PDA

View Full Version : This is a grat hacking tool



sieben
07-12-2003, 02:23 AM
I know i am not the only one that uses this
But is it great or what
you put the cd in on a machine that has windows 2000 you boot
bypassing all the log on security, the cd even mounts the local drive
you go to the local drive and you can copy, atache file in an e-mail
basicly take what you want from the drive
IS THAT GREAT OR WHAT,
i tesed it on two windows 2000 machine and i even got finacial files from one of my servers at work
This is cool

rickenbacherus
07-12-2003, 03:26 AM
The rule is: If you can access the machine you can hack the machine. If you want security the machine needs to be completely unaccessible, secondly it needs a BIOS password and the BIOS should be set so that the box will not boot from cd or floppy. Yes, Knoppix makes it unbelievably easy to do but it is not really anything new. Why would you hack your own employers server and write about it in a forum though?

rdoma219
07-12-2003, 08:51 PM
Well put, I agree.

pau1knopp
07-14-2003, 03:32 AM
hmm...

a couple of "great" observations...

if the physical security is so poor that the janitor can boot up a knoppix cd on your servers... yes, you are in big trouble. however, it that IS the case, you have bigger problems than you know...

however, assuming you ARE the sysadmin getting paid to retrieve files from a crashed financial server, you have a better disaster recovery solution than you could have ever dreamed of...

standalone system security is only going to be as good as the firewall you have guarding the door...

to ask politely, please quit trolling. this forum (thus far) has been for people seeking answers to technical quesitons to specific questions, concerns, queries, etc.

neitzel
07-16-2003, 07:21 PM
So all, that is shown here shows:
- If you had to put data on a computer, where the physical access isn't restricted: Encrypt them! That is the only way to protect your data!
- If possible put your data on a server, where your server is somewhere, where nobody evil can get. But that isn't really save, because you cannot know, who is "evil" and the server can be hacked!

The knoppix CD is nice, but If you want a "hacker tool", there are much better things.

But knoppix is really really cool to show some "dumb" people, what their great security is "worth". Security is something, a lot of people didn't think about.

I burned a lot of cd's in the last days and gave them to a lot of coworker. knoppix is really usefull and saved us a lot of work.
(e.g. starting a os/2 server which has a destroyed config.sys. The server didn't start any more. Or when windows doesn't start any more and the computer will be "rebuild" again, it is really easy to copy some data. In both cases, there would be other possibilities, too, but it was really easy to simply insert Knoppix.)

Konrad

KneeLess
07-25-2003, 04:48 AM
It's like what the old saying goes (well it's not really old, or a saying...whatever)...

The safest computer is unpluigged without a power supply, no monitor, mouse keyboard, cd rom or floppy, garded by nerve gas and 10,000 guards with lasers all around it. And still, it isn't totally safe.

And no the guards and the nerve gas aren't touching :p

hernan
07-30-2003, 01:52 AM
damn right !

LOL

(SRRY IF IM TYPING IN CAPS, I GOTTA CHANGE THE FONT :d)

EldarStorm
07-30-2003, 06:22 AM
I tinkered with linux a long time ago and have forgotten most of what I knew. I recently loaded a dual boot of XP Pro and Mandrake Linux 8.1c. During the configuration of Lilo ( I was setting XP as default and changing the name from NT to XP Pro) I made it so it would not boot into Windows. Well while trying to get that fixed I made it not boot into Linux as well.

So luckily at my work I have a friend that knows alot about linux and he was able to use my Knoppix cd to fix part of the problem.

We will probably start using it to get into systems we need to back up data from for customers. It is a verry handy tool.

aay
07-30-2003, 08:37 AM
i tesed it on two windows 2000 machine and i even got finacial files from one of my servers at work
This is cool

I'm assuming that you don't normally have permission to grab these files. Why would you expect anyone here to get excited about that? It would be nice for you to use this "hacking tool" to show your admin where his/her security holes are.

dmedici
10-14-2003, 12:03 AM
I am interested in this topic - though not from the point of view of cracking and stealing, but more from rescuing friends from locked computers, et al.

