Grub bootloader is used to select on operating system to boot at startup on most GNU/Linux machines or machines that dual boot. Grub works by loading the operating system you want and sending the boot parameters required for different boot options. However, the freedom to choose such parameters grants the user a little too much freedom. Most operating systems come with a safe or single user mode that allows the user administrative access on the local machine in order to fix the machine However, since this mode does not prompt for authentication, a user given access to the GRUB bootloader could very simply boot to this mode and have complete control over a machine.
For example, root access on a Unix machine with Grub can be as simple as restarting the machine, waiting for the grub bootloader to run, highlighting the operating system to boot and pressing 'e' to edit the bootloader settings for that entry. Administrative access is granted on Unix machines in single user mode, or run level 1. This mode can be accessed by adding the word 'single' to the end of the kernel line. After booting to single user mode, an attacker can drop to a root terminal and create a new user with administrative access or install another backdoor. System compromised.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment