Home page logo
/

basics logo Security Basics mailing list archives

RE: Root account desactivated
From: "Burton M. Strauss III" <BStrauss () acm org>
Date: Fri, 12 Mar 2004 11:27:35 -0600

How about something so simple, you're going to smack your head and scream
D'oh???
    Boot using a CD distro (e.g. Knoppix), mount the disk and edit the
file...

Now, if you can't reboot the box (although with the root password, I can't
imagine why not) let's see - all of the usual privledge escalation attacks.

... Can you replace /sbin/nologin with a ln to bash?
... Any interesting commands available to you via sudo?

etc.

But me - I'd reboot using Knoppix and be done with it.

-----Burton


-----Original Message-----
From: MARTIN M. Bénoni [mailto:benoni_martin () hotmail com]
Sent: Thursday, March 11, 2004 8:48 AM
To: security-basics () securityfocus com
Subject: Root account desactivated


Hi community!

I have a really stupid trouble: on a Redhat 9.0, the line
matching the root
account in the file /etc/passwd has been changed from ".../bin/bash" to
".../sbin/nologin". We have the root password, but when performing a "su"
command, the system replies that the account is not currently available.

So the question is: how from an user's account and knowing the root's
password but having the root account disabled can we reactivate
this root's
account?

Any suggestion would be appreciated, I do not want to reinstall the box :(

Thanks a lot in advance!

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*
http://join.msn.com/?page=features/virus


------------------------------------------------------------------
---------
Ethical Hacking at the InfoSec Institute. Mention this ad and get
$545 off
any course! All of our class sizes are guaranteed to be 10
students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab.
Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------
----------



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault