Wow, just got a sgi230 .. some security!!

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
User avatar
pinball_0
Posts: 206
Joined: Sat Nov 10, 2007 3:06 am
Location: North Liberty, IA

Wow, just got a sgi230 .. some security!!

Unread postby pinball_0 » Tue Jan 08, 2008 4:16 pm

I bought a sgi 230 (800mhz PIII). Go it fired it up... booted up to Red 7.1 and had login screen. Thinking I am NOT going to get in to snoop, thought I'd try logging in as root with no passwd... no success, so tried one more time as root and passwd as root

Lo and behold she opened up... cool snooped a little, got to the user admin console and redid all the user passwords... and continued to snoop... now I have figure out that either Pratt/Whitney Corp owned this or Dodge... not sure which one yet , but

I found it as evidently connected to some real MIPS hardware and had logged hinv and some configuration and processes...

VERY INTERESTING... a 64CPU 65Gig machine on 16 nodes called violet1
and several other configurations of mips SGI's


so if anyone interested I can post these "logs" for interesting reading.

some configurational stuff I had never seen before. and sn of boards
tests that was performed.


TALK ABOUT SECURITY huh?
weak password linked to root



and best of all I think this SGI230 is using the "factory" installed red hat though it must have been upgraded to 7.1
:Indigo2: :Indigo2: :Indigo2IMP: :Fuel: :Fuel: :Fuel: :320: :PI: :PI: <- PFile:Indy:
:O2: :1600SW: :O2: :1600SW: :Octane2: :Octane: :Octane: :Octane: :Onyx2: :O2000R:

Amiga 4000 060 & PPC with toaster/flyer
Mac Intel imac 24inch (dual 3 G), MacG4 Quicksilver 2002 w Dual 1.8G (LEOPARD)
G4 GigE Dual 500 (TIGER/OS9), imac G3 (PANTHER)

Sun Ultra 60, SunBlade 2000 Dual 1G (SOLARIS 10)

PC Gateway DualCore, and other lowly PC's (laptops)
Qube3, RaQ4's,Audiotron,Magnia

User avatar
regan_russell
Posts: 888
Joined: Tue Jul 18, 2006 9:32 pm
Location: Sydney, Australia
Contact:

Re: Wow, just got a sgi230 .. some security!!

Unread postby regan_russell » Tue Jan 08, 2008 4:22 pm

The seller might have set the password as a favour to the buyer. I have bought stuff with the root password deleted. Leaving the rest of the crud on the drive was bit of a corporate no-no.

Regan
:Onyx2R: :Onyx2R: :0300: :0300: :0300: :O200: :Octane: :Octane: :O2: :O2: :Indigo2IMP: :Indy: :Indy: :Indy: :Indy: :Indy: :Indy: :Indy: :Indy:
:hpserv: J5600, 2 x SUN, 2 x Mac, 3 x Alpha, 2 x RS/6000

User avatar
pinball_0
Posts: 206
Joined: Sat Nov 10, 2007 3:06 am
Location: North Liberty, IA

Re: Wow, just got a sgi230 .. some security!!

Unread postby pinball_0 » Tue Jan 08, 2008 4:29 pm

this isnt the first time I have found weak passwords as root.

I had gotten a sun ultra1 once that came from a university and it had a root with the password set to the machines name and one of the users logins name was a classroom location and instructors name for password.

I got lucky finding that one out too...


same university also sold me a password protected xerox photocopier... I gounded out all on board batteries... and after it warned me to contact xerox cause of failure it proceeded to reinitialize itself AND after 45 minutes of exercise it came up to ready to copy with the total copy count being 0... making it act like a "NEW" copier.
:Indigo2: :Indigo2: :Indigo2IMP: :Fuel: :Fuel: :Fuel: :320: :PI: :PI: <- PFile:Indy:
:O2: :1600SW: :O2: :1600SW: :Octane2: :Octane: :Octane: :Octane: :Onyx2: :O2000R:

Amiga 4000 060 & PPC with toaster/flyer
Mac Intel imac 24inch (dual 3 G), MacG4 Quicksilver 2002 w Dual 1.8G (LEOPARD)
G4 GigE Dual 500 (TIGER/OS9), imac G3 (PANTHER)

Sun Ultra 60, SunBlade 2000 Dual 1G (SOLARIS 10)

PC Gateway DualCore, and other lowly PC's (laptops)
Qube3, RaQ4's,Audiotron,Magnia

User avatar
pinball_0
Posts: 206
Joined: Sat Nov 10, 2007 3:06 am
Location: North Liberty, IA

Re: Wow, just got a sgi230 .. some security!!