I tried this on my machines - As we know, with the Knoppix cd, W2K login screens can be bypassed so long as the BIOS is set to boot from CD. But that is easy enough to do simply by configuring it during startup. The solution then, is to password-protect the BIOS. Hence my question:

How truly secure is a password-protected BIOS? I wouldn't expect to see 99 out of 100 computers outside of a corporate environment secured with a password-protected BIOS, and from what I've seen in some of the corporations, I don't think there are too many there either. So does LINUX have a way to beat the BIOS password? Because now that I have my passwords set in BIOS, what else do I have to do to prevent that from being penetrated?

Once again, I would like to stress this is not in the interest of cracking. I don't wish to spend a portion of my life in Federal or State prison. :) It seems to me that a Knoppix disc would be a handy tool for a helpdesk or computer department, (With the Superiors' permission and knowledge of course!) in order to get back into the machines that workers are bound to crash.

My next experiment is to try getting into a 'crashed' W2K system to see how far I can get with the Knoppix disc. The question there would be, depending on the crash, how much could I rescue or, is it normal to be able use Linux to recover files from a crashed W2K system.

I suspect it won't be too long before I get a call from a friend with a crashed-out W2K system. I'm looking forward to posting my results here.

chaan
10-24-2003, 09:57 PM
Well, usually it's pretty simple to bypass the BIOS password if a person can actually open the computer. Most (all ?) motherboards have a jumper that returns the BIOS to it's original settings, erasing passwords, etc. So you need to keep the case secured. Some cases are lockable, but for those that are not, you can replace the standard screws with a type that requires a special screw driver. Alternately, you could use a desk that has a lockable compartment for the CPU unit.

Hope this helps.

Chris

Smokin...
11-11-2003, 03:06 PM
Well, usually it's pretty simple to bypass the BIOS password if a person can actually open the computer. Most (all ?) motherboards have a jumper that returns the BIOS to it's original settings, erasing passwords, etc. So you need to keep the case secured.

... just pull the battery for a couple of minutes. Easier than rubbing a bottle for the genie...

Smokin...

A. Jorge Garcia
11-22-2003, 04:15 PM
I recently loaded a dual boot of XP Pro and Mandrake Linux 8.1c. During the configuration of Lilo (I was setting XP as default and changing the name from NT to XP Pro) I made it so it would not boot into Windows.

And this is a problem? I set up lilo on my LAN clients to boot XP by default without a passwd. My students can switch to linux (debian hdinstall) with a lilo passwd if they're quick about it (I set timer to only 5 sec). However, I set up the server on this LAN with lilo making linux the default, no passwd and 0 sec timer! So if someone comes around and reboots it to get XP for some reason, good luck!

Regards,

Cuddles
12-21-2003, 06:48 PM
Hmmm, I admit, I was interested in the subject line. Considering a post that was made in the "The Forum", on just this topic - a friend told me I had to get this OS cause its so easy to hack with...

But, what really kept me reading, all the way to the bottom of all the responses, is the fact that the original author's statements were either not the issue, or were taken as "matter of fact, who cares". What made me even more interested in making a response to the whole thread was the fact that security in Linux is so serious, and not taken lightly, that someone can prove that "other" OS's lack so much of security.

I hate to say it, but security in any Win[fill in your version] is so lacking, I think M$ is more concerned that their security is mostly based on the fact that the system won't boot. IMHO

I've had enough of my share of M$ Windows systems, and done way too many system update patches to [supposedly] fix those "newly discovered" leaks in security, and to what? More and more patches. It doesn't surprise me that someone can crack into a M$ Win installed OS, what surprises me is that Linux can do what that "other" OS can't do.

M$ requires more and more things to protect its ever fragile OS's - Firewalls, Virus Protection, Security Patches, etc... Heck, I just found out that you can get a Firewall for Linux. As for the Virus programs, do they ACTUALLY "make" a virus program for Linux?

I would think that if I was a System Admin, concerned with the well-being, and safety of the Corporate Information, Machines, and the Intranet, I would CRINGE at the use of any M$ OS anywhere on the cluster. As a once famous person once said: Strength is only as strong as its weakest link. -=- If the system is connected to the internet, intranet, or is sitting out in a public place, it will be vulnerable to attack. You can protect it only so much. If someone wants to crack it, hack it, they will, given time, or resources, they will.

