Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Press backspace 28 times to hack a Linux PC with Grub2
Note: I tried this on my dual-boot with Linux Mint 17.2 with no success; I'm assuming it's using Grub2.A couple of researchers from the University of Valencia’s Cybersecurity research group, Hector Marco and Ismael Ripoll, have found that the Grub2 bootloader is plagued by a serious vulnerability that can be exploited by hackers to bypass password protection and compromise the targeted computer.
Nothing of complex, the researcher discovered that by pressing backspace 28 times, it’s possible to bypass authentication during boot-up on some Linux systems.
The duo explained that the flaw affects the Grub2 bootloader which is currently used by a large number of Linux machines, including some embedded systems, for the boot loading at system startup.
The researchers explained in the advisory that hitting the backspace key 28 times at the Grub username prompt during power-up will defeat the authentication mechanism, the action triggers a “rescue shell” under Grub2 versions 1.98 (December, 2009) to 2.02 (December, 2015).
http://securityaffairs.co/wordpress/42847/hacking/linux-grub2-hacking.html
Nothing of complex, the researcher discovered that by pressing backspace 28 times, it’s possible to bypass authentication during boot-up on some Linux systems.
The duo explained that the flaw affects the Grub2 bootloader which is currently used by a large number of Linux machines, including some embedded systems, for the boot loading at system startup.
The researchers explained in the advisory that hitting the backspace key 28 times at the Grub username prompt during power-up will defeat the authentication mechanism, the action triggers a “rescue shell” under Grub2 versions 1.98 (December, 2009) to 2.02 (December, 2015).
http://securityaffairs.co/wordpress/42847/hacking/linux-grub2-hacking.html
