Nekochan Net

Official Chat Channel: #nekochan // irc.nekochan.net
It is currently Thu Apr 24, 2014 4:57 am

All times are UTC - 8 hours


Forum rules


Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.



Post new topic Reply to topic  [ 10 posts ] 
Author Message
Unread postPosted: Tue Jan 08, 2008 4:16 pm 
Offline
User avatar

Joined: Sat Nov 10, 2007 3:06 am
Posts: 206
Location: North Liberty, IA
I bought a sgi 230 (800mhz PIII). Go it fired it up... booted up to Red 7.1 and had login screen. Thinking I am NOT going to get in to snoop, thought I'd try logging in as root with no passwd... no success, so tried one more time as root and passwd as root

Lo and behold she opened up... cool snooped a little, got to the user admin console and redid all the user passwords... and continued to snoop... now I have figure out that either Pratt/Whitney Corp owned this or Dodge... not sure which one yet , but

I found it as evidently connected to some real MIPS hardware and had logged hinv and some configuration and processes...

VERY INTERESTING... a 64CPU 65Gig machine on 16 nodes called violet1
and several other configurations of mips SGI's


so if anyone interested I can post these "logs" for interesting reading.

some configurational stuff I had never seen before. and sn of boards
tests that was performed.


TALK ABOUT SECURITY huh?
weak password linked to root



and best of all I think this SGI230 is using the "factory" installed red hat though it must have been upgraded to 7.1

_________________
:Indigo2: :Indigo2: :Indigo2IMP: :Fuel: :Fuel: :Fuel: :320: :PI: :PI: <- PFile:Indy:
:O2: :1600SW: :O2: :1600SW: :Octane2: :Octane: :Octane: :Octane: :Onyx2: :O2000R:

Amiga 4000 060 & PPC with toaster/flyer
Mac Intel imac 24inch (dual 3 G), MacG4 Quicksilver 2002 w Dual 1.8G (LEOPARD)
G4 GigE Dual 500 (TIGER/OS9), imac G3 (PANTHER)

Sun Ultra 60, SunBlade 2000 Dual 1G (SOLARIS 10)

PC Gateway DualCore, and other lowly PC's (laptops)
Qube3, RaQ4's,Audiotron,Magnia


Top
 Profile  
 
Unread postPosted: Tue Jan 08, 2008 4:22 pm 
Offline
User avatar

Joined: Tue Jul 18, 2006 8:32 pm
Posts: 888
Location: Sydney, Australia
The seller might have set the password as a favour to the buyer. I have bought stuff with the root password deleted. Leaving the rest of the crud on the drive was bit of a corporate no-no.

Regan

_________________
:Onyx2R: :Onyx2R: :0300: :0300: :0300: :O200: :Octane: :Octane: :O2: :O2: :Indigo2IMP: :Indy: :Indy: :Indy: :Indy: :Indy: :Indy: :Indy: :Indy:
:hpserv: J5600, 2 x SUN, 2 x Mac, 3 x Alpha, 2 x RS/6000


Top
 Profile  
 
Unread postPosted: Tue Jan 08, 2008 4:29 pm 
Offline
User avatar

Joined: Sat Nov 10, 2007 3:06 am
Posts: 206
Location: North Liberty, IA
this isnt the first time I have found weak passwords as root.

I had gotten a sun ultra1 once that came from a university and it had a root with the password set to the machines name and one of the users logins name was a classroom location and instructors name for password.

I got lucky finding that one out too...


same university also sold me a password protected xerox photocopier... I gounded out all on board batteries... and after it warned me to contact xerox cause of failure it proceeded to reinitialize itself AND after 45 minutes of exercise it came up to ready to copy with the total copy count being 0... making it act like a "NEW" copier.

