How to Hack Your Own Linux System
2013-06-11 19:56
555 查看
原文:
http://www.tecmint.com/how-to-hack-your-own-linux-system/
Passwords are the sole criteria of system Security for most of the System. And when it comes to Linux, if you know the root password you owns the machine. Passwords are as a Security measure for BIOS, Login, Disk, Application, etc.
Linux is considered to be the most Secure Operating System to be hacked or cracked and in reality it is, still we will be discussing some of the loop-holes and exploits of a Linux System. We will be using CentOS Linux throughout the article as an article to crack our own machine’s security.
Press any key to interrupt the boot, as soon as Linux machine boots and you will get a GRUB menu.
![](http://www.tecmint.com/wp-content/uploads/2013/06/13-592x450.png)
Linux Boot ScreenPress ‘e‘ to edit and go to the line starting with kernel (Generally 2nd Line).
![](http://www.tecmint.com/wp-content/uploads/2013/06/31-597x450.png)
Switch to Single User ModeNow press ‘e‘ to edit the kernel and add ‘1‘ at the end of line (after one blank space) forcing it to start in single user mode and thus prohibiting it to enter default run-level. Press ‘Enter’ to close the kernel editing and then boot to the altered option. For booting You need to press ‘b‘
![](http://www.tecmint.com/wp-content/uploads/2013/06/41-620x124.png)
Logged into Single User ModeNow you are logged in to single-user mode.
![](http://www.tecmint.com/wp-content/uploads/2013/06/51-620x83.png)
Set root PasswordYeah! Now using ‘passwd‘ command we can change the root password. And once you have root password you owns the Linux Machine – Don’t you Remember? You can now switch to graphical screen to edit anything and everything.
![](http://www.tecmint.com/wp-content/uploads/2013/06/61-620x174.png)
Add new root PasswordNote: In case the above ‘passwd‘ command doesn’t work for you and you didn’t get any output, it simply means that your SELinux is in enforcing mode and you need to disable it first, before proceeding further. Run following command at your prompt.
Switch to X WindowsUse command “init 5” (Fedora Based) systems and “gdm3” (Debian Based) systems.
![](http://www.tecmint.com/wp-content/uploads/2013/06/71-587x450.png)
Switch to X WindowSo was this not a cake-walk to hack a Linux box? Think about the scenario if somebody did this to your server, Panic! Now we will be learning how to safeguard our Linux Machine from being modified using single user mode.
How we breaked into the system? Using Single-user mode. OK, so the loophole here was – logging into single user mode without the need of entering any password.
Fixing this loophole i.e., password protecting the single user mode.
open file “/etc/rc1.d/S99single” in your favourite editor and search for line.
![](http://www.tecmint.com/wp-content/uploads/2013/06/81-591x450.png)
Before PreviewAfter
![](http://www.tecmint.com/wp-content/uploads/2013/06/91-598x450.png)
After PreviewNow before entering single user mode you will need to provide root password to proceed. Check again trying to enter single user mode after these changing above said file.
![](http://www.tecmint.com/wp-content/uploads/2013/06/101-620x121.png)
Enter Root Password for Single User ModeWhy don’t you check it, Yourself.
In the above step we modified the kernel to enter single user mode. This time also we will be editing the kernel but with a different parameter, let us see how ?
As a kernel parameter we added ‘1‘ in the above process however now we will be adding ‘init=/bin/bash’ and boot using ‘b‘.
![](http://www.tecmint.com/wp-content/uploads/2013/06/111-620x149.png)
Add ‘init=/bin/bash’And OOPS you again hacked into your system and the prompt is enough to justify this.
![](http://www.tecmint.com/wp-content/uploads/2013/06/121-593x450.png)
Hacked into Your SystemNow Trying to change the root password using the same process as stated in the first method using ‘passwd‘ command, we got something like.
![](http://www.tecmint.com/wp-content/uploads/2013/06/131-620x177.png)
Changing Root PasswordReason and Solution?Reason: The root (/) partition is mounted Read only. (Hence password was not written).
Solution: Mount the root (/) partition with read-write permission.
To mount the root partition with read-write permission. Type the following command exactly.
![](http://www.tecmint.com/wp-content/uploads/2013/06/14-620x177.png)
Mount / Partition in Read WriteNow again try to change the password of root using ‘passwd‘ command.
![](http://www.tecmint.com/wp-content/uploads/2013/06/15-620x149.png)
Change Password of rootHurrah! You hacked into your Linux System once again. Ohhh man is the system so easy to exploit. No! the answer is no. All you need is to configure your system.
All the above two process involved tweaking and passing parameters to kernel. So if we do something to stop kernel tweaking obviously our Linux box would be Secure and not that easy to break. And in order to stop kernel editing at boot we must provide password to boot loader, i.e., password protect the grub (Lilo is another bootloader for Linux but we won’t be discussing it here) boot loader.
