Thursday 17 December 2015

Hack Linux Computer By Hitting The Backspace

Hack Linux Computer By Hitting The Backspace ?

Is Linux Really Secure!

You can easily crack Linux computer by pressing Backspace 28 times.

This Exploit have been found by two security researchers Ismael Ripoll and Hector Marco from the cyberSecurity Group

Where this exploit Found ?

The bug is in Grub2, the bootloader used to initialize “most Linux systems,”

According to researchers, a vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be exploited under certain circumstances, allowing local attackers to bypass any kind of authentication (plain or hashed passwords). And so, the attacker may take control of the computer.

Grub2 is the bootloader used by most Linux systems including some embedded systems. This results in an incalculable number of affected devices.

Boot System Overview

What is Grub?

GRand Unified Bootloader. GRUB is a boot loader designed to boot a wide range of operating systems from a wide range of filesystems. GRUB is becoming popular due to the increasing number of possible root filesystems that can Linux can reside upon. GRUB is documented in a GNU info file.


An attacker which successfully exploits this vulnerability will obtain a Grub rescue shell. Grub rescue is a very powerful shell allowing to:

  1. Elevation of privilege: The attacker is authenticated without knowing a valid username nor the password. The attacker has full access to the grub's console (grub rescue).
  2. Information disclosure: The attacker can load a customized kernel and initramfs (for example from a USB) and then from a more comfortable environment, copy the full disk or install a rootkit.
  3. Denial of service: The attacker is able to destroy any data including the grub itself. Even in the case that the disk is ciphered the attacker can overwrite it, causing a DoS.
How To Fix?

Try to press backspace key 28 times if Grub username prompt during power-up. This will open a "Grub rescue shell" under Grub2 versions 1.98 to version 2.02.

This rescue shell allows unauthenticated access to a computer and the ability to load another environment. The attacker can access computer data and allow to install malware.

Here you can apply to patch your Linux system Debian, RedHat and Ubuntu

You can see full POC here


Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer