CYBE231 Lab 7 - Physical Security

While we are working in completely virtualized environment, it is important to not forget about the physical side of security. While we can not do many things like physical things like “Rubber Duckies”, router installation, physical wiretaps, and others. Something that we can is booting into live images, or recovery modes to gain access to the systems. So that is what we talked about in this lab.

The first attack that we looked at was booting from a live image from something like a USB stick or DVD. This attack could be easily performed if the system was set to allow booting from external sources. To do this we mounted an ISO image of Kali Linux on the system, then rebooted into it. We decided to do this on one of the Windows machines. After booting into Kali Linux, we mounted the Windows hard drive, as a storage device on the system. We then navigated into the directory that Windows uses to store the registry information and used chntpw to clear the password on the Administrator account. Rebooting the machine while removing the Kali Linux ISO image, we were able to login as the Administrator, and take control of the system.

The next example of a physical attack that we showed was booting into a recovery mode, specifically, we are using single-user mode on Linux. To get into single user mode, as we are booting into Ubuntu, we can hold shift to get into the grub menu, then press e to edit the command run on boot. Adding single to the line for the version of Linux we want to boot, will boot us into single user mode. After booting we can see we are at root shell, that can be used to do anything on the machine. In our case, we added a user to passwd, and shadow files, giving us a backdoor into the system that we could use later.