Provide encrypted password to bootloader using ‘grub-md5-crypt‘ followed with your password. First encrypt the password
![](http://www.tecmint.com/wp-content/uploads/2013/06/16-620x89.png)
Password Protect Boot LoaderCopy the above encrypted password, exactly as it is and keep it safe we will be using it in our next step. Now open your ‘grub.conf‘ file using your favourite editor (location might be: /etc/grub.conf) and add the line.
The “grub.conf” file after inserting the above line, save and exit.
![](http://www.tecmint.com/wp-content/uploads/2013/06/17-594x450.png)
grub.conf PreviewNow Cross Checking, editing the kernel at boot, we got.
![](http://www.tecmint.com/wp-content/uploads/2013/06/18-598x450.png)
Cross Cheking Boot LoaderNow you would be breathing that you system is fully secure now and not prone to hack, however still the game is not over.
You better know that you can enforce rescue mode to remove and modify the password using a bootable image.
Just put your installation CD/DVD in your drive and select Rescue Installed System or use any other rescue image, you could even use a Live Linux Distro, mount the HDD and edit the ‘grub.conf‘ file to remove password line, reboot and again you are logged in.
Note: In rescue mode Your HDD is mounted under ‘/mnt/sysimage‘.
Password protect your BIOS.
Change you Boot order to HDD first, followed by rest (cd/dvd, network, usb).
Use Password sufficiently Long, Easy to remember, Hard to guess.
Never write Your Password to anywhere.
Obviously use Uppercase, Lowercase, Numbers and Special Character in your password thus making it hard to break.
http://www.tecmint.com/how-to-hack-your-own-linux-system/
Passwords are the sole criteria of system Security for most of the System. And when it comes to Linux, if you know the root password you owns the machine. Passwords are as a Security measure for BIOS, Login, Disk, Application, etc.
Linux is considered to be the most Secure Operating System to be hacked or cracked and in reality it is, still we will be discussing some of the loop-holes and exploits of a Linux System. We will be using CentOS Linux throughout the article as an article to crack our own machine’s security.
Press any key to interrupt the boot, as soon as Linux machine boots and you will get a GRUB menu.
![](http://www.tecmint.com/wp-content/uploads/2013/06/13-592x450.png)
Linux Boot ScreenPress ‘e‘ to edit and go to the line starting with kernel (Generally 2nd Line).
![](http://www.tecmint.com/wp-content/uploads/2013/06/31-597x450.png)
Switch to Single User ModeNow press ‘e‘ to edit the kernel and add ‘1‘ at the end of line (after one blank space) forcing it to start in single user mode and thus prohibiting it to enter default run-level. Press ‘Enter’ to close the kernel editing and then boot to the altered option. For booting You need to press ‘b‘
![](http://www.tecmint.com/wp-content/uploads/2013/06/41-620x124.png)
Logged into Single User ModeNow you are logged in to single-user mode.
![](http://www.tecmint.com/wp-content/uploads/2013/06/51-620x83.png)
Set root PasswordYeah! Now using ‘passwd‘ command we can change the root password. And once you have root password you owns the Linux Machine – Don’t you Remember? You can now switch to graphical screen to edit anything and everything.
![](http://www.tecmint.com/wp-content/uploads/2013/06/61-620x174.png)
Add new root PasswordNote: In case the above ‘passwd‘ command doesn’t work for you and you didn’t get any output, it simply means that your SELinux is in enforcing mode and you need to disable it first, before proceeding further. Run following command at your prompt.
# setenforce 0An then run the ‘passwd‘ command, to change root password. Moreover command.
Switch to X WindowsUse command “init 5” (Fedora Based) systems and “gdm3” (Debian Based) systems.
![](http://www.tecmint.com/wp-content/uploads/2013/06/71-587x450.png)
Switch to X WindowSo was this not a cake-walk to hack a Linux box? Think about the scenario if somebody did this to your server, Panic! Now we will be learning how to safeguard our Linux Machine from being modified using single user mode.
How we breaked into the system? Using Single-user mode. OK, so the loophole here was – logging into single user mode without the need of entering any password.
Fixing this loophole i.e., password protecting the single user mode.
open file “/etc/rc1.d/S99single” in your favourite editor and search for line.
exec init -t1 sJust add the following line above it. save it an exit.
exec sbin/suloginBefore
![](http://www.tecmint.com/wp-content/uploads/2013/06/81-591x450.png)
Before PreviewAfter
![](http://www.tecmint.com/wp-content/uploads/2013/06/91-598x450.png)
After PreviewNow before entering single user mode you will need to provide root password to proceed. Check again trying to enter single user mode after these changing above said file.
![](http://www.tecmint.com/wp-content/uploads/2013/06/101-620x121.png)
Enter Root Password for Single User ModeWhy don’t you check it, Yourself.
Hack Your Linux System Without Using Single User Mode
OK, so now you will be feeling better that your system is secure. However this is partially true. It is true that your Linux Box can’t be cracked using single user mode but still it can be hacked the other way.In the above step we modified the kernel to enter single user mode. This time also we will be editing the kernel but with a different parameter, let us see how ?
As a kernel parameter we added ‘1‘ in the above process however now we will be adding ‘init=/bin/bash’ and boot using ‘b‘.
![](http://www.tecmint.com/wp-content/uploads/2013/06/111-620x149.png)
Add ‘init=/bin/bash’And OOPS you again hacked into your system and the prompt is enough to justify this.
![](http://www.tecmint.com/wp-content/uploads/2013/06/121-593x450.png)
Hacked into Your SystemNow Trying to change the root password using the same process as stated in the first method using ‘passwd‘ command, we got something like.
![](http://www.tecmint.com/wp-content/uploads/2013/06/131-620x177.png)
Changing Root PasswordReason and Solution?Reason: The root (/) partition is mounted Read only. (Hence password was not written).
Solution: Mount the root (/) partition with read-write permission.
To mount the root partition with read-write permission. Type the following command exactly.
# mount -o remount,rw /
![](http://www.tecmint.com/wp-content/uploads/2013/06/14-620x177.png)
Mount / Partition in Read WriteNow again try to change the password of root using ‘passwd‘ command.
![](http://www.tecmint.com/wp-content/uploads/2013/06/15-620x149.png)
Change Password of rootHurrah! You hacked into your Linux System once again. Ohhh man is the system so easy to exploit. No! the answer is no. All you need is to configure your system.
All the above two process involved tweaking and passing parameters to kernel. So if we do something to stop kernel tweaking obviously our Linux box would be Secure and not that easy to break. And in order to stop kernel editing at boot we must provide password to boot loader, i.e., password protect the grub (Lilo is another bootloader for Linux but we won’t be discussing it here) boot loader.
Provide encrypted password to bootloader using ‘grub-md5-crypt‘ followed with your password. First encrypt the password
![](http://www.tecmint.com/wp-content/uploads/2013/06/16-620x89.png)
Password Protect Boot LoaderCopy the above encrypted password, exactly as it is and keep it safe we will be using it in our next step. Now open your ‘grub.conf‘ file using your favourite editor (location might be: /etc/grub.conf) and add the line.
password --md5 $1$t8JvC1$8buXiBsfANd79/X3elp9G1Change “$1$t8JvC1$8buXiBsfANd79/X3elp9G1” with your encrypted password which you generated above and copied it safely to some other location.
The “grub.conf” file after inserting the above line, save and exit.
![](http://www.tecmint.com/wp-content/uploads/2013/06/17-594x450.png)
grub.conf PreviewNow Cross Checking, editing the kernel at boot, we got.
![](http://www.tecmint.com/wp-content/uploads/2013/06/18-598x450.png)
Cross Cheking Boot LoaderNow you would be breathing that you system is fully secure now and not prone to hack, however still the game is not over.
You better know that you can enforce rescue mode to remove and modify the password using a bootable image.
Just put your installation CD/DVD in your drive and select Rescue Installed System or use any other rescue image, you could even use a Live Linux Distro, mount the HDD and edit the ‘grub.conf‘ file to remove password line, reboot and again you are logged in.
Note: In rescue mode Your HDD is mounted under ‘/mnt/sysimage‘.
# chroot /mnt/sysimage # vi grub.conf (remove the password line) # rebootI know you would be asking- so where is the end. Well i would say is to.
Password protect your BIOS.
Change you Boot order to HDD first, followed by rest (cd/dvd, network, usb).
Use Password sufficiently Long, Easy to remember, Hard to guess.
Never write Your Password to anywhere.
Obviously use Uppercase, Lowercase, Numbers and Special Character in your password thus making it hard to break.
相关文章推荐
- “The execution of scripts is disabled on this system” … How to run your own PowerShell scripts
- How to Change Timezone in your Linux System
- Hack Attacks Testing: How to Conduct Your Own Security Audit
- How to Backup Your System in linux
- How to Write Your Own Linux Kernel Module with a Simple Example
- Linux恢复被删除的文件 How To Recover Deleted Files From Your Linux System
- how-to-create-and-use-your-own-icon-fonts
- HOWTO: How to Provide Your Own DllMain in an MFC Regular DLL
- How to Use `strace` to Trace the System Call in Linux
- How To Get System Info In Linux
- How to create your own api with ACL in Magento
- How to Set Up an Rsync Daemon on Your Linux Server
- How to access system messages in Linux? Does Linux have something like Windows Event Log?
- How to Insert your Own Custom Objects Inside a std:::set
- How to set trace for others sessions, for your own session and at instance level
- let ftp pass iptables to go into your linux system
- How to distribute your own Android library through jCenter and Maven Central from Android Studio
- SAP CRM How to Create your own BOL Object for webclient
- Hack Like a Pro: How to Remotely Install a Keylogger onto Your Girlfriend's Computer
- Knoppix Hacks: Tips and Tools for Using the Linux Live CD to Hack, Repair, and Enjoy Your PC