Quote:
Originally posted here by phr0zenf1sh
[B](this is intended to protect users from the threat of physical hacking, I am not responsible for any misuse of this information)
Lol.
Quote:
When most users imagine hackers, they picture some scraggly teenager, hunched over his linux box, remotely trashing servers.However, in many cases, hacking occurs from withing an organization,
(TM) Hacking Linux exposed second edition. (Slightly reworded)
Quote:
wether it be an visitor,customer,student or even a disgruntled employee. Therefore, it seems that the threat of local hacking is quite real, and the physical security of a computer system is quite possibly the second weakest layer of protection against intruders.
What is first?
Quote:
( It should be noted that linux/unix is expecially vulnerable to physical attacks through single user mode)
Ummm, you can disable single user mode, and booting and pretty much anything that allows someone to get to it. If you think Unix and Linux are attacked easier from single user mode.... OK, anyway, this is not true at all. SUSE for example, you need the root password for single user mode.
Quote:
This tutorial should be of use to any level of user, from system administrators, to the casual end user.
Heh.
Quote:
be warned however, that it is impossible to stop the most skilled of attackers, it is merely possible to slow them down.
Not true, most users stop trying to break in when you shoot them.
Quote:
first off, an attacker on a linux machine would try and gain access at the LILO prompt.
But when I boot up I see GRUB!!!!! Is my computer broked???????????
Quote:
LILO: linux single
That didn't work here for some reason, hmmm.
Quote:
This would start the system at runlevel 1, or linux single user mode. essentially, the user would have root, without requiring a password.
False.
Quote:
This is here for system maintenance. But all is not lost, there is a way to stop intruders from entering linux single user mode.
Oh good!
Quote:
edit etc/inittab by inserting the following string, right after the "initdefault" line:
Thanks, now that half the Linux newbies just screwed up a system file there should be LOTS of new threads.
Quote:
~~:S:wait:/sbin/sulogin
What's really weird si that RedHat uses GRUB by default, unless the ISOs I had were messed up.
Quote:
This will force the intruder to enter the root password before allowing them access.
As opposed to popping in a Live CD and pulling the power plug? Do you have a job? I need some cash.
Quote:
However, the more intelligent attacker can still have access to your linux box.
=o NOOOOOOOOOOOOOOOOOOOOOOOO
Quote:
LILO: linux init=/bin/bash
And for the users that have GRUB?
Quote:
we can password-protect the LILO prompt, so an attacker can't add options to the LILO prompt without typing a password.
Is that going to stop the floppy disk boot up from hell? You'd think you'd add something about a BIOS password too, I mean hell if this is going to secure my boxes my work is EASY now.
Quote:
To add a password to the LILO prompt, just choose a password, and place the following lines in the top of the /etc/lilo.conf file:
restricted
password= PASSWORD
12 users reading this now have a LILO password "PASSWORD". And probably aren't sure how to log in themselves anymore.
Quote:
Once you're done, make sure to re-run LILO to effect your changes, by typing lilo at the root prompt.
Make sure you hit ENTER.
Quote:
At this point, all those linux geeks out there can give yourselves a hearty pat on the back, you've made your linux machine as safe as a windows box, from the perspective of physical hacking.
Whatever you're on, I want some. WTF is that ****? Windows.... Lol, like that click cancel of death the 9X users face or the ALT CTRL DEL the NT line uses? Lol.
Quote:
However, if our intruder decided to bring one of the many available boot disks out there, we are still very vulnerable to attack.
Oh finally?
Quote:
for windows we have: Offline NT password & registry editor
Don't forget the PHLAK tools, there are Windows servers at my college using passwords I gave them when I rebooted them.
Quote:
Linux: Tom's Root Boot disk
These are just two examples,a nd the options get even better if you are willing to pay money.Lets use tom's root boot disk as an example, since we have been doing so well with the whole linux thing.
We have?
Quote:
The intruder simply inserts the boot disk and:
Mount the drive!!
You didn't show commands for this....
mount /dev/hd*(Whatever) /mnt/haxxored..... Damn it my coffee got cold.
Quote:
# mkdir /evilhaxor
# mount /dev/hda5 /evilhaxor
# vi /evilhaxor/etc/passwd
And because almost all Linux distros use Shadow, what next?
Quote:
And since our evil haxor d00d booted with his very own floppy, he's root on the machine.
Not on mine.
Quote:
evilhaxor::0:0:Security Admin:/:/bin/bash
Heh, right. That won't send off alarm bells.
Quote:
What he/she has done is create an account that is root equivalent, and free of a password. With this account, our intruder can play around, delete the account, and sneak away into the night, or to his period three class.
Ummm, no.
Quote:
But wait! stop prying at your floppy drive with that screwdriver!
But the CD-ROM drive is so much more secure!
Quote:
All we have to do to foil our clever adversary is to forbid our trusty box to boot of anything but the hard drive.
Yea because then they have to get into BIOS at boot up to turn it back on! Wow that must take an extra 2 seconds! You know if I lived near you, I'd give your box a BIOS password, tell it not to boot off anything but the hard drive, then smack it with a hammer.
Quote:
You can generally configure boot options via your computer's battery-backed NVRAM, EEPROM, CMOS, or such. On Intel x86 hardware, turn your machine off and then, as it boots, press whatever key (Esc, F1, F2...) puts you into your BIOS's configuration menu. Now, when the option is saved, try to boot off a floppy. This should be impossible.
YEA ATTACKERS DON'T KNOW HOW TO GET BACK INTO A BIOS AND SET IT TO BOOT FROM SOMETHING AGAIN!
l
Quote:
So now, we go back into BIOS and find the password option, this shouldn't be too hard. So at this point, he can't boot from floppy, he can't access LILO, and he lost a lot of time just to figure this out.Unless he has some amazing cracking software up his sleeves, we just beat him.
Uhhh, right. False security is worse than no security.
Quote:
But, since he does have physical access, why doesn't he just open up the case and detatch the small battery ( similar to a watch battery ) for a few seconds, causing RAM to blank, and your system forgets the password you so carefully thought up.Okay, this is getting ridiculous though, right? all it takes is a bitter employee, forced to stay late. he has plenty of time, and I bet he might want to mess around in that server room.So you can lock the case, lock the server room, and maybe even remove the floppy drives and cd drives and hide them.Even then he or she could steal the hard drive and install it in another box and hack from there. the point is, physical safety is often overlooked, just as social engineering is overlooked.So keep a watchfull eye on your employees, your wetware and your hardware.
That's deep!
Quote:
If this tutorial helped you at all, or if you hated it and think I'm the dumbest thing that ever learned to type, email me at
freezerfish@gmail.com.
Lol.