Is This For Real ?

[Trip]

http://www.metacafe.com/watch/1886490/how_..._in_30_seconds/

i dont want to try it just in case its like the old "press f5 for the cheats menu on tf2" lol

Edited August 17, 2010 by Trip

[moonlit]

As far as I can tell, not being a Linux expert, it won't do anything stupid and it *might* work. Give it a go, it won't do any harm, just make a note of what your GRUB menu entry said before you changed it.

Reminds me of the giant gaping hole in Ubuntu, I believe they've closed it now, but it used to be the case that if you'd never changed your root password (you're discouraged from messing with root at all), the recovery console didn't need a password. In short what this meant is you could boot a system, drop to recovery, passwd and reboot. Pretty stupid stuff.

[okiwan]

neat, but thing is you would need physical access to the machine. i dont think iv ever seen a linux box in person besides the ones i run. maybe people in the industry would be more likely to run into them.

[Zimmer]

If you have physical access it is over, period. Even if you can't access the OS, just grab the hard drive and go. Technically even encryption is vulnerable, just takes a "little" time.

[Sparda]

This is not a hack, this is how it's supposed to be. It does work, because it's intended to. To prevent some one doing this password protect GRUB.

[Trip]

This is not a hack, this is how it's supposed to be. It does work, because it's intended to. To prevent some one doing this password protect GRUB.

+1 dude excellent reply :)

[5ive]

calling it "hacking" when you have physical access is a stretch. Didn't hak5 feature Kon-boot in an older episode? basically does the same thing...

ok, found it

http://www.hak5.org/episodes/episode-518

they used it to bypass windows pw - but kon-boot was originally for linux, and can do both.

[Sparda]

Konboot isn't really the same. Booting Linux with init set as a console basically boots the kernel then when the kernel tries to start init (essentially the 'start ever other service the operating system needs' program) it runs bash as root instead (you can set init to be any linux binary really). Konboot on the other hand is essentially a memory resident rootkit that changes how the operating system functions, admittedly it only changes one aspect, but it's the aspect that matters.

[5ive]

I didn't fully watch the link just got the jist of it and it reminded me of kon-boot. Either way you can get a root prompt in well under a min.

[iisjman07]

Yeah I've used this many times on my ubuntu machine because I always forget the password for that (I reckon it changes when I'm not looking)

[Trip]

^^ lol :)

[moonlit]

Because Linux is InherentlySecure!

[h3%5kr3w]

I condone konboot. I think it's awesome. I have used it at least 20 times, and all for good.

1. getting into windows boxes quickly cause some teenage chick forgets her password

2. Once used it on a business linux box because the admin said F&*k you all! and walked out the door (no pw writedowns)

3. Great tool for the uber paraniod. Think about it. you type in the most stupid hard long password and just.. forget it! keep in on a usb key and that's it.

[cabster21]

Look up for Sparda

[Infiltrator]

That's the beauty of Linux, making things easier and flexible to the end user.

No need to use third party utilities to reset the password.

[moonlit]

That's the beauty of Linux, making things easier and flexible to the end user.

No need to use third party utilities to reset the password.

There's a difference between "vulnerable to a third party bootdisc" and "leaving the keys under the mat".

This is the latter.

Why even bother?

[3TeK]

i just boot into single mode to change the password :-D