With that, I want to thank all in this thread that support the Security Issues, who posted informative responses to the author, and finally, thanks for not taking the "easy" response: "Most, if not all, Root passwords are likely to be GOD." :roll:

One final Thank You: For just proving that using Linux, or any of its many "flavors" - is a wise choice. :D

Cuddles

ricardomardi
01-20-2004, 04:08 PM
How truly secure is a password-protected BIOS? I wouldn't expect to see 99 out of 100 computers outside of a corporate environment secured with a password-protected BIOS, and from what I've seen in some of the corporations, I don't think there are too many there either. So does LINUX have a way to beat the BIOS password? Because now that I have my passwords set in BIOS, what else do I have to do to prevent that from being penetrated?



Forget BIOs, just rip the HDD out of the box & install it into another box & boot with a Knoppix CD! Done.
No Bios to fiddle around with, just a naked HDD.

R.

Razor-X
01-20-2004, 10:42 PM
Forget BIOs, just rip the HDD out of the box & install it into another box & boot with a Knoppix CD! Done.
No Bios to fiddle around with, just a naked HDD.

Well i'd just make the computer unbootable by picking it up, and slamming it into a wall. :roll:

Seriously though, we all say M$ security is bad, but if you try, it doesent have to be. Sure I live in the past (I hate WinXP patches... grrrr), but as far as any user knows, my computer doesent/barely exists. All my ports are stealthed via hardware firewall. Try and beat THAT!

my1cpu
01-22-2004, 07:51 PM
Forget BIOs, just rip the HDD out of the box & install it into another box & boot with a Knoppix CD! Done.
No Bios to fiddle around with, just a naked HDD.

Well i'd just make the computer unbootable by picking it up, and slamming it into a wall. :roll:

Seriously though, we all say M$ security is bad, but if you try, it doesent have to be. Sure I live in the past (I hate WinXP patches... grrrr), but as far as any user knows, my computer doesent/barely exists. All my ports are stealthed via hardware firewall. Try and beat THAT!

Your missing the whole point Razor( and Cuddles too)...Data on any system, regardless of OS, firewall settings, etc. is vulnerable if the attacker has physical access to your machine. The exception being encrypted data, but even that can be compromised if the attacker has enough time to brute force the encryption.

My1cpu

abouzeis
01-23-2004, 06:42 AM
To be honest with you demedici, the only way to stop this from being used against you is to get a mobile hard drive rack and to keep the rack with you at all times. You cant boot to a drive thats not there.

Very inefficient, but the safest way.

htimstyler
04-22-2004, 06:50 AM
Well, usually it's pretty simple to bypass the BIOS password if a person can actually open the computer. Most (all ?) motherboards have a jumper that returns the BIOS to it's original settings, erasing passwords, etc. So you need to keep the case secured.

... just pull the battery for a couple of minutes. Easier than rubbing a bottle for the genie...

Smokin...

The battery doesn't always do it, but if you don't know where the jumper is I guese it's worth a shot.

OErjan
04-22-2004, 08:36 PM
if you have access to the hardware you should sooner or later be able to get at the information, the quetion is more "when" tha if.
i have helped friends wih crashed OS back things up too many times to remember, once i spent 19 hrs burnig CD's (some 49 CD's on a not too great burner).
Knoppix saved his day.

roger_girardin
04-23-2004, 03:19 PM
i think knoppix cd is not so good as the win cd to repair the NT os

as we can't write on a ntfs fs partition, what would do ?

nt cd boot has a console to mess what you want on the disc

about security :

my webserver (mandrake 8.1) was hacked 2X , the guy has just change the root pass

lol

when i'll get some free time, i'll try knoppix-std

johnb
04-24-2004, 05:44 PM
There are knoppix customised cds that have captive NTFS, allowing read, write. Bit Defender is one that comes to mind. I have recently downloaded it but havent tried it yet(!).
johnb

counterzone
05-01-2004, 08:41 PM
Dont you just love these intermate descussions. lol. Brings the world together. How we could hack each other.... hmmm... it's just like being in a Microsoft forum (well it would be if they had any) ..............

