[Tfug] Cracking a root password?

Rich r-lists at studiosprocket.com
Wed Sep 12 22:30:07 MST 2007


On Sep 12, 2007, at 4:58 pm, Bexley Hall wrote:

> The "tried and true" scheme for even *nasty* UN*X
> boxen (e.g., Solaris -- that won't even let you
> *into* single user mode without root's
> credentials) is to boot off a CD (or another
> "system" disk) and overwrite /etc/passwd et al.
> with a known /etc/passwd.
If you have access to the hardware, you own it.

However, if you don't know how to own it, you're at the mercy of the  
last sysadmin. For example, password protected BIOS, OpenFirmware,  
etc. will stop you being able to boot off other media, but whip out  
that disk and stuff it in a box where you have root, and you're away.

> Now, if what you are *really* asking is "what did
> the other guy *use* as his password, that's a
> different problem to solve!  :>
Yeah, just gimme a big enough cluster and 67 years...

Or I'll guess it was "p at ssw0rd". Gee, the stories I could tell and  
won't...

R.





More information about the tfug mailing list