Page 1 of 3 123 LastLast
Results 1 to 10 of 28

Thread: Insecure boxes at computer lab?

Hybrid View

  1. #1

    Insecure boxes at computer lab?

    Im sitting in my schools computer lab waiting for my cisco class to start. I look to the right and what do I see? 4 Red Hat boxes!!

    So of course I wanna hop off my Win2k box and get on that redhat box, so i ask the lab assistant, " whats the login name / pass?" He says I need to be in the Unix class to have a login/pass

    So i hop on google and look up password recovery, I dont remember exactly what I searched for, but a page came up that said how to recover red-hat root pass. I booted it up, chose text mode, and typed " linux 1 " and up came a root prompt and I entered "passwd haha" and then somethign like "initlevel 5" and up it started and logged in under root/haha!!

    Is this just an insecure box, or can you always do that to a local linux box? And what exactly was it I typed in, I forgot and cant find that damn page on google anymore.

  2. #2
    Guest

    Re: Insecure boxes at computer lab?

    when you wrote 'linux 1' at the LILO prompt, you went into single user mode. In this mode, you are root and you are not prompted for a password, so this is why you can change passwords and add new users without even knowing the real root password. IIRC, it's possible to block single user mode by putting a password, but I'm not too sure of that (I'll check it out though).

    And yes, in a sense that box is insecure, but to internal, physical attacks.

  3. #3

    Re: Insecure boxes at computer lab?


    Is this just an insecure box, or can you always do that to a local linux box?
    The fact is that there is really no way to secure a system once the attacker has physical access. If you think passwords will provide anything beyond a minor annoyance, you are just fooling yourself. Systems can be theoretically be secure from remote attacks, however.

  4. #4
    Guest

    Re: Insecure boxes at computer lab?




    The fact is that there is really no way to secure a system once the attacker has physical access. *If you think passwords will provide anything beyond a minor annoyance, you are just fooling yourself. *Systems can be theoretically be secure from remote attacks, however.
    It all depends on the users though. 98% of the people where I work are stopped by a simple Warning message box. So passwords would definitely keep them out, no question. The other 2% though, the 2% that knows computers well enough is more of a problem

  5. #5

    Re: Insecure boxes at computer lab?

    You can set up the bootloader to not allow passing options without a password. Obviosuly, this can still be foiled via ripping out the HD and mounting on your own box.

    Try passing init=/bin/bash :-P.

  6. #6
    Moderator
    Good Guru
    Compunuts's Avatar
    Join Date
    May 2001
    Location
    California
    Posts
    3,935

    Re: Insecure boxes at computer lab?

    Of course, that's why most admins security nightmare is internal attacks ..... There is no system that can be really secured if someone has physical access to them. That's why most production floors use boxes that have no CD nor Floppy. And then have it passworded to your boot loader and system BIOS.

  7. #7

    Re: Insecure boxes at computer lab?

    What say a computer is set up to boot straight into linux (No prompt) and it has no boot disk. How then do you log in in single user mode?

    Okay, okay. Its my computer Haven't used it in weeks and can't remember the password. ;D

  8. #8
    Guest

    Re: Insecure boxes at computer lab?


    What say a computer is set up to boot straight into linux (No prompt) and it has no boot disk. How then do you log in in single user mode?

    Okay, okay. Its my computer Haven't used it in weeks and can't remember the password. * ;D
    Before LILO appears, you hold down the shift key

  9. #9

    Re: Insecure boxes at computer lab?

    Cheers GnuVince

  10. #10

    Re: Insecure boxes at computer lab?

    If people are that worried about physical tampering, they should have the computer locked in a cabinet or closet. There's still the possibility of someone beating the cabinet apart with a sledge hammer or taking an axe to the closet door, but get real.

Similar Threads

  1. Switching boxes
    By Kejpa in forum Linux - General Topics
    Replies: 1
    Last Post: 12-05-2008, 02:19 PM
  2. Keep your boxes in time sync
    By peter in forum Tutorials
    Replies: 0
    Last Post: 11-24-2008, 05:37 AM
  3. Insecure.org's Top 75 Security Tools
    By trickster in forum Linux - Software, Applications & Programming
    Replies: 4
    Last Post: 06-25-2003, 03:28 PM
  4. Setting up NFS between two Linux boxes
    By JockVSJock in forum Linux - Hardware, Networking & Security
    Replies: 4
    Last Post: 04-12-2003, 03:24 AM
  5. html boxes
    By gmoreno in forum Linux - Software, Applications & Programming
    Replies: 5
    Last Post: 05-02-2002, 05:00 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •