[techtalk] RE: don't beat me up

[Brian Sweeney]

Wirren-

I wouldn't try this as a real method for opening peoples boxes; you also
probably already know it, as it's in most FAQs and I'm sure has been
discussed on this list before.  But here goes, just in case...

Go to one of the admin's linux boxes, if you have physical access to the
machine, when they're not around.  Load the Linux OS in single user mode (on
RHL 6.x standard install, you do this by typing "linux single" at the LILO
prompt.  You can also boot to a floppy, mount the system in read/write mode,
then change the default runlevel to 2).  Once in single user mode, if you
just type "passwd" you will be changing the password for the root (it will
prompt you).  Again, in RHL you can then type "exit" to go back to runlevel
3.  Otherwise, just reboot and login as root. Then you can create an account
for yourself.  Chances are, when these guys realize the password doesn't
work, they'll know how to change it back to what they want, but they MAY not
think to check for a new account, or they may not care, again since they
gave you permission to attack the box.  This is a long shot, but what the
hell...they DID give you permission (though this isn't a "hack")...;-)


Once you have a user account, go silly...

A NOTE FOR ANYONE WHO THINKS THIS IS A SECURITY HOLE:  It's not.  It's not a
"bug" or anything like that.   It's built into the OS becuase most people
realize that if someone has physical access to a machine, then security
becomes somewhat irrelevant. (At that point you could unplug it, remove the
hard drive, etc)  So don't worry =-)

Good luck-

Brian

-----Original Message-----
From: techtalk-admin at linuxchix.org [mailto:techtalk-admin at linuxchix.org]
Sent: Sunday, June 18, 2000 7:00 AM

Date: Sat, 17 Jun 2000 08:02:26 -0400
From: wirren <wirren at golden.net>
To: techtalk at linuxchix.org
Subject: [techtalk] don't beat me up(:


But I have an M$ question(:

At work they've decided to be facist and exclude the
sales folks from surfing the net in our spare time (all
the techies are downloading porn and napster, and here
we are not allowed to check out joke sites and goof
off.) by putting up a proxy server to excude us from
everything but the database and the isp home page. One
person asked if it was possible to 'sneak out' of an
unblocked port and perhaps get onto the sysadmin's linux
boxes to surf from? (They have all given us permission
to do this if we can figure out how:)

If this is possible how can I find ports and how can I
exploit this?(:

~ wirren