Re: [Full-disclosure] Rooting Linux with a floppy
Hello, Lauro, John wrote: (Of course with windows you generally need at least a boot CD to get enough tools to do anything useful). NACK, see http://home.eunet.no/~pnordahl/ntpasswd/ GTi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Rooting Linux with a floppy
On Thu, Jul 14, 2005 at 04:23:31PM -0800, Sumy wrote: > You have lost your root password on your linux box and now you > consider formatting > everythign to regain control? Your admin is a moron that leaves the > server available > physically for everybody? You wanna test your Linux box? Don't worry > if you have at least > a floppy rescue disk under hand,you can root it ;-) ) > > The problem with the new version of Linux since 6.2 is : > http://www.exploitx.com/69/rooting-linux-with-a-floppy/ *yawn* This was old news 10 years ago. Unless you are facing a very special setup (for instance crypto disks even for system installation), you can easily take over most UNIX systems if you are able to boot from a medium of your choice. That's why physical security is important too. As a rule: You usually can take control of any system provided you have sufficient physical access to it. BTW: there are plenty of errors and omissions in the web page advertised by you. Regards, Alex. -- "Opportunity is missed by most people because it is dressed in overalls and looks like work." -- Thomas A. Edison ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Rooting Linux with a floppy
Or maybe you are just sarcasm-challenged? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ron Sent: Friday, July 15, 2005 11:02 AM To: FULLDISC Subject: Re: [Full-disclosure] Rooting Linux with a floppy -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 _Linux_ doesn't have a version 10, either. Linux IS the kernel, which the versions are 2.x (2.4.* and 2.6.* usually). Maybe you're talking about a specific distribution? In which case, that's a pretty inconsistant numbering system to use since Red Hat, Mandrake, Slackware, etc. all use different numbering conventions. James Longstreet wrote: > On Fri, 15 Jul 2005, Lauro, John wrote: > > >> 6.2? What is that??? Latest kernel is 2.6... > > > No, not kernel 6.2, LINUX 6.2. You know, that old version. Linux 10 has > been out for months. > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > -BEGIN PGP SIGNATURE- Version: GnuPG v1.9.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC193zfqSf2EkP4p4RAiMvAJ9x9PeHs4rOvIO+dLf42pFzPxOTJgCfVGGT 5AFKvXB5iLxGqaqzN+x2wCk= =WgZD -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Rooting Linux with a floppy
On Fri, July 15, 2005 8:47 am, James Longstreet said: > On Fri, 15 Jul 2005, Lauro, John wrote: > >> 6.2? What is that??? Latest kernel is 2.6... > > No, not kernel 6.2, LINUX 6.2. You know, that old version. Linux 10 has > been out for months. This is sadly funny in a pathetic sort of way... -Eric -- arctic bears - email and dns services http://www.arcticbears.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Rooting Linux with a floppy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 _Linux_ doesn't have a version 10, either. Linux IS the kernel, which the versions are 2.x (2.4.* and 2.6.* usually). Maybe you're talking about a specific distribution? In which case, that's a pretty inconsistant numbering system to use since Red Hat, Mandrake, Slackware, etc. all use different numbering conventions. James Longstreet wrote: > On Fri, 15 Jul 2005, Lauro, John wrote: > > >> 6.2? What is that??? Latest kernel is 2.6... > > > No, not kernel 6.2, LINUX 6.2. You know, that old version. Linux 10 has > been out for months. > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > -BEGIN PGP SIGNATURE- Version: GnuPG v1.9.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC193zfqSf2EkP4p4RAiMvAJ9x9PeHs4rOvIO+dLf42pFzPxOTJgCfVGGT 5AFKvXB5iLxGqaqzN+x2wCk= =WgZD -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Rooting Linux with a floppy
On Fri, 15 Jul 2005, Lauro, John wrote: > 6.2? What is that??? Latest kernel is 2.6... No, not kernel 6.2, LINUX 6.2. You know, that old version. Linux 10 has been out for months. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Rooting Linux with a floppy
On Friday 15 July 2005 13:04, Lauro, John wrote: > 6.2? What is that??? Latest kernel is 2.6... Perhaps RH 6.2 ? ;) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Rooting Linux with a floppy
On Friday 15 July 2005 02:23, Sumy wrote: > You have lost your root password on your linux box and now you > consider formatting > everythign to regain control? Your admin is a moron that leaves the > server available > physically for everybody? You wanna test your Linux box? Don't worry > if you have at least > a floppy rescue disk under hand,you can root it ;-) ) > > The problem with the new version of Linux since 6.2 is : > http://www.exploitx.com/69/rooting-linux-with-a-floppy/ lol... linux 6.2 , i must be an idiot... i'm still running an ancient 2.6.12 kernel! but one good thing, i don't think i'm vulnerable, i don't have a floppy drive! (thank god, i thought i would need an upgrade!) btw. how about this rooting technique: i remove the disk from the system, put it in another system, start that system (with another os off course) mount rootfs, chroot there and CLEAR the passwd! damn... this is so stupid, it MUST be a joke ;) ps. this actually works : -- harry aka Rik Bobbaers ps. this is NOT a serious mail, please don't read! ;) K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50 [EMAIL PROTECTED] -=- http://harry.ulyssis.org Disclaimer: By sending an email to ANY of my addresses you are agreeing that: 1. I am by definition, "the intended recipient" 2. All information in the email is mine to do with as I see fit and make such financial profit, political mileage, or good joke as it lends itself to. In particular, I may quote it on usenet. 3. I may take the contents as representing the views of your company. 4. This overrides any disclaimer or statement of confidentiality that may be included on your message. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Rooting Linux with a floppy