_________________
:Indigo2: :Indigo2: :Indigo2IMP: :Fuel: :Fuel: :Fuel: :320: :PI: :PI: <- PFile:Indy:
:O2: :1600SW: :O2: :1600SW: :Octane2: :Octane: :Octane: :Octane: :Onyx2: :O2000R:

Amiga 4000 060 & PPC with toaster/flyer
Mac Intel imac 24inch (dual 3 G), MacG4 Quicksilver 2002 w Dual 1.8G (LEOPARD)
G4 GigE Dual 500 (TIGER/OS9), imac G3 (PANTHER)

Sun Ultra 60, SunBlade 2000 Dual 1G (SOLARIS 10)

PC Gateway DualCore, and other lowly PC's (laptops)
Qube3, RaQ4's,Audiotron,Magnia


Top
 Profile  
 
Unread postPosted: Tue Jan 08, 2008 6:05 pm 
Offline
User avatar

Joined: Sat Nov 10, 2007 3:06 am
Posts: 206
Location: North Liberty, IA
well it did belong to pratt whitney as disvored through ip addressing scheme, and thanks to whats my ip

also found that it was the l3 controller for an origin 3000 system possibly two or three

one known as violet (141.119.204.90) a 4 proc 400 mhz 4 gig machine
another known as viola (141.119.204.91) which was a 64 proc/400mhz origin 3000 with 64Gig of mem and piles of hard drives

and one known as verbena (141.119.204.92) unknown info about it

and their servers gateway way at 141.119.119.120




anyway that was interesting and worth the $$$ forthe hardware and dissection :)

-legal hacking- through ones OWN machine acquired through purchase.

_________________
:Indigo2: :Indigo2: :Indigo2IMP: :Fuel: :Fuel: :Fuel: :320: :PI: :PI: <- PFile:Indy:
:O2: :1600SW: :O2: :1600SW: :Octane2: :Octane: :Octane: :Octane: :Onyx2: :O2000R:

Amiga 4000 060 & PPC with toaster/flyer
Mac Intel imac 24inch (dual 3 G), MacG4 Quicksilver 2002 w Dual 1.8G (LEOPARD)
G4 GigE Dual 500 (TIGER/OS9), imac G3 (PANTHER)

Sun Ultra 60, SunBlade 2000 Dual 1G (SOLARIS 10)

PC Gateway DualCore, and other lowly PC's (laptops)
Qube3, RaQ4's,Audiotron,Magnia


Top
 Profile  
 
Unread postPosted: Tue Jan 08, 2008 9:59 pm 
Offline

Joined: Wed Jul 19, 2006 7:37 am
Posts: 5735
Location: Renton, WA
pinball_0 wrote:
-legal hacking- through ones OWN machine acquired through purchase.


Still, it's not considered nice or cricket to post the details of other people's networks without their permission. This kind of behavior tends to encourage companies to go the "crush it just in case" route.

I'll defer to the professionals here, though.

_________________
Damn the torpedoes, full speed ahead!

There are those who say I'm a bit of a curmudgeon. To them I reply: "GET OFF MY LAWN!"

:Indigo: :Octane: :Indigo2: :Indigo2IMP: :Indy: :PI: :O3x0: :ChallengeL: :O2000R: (single-CM)


Top
 Profile  
 
Unread postPosted: Wed Jan 09, 2008 3:50 am 
Offline
User avatar

Joined: Thu Jun 17, 2004 10:35 am
Posts: 3774
Location: Wijchen, The Netherlands
pinball_0 wrote:
I found it as evidently connected to some real MIPS hardware and had logged hinv and some configuration and processes...

VERY INTERESTING... a 64CPU 65Gig machine on 16 nodes called violet1
and several other configurations of mips SGI's

This system was probably used as an L3 controller to the MIPS systems.

Quote:
so if anyone interested I can post these "logs" for interesting reading.

That's unethical, if you ask me. Even if they were stupid.

_________________
Now this is a deep dark secret, so everybody keep it quiet :)
It turns out that when reset, the WD33C93 defaults to a SCSI ID of 0, and it was simpler to leave it that way... -- Dave Olson, in comp.sys.sgi

Currently in commercial service: Image :Onyx2:(2x) :O3x02L:
In the museum: almost every MIPS/IRIX system.
Wanted: GM1 board for Professional Series GT graphics (030-0076-003, 030-0076-004)


Top
 Profile  
 
Unread postPosted: Wed Jan 09, 2008 5:16 am 
Offline
User avatar

Joined: Sat Nov 10, 2007 3:06 am
Posts: 206
Location: North Liberty, IA
your right it was an L3 controller must have been a package deal when they got their servers.

and I have killed out the routing information as I have it now on my network.

there wasn't anything there to compromise their system and addresses aren't too much concern.. so worry not.

