Stealing/Changing Data Using a Bootable Linux CD

Once an attacker has gained physical access, getting into a box can be as simple as booting to a CD-based Linux distribution, deleting the root user account password in the /etc/shadow file, and booting into the system, normally with full access. This can be accomplished step-by-step as follows:

1. Reboot the system and configure it to boot from the CD-ROM.
2. Boot the system into the bootable Linux distribution, such as one of the following:
  • Backtrack (
  • Knoppix-STD (
3. Open a root command shell.
4. Create a mount point by typing the following mkdir mountpoint, which will create a directory called mountpoint. This is where the file system will be mounted.
5. Determine the type of hard disks (SCSI or IDE) on the system. To determine, type fdisk -l or look through the output of the dmesg command.
6. Determine the partition on the disk to be mounted. Identify the correct partition that contains the /etc/shadow file (always the root "/" partition).
7. Type mount /dev/sda# mountpoint, where /dev/sda# is your root partition, and mountpoint is the directory you created.
8. Change to the /etc directory on your root partition by typing cd mountpoint/etc.
9. Use your favorite text editor (such as vi) to open the etc/shadow file for editing.
10. Scroll down to the line containing the root's information, which looks something like:
11. Delete everything between the first and second colons, so the line resembles this one:
12. Save the file and exit your editor.
13. Type cd to return to the home directory.
14. Type umount mountpoint to unmount the target file system.
15. Type reboot to reboot the system and remove the bootable Linux distribution CD from the drive.
16. Now the system can be accessed as root with no password.

Source : Hacking Exposed Linux Book by ISECOM
That's all folks, I hope this tutorial will help you.
It's just for educational purpose only.
The author is not responsible for any misuse or damage caused by this tutorial.

Thank you for visiting my blog.

No comments:

Post a Comment