1, Boot up esxi host with the Linux live CD. Then ran the commands fdisk -l and ls -l /mnt/sda5/ / ls -l /mnt/sda6/ to determine the location of the most recent state.tgz file.
Note that if you're using ESXi Embedded then you may only see local.tgz instead of state.tgz and you should then copy and recreate that file.
2) After determining where the most recent state.tgz file was located, this was copied to /tmp. gzip and tar were then used to extract local.tgz from state.tgz.
If you're using ESXi Embedded then you will copy local.tgz to tmp and run gzip and tar on that file.
Once local.tar was extracted the cd etc command was run followed by vi shadow.
3) The below two images show the shadow file before and after editing.
Essentially you'll want to have the root entry as root::13358:0:99999:7::: .
Once you have removed the password hash, press ESC and to save the change type in :wq and press Enter.
You can run cat shadow to confirm that the change was saved successfully.
4) Once the shadow file has been updated, you'll use cd .. to go back to /tmp and then run tar -czvf local.tgz etc to create the local.tgz file.
If you're using ESXi Embedded then you'll copy this file to the drive where it came from in step 3.
Otherwise you'll run tar -czvf state.tgz local.tgz to create state.tgz which should then be copied to the correct location.
In the below image you'll notice that I don't always use the -v option with the tar command.
This option displays a list of all files being processed by the command and would have resulted in larger screen output.
It is entirely optional for this process, but can provide a good check to see if the right files are being processed.
When running tar to extract the local file, a large number of files will be processed.
I've also used the ls -l command a few times in the below image. This was done to ensure that the file copied correctly.
5) Once the file has been copied back to the /bootbank partition the host can be rebooted back into ESXi.
You'll be able to login with the root account with no password and will be greeted with the familiar message to change the root password.
