Root password removal

From Nekochan
Jump to: navigation, search

Hard drive edit

If you don't have IRIX media or an install device.

  • Remove the drive and put it in an external SCSI enclosure.
  • Connect the external enclosure with another system.
  • Mount the file system as /tmpmnt or something

Using your preferred text editor edit the password file.

eg

  vi /tmpmnt/etc/passwd

Remove the second field in the user root entry, in the file

eg

  root:X3df3gut5:0:0:/sbin/ksh
  root::0:0:/sbin/ksh


If you see a file called /tmpmnt/etc/shadow or there is just an x in the password hash then you are probably seeing shadow passwords. Edit the shadow file and/or google about how shadow passwords work.

Yet another hard drive edit method

If you don't have IRIX media or an install device, or the above method doesn't work due to LDAP, NIS, or something else..

  • Remove the drive and put it in an external SCSI enclosure.
  • Connect the external enclosure with another system.
  • Mount the file system as /tmpmnt or something
  • open a winterm and type:
    • echo "root" > /tmpmnt/etc/autologin
  • shutdown, replace the drive in the original machine, Xdm should automatically ( Autologin ) login into the root account.
  • Open a winterm and type "passwd root" ... choose any password you like.

Using a install CD-ROM

If you don't have another SGI system (or system that recognizes XFS or EFS).

Covered in this link


Try Cracking the password file

  • Download John the Ripper (JtR)
  • Copy the password file to another machine
  • run JtR against it.


  • Just create a one line file (e.g. passwd.txt) using the Irix root password entry from '/etc/passwd' in a text file as follows:
  • root:H6adwKXXbVszw:0:0:Super-User:/:/bin/tcsh
  • Then at the Dos prompt command line in XP simply run "john passwd.txt"


If nothing else you can open up the raw device with a hex editor, search for the root string from either password or shadow, and replace it with a known hash from another UNIX box

Try one of the many security holes in IRIX

For example KSHs setuid_exec problem. Copy the /etc/passwd file and edit the root password elsewhere and then copy it back with an exploit. More for fun than a quick or easy resolution.

Depending on which version of Irix is installed, any one of a number of the LSD cracks should be able to get you in:

http://www.securiteam.com/exploits/5HP07202AK.html

Download them all from LSD's site:

http://lsd-pl.net/code/

milw0rm had a good one for getting in from the login screen, but it doesn't seem to be loading just now:

http://www.milw0rm.com/exploits/265

Try from the boot loader environment

See: http://crackaddict.com/~nate/hackirix.html