, and in the context of not leaving the default credentials on our systems, we are just going to learn how to change the password for Kali and it is applicable for any user, by the way, Kali user by default is in the sudoer file so it can run commands as root user just by typing the sudo command right before the required command in the command line and we just need to enter the Kali password, and for example if another hacker gain access to your device and they entered the default password for Kali by using sudo command, he will fully compromise your whole Kali system easily.
Steps and methods of Changing the default password on Kali Linux:
The command that we are going to use to change the password for users is passwd:
1) Open the terminal quickly by pressing at once on the left ctrl button, left Alt button, and the letter T on your keyboard. 2) As shown in the below screenshot, just type the passwd command or also enter the name of the user, which is Kali in our case here as "passwd kali". 3) Enter the current default password which is Kali, then press enter. 4) Enter the required new password, then press enter, retype it then press enter again. Now the password for Kali has changed, make sure that you set a strong password:
The Kali user is in the sudoers file, which can have the highest privilege just by running the sudo command right before the actual command and then could act as a root user in most cases.
Sudo is the short name for Super User Do, we have learned that we can change the password for users using the passwd command and we did for Kali users, however if we wanted to change other users' passwords while we logged in as Kali user, we can’t just use passwd command, we need to use sudo command right before the passwd command to have the privilege to change the passwords for other users like root user can do.
Let's first change the password for the root for better security:
In the below screenshot, we typed the sudo command and then passwd and if we didn’t specify any other user after passwd then this is going to change the password for the root user without stating the root user because once we run the sudo command, the command line will run as the root user, we can also state root, like "sudo passwd root" and it will work to change the password for the root user, but to be performed quicker, we are just going to use sudo and passwd and it will also change the password for the root user.
Now let's change the password for a standard user from Kali, so we need to create that user as we don't have users on our system for now, to create a new user, we will use a command named adduser.
As shown in the below screenshot, 1) Enter sudo because adding users requires the highest privilege, then adduser command and the new username, which in this example testuser. 2) Enter the new password. 3) Enter all the required details(optional) and confirm with a yes answer with the Y option. Now you have a new user called testuser as per the screenshot below:
Now let's change the password for that user using the passwd as we learned above, so as shown in the below screenshot, 1) we use the sudo command to have the root privilege as Kali is in the sudoers file. 2) we use the passwd command and then state the target user which is the testuser. 3) press enter then enter the new password, and retype it. Now the password for the testuser is changed using the passwd while we are logged in as Kali:
Now you might need to delete that user, as shown below screenshot, 1) First, we need to make sure that all the processes that are running for that user are killed(stopped running), so we run this command “sudo killall -u testing”, killall command to kill all the processes, -u to specify the target user. 2) We run the userdel command to delete the user, “sudo userdel testuser”, after the userdel command we need to specify the target user.
Now the user is deleted. As a hacker, if you for example obtain access to your target Linux system and get the password for Kali or any other user in the sudoers file, you can from many many post-exploitation scenarios delete almost all the users on your target Linux system, cause Denial of Service (DOS), or you can add too many bogus users that can fill their system space.
Now you have learned how to change the password for any user, and create and delete user accounts on your Kali system, you have learned that any user in the sudoers file like a Kali user can have almost the privileges of the root user by using the sudo command.
If you want to become a Linux expert and learn all the tricks that are used by advanced hackers, contact us for private training with one of our certified experts along with dedicated and advanced real-world simulating labs, also you can check our Online Training courses, and also you can enroll for free in our recorded course designed for Ethical Hacking beginners which are named The Optimum Introduction to Ethical Hacking, it will make you fully understand the core basics of Ethical Hacking and help you to become an expert.