[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lilo-exploit




Yes, there is. The compressed 'complete' linuxes such as linux-lp are
secure. There is an option to encrypt the whole thing, besides compressing
the kernel and the root. The two are glued together into a single large
file. If additionally, encrypted filesystems are used, with passwords
stored in the boot/root file, and the running of the boot/root file
requires a password then only the owner can operate the thing. BIOS
changes, floppy boot and nothing else will get you any closer to the
contents of the boot/root disk and of the partitions. One disadvantage is,
that fixing such a system after a crash requires at least one working
system (rather complete) to 'dock' to the disks and do magic on them.
Assuming you wrote down the passwords, of course. And there are still
holes in runtime environments...

On Mon, 17 Nov 1997, Rafi Sadowsky wrote:

> there is NO protection that will stop someone with physical access 
> -why not just boot from a floppy ?
> (can alway open the box & discharge the battery that keeps BIOS CMOS
> locked if neccesary ) 
> 
> 
> -- 
> Rafi Sadowsky                                  rafi@oumail.openu.ac.il
> Network/System/Security  VoiceMail: +972-3-646-0592   FAX: +972-3-646-5410
>      Mangler ( :-)      |    member  ILAN-CERT(CERT-L@VM.TAU.AC.IL)
> Open University of Israel |   (PGP key -> )  http://telem.openu.ac.il/~rafi
> 
> 
> On Mon, 17 Nov 1997, Bekman Stanislav wrote:
> 
> > >From http://www.ilf.net/brotherhood/filez/hacking/lilo-exploit.txt
> > 
> > Anyone tried this?
> > 
> > On most Linux systems root can be obtained with the LD_PRELOAD
> > environment variable:
> > 
> > 1) Download the hacked libc.so.5 that spawns a shell when a call
> >    is made to crypt from http://www.rootshell.com and put it
> >    in a directory that you can remember like ->  /var/tmp
> > 
> > 2) Reboot the machine and when you see the LILO prompt, 
> >    hit the SHIFT key and at the LILO boot:  prompt type something like:
> >    LILO boot: linux LD_PRELOAD=/var/tmp/libc.so.5
> > 
> > 3) When the Linux system boots, you might see a lot of warnings
> >    and errors - Just ignore them...
> > 
> > 4) When you will get to a login prompt,
> > 
> >    ->If you are using Red Hat Linux, you *must*
> >    log in as a normal user and supply as correct password.
> > 
> >    ->If you are using Slackware Linux, you can
> >    type in a few random characters for the login and password.
> > 
> > 5) At this point, you are now root.
> > 
> > 
> >                         - BeastMaster V
> > 
> > 
> > 
> > =======================================================================
> > 
> >         This method is even easier than the one above
> > 
> > ok, ifound the easiest way to change a root passwd on a physically
> > accessed machine is to apply the boot params "init=/bin/bash rw"
> >  
> > ie if you use lilo, and your image is "linux" try
> > linux init=/bin/bash rw
> > 
> > this should drop you to a root shell.  just edit your passwd file. 
> > and run "sync" before you reboot.
> > 
> > =======================================================================
> > -- 
> > 
> > 
> > ______________________________________________________________________
> > Stas Bekman   mailto:sbekman@iil.intel.com [just another webmaster]
> > Home Page:      http://www.eprotect.com/stas
> > A must visit: 	http://www.eprotect.com/stas/TULARC (Java,CGI,PC,Linux)
> > Linux-il Home:  http://www.linux.org.il/
> > 
> > 
> 
> 

Peter Lorand Peres
------------------
plp@actcom.co.il 100310.2360 on CIS (please use Internet address for mail)
http://ourworld.compuserve.com/homepages/plp

"The creed of Inland Revenue is simple: 'If we can bring one little smile to one
little face today - then somebody's screwed up somewhere' - David Frost

(Note: The above stands valid in all countries until proven wrong)