Sigmatador
05-02-2004, 04:01 PM
How truly secure is a password-protected BIOS? I wouldn't expect to see 99 out of 100 computers outside of a corporate environment secured with a password-protected BIOS, and from what I've seen in some of the corporations, I don't think there are too many there either. So does LINUX have a way to beat the BIOS password? Because now that I have my passwords set in BIOS, what else do I have to do to prevent that from being penetrated?


if your pc is already booted, i just have to flash de mobo before rebooting with knoppix.

i can reset de bios directly on the mobo too.

like it was already said, to be secure, a box has to be physically inacessible.

eadz
05-02-2004, 09:56 PM
For those genuanly interested in making your linux computer secure ( because by default it's not very secure in terms of local access ) check out the Securing Debian HowTo

http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html

user unknown
05-09-2004, 12:55 AM
M$ requires more and more things to protect its ever fragile OS's - Firewalls, Virus Protection, Security Patches, etc... Heck, I just found out that you can get a Firewall for Linux. As for the Virus programs, do they ACTUALLY "make" a virus program for Linux?

Well talking about patches: You may get patches for linux (kernel, apache, ssh, ...) every few days or weeks, and lots of them are security-patches.

I don't know, whether there are big security differences from the system-design.
But you have to consider some facts, when comparing the systems:
Most crackers use windows, at least as target-platform.
Most windows-users aren't experienced in OS, Security or Programming issues.
Most linux users are.

The MS-practice, to prefer usabilty over security (executable email-attachments, word-makros, outlook-monoculture) lead to their success in the endconsumer market.

If I get an attachment in my mail-client, I may double-click on it too. Normally a box pops up, asking what to do with a 'my_sister_under_shower.jpg.pif'. I'm not sure what it would do with 'my_sister...rpm - .deb -.sh' -files, but it surely could be configured to execute them.

OpenOffice has a macro-language too - I didn't look what you might do with it, but if it is strong, it may cause damage.

One big security reason of linux is, that there are so many different mail-clients, office-products, and in the average better informed users. I never received an linux virus by email, and it is unusual to change binaries on linux.

If linux would be more common, more linux-viruses would be build, and their chances of being spread will increase. I guess the more teachers praise linux to their pupils, the more viruses will evolve, and I guess we don't have to wait long for the first linux-viruses in the wild.

Well - you ask: 'do they actually make a virus?' who 'they'?
After reading a book on linux-security, in which I was told, that viruses are nearly impossible on linux, I tried to build one on my own, and it worked.
But I didn't put it in the wild of course :)

Art McClure
05-13-2004, 09:28 AM
User Unknown,
Most sensible post about Linux security that I have read lately. As soon as Linux becomes very popular, there will be many patches and issues.

Orb360
05-26-2004, 06:41 PM
If you want data to be secure... keep it in your head...

'nuff said

OErjan
05-26-2004, 08:06 PM
computers are never 100% secure, just more or less hard to get into and acess info.
some require physical access, some might be accesed over network...
best one can hope for i that it is hard enough to enter that it is not worth /time/trouble/expenses...
if time/trouble/expenses are not an issue... not much is "secure".
even keeping things in your head is not secure, not many can whitstand interrogation if no rules apply.
just look to iraq, and that was not worst case...
otoh information gained under such circumstances is never 100% but...

Webster
05-27-2004, 12:37 AM
There have been Linux distros around for ages that fit on a single floppy and hack the administrator password on a win2000-XP system for you.

Orb360
05-27-2004, 01:13 AM
computers are never 100% secure, just more or less hard to get into and acess info.
some require physical access, some might be accesed over network...
best one can hope for i that it is hard enough to enter that it is not worth /time/trouble/expenses...
if time/trouble/expenses are not an issue... not much is "secure".
even keeping things in your head is not secure, not many can whitstand interrogation if no rules apply.
just look to iraq, and that was not worst case...
otoh information gained under such circumstances is never 100% but...

Then I guess the best idea would be to keep the info in your head, and then take it to the grave BEFORE you are interrogated (meaning NOW)...


