Black0x2
asked on
Cracking Linux Security w/ Physical Access
Hi All,
This is kind of urgent. A customer of mine has a firewall (an Anti-SPAM Firewall) based on a
1U form factor PC, with Linux installed and then I believe its running a custom flavor of SPAM
Assasin as well as some proprietory software on it (although not sure, some of it is my idea
and the rest is what I heard from the customer). Since the box is quite old and was not
being used for quite some years, the customer doesnt have any technical details on it. Searching
the web got me the details for it, but the company that made it (based out of india) is asking for
a maintenance contract as well as a one-time-cost to factory reset the device, and that isnt an
available option yet as customer is unwilling to do this.
Now what I need to do is figure out what flavor of Linux is it running as well as a way to reset
the root password on the box, so atleast the box can start working, not quite sure of the rest
of the stuff, but if I could get the box to use RBL's plus if it has customer filtering, would sort
out a lot of stuff...
The Linux version installed is hardened already by a PRO. Root password is unknown as well
as LILO doesnt give a boot prompt, rather directly jumps on booting the configured kernel.
I could get the lilo version, and will update later in this post. I tried by opening up the box
and taking out the HDD. I put the HDD in a USB Bay, and tried to mount it using Paragon
Mount Everything Pro - The fs I found then was XFS, which is not supported by PMEP. Now
I have Slackware / Debian insall cds, tried installing a CD drive to the firewall and booting
from those CDs, but both dont support XFS on the rescue prompt.
Now how do I go about mounting the XFS filesystem under any flavor of freely available
Linux distro or Rescue / Recovery CDs or under windows, and then onwards, since the
flavor on the box is unknown, how to go about resetting the root Password. and finding
out where the boot loader is installed etc, and what other users exist on the box. Since
this is a bit urgent, assigning this 500 points, and whoever answers the question correctly
with detailed and step-wise instructions gets an A grade and the points.
This is kind of urgent. A customer of mine has a firewall (an Anti-SPAM Firewall) based on a
1U form factor PC, with Linux installed and then I believe its running a custom flavor of SPAM
Assasin as well as some proprietory software on it (although not sure, some of it is my idea
and the rest is what I heard from the customer). Since the box is quite old and was not
being used for quite some years, the customer doesnt have any technical details on it. Searching
the web got me the details for it, but the company that made it (based out of india) is asking for
a maintenance contract as well as a one-time-cost to factory reset the device, and that isnt an
available option yet as customer is unwilling to do this.
Now what I need to do is figure out what flavor of Linux is it running as well as a way to reset
the root password on the box, so atleast the box can start working, not quite sure of the rest
of the stuff, but if I could get the box to use RBL's plus if it has customer filtering, would sort
out a lot of stuff...
The Linux version installed is hardened already by a PRO. Root password is unknown as well
as LILO doesnt give a boot prompt, rather directly jumps on booting the configured kernel.
I could get the lilo version, and will update later in this post. I tried by opening up the box
and taking out the HDD. I put the HDD in a USB Bay, and tried to mount it using Paragon
Mount Everything Pro - The fs I found then was XFS, which is not supported by PMEP. Now
I have Slackware / Debian insall cds, tried installing a CD drive to the firewall and booting
from those CDs, but both dont support XFS on the rescue prompt.
Now how do I go about mounting the XFS filesystem under any flavor of freely available
Linux distro or Rescue / Recovery CDs or under windows, and then onwards, since the
flavor on the box is unknown, how to go about resetting the root Password. and finding
out where the boot loader is installed etc, and what other users exist on the box. Since
this is a bit urgent, assigning this 500 points, and whoever answers the question correctly
with detailed and step-wise instructions gets an A grade and the points.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
boot w/ a knoppix (or other liveCD distro)
mount the drive (pjedmond's command should work) -- mount -t xfs /dev/hda2 /mnt/tmp
as root (you may have to sudo to root from knoppix, it's been a while) chroot to /mnt/tmp (chroot /mnt/tmp)
edit /etc/shadow and remove the hashed password field from root's entry (or just run "passwd root" to change it to a known value)
exit your chroot
reboot w/o knoppix and you should be able to login as root.
mount the drive (pjedmond's command should work) -- mount -t xfs /dev/hda2 /mnt/tmp
as root (you may have to sudo to root from knoppix, it's been a while) chroot to /mnt/tmp (chroot /mnt/tmp)
edit /etc/shadow and remove the hashed password field from root's entry (or just run "passwd root" to change it to a known value)
exit your chroot
reboot w/o knoppix and you should be able to login as root.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
oh, forgot the mention, the second field in /etc/shadow is what you want to delete -- everything between the : after root and before the second ":"
# cat /etc/shadow
root:$1$xXvS9c/E$mz9.gKXHT
bin:*:12906:0:99999:7:::
daemon:*:12906:0:99999:7::
deleteing it (as opposed to changing the password with "passwd") will let root login w/o a password and you can THEN change the passwd to whatever you want w/ the passwd command.
# cat /etc/shadow
root:$1$xXvS9c/E$mz9.gKXHT
bin:*:12906:0:99999:7:::
daemon:*:12906:0:99999:7::
deleteing it (as opposed to changing the password with "passwd") will let root login w/o a password and you can THEN change the passwd to whatever you want w/ the passwd command.
ASKER
I'll have to split points b/w you two... As much as I would want to assign all the points to one person,
part of my question has been answered first by pjedmond, and part of it by dpiniella... Thanks guys.
part of my question has been answered first by pjedmond, and part of it by dpiniella... Thanks guys.
Also hit TAB to get a LILO prompt where you can then boot into single user mode