[luau] Lilo to get root shell
Dustin Cross
dusty at sandust.com
Tue Jul 2 11:08:01 PDT 2002
I know several ways to get root with physical access, but I didn't know
about using lilo like this or how to secure it. This is useful if you have
linux workstations and want to make sure employees/users can't do things
they shouldn't.
Most of us know to set a bios/prom password so users can't boot floppy or
CD to get access.
This type of information won't protect us from a ruthless blackhat, but
will help keep authorized users inline.
Dusty
> You didn't know that?
>
> There's numerous ways to root a box you haev physical access to.
> Basically, if an attacker has physical access, you're 0wn3d buddy.
>
> linux single
> linux 1
> *(Above two won't work on some distros, slack comes to mind as it's
> sulogin requires a root pw)
>
> linux init=/bin/bash (completly bypass normal startup and spawn a root
> shell, no login needed)
>
> Use a bootdisk
> Remove hard drive and mount in a different machine
>
> If the attacker has physical access, consider yourself screwed (unless
> you have an encrypted FS that requires a passphrase at startup).
>
> --MonMotha
>
> (quote cut because it was really long)
>
> _______________________________________________
> LUAU mailing list
> LUAU at videl.ics.hawaii.edu
> http://videl.ics.hawaii.edu/mailman/listinfo/luau
More information about the LUAU
mailing list