[Cryptography] Need some help regaining access to a server
Jeremy Stanley
fungi at yuggoth.org
Wed Sep 11 21:50:19 EDT 2019
On 2019-09-11 17:09:07 -0700 (-0700), Ron Garret wrote:
[...]
> This person left behind a server whose hatches are pretty tightly
> battened down. I’ve volunteered to help regain access to the
> server. I was able to recover the victim’s ssh key and log in to
> the server, but unfortunately sudo access is password protected so
> that has me stuck.
[...]
This is short some critical bits of context: is it a real piece of
hardware to which you have local physical access? If rebooted does
it require any additional passwords/keys to alter BIOS settings or
boot order, to alter bootloader configuration, or to decrypt the
root filesystem?
If you have console access and can alter the kernel command line or
boot from removeable media and there's no disk/fs encryption to
overcome then there are a myriad of ways to get direct root control
of the system, reset passwords, replace or add keys, and so on
without needing to exploit any privilege escalation vulnerabilities.
--
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20190912/01a41a8b/attachment.sig>
More information about the cryptography
mailing list