_________________
:Indigo2: :Indigo2: :Indigo2IMP: :Fuel: :Fuel: :Fuel: :320: :PI: :PI: <- PFile:Indy:
:O2: :1600SW: :O2: :1600SW: :Octane2: :Octane: :Octane: :Octane: :Onyx2: :O2000R:

Amiga 4000 060 & PPC with toaster/flyer
Mac Intel imac 24inch (dual 3 G), MacG4 Quicksilver 2002 w Dual 1.8G (LEOPARD)
G4 GigE Dual 500 (TIGER/OS9), imac G3 (PANTHER)

Sun Ultra 60, SunBlade 2000 Dual 1G (SOLARIS 10)

PC Gateway DualCore, and other lowly PC's (laptops)
Qube3, RaQ4's,Audiotron,Magnia


Top
 Profile  
 
Unread postPosted: Tue May 06, 2008 11:08 am 
Offline
User avatar

Joined: Sun Sep 05, 2004 1:17 pm
Posts: 887
Location: Beatrice, NE, USA
pinball_0 wrote:
I bought a sgi 230 (800mhz PIII). Go it fired it up... booted up to Red 7.1 and had login screen. Thinking I am NOT going to get in to snoop, thought I'd try logging in as root with no passwd... no success, so tried one more time as root and passwd as root


I think admins make it too easy for passwords. When I was back in school, our admin used the word hammer for the administrator password and for the bios password. He didnt even care if people had it really. He never changed it. I knew it from 9th grade till I completed school and it always been the same. Probably still is the same up to today.


Top
 Profile  
 
Unread postPosted: Tue May 06, 2008 4:44 pm 
Offline

Joined: Tue Oct 09, 2007 11:14 am
Posts: 92
Gray Fox wrote:
pinball_0 wrote:
I bought a sgi 230 (800mhz PIII). Go it fired it up... booted up to Red 7.1 and had login screen. Thinking I am NOT going to get in to snoop, thought I'd try logging in as root with no passwd... no success, so tried one more time as root and passwd as root


I think admins make it too easy for passwords. When I was back in school, our admin used the word hammer for the administrator password and for the bios password. He didnt even care if people had it really. He never changed it. I knew it from 9th grade till I completed school and it always been the same. Probably still is the same up to today.


I think almost everybody now is getting better about passwords - in fact the government and educational institutions in Canada go to the other extreme and are often complete fanatics about passwords (even the ordinary job) often to the point of making the password much too diffucalt for the non-kodak memory equipment (no dictionary words, palindromes, reverse dictionary words, 8 characters or more, no embedded dates and must contain both letters and numbers) - sometimes even 8-12 digit random passwords - that the exact oppisite is the results and you see little hand written notes on the back of the machine, under the desk, organizer etc ....

It's a bit different now though - it's almost impossible to put any machine on the internet without it being scanning by robots many times a day looking for weak passwords. I've never had anything intentional but I work with allot of small companies in my little home town - and it's very to boss around the boss who used to being master of his domain and sometimes they'll use a password that's work just to prove a point (which ends up proving my point). It's normally not the root account that's compromised (I make a uniqie password for each customers root access) and the handfull of times it's happened it's been just to send spam

The *time* time I even had root compromised was one of the first firewalls, development machine to a accounting network. This machine just had some Script-Kiddy programs/scripts to hack other machines and upload the results - but he did a terrible job cleaning up his tracks. And it turns out that wasn't even a weak password - that was in the early days of Linux meets Internet meets ScriptKiddys and they got into the system from one of the many buffer-overflows that existed back then (it was one of the rpc daemons). Now thankfully privilege separation has become standard - or a standard option with many key packages and it's much easier to chroot jail them to limit the damage (plus many daemons have traps to try and detect unknown buffer overflow exploits) plus I was being kind of lazy not uing xinetd to limit many services to loadl only, or just commenting them out of inetd.conf all together !


Top
 Profile  
 
Unread postPosted: Tue May 06, 2008 10:04 pm 
Offline
Moderator
Moderator
User avatar

Joined: Sun Mar 30, 2003 4:29 am
Posts: 2470
Location: Kabul, Afghanistan, Asia
jan-jaap wrote:
That's unethical, if you ask me. Even if they were stupid.


I completely agree. That should not be done. At least not here on nekochan.

_________________
...only chemist in .af?
Eroteme.ch - eternally unfinished and never started


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group