Compared to windows Linux has a very high security standard. But the problem is most of these disable at default installations. So unless you have manually configured them they may be less safe. These days free OS Ubuntu and Kubuntu is catching up. Here I’m going to show very simple yet highly effective ultra fast way to hack in to them. And the way to prevent such attacks J
1. No extra tools necessary
2. Highly simple
3. Ultra fast
4. Gain administrator privileges
5. Work on most of Ubuntu based systems, (Ubuntu, Kubuntu, edubuntu …)
1. If the boot parameter editing is disabled by the admin this will not work. (But it’s highly unlikely admin will block it)
1. Boot the computer.
2. At the grub/lilo prompt press “esc”. For those who are confused grub stand for GRand Unified Bootloader. And LIlo for LInux Loader. These are programs that run before the actual l operating System. If you have a dual boot system that is a single machine with more than one operating System the boot menu option is provided by the boot loader. So in that case press “esc” instead of selecting an operating System.
3. Now you should be in a dull black and white command line looking prompt.
4. Among the options you will find something like “kernel…..”
5. Highlight it using arrow keys and press “e” (This is the edit option)
6. Go to the very end of the line and add rw init=/bin/bash
7. Press “Enter” key.
8. Then press “b” to boot from that option.
9. J There !!! Now you have a command prompt with root powers. (Just a single parameter and we are in J)
10. For the fellows who don’t know even to change the password using the shell here is the command
11. Type “password” followed by user name.(If you don’t type a user name it will change current users password. In this case it will change root password!!!)
12. Type new password and retype it when you are asked to confirm it. Thats all there is!
13. Type “reboot” and after rebooting you can login using your new account.!
Video <Link to my sample video>
If you are a Ubuntu user u might be scared to death by the simplicity of this hack. It’s much simpler than its sounds here. If you really try it out you can do it well under 30 seconds! But for the illustrative purposes I’m going slowly on my sample video. Now the big question is how we can prevent this.
One method is to prevent users from editing grub at boot. This can be done by using “password” and “lock” directives in grub configuration file. File is at /boot/grub/menu.lst
Other method is to use a password for boot loader. Not just the operating System. So it will ask for a password even before the boot menu is displayed. Be warned if you use this method on a dual boot system it will ask you the password even to boot windows. So loosing this password will make you install both operating Systems.
Just like most of the programs and functions Linux kernel is set to accept few optional parameters. One such is the shell which it boots into. Here we are passing a parameter in to the kernel and asking it to boot in to “bash” shell which is located at /bin.