Unread postby pinball_0 » Tue Jan 08, 2008 6:05 pm

well it did belong to pratt whitney as disvored through ip addressing scheme, and thanks to whats my ip

also found that it was the l3 controller for an origin 3000 system possibly two or three

one known as violet (141.119.204.90) a 4 proc 400 mhz 4 gig machine
another known as viola (141.119.204.91) which was a 64 proc/400mhz origin 3000 with 64Gig of mem and piles of hard drives

and one known as verbena (141.119.204.92) unknown info about it

and their servers gateway way at 141.119.119.120




anyway that was interesting and worth the $$$ forthe hardware and dissection :)

-legal hacking- through ones OWN machine acquired through purchase.
:Indigo2: :Indigo2: :Indigo2IMP: :Fuel: :Fuel: :Fuel: :320: :PI: :PI: <- PFile:Indy:
:O2: :1600SW: :O2: :1600SW: :Octane2: :Octane: :Octane: :Octane: :Onyx2: :O2000R:

Amiga 4000 060 & PPC with toaster/flyer
Mac Intel imac 24inch (dual 3 G), MacG4 Quicksilver 2002 w Dual 1.8G (LEOPARD)
G4 GigE Dual 500 (TIGER/OS9), imac G3 (PANTHER)

Sun Ultra 60, SunBlade 2000 Dual 1G (SOLARIS 10)

PC Gateway DualCore, and other lowly PC's (laptops)
Qube3, RaQ4's,Audiotron,Magnia

SAQ
Posts: 5758
Joined: Wed Jul 19, 2006 8:37 am
Location: Renton, WA

Re: Wow, just got a sgi230 .. some security!!

Unread postby SAQ » Tue Jan 08, 2008 9:59 pm

pinball_0 wrote:-legal hacking- through ones OWN machine acquired through purchase.


Still, it's not considered nice or cricket to post the details of other people's networks without their permission. This kind of behavior tends to encourage companies to go the "crush it just in case" route.

I'll defer to the professionals here, though.
Damn the torpedoes, full speed ahead!

There are those who say I'm a bit of a curmudgeon. To them I reply: "GET OFF MY LAWN!"

:Indigo: :Octane: :Indigo2: :Indigo2IMP: :Indy: :PI: :O3x0: :ChallengeL: :O2000R: (single-CM)

User avatar
jan-jaap
Posts: 4034
Joined: Thu Jun 17, 2004 11:35 am
Location: Wijchen, The Netherlands

Re: Wow, just got a sgi230 .. some security!!

Unread postby jan-jaap » Wed Jan 09, 2008 3:50 am

pinball_0 wrote:I found it as evidently connected to some real MIPS hardware and had logged hinv and some configuration and processes...

VERY INTERESTING... a 64CPU 65Gig machine on 16 nodes called violet1
and several other configurations of mips SGI's

This system was probably used as an L3 controller to the MIPS systems.

so if anyone interested I can post these "logs" for interesting reading.

That's unethical, if you ask me. Even if they were stupid.
Now this is a deep dark secret, so everybody keep it quiet :)
It turns out that when reset, the WD33C93 defaults to a SCSI ID of 0, and it was simpler to leave it that way... -- Dave Olson, in comp.sys.sgi

Currently in commercial service: Image :Onyx2:(2x) :O3x02L:
In the museum: almost every MIPS/IRIX system.
Wanted: GM1 board for Professional Series GT graphics (030-0076-003, 030-0076-004)

User avatar
pinball_0
Posts: 206
Joined: Sat Nov 10, 2007 3:06 am
Location: North Liberty, IA

Re: Wow, just got a sgi230 .. some security!!

