📜 ⬆️ ⬇️

GRUB: We get full access to the system

GRUB is undoubtedly the most advanced bootloader to date, and for this we love admins and developers around the world. Its functionality is so wide that it practically monopolized the boot market in the * NIX world, and some even said that GRUB2 is a rather small operating system than just a bootloader. A kind of Swiss knife in the world of loaders.

But this time I want to draw attention to the fact that with the help of a Swiss knife you can not only open canned food, but also cut out indecent words on your desk.

Scenario 1: boot from external media

The situation when the BIOS is blocked from booting from external media is not uncommon. Whether this is done for security reasons or other reasons is not so important. It is important that GRUB can help us overcome this barrier. The following describes the sequence of actions that will allow us to boot from a flash drive.
  1. We make a bootable USB flash drive in any way, for example, using unetbootin .
  2. Insert the USB flash drive and turn on the computer.
  3. We are waiting for the grub screen to appear (sometimes in order to catch it, you need to hold Shift ).
  4. A list of download options appears in front of us.
  5. Press c and enter the interactive mode.
  6. Now you need to specify the carrier from which we will boot. Usually (hd0) is the native hard disk of the computer, and the flash drive becomes (hd1). Finding out what the flash drive will be called in your case is not difficult simply by practical consideration.
    Anyway, enter: root (hd1) for GRUB Legacy or set root=(hd1) for GRUB2
  7. Please transfer control to the loader on the specified disk: chainloader +1
  8. Loading! boot
If you did everything correctly, then as a result you successfully boot from your flash drive, despite the ban in the BIOS. Experimentally, I managed to find out that the method does not work if your motherboard does not know how to boot from usb or does not interrogate the device on each boot (as, for example, on my eee PC with Boot Booster on).
Lyrical digression: I managed to test this method in one of the terminal classes of our university, where Windows was Linux-Linux on computers. The beauty of the case is that the faculty server exported / home via NFS and that terminalka was added to the allowed subnets. As a result, I was able to read the home directories of users of that server and leave so unnoticed by anyone.

Scenario 2: get the root console

Again, the situation when the root password is not communicated to the end users of the computer does not cause anyone to be surprised. However, the very same GRUB will help us get around this annoying restriction. In contrast to the previous method, convenient for access in the spirit of “quietly came, copied and left without inheriting,” this method is more convenient for making the changes we need to the installed system. In addition, for this we no longer need any flash drives.
  1. Similarly, we get to the list of download options.
  2. We choose the option we need.
  3. Enter edit mode. There are some minor differences between GRUB Legacy and GRUB2. In GRUB2, after pressing the e key, we immediately go into edit mode, and in GRUB Legacy, you need to press e first time, select the line to edit and press e again.
  4. Select a line that starts with the word linux or kernel.
  5. Remove from it the words quiet and splash , if any, and append to the end single init=/bin/bash
  6. If we have GRUB2, then immediately Ctrl+X , and if GRUB Legacy - Esc and then b
As a result, we will boot into the root console without any passwords and unnecessary questions.


Both GRUB2 and GRUB Legacy provide the ability to restrict access to interactive mode and editing using the password directive. Details are described in the GRUB2 and GRUB Legacy manual. In both cases, the manipulation is very simple and does not require much time.


In general, yes, I did not say anything new - you can all google it, for example . However, the problem of this does not become less, on the contrary. Moreover, if, since January, linux is really put in school, then there will be an order of magnitude more or less willing to read or simply “poke a terminalka”. And do not underestimate students - there are those who know how to google. If we take into account the lyrical digression that I made in the first part, then there is also a field for data leakage. I think everyone can come up with a couple more ways to use.

Source: https://habr.com/ru/post/104536/

All Articles