Linux Root Shell access By Pressing 'ENTER'

Linux Root Shell access By Pressing 'ENTER'

 

A hacker with little more than a minute can bypass the authentication procedures on some Linux systems just by holding down the Enter key for around 70 seconds.
The result? The act grants the hacker a shell with root privileges, which allows them to gain complete remote control over encrypted Linux machine.
The security issue relies due to a vulnerability (CVE-2016-4484) in the implementation of the Cryptsetup utility used for encrypting hard drives via Linux Unified Key Setup (LUKS), which is the standard implementation of disk encryption on a Linux-based operating system.
The flaw actually is in the way the Cryptsetup utility handles password failures for the decryption process when a system boots up, which lets a user retry the password multiple times.
What's even worse? Even if the user has tried up all 93 password attempts, the user is dropped to a shell (Busybox in Ubuntu) that has root privileges.
In other words, if you enter a blank password 93 times – or simply hold down the 'Enter' key for roughly 70 seconds – you will gain access to a root initramfs (initial RAM file system) shell. 

Once obtained the root shell on a target Linux machine, you can copy, modify, or destroy the hard disk, or use the network to exfiltrate data.

Vulnerability can also be Exploited Remotely

The flaw, discovered by Spanish security researcher Hector Marco and Ismael Ripoll, affects almost all Linux distributions, including Debian, Ubuntu, Fedora, Red Hat Enterprise Linux (RHEL), and SUSE Linux Enterprise Server (SLES), which potentially puts millions of users at risk.


However, you might be thinking that exploiting this flaw is only possible when you have physical access to the target system. True, but exploiting the flaw remotely is also possible.

If you use cloud-based services that use Linux, you can remotely exploit this vulnerability without having 'physical access.'

Here's How to Fix the Security Issue:

Fortunately, the vulnerability is incredibly easy to fix.

First of all, press the Enter key for about 70 seconds at the LUKS password prompt until a shell appears, just in order to see if your system is vulnerable.

If vulnerable, you will need to check with your Linux distribution support vendor to find out whether or not a patch is available.

Add caption

f the patch is not available, the issue can be fixed by modifying the cryptroot file to stop the boot sequence when the number of password attempts has been exhausted. For this, you can add the following commands to your boot configuration:

sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="/GRUB_CMDLINE_LINUX_DEFAULT="panic=5 /' /etc/default/grub grub-install

Since a patch is already available, so make sure that you are always using the most recent package versions and up to date operating system.

ANDROID ROOTING (ALL BRAND!!!! ALL VERSIONS)

ANDROID ROOTING

 

What is Android Rooting Means ??

 Rooting, for those of you that don't know, means giving yourself root permissions on your phone. It's similar running programs as administrators in Windows, or running a command with sudo in Linux. With a rooted phone, you can run apps that require access to certain system settings, as well as flash custom ROMs to your phone, which add all sorts of extra features. If you're on the fence about rooting, check out our top 10 reasons to root your Android phone for some motivation.

How to Root Your Android Device.

You Need to Follow Just 8 Simple Steps To  Root your Phone.

• Enable Developer Option on  your Android Phone by Clicking on the Build Version option frequently until you get a message "You Are Now a Developer".                         

First Screen

Second Screen

•  Now in Developer Option Enable USB Debugging mode (as in image above) 
• Check the Version of your Android                            

      a) User having Version 4.1, 4.2,4.2.2,4.3   

                      i.Rootgenius

                     ii.Kingo_Root

                    iii.Update_Super_Su

                    

     b) User Having Versions 4.4 and above 

                      i.Mobilego

                      ii.Liquid_gapps   

• Now Connect Your Mobile With Your Laptop/Desktop Having Rooting Kit Installed on It with the USB Cable.
• Now click On the "Root Now" Option after Connecting your Device.
• This Will Automatically Root Your Device, Now "Re-Boot" Your Device. your Device has been Rooted.
• Install "Root Checker" from Play-store to verify that your Device has been rooted.
• You Can also Un-Root Your Device when ever you feel like,by just Clicking on the "Remove Root" or "Un-Root" option on the Rooting Kit.

 

 

Imp. Note:- Rooting May Exploit the Warranty of the Device and also can harm your Device.

So, perform This only after  Proper Reading about Rooting..