|
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--:: :: .ooO RedHat 6.0 LILO PAM Filter Workaround Ooo. :: ::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--:: :: :: :: OK well I suppose I've put off writing this for long enough. :: :: :: :: Background: :: :: =========== :: :: :: :: The most commonly known hack on the planet has just gotten interesting. :: :: It seems that Redhat 6.0 has become uncommon in the stability of previous:: :: versions. Please note that this is not a hack in the script kiddy sense :: :: of the word. It will not gain you access to your best friends porn :: :: files, it will not let you read some girl you likes e-mail, and it will :: :: not let you pass school (Thank God, I think you guys should stay off the :: :: streets, its safer for you.) :: :: :: :: Technical Background: :: :: ===================== :: :: :: :: Linux uses a boot loader called Lilo. Lilo, if you read the man page :: :: you will notice this, actually has many other options over the regular :: :: "boot dos/linux" option. An easy hack on the system could be acomplished :: :: by having hands on access to the machine you want to break. Reboot the :: :: machine and at the lilo prompt type "$linux s" where $linux is your :: :: kernel name. This logs you in as a single user, from here you can edit :: :: the /etc/passwd file at will, and then log in properly. :: :: :: :: PAM Workaround in RH 6.0: :: :: ========================= :: :: :: :: It seems that there is some instabillity in PAM in RH6, either :: :: intentionally, or totally stupidly. All attempts to simply remove the :: :: root password will fail. To get around this: :: :: :: :: 1) Adduser r00t :: :: 2) Change pid and gid of r00t to 0:0 :: :: 3) Change passwd :: :: :: :: Exit single user mode, and login as r00t. :: :: :: :: Note: You must do it like this, because if you just try to get rid of :: :: the root passw, PAM GOES WILD. Its so easy it scares me. :: :: :: :: Bitches and gripes: :: :: =================== :: :: :: :: I finally understand the exponential growth in scripties. It struck me :: :: the other day. The Old Skool of hacker grew up on DOS/UNIX/etc.... :: :: playing around with demo's etc... They learnt the hack. Now we have this :: :: front end Win hanging around 90% of households, and stagnating education.:: :: The front-end will be the death of real hackers....Beware, the next :: :: generation will be the HaX0r........I am not a scripty, I just wanted :: :: others to understand them. :: :: :: :: <Notes from Wyzewun: Remember that if you setup your /etc/lilo.conf :: :: securely, this isn't a problem. To find out how to do this if you don't :: :: know already, get the LASG from www.seifried.org/lasg> :: :: :: :: --=====-- :: :: <fred> sektorgrl, no one likes you :: :: <fred> leave. :: :: <sektie> no. :: :: <sektie> jsbach likes me :( :: :: <jsbach> brb. :: :: <sektie> SEE :: :: <sektie> that's one person :: :: <sektie> so nyah :: :: --=====-- :: :: :: ::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::