LOL... but even then... if you're religious...

user unknown
05-27-2004, 02:39 AM
webster: But you don't need a windows-cd to get su without linux-password :)

Silvus
07-28-2004, 07:28 AM
all you need to do to get through a bios password is find out what kind of bios it is. each company has backdoor passwords to slide in if the user forgets the password. there are sites with pw lists for each maker and it doesnt change their current bios/suecurity settings. and because you are doing this for a legit reasoon u can call the company and get the password as well.

Discerner0
07-30-2004, 03:41 PM
I am interested in this topic - though not from the point of view of cracking and stealing, but more from rescuing friends from locked computers, et al.

my question:

...does LINUX have a way to beat the BIOS password? Because now that I have my passwords set in BIOS, what else do I have to do to prevent that from being penetrated?

The BIOS is a small program in an EPROM on the motherboard. By design, it is the first program the CPU runs when the computer starts. The BIOS configuration determines which devices (floppy, CD, hard drive, network, etc.,) the CPU looks at to continue the boot process, and the order they will be accessed. Since the BIOS runs before the CD, Knoppix cannot defeat a password protected BIOS which doesn't allow booting from the CD.

[Added 8-2:] Oops, I should have read all the posts before I wrote this. Of course you could simply boot the hard drive in another computer, or reset the BIOS, but I assumed the cracker wouldn't have that kind of access. That's really a pretty unreasonable assumption on my part.

Might it be possible to write some sort of .exe which, when run from the OS (Windows or Linux,) essentially has the CPU run the boot sector program on the CD, effectively bypassing the BIOS? I don't know enough about the design of the computer at that level to say for sure, but it seems possible.

Orb360
08-18-2004, 03:51 AM
The reason Windows has so many virii is because everyone uses it... If Microsoft falls and linux takes over, you can bet there will be hundreds of linux virii coming out every year just like Windows now. Same thing for Macs...

I dont know about security, but basically, if it's hooked to the net, it can be hacked... no matter how secure.... Although you can tighten up Windows just as secure as Linux. I only have one port open, 21 for my FTP server. Disable netbios as this is a big one... and block all traffic over port 135 (RPC) and disable the windows time service and some others... then place this computer behind a router like the one I use which rejects all incomming connections and only allows outgoing connections through port 80... Pretty secure... from the outside.... fairly secure from the inside where I can keep tabs on the other users...

Seriously though, you want you're data safe? keep it up in your head.

JPWhite
09-14-2004, 02:27 AM
Orb360 wrote
Seriously though, you want you're data safe? keep it up in your head.

Not very safe IMHO.

First. The human brain is not too quick or reliable. Ever 'forget something' ? Recall errors and 'transcription errors' are the norm rather than the exception
Second. Once intoxicated information flows out of the brain like water from a firehose.
Third. Ever heard of a hypnotist?
Fourth. Have you *always* kept *all* secrets?

There is no totally safe place for data.

JP

firebyrd10
09-14-2004, 03:02 AM
Orb360 wrote
Seriously though, you want you're data safe? keep it up in your head.

Not very safe IMHO.

First. The human brain is not too quick or reliable. Ever 'forget something' ? Recall errors and 'transcription errors' are the norm rather than the exception
Second. Once intoxicated information flows out of the brain like water from a firehose.
Third. Ever heard of a hypnotist?
Fourth. Have you *always* kept *all* secrets?

There is no totally safe place for data.

JP
The only safe data is data that never existed. Though not very helpful.

kevstar31
12-13-2004, 02:09 AM
knoppix-std is better. :twisted:

pureone
12-13-2004, 03:24 AM
knoppix has become a very handy tool for me.

a few days ago i gave it a shot at installing suse 9.1 pro. i didnt like it and tryed to remove it after a while and messed it up. in the end windows was unable to boot up. i used knoppix to get inside my harddrive because there was data still in there. the stuff i wanted to get was my work mainly.my website for one thing and some of my programs.i was unable to move these files using smb because i have no internet connection on my pc (because its wireless) i could not use floppy because there was too much data and no other computer in my network has a a:\ so i used knoppix cd buit in cd burner to save my data :D

this is what i really like about knoppix this is why i will keep my ear out for new infomation about knoppix as well i hope to see the day when there is a full blown installer for knoppix.