On Friday 15 July 2005 02:23, Sumy wrote: > You have lost your root password on your linux box and now you > consider formatting > everythign to regain control? Your admin is a moron that leaves the > server available > physically for everybody? You wanna test your Linux box? Don't worry > if you have at least > a floppy rescue disk under hand,you can root it ;-) ) > > The problem with the new version of Linux since 6.2 is : > http://www.exploitx.com/69/rooting-linux-with-a-floppy/ lol... linux 6.2 , i must be an idiot... i'm still running an ancient 2.6.12 kernel! but one good thing, i don't think i'm vulnerable, i don't have a floppy drive! (thank god, i thought i would need an upgrade!) btw. how about this rooting technique: i remove the disk from the system, put it in another system, start that system (with another os off course) mount rootfs, chroot there and CLEAR the passwd! damn... this is so stupid, it MUST be a joke ;) ps. this actually works : -- harry aka Rik Bobbaers ps. this is NOT a serious mail, please don't read! ;) K.U.Leuven - LUDIT -=- Tel: +32 485 52 71 50 [EMAIL PROTECTED] -=- http://harry.ulyssis.org Disclaimer: By sending an email to ANY of my addresses you are agreeing that: 1. I am by definition, "the intended recipient" 2. All information in the email is mine to do with as I see fit and make such financial profit, political mileage, or good joke as it lends itself to. In particular, I may quote it on usenet. 3. I may take the contents as representing the views of your company. 4. This overrides any disclaimer or statement of confidentiality that may be included on your message. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Rooting Linux with a floppy
Boot this http://www.trinux.org/ then mount the drive ... chroot to the drives root and run passwd its not a complicated process On 7/14/05, Sumy <[EMAIL PROTECTED]> wrote: > You have lost your root password on your linux box and now you > consider formatting > everythign to regain control? Your admin is a moron that leaves the > server available > physically for everybody? You wanna test your Linux box? Don't worry > if you have at least > a floppy rescue disk under hand,you can root it ;-) ) > > The problem with the new version of Linux since 6.2 is : > http://www.exploitx.com/69/rooting-linux-with-a-floppy/ > -- > Security Portal: > http://www.exploitx.com > Forum: http://www.exploitx.com/forum/ > > Other sites: > http://www.nutritionguides.net > http://www.mesothelioma911.net > http://www.Garticles.net > http://www.WebhostingReview.biz > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Rooting Linux with a floppy
6.2? What is that??? Latest kernel is 2.6... This is true of the default install of almost every Unix-like OS including Solaris and, and ever Windows OS including Windows 2003 (although the files you have to alter are different in Windows). (Of course with windows you generally need at least a boot CD to get enough tools to do anything useful). Note, this is the standard *default* setup... With Linux (and others), you can use an encrypted filesystem if you are paranoid at the cost of a performance hit and the ability to do full autostart without leaving the key in the machine... I'm not even sure if there is a distribution that ships with it as an option for a standard install, as it's generally better to keep the servers phyisically secure then the PITA it causes from the performance hit and most of the time it is good to leave an emergency back-door for the admin who replaces you. Even with an encypted filesystem, all it takes is lots of compute power to break with key, and/or the password for the key. So with physical access to the server, you could still clone (or steal) the hard drive, and break it off-site. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Sumy > Sent: Thursday, July 14, 2005 8:24 PM > To: SBUGTRAQ > Cc: FULLDISC > Subject: [Full-disclosure] Rooting Linux with a floppy > > You have lost your root password on your linux box and now > you consider formatting everythign to regain control? Your > admin is a moron that leaves the server available physically > for everybody? You wanna test your Linux box? Don't worry if > you have at least a floppy rescue disk under hand,you can > root it ;-) ) > > The problem with the new version of Linux since 6.2 is : > http://www.exploitx.com/69/rooting-linux-with-a-floppy/ > -- > Security Portal: > http://www.exploitx.com > Forum: http://www.exploitx.com/forum/ > > Other sites: > http://www.nutritionguides.net > http://www.mesothelioma911.net > http://www.Garticles.net > http://www.WebhostingReview.biz > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Rooting Linux with a floppy
well they seem to only publish old articles, articles i guess they dont got authorization to publish. On 7/15/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Sumy wrote: > > [...] Don't worry if you have at least a floppy rescue disk under > > hand,you can root it ;-) ) > > > > The problem with the new version of Linux since 6.2 is : > > http://www.exploitx.com/69/rooting-linux-with-a-floppy/ > > Really old news... > > GTi > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Rooting Linux with a floppy
Sumy wrote: [...] Don't worry if you have at least a floppy rescue disk under hand,you can root it ;-) ) The problem with the new version of Linux since 6.2 is : http://www.exploitx.com/69/rooting-linux-with-a-floppy/ Really old news... GTi ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Rooting Linux with a floppy
Uhhh.. Where to start. This is old. First off you often don't need a floppy/boot media for older systems since they tend to have insecure lilo/grub configurations. Second off all, this is really old news (yup, mentioned that already). http://www.seifried.org/security/index.php/Linux_Physical_and_Console_Security Nice spam links by the way. -Kurt Seifried ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Rooting Linux with a floppy
You have lost your root password on your linux box and now you consider formatting everythign to regain control? Your admin is a moron that leaves the server available physically for everybody? You wanna test your Linux box? Don't worry if you have at least a floppy rescue disk under hand,you can root it ;-) ) The problem with the new version of Linux since 6.2 is : http://www.exploitx.com/69/rooting-linux-with-a-floppy/ -- Security Portal: http://www.exploitx.com Forum: http://www.exploitx.com/forum/ Other sites: http://www.nutritionguides.net http://www.mesothelioma911.net http://www.Garticles.net http://www.WebhostingReview.biz ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/