[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lilo-exploit



there is NO protection that will stop someone with physical access 
-why not just boot from a floppy ?
(can alway open the box & discharge the battery that keeps BIOS CMOS
locked if neccesary ) 


-- 
Rafi Sadowsky                                   rafi@oumail.openu.ac.il
Network/System/Security  VoiceMail: +972-3-646-0592   FAX: +972-3-646-5410
       Mangler ( :-)      |    member  ILAN-CERT(CERT-L@VM.TAU.AC.IL)
Open University of Israel |   (PGP key -> )  http://telem.openu.ac.il/~rafi


On Mon, 17 Nov 1997, Bekman Stanislav wrote:

> >From http://www.ilf.net/brotherhood/filez/hacking/lilo-exploit.txt
> 
> Anyone tried this?
> 
> On most Linux systems root can be obtained with the LD_PRELOAD
> environment variable:
> 
> 1) Download the hacked libc.so.5 that spawns a shell when a call
>    is made to crypt from http://www.rootshell.com and put it
>    in a directory that you can remember like ->  /var/tmp
> 
> 2) Reboot the machine and when you see the LILO prompt, 
>    hit the SHIFT key and at the LILO boot:  prompt type something like:
>    LILO boot: linux LD_PRELOAD=/var/tmp/libc.so.5
> 
> 3) When the Linux system boots, you might see a lot of warnings
>    and errors - Just ignore them...
> 
> 4) When you will get to a login prompt,
> 
>    ->If you are using Red Hat Linux, you *must*
>    log in as a normal user and supply as correct password.
> 
>    ->If you are using Slackware Linux, you can
>    type in a few random characters for the login and password.
> 
> 5) At this point, you are now root.
> 
> 
>                         - BeastMaster V
> 
> 
> 
> =======================================================================
> 
>         This method is even easier than the one above
> 
> ok, i found the easiest way to change a root passwd on a physically
> accessed machine is to apply the boot params "init=/bin/bash rw"
>  
> ie if you use lilo, and your image is "linux" try
> linux init=/bin/bash rw
> 
> this should drop you to a root shell.  just edit your passwd file. 
> and run "sync" before you reboot.
> 
> =======================================================================
> -- 
> 
> 
> ______________________________________________________________________
> Stas Bekman     mailto:sbekman@iil.intel.com [just another webmaster]
> Home Page:      http://www.eprotect.com/stas
> A must visit: 	http://www.eprotect.com/stas/TULARC (Java,CGI,PC,Linux)
> Linux-il Home:  http://www.linux.org.il/
> 
>