True Networked KVM Without Breaking The Bank

For administering many computers at once, an IP KVM is an invaluable piece of equipment that makes it possible to get the job done over the network without having to haul a keyboard, monitor, and mouse around to each computer. The only downside is that they can get pricey, unless of course you can roll one out based on the Raspberry Pi and the PiKVM image for little more than the cost of the Pi itself.

The video linked below shows how to set all of this up, which involves flashing the image and then setting up the necessary hardware. The build shows an option for using HDMI over USB, but another option using the CSI bus would allow for control over options like video resolution and color that a USB HDMI dongle doesn’t allow for. It also makes it possible to restart the computer and do things like configure BIOS or boot from removable media, which is something that would be impossible with a remote desktop solution like VNC.

The creator of PiKVM was mentioned in a previous post about the creation of the CSI bus capture card, and a Pi hat based on this build will be available soon which would include options for ATX controls as well. Right now, though, it’s possible to build all of this on your own without the hat, and is part of what makes the Pi-KVM impressive, as well as its very low cost.

Continue reading “True Networked KVM Without Breaking The Bank”

Escalating Privileges In Ubuntu 20.04 From User Account

Ubuntu 20.04 is an incredibly popular operating system, perhaps the most popular among the Linux distributions due to its ease-of-use. In general, it’s a fairly trustworthy operating system too, especially since its source code is open. However, an update with the 20.04 revision has led to security researcher [Kevin Backhouse] finding a surprisingly easy way to escalate privileges on this OS, which we would like to note is not great.

The exploit involves two bugs, one in accountservice daemon which handles user accounts on the computer, and another in the GNOME Display Manager which handles the login screen. Ubuntu 20.04 added some code to the daemon which looks at a specific file on the computer, and with a simple symlink, it can be tricked into reading a different file which locks the process into an infinite loop. The daemon also drops its privileges at one point in this process, a normal security precaution, but this allows the user to crash the daemon.

The second bug for this exploit involves how the GNOME Display Manager (gdm3) handles privileges. Normally it would not have administrator privileges, but if the accountservice daemon isn’t running it escalates itself to administrator, where any changes made have administrator privileges. This provides an attacker with an opportunity to create a new user account with administrator privileges.

Of course, this being Ubuntu, we can assume that this vulnerability will be immediately patched. It’s also a good time to point out that the reason that open-source software is inherently more secure is that when anyone can see the source code, anyone can find and report issues like this which allow the software maintainer (or even the user themselves) to make effective changes more quickly.

Steal The Administrator Password From An EEPROM

locating_atmel

Did you forget your hardware-based password and now you’re locked out? If it’s an IBM ThinkPad you may be in luck but it involves a bit more than just removing the backup battery. SoDoItYourself has an article detailing the retrieval of password data from an EEPROM.

The process is a fun one. Disassemble your laptop. Build a serial interface and solder it to the EEPROM chip where the password is stored. Connect this interface to a second computer and use it to dump the data into a file. Download a special program to decipher the dump file and dig through the hex code looking for something that resembles the password. Reassemble your laptop and hope that it worked.

We know that most people won’t be in a position to need a ThinkPad administrator password, but there must be other situations in which reading data off of an EEPROM comes in handy. What have you used this method for?