Unread postby pinball_0 » Wed Jan 09, 2008 5:16 am

your right it was an L3 controller must have been a package deal when they got their servers.

and I have killed out the routing information as I have it now on my network.

there wasn't anything there to compromise their system and addresses aren't too much concern.. so worry not.
:Indigo2: :Indigo2: :Indigo2IMP: :Fuel: :Fuel: :Fuel: :320: :PI: :PI: <- PFile:Indy:
:O2: :1600SW: :O2: :1600SW: :Octane2: :Octane: :Octane: :Octane: :Onyx2: :O2000R:

Amiga 4000 060 & PPC with toaster/flyer
Mac Intel imac 24inch (dual 3 G), MacG4 Quicksilver 2002 w Dual 1.8G (LEOPARD)
G4 GigE Dual 500 (TIGER/OS9), imac G3 (PANTHER)

Sun Ultra 60, SunBlade 2000 Dual 1G (SOLARIS 10)

PC Gateway DualCore, and other lowly PC's (laptops)
Qube3, RaQ4's,Audiotron,Magnia

User avatar
Gray Fox
Posts: 887
Joined: Sun Sep 05, 2004 2:17 pm
Location: Beatrice, NE, USA

Re: Wow, just got a sgi230 .. some security!!

Unread postby Gray Fox » Tue May 06, 2008 12:08 pm

pinball_0 wrote:I bought a sgi 230 (800mhz PIII). Go it fired it up... booted up to Red 7.1 and had login screen. Thinking I am NOT going to get in to snoop, thought I'd try logging in as root with no passwd... no success, so tried one more time as root and passwd as root


I think admins make it too easy for passwords. When I was back in school, our admin used the word hammer for the administrator password and for the bios password. He didnt even care if people had it really. He never changed it. I knew it from 9th grade till I completed school and it always been the same. Probably still is the same up to today.

2ndadamdick
Posts: 92
Joined: Tue Oct 09, 2007 12:14 pm

Re: Wow, just got a sgi230 .. some security!!

Unread postby 2ndadamdick » Tue May 06, 2008 5:44 pm

Gray Fox wrote:
pinball_0 wrote:I bought a sgi 230 (800mhz PIII). Go it fired it up... booted up to Red 7.1 and had login screen. Thinking I am NOT going to get in to snoop, thought I'd try logging in as root with no passwd... no success, so tried one more time as root and passwd as root


I think admins make it too easy for passwords. When I was back in school, our admin used the word hammer for the administrator password and for the bios password. He didnt even care if people had it really. He never changed it. I knew it from 9th grade till I completed school and it always been the same. Probably still is the same up to today.


I think almost everybody now is getting better about passwords - in fact the government and educational institutions in Canada go to the other extreme and are often complete fanatics about passwords (even the ordinary job) often to the point of making the password much too diffucalt for the non-kodak memory equipment (no dictionary words, palindromes, reverse dictionary words, 8 characters or more, no embedded dates and must contain both letters and numbers) - sometimes even 8-12 digit random passwords - that the exact oppisite is the results and you see little hand written notes on the back of the machine, under the desk, organizer etc ....

It's a bit different now though - it's almost impossible to put any machine on the internet without it being scanning by robots many times a day looking for weak passwords. I've never had anything intentional but I work with allot of small companies in my little home town - and it's very to boss around the boss who used to being master of his domain and sometimes they'll use a password that's work just to prove a point (which ends up proving my point). It's normally not the root account that's compromised (I make a uniqie password for each customers root access) and the handfull of times it's happened it's been just to send spam

The *time* time I even had root compromised was one of the first firewalls, development machine to a accounting network. This machine just had some Script-Kiddy programs/scripts to hack other machines and upload the results - but he did a terrible job cleaning up his tracks. And it turns out that wasn't even a weak password - that was in the early days of Linux meets Internet meets ScriptKiddys and they got into the system from one of the many buffer-overflows that existed back then (it was one of the rpc daemons). Now thankfully privilege separation has become standard - or a standard option with many key packages and it's much easier to chroot jail them to limit the damage (plus many daemons have traps to try and detect unknown buffer overflow exploits) plus I was being kind of lazy not uing xinetd to limit many services to loadl only, or just commenting them out of inetd.conf all together !

User avatar
Hakimoto
Moderator
Moderator
Posts: 2483
Joined: Sun Mar 30, 2003 4:29 am
Location: Kabul, Afghanistan, Asia
Contact:

Re: Wow, just got a sgi230 .. some security!!

Unread postby Hakimoto » Tue May 06, 2008 11:04 pm

jan-jaap wrote:That's unethical, if you ask me. Even if they were stupid.


I completely agree. That should not be done. At least not here on nekochan.


Return to “SGI: Security”

Who is online

Users browsing this forum: No registered users and 1 guest