ComputerSecurityStudent (CSS) [Login] [Join Now]




|UNIX >> CentOS >> CentOS-6.6 >> Current Page |Views: 11955

(CentOS 6.6: Lesson 4)

{ Using a Live CD to crack a password protected grub.conf file }


Section 0. Background Information
  1. Background Information
    • In Lesson 3 you learned how to password protect the grub menu.
    • This lesson teaches you how to circumvent a password protected grub menu using a CentOS Live CD.  Actually, you can use just about any Linux Live CD (e.g., Hiren's, BackTrack, etc).

  2. Pre-requisites
    1. CentOS 6: Lesson 1: Installing CentOS 6.6
    2. CentOS 6.6: Lesson 3: Hardening the Boat Loader, /boot/grub/grub.conf

  3. Lab Notes
    • In this lab we will do the following:
      1. We will circumvent password protected Grub with a CentOS-6.6 Live CD.
      2. We will mount the boot partition
      3. We will removed the password directive that protects the grub.conf file.
      4. We will test our handy work.

  4. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2015 No content replication of any kind is allowed without express written permission.

 

Section 1. Configure CentOS-6.6 Virtual Machine Settings
  1. Open Your VMware Player
    • Instructions:
      1. On Your Host Computer, Go To
      2. Start --> All Program --> VMWare --> VMWare Player
     
  2. Edit CentOS-6.6 Virtual Machine Settings
    • Instructions:
      1. Highlight CentOS-6.6
      2. Click Edit virtual machine settings

     

  3. Set Machine to Boot From CD/DVD
    • Instructions:
      1. Select CD/DVD (IDE)
      2. Device status: Check the Connect at power on checkbox.
      3. Select the "Use ISO image file" radio button.
      4. Click the Browse Button and Navigate to the location of your CentOS-6.6-i386-bin-DVD1.iso or other Live CD.
      5. Click the OK Button

     

  4. Edit Network Adapter
    • Instructions:
      1. Highlight Network Adapter
      2. Select Bridged
      3. Click the OK Button

 
Section 3. Play Virtual Machine

  1. Start the CentOS-6.6 VM
    • Instructions:
      1. Click on the CentOS-6.6 VM
      2. Click on Play virtual machine
     
  2. Obtain Boot Menu
    • Instructions
      1. Once you see the below vmware screen, (1) Left Click in the screen and (2) press the "<Esc>" key
    • Note(FYI):
      1. This might take you a few times so be patient!!!
     
  3. Boot Menu Options
    • Instructions:
      1. Arrow Down to CD-ROM Drive
      2. Press <Enter>

     

  4. Rescue
    • Instructions:
      1. Arrow Down to "Rescue installed system"
      2. Press <Enter>

     

  5. Choose Language
    • Instructions:
      1. Arrow Down English or your language of choice
      2. Press the <Tab> key, which will move focus to the OK Button
      3. Press the <Enter> key

     

  6. Choose Keyboard Type
    • Instructions:
      1. Arrow Down to us or desired keyboard and press the <Tab> key
      2. Once the OK button is highlighted, press the <Enter> key

     

  7. Setup Networking
    • Instructions:
      1. Press the <Tab> key
      2. Once the No button is highlighted, press the <Enter> key

     

  8. Continue Mounting File Systems
    • Instructions:
      1. Press the <Tab> key
      2. Once the Continue button is highlighted, press the <Enter> key

     

  9. chroot information
    • Instructions:
      1. Press the <Enter> key

     

  10. Mount Information
    • Instructions:
      1. Press the <Enter> key

     

  11. Shell Access
    • Instructions:
      1. Make sure cursor is on "shell  Start shell"
      2. Press the <Tab> key
      3. Press the <Enter> key

 

Section 4. Editing the grub.conf from single user mode.
  1. Working in Single User Mode
    • Instructions:
      1. whoami
        • Notice you are the root user.
      2. df -k
        • Notice all the File Systems and Volume Groups are mounted on /mnt/sysimage
        • /mnt/sysimage is where CentOS mounts all the installation file systems and volume groups it discovers in the /etc/fstab.
    • Note(FYI):
      1. whoami, this command displays the user name associated with the current effective user ID.
      2. df -k, this command displays the amount of disk space available on each of the file systems.

     

  2. View the /mnt/sysimage contents
    • Instructions:
      1. cd /mnt/sysimage
      2. ls --file-type
        • Strings that end with a backslash(/) are directories, else it is a file.
    • Note(FYI):
      1. cd /mnt/sysimage, Change Directory to the /mnt/sysimage directory.
      2. ls --file-type, list directory contents and show the file type.

     

  3. View the boot/grub/ contents
    • Instructions:
      1. cd boot/grub/
      2. ls -l
    • Note(FYI):
      1. cd boot/grub/, Change Directory into the /mnt/sysimage/boot/grub directory.
      2. ls -l, This provides a long or detailed listing of all the files.

     

  4. Removing the password from grub.conf
    • Instructions:
      1. cp grub.conf grub.conf.bkp2
      2. grep password grub.conf
      3. sed -i '/password/d' grub.conf
      4. ls -l grub.conf
      5. grep password grub.conf
    • Note(FYI):
      1. cp, is the copy command, grub.conf.bkp2 is a copy of grub.conf.
      2. grep, is a pattern matching utility that can search files and input streams.
      3. sed is a stream editor for filtering or transforming text.  In this case, we will use sed to remove the line that contains the string password.
        • -i, means edit files in place.
        • /password/d, means delete all lines that contain the string password.
      4. Notice that grep does not result a line that contains password because we removed it with sed.

     

  5. Power Off Operating System
    • Instructions:
      1. cd /
      2. poweroff

     

Section 5. Configure Virtual Settings
  1. Edit CentOS-6.6 Virtual Machine Settings
    • Instructions:
      1. Highlight CentOS-6.6
      2. Click Edit virtual machine settings
     
  2. Auto Detect Hard Drive
    • Instructions:
      1. Click on CD/DVD(IDE)
      2. Click the Use physical drive: radio button
      3. Make sure Auto detect is selected

     

  3. Edit Network Adapter
    • Instructions:
      1. Highlight Network Adapter
      2. Select Bridged
      3. Click the OK Button

 

Section 5. Configure the grub.conf to provide a root prompt at single user mode
  1. Start the CentOS-6.6 VM
    • Instructions:
      1. Click on the CentOS-6.6 VM
      2. Click on Play virtual machine
     
  2. Boot to Grub 2 Menu
    • Instructions
      1. Once you see the below vmware screen, (1) Left Click in the screen and (2) press the "e" key
    • Note(FYI):
      1. This might take you a few times so be patient!!!
      2. Physical Machine Instructions (Optional)
        1. Physically power off the machine.
        2. Physically power on the machine.
        3. During the boot process, either hit the "e" or "down arrow" key

     

Section 6. Configure grub to provide single user root prompt
  1. Access the Grub Menu
    • Note(FYI):
      1. Section 1, Step 3 should produce the below screen.
    • Instructions:
      1. Press the "e" key to access the kernel selection.

     

  2. Access the Kernel
    • Instructions:
      1. Make sure the kernel line is highlighted
      2. Press the "e" key to edit the kernel.
    • Note(FYI): What is the kernel?
      • The kernel is the part of the operating system that allocates machine resources, including memory, disk space, and CPU cycles, to all other programs that run on a computer.  The kernel includes the low-level hardware interfaces (a.k.a drivers) and manages processes, the means by which Linux executes programs.

     

  3. You should see the below screen.
    • Instructions:
      1. Proceed to step 4.

     

  4. Prepare Operating System to Boot into Single User Mode
    • Instructions:
      1. Press the <Spacebar> and Type 1 after the word quiet (See Below)
      2. Press Enter.
    • Note(FYI):
      1. This is how we will put the system into single user mode.

     

  5. Boot the System
    • Instructions:
      1. Make sure the kernel line is highlighted
      2. Type "b" to boot.
    • Note(FYI):
      1. The below screen is the result of pressing enter in step 4.

 

Section 7. Single User Mode
  1. Got Root?
    • Note(FYI):
      1. Now your system is in single user mode.

     

  2. Create a new root password
    • Instructions:
      1. passwd root
      2. New password: <Supply a new password>
      3. Retype new password: <Re-Supply the new password>
    • Note(FYI):
      1. Notice you were not prompted for the old root password.

     

  3. Boot machine into the Graphical Multiuser Interface
    • Instructions:
      1. init 5
    • Note(FYI): Below are all the run levels.
      • init 0 - Halt
      • init 1 - Single User, File Systems are Mounted, Network Down.
      • init 2 - Multi User, No NFS, File Systems Mounted, Network Up.
      • init 3 - Multi User, File Systems are Mounted, Network Up.
      • init 4 - User defined.
      • init 5 - Graphical Multiuser, File Systems Mounted, Network Up.
      • init 6 - Reboot.

     

  4. Login to CentOS
    • Note(FYI):
      1. Until you click the user, in this case Security Student, the Password field will not be displayed.
    • Instructions:
      1. Click on Security Student
        • This will display the password text box.
      2. Supply its' password
      3. Click the Log In Button
     
  5. Open a Terminal
    • Instructions:
      1. Applications --> System Tools --> Terminal
     
  6. Switch User to Root
    • Instructions:
      1. su - root
      2. Provide the Root Password

 

Section 8.  Proof of Lab
  1. Proof of Lab
    • Instructions:
      1. cd /boot/grub/
      2. ls -l grub.conf*
      3. grep password grub.conf*
      4. date
      5. echo "Your Name"
        • Put in your actual name in place of "Your Name"
        • e.g., echo "John Gray"
    • Proof of Lab Instructions
      1. Press the <Ctrl> and <Alt> key at the same time.
      2. Press the <PrtScn> key.
      3. Paste into a word document
      4. Upload to Moodle


Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth