Hax0ring root on IRIX 6.5

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
User avatar
myrrh
Posts: 172
Joined: Tue Jan 24, 2006 10:10 am
Location: Albuquerque, NM USA

Hax0ring root on IRIX 6.5

Unread postby myrrh » Thu Jan 26, 2006 10:28 am

Greetings.

I've got a newly-arrived Octane which has an existing install of IRIX 6.5 and an unknown root password.

Last night I plugged the system disk into the SCSI card on my Linux box (SuSE 10.0) and attempted to mount it. Mount said it couldn't read the superblock on /dev/sda1. After some head scratching and reading man pages I discovered that mount will only allow a read-only mount of an unclean XFS-formatted disk.

So I ran xfs_repair on /dev/sda1. It said pretty much the same thing, but offered me the option of running xfs_repair -L, which I guess destroys and rebuilds the journal. Figuring I had nothing to lose, I did so.

It worked. I was able to mount the disk read-write. I edited /etc/shadow and changed the root password hash field to "::" (nothing between the colons). Then I shut down and put the system disk back in the Octane and booted it.

No problems booting, so I guess rebuilding the journal worked--this time. But when I tried to log in as "root" with no password, it gave me an error:

"This account has been disabled. Please contact your system administrator."

Talk about a chicken-and-egg problem. Has anyone run into this? What do you do? Thanks.

User avatar
Bluefan
Posts: 586
Joined: Mon Oct 17, 2005 5:20 am
Location: Rekken, the Netherlands
Contact:

Unread postby Bluefan » Thu Jan 26, 2006 10:40 am

maybe the root needs a password, then you could copy a hash from a account you know the password from to the root entry on the irix disk.
:O2:Toika :O2:Myra :O2:Fiona :Octane:Lisa :Octane:Sandra :Indigo2:Danica :Indy:Giana :O200:Lara :O200: :O200:Iona :O2000:Aida

User avatar
josehill
Moderator
Moderator
Posts: 3303
Joined: Mon Jun 06, 2005 9:53 pm
Location: New England, USA
Contact:

Re: Hax0ring root on IRIX 6.5

Unread postby josehill » Thu Jan 26, 2006 10:56 am

myrrh wrote:"This account has been disabled. Please contact your system administrator."

Talk about a chicken-and-egg problem. Has anyone run into this? What do you do? Thanks.

I'd go with Blufan's advice. Alternately, modify the MANDPASS setting in /etc/default/login (although you will probably want to change it back after you are done).

User avatar
myrrh
Posts: 172
Joined: Tue Jan 24, 2006 10:10 am
Location: Albuquerque, NM USA

Unread postby myrrh » Thu Jan 26, 2006 11:19 am

Bluefan wrote:maybe the root needs a password, then you could copy a hash from a account you know the password from to the root entry on the irix disk.


Sounds like an idea ... except that I don't know any of the passwords; I was recently given this machine as part of a truckload of computers.

Is there any chance that Linux uses the same hash algorithm as IRIX? I doubt it, but I thought I'd throw it out there. If that's the case, then I can just copy the root hash from the Linux box.

User avatar
Bluefan
Posts: 586
Joined: Mon Oct 17, 2005 5:20 am
Location: Rekken, the Netherlands
Contact:

Unread postby Bluefan » Thu Jan 26, 2006 12:05 pm

good chance it's the same, and you can't screw anything with it.
If you want to be sure, just get a known hash for another irix system.
:O2:Toika :O2:Myra :O2:Fiona :Octane:Lisa :Octane:Sandra :Indigo2:Danica :Indy:Giana :O200:Lara :O200: :O200:Iona :O2000:Aida


Return to “SGI: Security”

Who is online

Users browsing this forum: No registered users and 1 guest