As already pointed, this is not an attacking method, but just a recovery method. From the POV of security, getting physical access to the console is already bad.
If you find the BIOS is locked, the drive is encrypted, or you can't run your own bootloader (or edit theirs), use a DMA [1][2] or cold boot [3] attack. This should be the first thing you attempt if the machine is already booted up, in case the drive is encrypted. (Also trying a network attack using metasploit before trying the cold boot attack might net results)
[1] http://www.breaknenter.org/projects/inception/
[2] https://github.com/mrbreaker/mofo
[3] http://www.linuxjournal.com/magazine/cold-boot-attack-tools-linuxHowever, instead of selecting "recovery mode" you had to edit the boot line and add a "s" for single user mode.
Things that come in my mind :
- Use USB Flash/CD to boot something else, mount the hard-drive and do some nasty stuff to passwd file.
- If you have your BIOS locked, you can simply remove the hard drive and use another box to do the same.
- If you got your BIOS locked with a password, you can simply remove the battery for 1-2 minutes and put it back!
- No access to the battery?! Remove the hard drive, boot from CD/usb key ( since there is no hard drive almost every BIOS will search for something to boot from ) and flash the BIOS :D
No system is secured if you have physical access to the hardware.
What I shared is is not an attacking method, but just a recovery method, which was helpful for me recently, so I hoped that it can be helpful to someone else as well.
(http://www.cyberciti.biz/faq/hpux-booting-into-single-user-m...)
> Please don't submit comments complaining that a submission is inappropriate for the site. If you think something is spam or offtopic, flag it by going to its page and clicking on the "flag" link. (Not all users will see this; there is a karma threshold.) If you flag something, please don't also comment that you did.