Trip Posted August 17, 2010 Posted August 17, 2010 (edited) http://www.metacafe.com/watch/1886490/how_..._in_30_seconds/ i dont want to try it just in case its like the old "press f5 for the cheats menu on tf2" lol Edited August 17, 2010 by Trip Quote
moonlit Posted August 17, 2010 Posted August 17, 2010 As far as I can tell, not being a Linux expert, it won't do anything stupid and it *might* work. Give it a go, it won't do any harm, just make a note of what your GRUB menu entry said before you changed it. Reminds me of the giant gaping hole in Ubuntu, I believe they've closed it now, but it used to be the case that if you'd never changed your root password (you're discouraged from messing with root at all), the recovery console didn't need a password. In short what this meant is you could boot a system, drop to recovery, passwd and reboot. Pretty stupid stuff. Quote
okiwan Posted August 17, 2010 Posted August 17, 2010 neat, but thing is you would need physical access to the machine. i dont think iv ever seen a linux box in person besides the ones i run. maybe people in the industry would be more likely to run into them. Quote
Zimmer Posted August 17, 2010 Posted August 17, 2010 If you have physical access it is over, period. Even if you can't access the OS, just grab the hard drive and go. Technically even encryption is vulnerable, just takes a "little" time. Quote
Sparda Posted August 17, 2010 Posted August 17, 2010 This is not a hack, this is how it's supposed to be. It does work, because it's intended to. To prevent some one doing this password protect GRUB. Quote
Trip Posted August 17, 2010 Author Posted August 17, 2010 This is not a hack, this is how it's supposed to be. It does work, because it's intended to. To prevent some one doing this password protect GRUB. +1 dude excellent reply :) Quote
5ive Posted August 18, 2010 Posted August 18, 2010 calling it "hacking" when you have physical access is a stretch. Didn't hak5 feature Kon-boot in an older episode? basically does the same thing... ok, found it http://www.hak5.org/episodes/episode-518 they used it to bypass windows pw - but kon-boot was originally for linux, and can do both. Quote
Sparda Posted August 18, 2010 Posted August 18, 2010 Konboot isn't really the same. Booting Linux with init set as a console basically boots the kernel then when the kernel tries to start init (essentially the 'start ever other service the operating system needs' program) it runs bash as root instead (you can set init to be any linux binary really). Konboot on the other hand is essentially a memory resident rootkit that changes how the operating system functions, admittedly it only changes one aspect, but it's the aspect that matters. Quote
5ive Posted August 18, 2010 Posted August 18, 2010 I didn't fully watch the link just got the jist of it and it reminded me of kon-boot. Either way you can get a root prompt in well under a min. Quote
iisjman07 Posted August 19, 2010 Posted August 19, 2010 Yeah I've used this many times on my ubuntu machine because I always forget the password for that (I reckon it changes when I'm not looking) Quote
h3%5kr3w Posted August 20, 2010 Posted August 20, 2010 I condone konboot. I think it's awesome. I have used it at least 20 times, and all for good. 1. getting into windows boxes quickly cause some teenage chick forgets her password 2. Once used it on a business linux box because the admin said F&*k you all! and walked out the door (no pw writedowns) 3. Great tool for the uber paraniod. Think about it. you type in the most stupid hard long password and just.. forget it! keep in on a usb key and that's it. Quote
Infiltrator Posted August 28, 2010 Posted August 28, 2010 That's the beauty of Linux, making things easier and flexible to the end user. No need to use third party utilities to reset the password. Quote
moonlit Posted August 28, 2010 Posted August 28, 2010 That's the beauty of Linux, making things easier and flexible to the end user. No need to use third party utilities to reset the password. There's a difference between "vulnerable to a third party bootdisc" and "leaving the keys under the mat". This is the latter. Why even bother? Quote
3TeK Posted August 29, 2010 Posted August 29, 2010 i just boot into single mode to change the password :-D Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.