[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lilo-exploit
there is NO protection that will stop someone with physical access
-why not just boot from a floppy ?
(can alway open the box & discharge the battery that keeps BIOS CMOS
locked if neccesary )
--
Rafi Sadowsky rafi@oumail.openu.ac.il
Network/System/Security VoiceMail: +972-3-646-0592 FAX: +972-3-646-5410
Mangler ( :-) | member ILAN-CERT(CERT-L@VM.TAU.AC.IL)
Open University of Israel | (PGP key -> ) http://telem.openu.ac.il/~rafi
On Mon, 17 Nov 1997, Bekman Stanislav wrote:
> >From http://www.ilf.net/brotherhood/filez/hacking/lilo-exploit.txt
>
> Anyone tried this?
>
> On most Linux systems root can be obtained with the LD_PRELOAD
> environment variable:
>
> 1) Download the hacked libc.so.5 that spawns a shell when a call
> is made to crypt from http://www.rootshell.com and put it
> in a directory that you can remember like -> /var/tmp
>
> 2) Reboot the machine and when you see the LILO prompt,
> hit the SHIFT key and at the LILO boot: prompt type something like:
> LILO boot: linux LD_PRELOAD=/var/tmp/libc.so.5
>
> 3) When the Linux system boots, you might see a lot of warnings
> and errors - Just ignore them...
>
> 4) When you will get to a login prompt,
>
> ->If you are using Red Hat Linux, you *must*
> log in as a normal user and supply as correct password.
>
> ->If you are using Slackware Linux, you can
> type in a few random characters for the login and password.
>
> 5) At this point, you are now root.
>
>
> - BeastMaster V
>
>
>
> =======================================================================
>
> This method is even easier than the one above
>
> ok, i found the easiest way to change a root passwd on a physically
> accessed machine is to apply the boot params "init=/bin/bash rw"
>
> ie if you use lilo, and your image is "linux" try
> linux init=/bin/bash rw
>
> this should drop you to a root shell. just edit your passwd file.
> and run "sync" before you reboot.
>
> =======================================================================
> --
>
>
> ______________________________________________________________________
> Stas Bekman mailto:sbekman@iil.intel.com [just another webmaster]
> Home Page: http://www.eprotect.com/stas
> A must visit: http://www.eprotect.com/stas/TULARC (Java,CGI,PC,Linux)
> Linux-il Home: http://www.linux.org.il/
>
>