extel@quagga.uucp (Dr. Eberhard Lisse) (10/19/90)
Just in case the previous message did not make it: At the University of Namibia they have an old tower standing in the corner (!) since two years and nobody knows what to do with it. Apparently it belongs (belonged) to an unix user group and they have lost the root password and interest. How do I get access to it? How can get me a floppy which lets me boot in single user mode so I can change /etc/passwd? What else can I do? regards, el -- Dr. Eberhard W. Lisse Katatura State Hospital Private Bag 13260 Windhoek
mka@sean.UUCP (mka) (10/21/90)
If you can't get a disk, which I guess would be a standalone shell (by the way, which tower do you have and which version of Unix?), then you may still be able to get in. I have broken into two towers under the same circumstances using the following method. I don't remember the specific details but I'll describe the concept. 1. you must be able to get on the machine (log in) with any uid possible. This means find an unprotected login (no password). The ones I try are sa startup shutdown daemon sys bin adm ncrm uucp guest "uucp" and "ncrm" are often left unprotected for some strange reason. 2. once you get in, you need to be able to get a shell. this may involve trying keyboard interrupts to break out of menus. 3. once you get a shell, create a filesystem on a floppy. I'm not sure if the standard commands allow you to do this (format, mkfs,etc.), but you may be able to "dd" the harddisk filesystem or at least the hard disk superblock onto the filesystem. or you could write a small C program that builds a superblock with the right values and writes it to the floppy. 4. then using fsdb, patch the unmounted file system to the right size, create inodes, create a directory (if its not there), and generally create a filesystem with a root directory. 5. using fsdb, create a file with zero length (really, allocate an inode as a file), make the owner root, and then set the permissions to be setuid plus read+write for everyone. make a directory entry that references the inode. 6. mount the floppy filesystem in a convenient directory. copy /bin/sh to your setuid file. 7. execute the setuid shell and then edit /etc/passwd. done. Well, after describing the above, its obvious that I have forgotten a zillion details, and this is not a trivial task. At least not for Unix novices, and I don't know the level of your unix knowledge. I hope you find a disk. Good luck, Mike Anderson {uunet|uokmax}!sean!mka
hack@moxie.lonestar.org (Greg Hackney) (10/21/90)
extel@quagga.uucp (Dr. Eberhard Lisse) writes: >At the University of Namibia they have an old tower >lost the root password If you don't have an original NCR "install" tape for it, get one from NCR. With the tape, you can build a mini-root file system in the swap area of the hard disk, and will not over-write data on the other disk partitions. You'll have the option to break out out of the install sequence, and get a root shell. Then you can mount the real root partition and change the password file. -- Greg
greg@tcnz2.tcnz.co.nz (Greg Calkin) (10/23/90)
In article <134@sean.UUCP> mka@sean.UUCP (mka) writes: >1. you must be able to get on the machine (log in) with any uid possible. >This means find an unprotected login (no password). The ones I try are [... list of logins deleted ...] Check the permissions of /etc and /. Once you login, check /etc/passwd for a login with root priviledges without a password. If one exists, login using it and clean up the system. If it doesn't exist, see if you can get into a login with permission to write to the / directory or the /etc directory and then use it to edit the /etc/passwd file and give yourself root access. It is surprising how badly defended most machines are against even a weak attack like this. Very few can stand up to a Unix knowledgable user. For those of you who think this posting encourages hackers, check you own security. -- Greg Calkin, Systems Engineer {include "sexual_hard_sell"} (greg@tcnz.co.nz) Thomas Cook N.Z. Limited, PO Box 24, Auckland CPO, New Zealand, Ph (09)-793920 Disclaimer : Would you buy a used car from someone with these opinions ?