firebyrd10
12-13-2004, 10:58 PM
knoppix has become a very handy tool for me.

a few days ago i gave it a shot at installing suse 9.1 pro. i didnt like it and tryed to remove it after a while and messed it up. in the end windows was unable to boot up. i used knoppix to get inside my harddrive because there was data still in there. the stuff i wanted to get was my work mainly.my website for one thing and some of my programs.i was unable to move these files using smb because i have no internet connection on my pc (because its wireless) i could not use floppy because there was too much data and no other computer in my network has a a:\ so i used knoppix cd buit in cd burner to save my data :D

this is what i really like about knoppix this is why i will keep my ear out for new infomation about knoppix as well i hope to see the day when there is a full blown installer for knoppix.

Huh? There is an installer.

sudo knoppix-installer

Harry Kuhman
12-13-2004, 11:58 PM
Huh? There is an installer.

sudo knoppix-installer
I think pureone was trying to say that he wants a Knoppix that installs and networking and other things that worked from the CD still work. Maybe even one where upgrading after an install will not break lots of things.

firebyrd10
12-14-2004, 05:10 AM
Huh? There is an installer.

sudo knoppix-installer
I think pureone was trying to say that he wants a Knoppix that installs and networking and other things that worked from the CD still work. Maybe even one where upgrading after an install will not break lots of things.

Ahh, I can see the first one being a possibility, but the breaking of porgrams during updates is just Debian Unstables way. The nature of the beast.

pureone
12-17-2004, 09:37 AM
i ment i look forward to the day you can download a version of knoppix thats only ment to be installed. like suse, redhat , debian, etc etc. i heard that the only reason why they made it installable is because people liked it so much is that right?

firebyrd10
12-17-2004, 08:56 PM
i ment i look forward to the day you can download a version of knoppix thats only ment to be installed. like suse, redhat , debian, etc etc. i heard that the only reason why they made it installable is because people liked it so much is that right?

Right, knoppix was never ment to be installed, it just happened.

gnarvaja
12-18-2004, 11:47 PM
Right, knoppix was never ment to be installed, it just happened.
... and many of us are grateful it did. Why do I have to go through 3 or more CDs and several complicated configuration options to get a basic OS and tools that get the job done? Basic job = web use, email, chat, IM (multiple accounts/protocols), graphic manupulation (beyond basic), multimedia (including CD ripping and burning), digital cameras support, office documents and a few good games.

My last attempt with a commercial distribution was SuSE 9x. You had to be a *nix guru if you wanted everything to run properly.

With Knoppix, you can get up and running in 1 hour, 2 if you a HD install. This includes networking, shared printers and HD in a Windows network.

--GN

firebyrd10
12-19-2004, 12:30 AM
Right, knoppix was never ment to be installed, it just happened.
... and many of us are grateful it did. Why do I have to go through 3 or more CDs and several complicated configuration options to get a basic OS and tools that get the job done? Basic job = web use, email, chat, IM (multiple accounts/protocols), graphic manupulation (beyond basic), multimedia (including CD ripping and burning), digital cameras support, office documents and a few good games.

My last attempt with a commercial distribution was SuSE 9x. You had to be a *nix guru if you wanted everything to run properly.

With Knoppix, you can get up and running in 1 hour, 2 if you a HD install. This includes networking, shared printers and HD in a Windows network.

--GN

The debian netinstaller is like that, only you need a high speed connection cause it downloads every.

But very easy nontheless.

ozdream
12-19-2004, 06:08 PM
I know i am not the only one that uses this
But is it great or what
you put the cd in on a machine that has windows 2000 you boot
bypassing all the log on security, the cd even mounts the local drive
you go to the local drive and you can copy, atache file in an e-mail
basicly take what you want from the drive
IS THAT GREAT OR WHAT,
i tesed it on two windows 2000 machine and i even got finacial files from one of my servers at work
This is cool


G'day I did the same here at government IT HQ!!! They at first said I was full of BS "that can't be done".

Needless to say I had them say that in front of the boss and then proceded to easly get on to the network.

