[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

lilo-exploit



>From http://www.ilf.net/brotherhood/filez/hacking/lilo-exploit.txt

Anyone tried this?

On most Linux systems root can be obtained with the LD_PRELOAD
environment variable:

1) Download the hacked libc.so.5 that spawns a shell when a call
   is made to crypt from http://www.rootshell.com and put it
   in a directory that you can remember like ->  /var/tmp

2) Reboot the machine and when you see the LILO prompt, 
   hit the SHIFT key and at the LILO boot:  prompt type something like:
   LILO boot: linux LD_PRELOAD=/var/tmp/libc.so.5

3) When the Linux system boots, you might see a lot of warnings
   and errors - Just ignore them...

4) When you will get to a login prompt,

   ->If you are using Red Hat Linux, you *must*
   log in as a normal user and supply as correct password.

   ->If you are using Slackware Linux, you can
   type in a few random characters for the login and password.

5) At this point, you are now root.


                        - BeastMaster V



=======================================================================

        This method is even easier than the one above

ok, i found the easiest way to change a root passwd on a physically
accessed machine is to apply the boot params "init=/bin/bash rw"
 
ie if you use lilo, and your image is "linux" try
linux init=/bin/bash rw

this should drop you to a root shell.  just edit your passwd file. 
and run "sync" before you reboot.

=======================================================================
-- 


______________________________________________________________________
Stas Bekman     mailto:sbekman@iil.intel.com [just another webmaster]
Home Page:      http://www.eprotect.com/stas
A must visit: 	http://www.eprotect.com/stas/TULARC (Java,CGI,PC,Linux)
Linux-il Home:  http://www.linux.org.il/