GRUB: We get full access to the system
GRUB is undoubtedly the most advanced bootloader to date, and for this we love admins and developers around the world. Its functionality is so wide that it practically monopolized the boot market in the * NIX world, and some even said that GRUB2 is a rather small operating system than just a bootloader. A kind of Swiss knife in the world of loaders.
But this time I want to draw attention to the fact that with the help of a Swiss knife you can not only open canned food, but also cut out indecent words on your desk.
The situation when the BIOS is blocked from booting from external media is not uncommon. Whether this is done for security reasons or other reasons is not so important. It is important that GRUB can help us overcome this barrier. The following describes the sequence of actions that will allow us to boot from a flash drive.
Lyrical digression: I managed to test this method in one of the terminal classes of our university, where Windows was Linux-Linux on computers. The beauty of the case is that the faculty server exported / home via NFS and that terminalka was added to the allowed subnets. As a result, I was able to read the home directories of users of that server and leave so unnoticed by anyone.
Again, the situation when the root password is not communicated to the end users of the computer does not cause anyone to be surprised. However, the very same GRUB will help us get around this annoying restriction. In contrast to the previous method, convenient for access in the spirit of “quietly came, copied and left without inheriting,” this method is more convenient for making the changes we need to the installed system. In addition, for this we no longer need any flash drives.
')
Both GRUB2 and GRUB Legacy provide the ability to restrict access to interactive mode and editing using the
In general, yes, I did not say anything new - you can all google it, for example . However, the problem of this does not become less, on the contrary. Moreover, if, since January, linux is really put in school, then there will be an order of magnitude more or less willing to read or simply “poke a terminalka”. And do not underestimate students - there are those who know how to google. If we take into account the lyrical digression that I made in the first part, then there is also a field for data leakage. I think everyone can come up with a couple more ways to use.
But this time I want to draw attention to the fact that with the help of a Swiss knife you can not only open canned food, but also cut out indecent words on your desk.
Scenario 1: boot from external media
The situation when the BIOS is blocked from booting from external media is not uncommon. Whether this is done for security reasons or other reasons is not so important. It is important that GRUB can help us overcome this barrier. The following describes the sequence of actions that will allow us to boot from a flash drive.
- We make a bootable USB flash drive in any way, for example, using unetbootin .
- Insert the USB flash drive and turn on the computer.
- We are waiting for the grub screen to appear (sometimes in order to catch it, you need to hold
Shift). - A list of download options appears in front of us.
- Press
cand enter the interactive mode. - Now you need to specify the carrier from which we will boot. Usually (hd0) is the native hard disk of the computer, and the flash drive becomes (hd1). Finding out what the flash drive will be called in your case is not difficult simply by practical consideration.
Anyway, enter:root (hd1)for GRUB Legacy orset root=(hd1)for GRUB2 - Please transfer control to the loader on the specified disk:
chainloader +1 - Loading!
boot
Lyrical digression: I managed to test this method in one of the terminal classes of our university, where Windows was Linux-Linux on computers. The beauty of the case is that the faculty server exported / home via NFS and that terminalka was added to the allowed subnets. As a result, I was able to read the home directories of users of that server and leave so unnoticed by anyone.
Scenario 2: get the root console
Again, the situation when the root password is not communicated to the end users of the computer does not cause anyone to be surprised. However, the very same GRUB will help us get around this annoying restriction. In contrast to the previous method, convenient for access in the spirit of “quietly came, copied and left without inheriting,” this method is more convenient for making the changes we need to the installed system. In addition, for this we no longer need any flash drives.
- Similarly, we get to the list of download options.
- We choose the option we need.
- Enter edit mode. There are some minor differences between GRUB Legacy and GRUB2. In GRUB2, after pressing the
ekey, we immediately go into edit mode, and in GRUB Legacy, you need to pressefirst time, select the line to edit and presseagain. - Select a line that starts with the word linux or kernel.
- Remove from it the words
quietandsplash, if any, and append to the endsingle init=/bin/bash - If we have GRUB2, then immediately
Ctrl+X, and if GRUB Legacy -Escand thenb
')
Protection?
Both GRUB2 and GRUB Legacy provide the ability to restrict access to interactive mode and editing using the
password directive. Details are described in the GRUB2 and GRUB Legacy manual. In both cases, the manipulation is very simple and does not require much time.Accordion!
In general, yes, I did not say anything new - you can all google it, for example . However, the problem of this does not become less, on the contrary. Moreover, if, since January, linux is really put in school, then there will be an order of magnitude more or less willing to read or simply “poke a terminalka”. And do not underestimate students - there are those who know how to google. If we take into account the lyrical digression that I made in the first part, then there is also a field for data leakage. I think everyone can come up with a couple more ways to use.
Source: https://habr.com/ru/post/104536/
All Articles