I wish now I had not done that as one guy was "Replaced" but maybe for the better if his job is protecting my personal (government) files he should not be so cocky!

firebyrd10
12-19-2004, 07:48 PM
No way to protect the files from being accessed. They can be encrypted though to prevent usage.

ozdream
12-20-2004, 08:15 AM
No way to protect the files from being accessed. They can be encrypted though to prevent usage.


What??? Better check again there as there are many ways of preventing access and encryption can be broken.


Cheer's Glen Government IT Security

OErjan
12-20-2004, 06:12 PM
any way you can think of can be cracked/bypassed...
Atleast this is true as long as YOU can acess the files. the only real difference is how much effort has to go into the retrieval.

firebyrd10
12-21-2004, 02:06 AM
No way to protect the files from being accessed. They can be encrypted though to prevent usage.


What??? Better check again there as there are many ways of preventing access and encryption can be broken.


Cheer's Glen Government IT Security

Under circumstances for the average user (you may not apply, seeing where you work) my post applies.

If you want to get technical you can refer to my post earlier in this thread. :wink:

spaceinvader001
12-23-2004, 07:11 AM
The rule is: If you can access the machine you can hack the machine. If you want security the machine needs to be completely unaccessible, secondly it needs a BIOS password and the BIOS should be set so that the box will not boot from cd or floppy. Yes, Knoppix makes it unbelievably easy to do but it is not really anything new. Why would you hack your own employers server and write about it in a forum though?
Entertainment at their expense :lol:

cschilbe
12-23-2004, 10:54 PM
What made me even more interested in making a response to the whole thread was the fact that security in Linux is so serious, and not taken lightly, that someone can prove that "other" OS's lack so much of security.

I hate to say it, but security in any Win[fill in your version] is so lacking, I think M$ is more concerned that their security is mostly based on the fact that the system won't boot. IMHO


In this context, knoppix would give you the same access to a system with Linux installed as it would a system with Windows.

Authentication, excluding BIOS, is software based and is dependent on the OS, which is entirely skipped when booting from CD.

Scott0thia
01-04-2005, 12:57 AM
Hi every one im 16 and i go to valley center highschool and the other day i was laying in bed and i thought to myself hey i wonder if i could gain access to the server at school using knoppix? i dont use the word hacking because thats for losers that think they are "hackers" for getting past a damn password. but yea i was thinking hey what the hell i can gain access to my my computer at home with it and its password protected. So the night before i tested just to make sure you know it worked so i brought the disk to school the next day during computer class when teach wasnt looking i popped it in restarted and nothing happened right then i though these people arnt as stupid as i thought they were they programmed the bios to only load from the hard drive but we all know that is very easy to change but then guess what yup their was a stupid little bios password blocking me from total control of the principles files so i did the most simple search you can think of on google " bios hacking " hit enter and brought me to this site commited to bypassing bios passwords it said the easiest way to bypass it was to unplug the mouse and key board i said thats too easy but i tried and guess what it worked i was like W0W this is awsome it booted up and i had access to all administrative accounts and files BUT IM NOT A THIEF! ( and dont steal files from my employer) cough cough STUPID! i thought it was a harmless challenge and obviously knoppix came through genius!!!!! I PRAISE WHO EVER MADE KNOPPIX! well i hope you enjoyed my short story! ill enjoy reading more post on people who think they are hackers! peace out SCOTT[/i]

TyphoonMentat
01-16-2005, 09:52 AM
This seems a bit ironic - what you've done is hacking, despite the fact that you're trying to distance yourself from those whom you see as hackers, thereby making yourself "cool" in your mind. I'd advise that you tell the school of the security problem, and demonstrate Knoppix's abilities to them.
I have done similar things myself, but given that I am actually an administrator... It's very useful to see what security holes there are, so I can fix them.

firebyrd10
01-16-2005, 07:25 PM
This seems a bit ironic - what you've done is hacking, despite the fact that you're trying to distance yourself from those whom you see as hackers, thereby making yourself "cool" in your mind. I'd advise that you tell the school of the security problem, and demonstrate Knoppix's abilities to them.
I have done similar things myself, but given that I am actually an administrator... It's very useful to see what security holes there are, so I can fix them.

Right,

Also I would think the school would keep files like that server side with no remote access allowed. That way you'd have to get to the server locally to do anything with knoppix.