Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: BuYS - Protecting the Grub Share/Save - My123World.Com!

  1. #1
    Super Commando Dhruv abhaythehero's Avatar
    Join Date
    Sep 2010
    Location
    Lucknow/Pune,India
    Posts
    466
    Blog Entries
    2

    BuYS - Protecting the Grub

    Suppose you have physical access to Linux system and without any LiveCD.The entries in the GRUB do not give access to root shell.By editing the GRUB you can bypass and get root shell. In this context ,

    1. How will you edit the GRUB and what will you edit ?

    2. How can you prevent such an attack if you are the administrator ?

    3. Suppose , the administrator does the above step to prevent it.Now this time the attacker comes with a LiveCD.What should the administrator do to prevent such an attack ?


    PM me the answers and I will post them back after 3-4 days
    In the world of 0s and 1s, are you a zero or The One !

  2. #2
    ... I am no Expert b0nd.g4h@gmail.com b0nd's Avatar
    Join Date
    Jul 2010
    Location
    irc.freenode.net #g4h
    Posts
    744
    I Pass. Out of my mind now a days.... dunno where the bugger is roaming
    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

  3. #3
    Super Commando Dhruv abhaythehero's Avatar
    Join Date
    Sep 2010
    Location
    Lucknow/Pune,India
    Posts
    466
    Blog Entries
    2
    too easy question I guess
    no one replied
    In the world of 0s and 1s, are you a zero or The One !

  4. #4
    Super Commando Dhruv abhaythehero's Avatar
    Join Date
    Sep 2010
    Location
    Lucknow/Pune,India
    Posts
    466
    Blog Entries
    2

    The answers

    okay I should post the answer now .. pity no one bothered to answer

    1. On the boot , when the GRUB screen is loaded , you can press E to edit the arguments with which that "GRUB entry" boots.


    Now you can add the single argument and delete other unnecessary arguments to edit a entry.Booting with this entry now will give you root shell because of the single argument which defaults to unknown runlevel and root user.


    2. To prevent this , you can use a utility called grub-md5-crypt which will ask you for a password and give you md5 hash of that.Which you can paste it in your grub file.( This utility is either called directly or can be found in grub directory.Or you can get it from grub terminal )

    Editing the GRUB file :

    Just below the timeout line,
    Code:
    default         0
    timeout         10
    add the hash you generated by grub-md5-crypt in the following syntax
    Code:
     password --md5 $1$gLhU0/$aW78kHK1QfV3P2b2znUoe/
    And this will force the grub to ask for a password if anyone wants to change the arguments at GRUB screen.




    3. To prevent use of LiveCD or LiveUSB , disable CD and USB as boot options in BIOS and set up a BIOS password.
    Also hope no one messes with the CMOS battery
    In the world of 0s and 1s, are you a zero or The One !

  5. #5
    Security Researcher fb1h2s's Avatar
    Join Date
    Jul 2010
    Location
    India
    Posts
    616
    Blog Entries
    32
    I don't understand why am missing these post . This thread was not shown in my recent updates thread.
    Hacking Is a Matter of Time Knowledge and Patience

  6. #6
    Security Researcher fb1h2s's Avatar
    Join Date
    Jul 2010
    Location
    India
    Posts
    616
    Blog Entries
    32
    Btw I have done these stuffs some 5 months back, even darkest was there
    Hacking Is a Matter of Time Knowledge and Patience

  7. #7
    Network Security Administrator Hackuin's Avatar
    Join Date
    Apr 2011
    Location
    10011001 10011001
    Posts
    104
    Funny Part:
    1) If you can't use Live CD/DVD, use any bootable USB [BT/Ubuntu] :P
    2) Select Recovery Option and then, select "Drop to Root Shell"


    Anyways:

    Most of the System Administrators, concern very much about boot options [ astonish ] because, most of the large scale system administrators use "head-less" machines and even mostly remotely, only maintenances people used to have physical access, and, even when configured grub, the un-used grub entries are removed, like "Memory test" or "Old Kernels".

    You should have also mentioned, version of grub. Because, Grub2 is much complicated then Grub Legacy/or its prior ones. :]

  8. #8
    Super Commando Dhruv abhaythehero's Avatar
    Join Date
    Sep 2010
    Location
    Lucknow/Pune,India
    Posts
    466
    Blog Entries
    2
    Funny Part:
    1) If you can't use Live CD/DVD, use any bootable USB [BT/Ubuntu] :P
    Dammint ..!! forgot to add LiveUSB was also not allowed

    You should have also mentioned, version of grub. Because, Grub2 is much complicated then Grub Legacy/or its prior ones. :]
    Ohh Yes, I tested this in Grub ( making changes in /boot/grub/menu.lst )
    For Grub2 we have to make changes in the grub.cfg file (wherever it is located), I think.
    In the world of 0s and 1s, are you a zero or The One !

  9. #9
    Security Researcher fb1h2s's Avatar
    Join Date
    Jul 2010
    Location
    India
    Posts
    616
    Blog Entries
    32
    @hackuin drop to Root Shell , does that happen to be on all distros or its something less frequent. "linux n00b I am"
    Hacking Is a Matter of Time Knowledge and Patience

  10. #10
    ... I am no Expert b0nd.g4h@gmail.com b0nd's Avatar
    Join Date
    Jul 2010
    Location
    irc.freenode.net #g4h
    Posts
    744
    Quote Originally Posted by abhaythehero View Post
    too easy question I guess
    no one replied
    was it? I wasn't aware of it.
    Thanks to you and Hackuin for sharing knowledge.
    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •