- 5paisa
- AdSense
- Android
- Asphalt 8 : Airborne Mod Apk 4.9.1b Unlimited Money
- Battlegrounds Mobile India
- Blogger
- Blogging
- Bug Hunting
- cloud storage
- Cmd
- Damn vulnerable Web Application
- Demat Account
- Difference between
- dj alok
- dj alok in free firefree
- Doodle Army 2 : Mini Militia 5.2.0 Apk + Mod for android
- DVMA
- E-books
- earn Bitcoins
- Ethical hacking tutorials
- Express vpn
- EXPRESSVPN PRO APK 7.12.1
- EXPRESVPN CRACKED APK
- fire dj alok
- Freefire
- Gaming
- Google drive
- Google llc
- gplink
- Groww App
- Health
- helo
- helo mela
- helo app
- Helo app earn paytm
- Helo app full guide
- Helo app invite and earn
- Helo app redeem proof
- Helo app refer and earn
- Helo app unlimited trick
- Helo app withdraw proof
- Helo Mela Offer: Get Rs.2 Free Paytm Cash + Win Upto Rs.10000 Paytm Cash
- helo refer and earn
- How to
- How to combine two Wifi Connections to get a faster Internet
- how to get dj alok for free
- how to get free dj alok
- how to get free dj alok in free fire
- How to install DVWA on Kali Linux 2020.2
- How To Use Light Speed WebCache on Your website
- ICICI Direct
- IOS
- kali linux
- Live streaming
- makeup
- meesho
- Money Earning
- My poems
- Netflix
- Netflix mod
- Netflix premium
- News
- online courses
- Pentesting
- programming
- PUBG
- Puffin Browser Pro 8.3.0.41446 (Full) Apk + Mod for Android
- Puzzles
- Recharge offers
- Refer and Earn
- Reviews
- SEO
- shell Scripting
- Shortlink
- Spotify Music 8.5.57.1164 APK Mega Mod Cracked Latest Android
- stylish name
- Technology
- Tips&Tricks
- Township Mod Apk 7.5.0 Unlimited Money
- Udemy
- Udemy courses
- Udemy free
- Udemy premium
- VClip app download link
- VClip app full details
- VClip app invitation link
- VClip app referral code
- VClip app referral link
- VClip app review
- Web designing
- What is
- WINDOWS
- Wishes
- Wordpress
- World Cricket Championship 2 2.8.9 Apk + Mod (Coins/Unlocked)
- Youtube tricks
- zoom app
- zoom bombing
- zoom call
- Zoom safety tips
You Can Own A Linux System By Holding Down Enter Key For 70 Seconds, Here’s The Fix
You Can Own A Linux System By Holding Down Enter Key For 70 Seconds, Here’s The Fix
This month should be named the “hacked in seconds month”. After witnessing Microsoft Edge being hacked in 18 seconds at PwnFest, we came across the crippling of Pixel, Safari, and Adobe Flash. Now, it’s time to shift our gaze to the world of open source and Linux.
Due to a flaw in the implementation of Cryptsetup utility, used for encrypting hard drives via Linux Unified Key Setup (LUKS), an attacker can gain access to Linux root shell by holding down the enter key for 70 seconds. Cryptsetup file is affected by a design error that allows one to retry passwords various times.
Once the attacker has used up all the 93 password attempts, he/she gets to access a shell, Busybox in Ubuntu, with root permissions. In other words, if a user holds down the Enter key for about 70 seconds (or enters a blank password 93 times), he/she can get access to root initramfs (initial RAM file system) shell.
This fault is exposed by the same hacker that found a way to break a Linux machine by hitting backspace key 28 times.
While this attack doesn’t give access to the contents of the encrypted drive, with the help of this attack, a hacker can copy, destroy, or modify the contents of the hard disk. Moreover, he/she can set up the machine to leak data. This scenario is very dangerous in ATMs, labs, airport machines, etc. where the boot process is secured and one can access a mouse and a keyboard.
Apart from the physical machines, one can also exploit this flaw remotely and hack the cloud-based Linux services. This flaw has been confirmed to affect Ubuntu, Fedora, Debian, and many other Linux distros.
How to fix 70 seconds Linux root shell hack?
You need to check if your partitions are encrypted using LUKS. To do this, run the following command:
dmsetup status | awk ‘BEGIN {FS=”:”} ; /crypt\s*$/ {print
“Encrypted: ” $1}’
This command will show you the names of encrypted partitions. If you don’t see any partition in the list, you’re safe. If you’re affected, you can look up for a patch from your Linux distribution vendor. If there’s no patch, you need to add the following lines to your boot configuration:
sed -i ‘s/GRUB_CMDLINE_LINUX_DEFAULT=”/GRUB_CMDLINE_LINUX_DEFAULT=”panic=5 /’ /etc/default/grub grub-install
For detailed information, you can visit Hector Marco’s website.
Also Read: What Is The Difference Between Sudo And Su In Linux?
Also Read
KUMAR JEERU
. I am a Programmer and Pentester. I find and Fix loophole in websites and networks. Connect with me for queries , web developemnt , Scanning and Fixing website Security issues. My company gives special discount for independent entrepreneur , small and Medium size companies. Contact me directly on my face page
Post a Comment
Post a Comment