LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Need help getting root access - Unusual Situation (https://www.linuxquestions.org/questions/linux-security-4/need-help-getting-root-access-unusual-situation-27954/)

solo545 08-14-2002 11:53 PM
Need help getting root access - Unusual Situation
 
Hi All:

I have physical access to an old Micron Netframe 5001 machine that is running an old AMI Megaraid controller. I also have access to the machine via a non-root user account. Distribution is Redhat 5, kernel 2.2.7.

I have tried all of the standard tricks of typing "linux single", "linux init=/bin/bash", etc at the LILO prompt. The only thing that happens is the the machine boots into it's default kernel. (Hitting tab reveals four different kernel selections.) ... Is there a way to break out into the "true" LILO: prompt that will allow me to execute "linux single" ?

I've also tried to boot off of a linux install diskette and then running the install and breaking it in the middle. This doesn't seem to work because of the RAID controller and Linux not recognizing it during the install process.

I've also tried Tom's Root Boot diskette and running the "mknod" command to try to mount "/dev/sda1" and this doesn't work either. Unfortunately, the CDROM is not bootable (talked to micron tech support and they said this model did not have a bootable cdrom - some did and some didn't and I was unlucky, I guess).

I have downloaded the ISO for Super Rescue 2.1.0 and COULD install a bootable CDROM drive, but would like to avoid having to take the server apart to do this. I would hope that the Super Rescue boot CD would have the appropriate AMI Megaraid drivers.

I cannot afford to take this server down and rebuild it, so my options are limited.

Any help would be greatly appreciated...

S

solo545 08-14-2002 11:59 PM
And here's the lilo.conf file:

boot=/dev/sda
#map=/boot/map
install=/boot/boot.b
prompt
timeout=50
image=/boot/2.2.7t
label=2.2.7t
root=/dev/sda1
read-only
image=/boot/2.2.7
label=2.2.7
root=/dev/sda1
read-only
image=/boot/2.2.2
label=2.2.2
root=/dev/sda1
read-only
image=/boot/2.2.3ac2
label=2.2.3ac2
root=/dev/sda1
read-only

neo77777 08-15-2002 10:35 AM
So single mode is not working?
at lilo prompt
boot: 2.2.7t single
won't work?

solo545 08-15-2002 11:53 AM
hmm... I'm not sure if I tried that or not....

LILO: <image name> single

I will give that a try...

much thanks

unSpawn 08-15-2002 04:00 PM
Maybe you could use some bootdisk that has megaraid support, have a look at domsch.com/linux/, halfway down the page.

TruckStuff 08-15-2002 05:36 PM
Forgive me for asking, but where did the system admin go? Will he be gone long enough that it is absolutely critical that you have root access to this machine? You'll have to forgive my skepticism as many people post in security forums about how to gain root access "on a broken machine at work" or "for a friend" or some other excuse.

unSpawn 08-15-2002 06:20 PM
Forgive me for asking, but where did the system admin go? Will he be gone long enough that it is absolutely critical that you have root access to this machine? You'll have to forgive my skepticism as many people post in security forums about how to gain root access "on a broken machine at work" or "for a friend" or some other excuse.

I share your concerns about questions like these, truth is we have no means to vrfy if he's in his right to break this box. Stupidly enough, we didn't even try to question it. The other question is how far would we go supporting this kind of stuff.

If more ppl object against questions like these and have an idea of where they would like to put the limit, plz post your comments.

solo545 08-15-2002 07:32 PM
I understand your concerns. All I can say is that I am administering this box now and was not given the root password.

I can't and won't expect you to believe me, but consider this: If I have physical access to the machine, woudn't it be likely that I AM the admin? Otherwise, the admin would be an idiot to let other people have physical access to the machine.

I am NOT asking for hacks to get to the machine remotely. I only want suggestions for obtaining root assuming PHYSICAL access.

S

solo545 08-15-2002 07:38 PM
unSpawn... thanks for the info on the Megaraid drivers... that was pretty helpful!

jeremy 08-15-2002 07:59 PM
I think solo545 makes a fairly good point. Questions on how to hack a remote machine will not be tolerated here. Once someone has physical access however it becomes a grey area. In reality with physical access you could just take out the HD and mount it in another machine if needed, so I think this question is acceptable. I am also interested in others opinions on this though. Thank you for bringing this up TruckStuff.

--jeremy

TruckStuff 08-17-2002 11:46 AM
Perhaps a good universal answer would be "use crack"? If someone can get the passwd/shadow file there is probably some kind of high-level access, be it remote or local. Might not want to give too many details on exactly how to use or run crack, but it might be a start.

And that would be my suggestion to solo: try crack to get the password.

solo545 08-17-2002 08:06 PM
OK, I do have a copy of the /etc/shadow file and ran "John the Ripper" for 15 days on just the root passwd with no results. I'll definitely have to check this out. Thanks Truckstuff...S


All times are GMT -5. The time now is 06:47 PM.