extel@quagga.uucp (Dr. Eberhard Lisse) (10/19/90)
Just in case the previous message did not make it: At the University of Namibia they have an old tower standing in the corner (!) since two years and nobody knows what to do with it. Apparently it belongs (belonged) to an unix user group and they have lost the root password and interest. How do I get access to it? How can get me a floppy which lets me boot in single user mode so I can change /etc/passwd? What else can I do? regards, el -- Dr. Eberhard W. Lisse Katatura State Hospital Private Bag 13260 Windhoek
mka@sean.UUCP (mka) (10/21/90)
If you can't get a disk, which I guess would be a standalone shell (by
the way, which tower do you have and which version of Unix?), then you
may still be able to get in.
I have broken into two towers under the same circumstances using the
following method. I don't remember the specific details but I'll describe
the concept.
1. you must be able to get on the machine (log in) with any uid possible.
This means find an unprotected login (no password). The ones I try are
sa
startup
shutdown
daemon
sys
bin
adm
ncrm
uucp
guest
"uucp" and "ncrm" are often left unprotected for some strange reason.
2. once you get in, you need to be able to get a shell. this may involve
trying keyboard interrupts to break out of menus.
3. once you get a shell, create a filesystem on a floppy. I'm not sure
if the standard commands allow you to do this (format, mkfs,etc.), but
you may be able to "dd" the harddisk filesystem or at least the hard
disk superblock onto the filesystem. or you could write a small C
program that builds a superblock with the right values and writes it
to the floppy.
4. then using fsdb, patch the unmounted file system to the right size,
create inodes, create a directory (if its not there), and generally
create a filesystem with a root directory.
5. using fsdb, create a file with zero length (really, allocate an inode
as a file), make the owner root, and then set the permissions to be setuid
plus read+write for everyone. make a directory entry that references
the inode.
6. mount the floppy filesystem in a convenient directory. copy /bin/sh
to your setuid file.
7. execute the setuid shell and then edit /etc/passwd. done.
Well, after describing the above, its obvious that I have forgotten a
zillion details, and this is not a trivial task. At least not for
Unix novices, and I don't know the level of your unix knowledge.
I hope you find a disk.
Good luck,
Mike Anderson
{uunet|uokmax}!sean!mkahack@moxie.lonestar.org (Greg Hackney) (10/21/90)
extel@quagga.uucp (Dr. Eberhard Lisse) writes: >At the University of Namibia they have an old tower >lost the root password If you don't have an original NCR "install" tape for it, get one from NCR. With the tape, you can build a mini-root file system in the swap area of the hard disk, and will not over-write data on the other disk partitions. You'll have the option to break out out of the install sequence, and get a root shell. Then you can mount the real root partition and change the password file. -- Greg
greg@tcnz2.tcnz.co.nz (Greg Calkin) (10/23/90)
In article <134@sean.UUCP> mka@sean.UUCP (mka) writes: >1. you must be able to get on the machine (log in) with any uid possible. >This means find an unprotected login (no password). The ones I try are [... list of logins deleted ...] Check the permissions of /etc and /. Once you login, check /etc/passwd for a login with root priviledges without a password. If one exists, login using it and clean up the system. If it doesn't exist, see if you can get into a login with permission to write to the / directory or the /etc directory and then use it to edit the /etc/passwd file and give yourself root access. It is surprising how badly defended most machines are against even a weak attack like this. Very few can stand up to a Unix knowledgable user. For those of you who think this posting encourages hackers, check you own security. -- Greg Calkin, Systems Engineer {include "sexual_hard_sell"} (greg@tcnz.co.nz) Thomas Cook N.Z. Limited, PO Box 24, Auckland CPO, New Zealand, Ph (09)-793920 Disclaimer : Would you buy a used car from someone with these opinions ?