[Tfug] Cracking a root password?
Bexley Hall
bexley401 at yahoo.com
Fri Sep 14 12:22:08 MST 2007
--- Rich <r-lists at studiosprocket.com> wrote:
> On Sep 12, 2007, at 4:58 pm, Bexley Hall wrote:
>
> > The "tried and true" scheme for even *nasty* UN*X
> > boxen (e.g., Solaris -- that won't even let you
> > *into* single user mode without root's
> > credentials) is to boot off a CD (or another
> > "system" disk) and overwrite /etc/passwd et al.
> > with a known /etc/passwd.
> If you have access to the hardware, you own it.
>
> However, if you don't know how to own it, you're at
> the mercy of the
> last sysadmin. For example, password protected BIOS,
> OpenFirmware,
There are ways around many of these (e.g., many
BIOS's have trapdoors; others rely on CMOS to
store the password; etc.).
> etc. will stop you being able to boot off other
> media, but whip out
> that disk and stuff it in a box where you have root,
> and you're away.
Yup. I am a big fan of external disk drives for
that very reason! It is *so* much easier to
*physically* mount a drive on a different machine
to do some things (e.g., without having to rely
on that original machine being able to mount
the drive itself!)
> > Now, if what you are *really* asking is "what did
> > the other guy *use* as his password, that's a
> > different problem to solve! :>
> Yeah, just gimme a big enough cluster and 67
> years...
>
> Or I'll guess it was "p at ssw0rd". Gee, the stories I
> could tell and won't...
I always thought it was "qwerty"...
____________________________________________________________________________________
Catch up on fall's hot new shows on Yahoo! TV. Watch previews, get listings, and more!
http://tv.yahoo.com/collections/3658
More information about the tfug
mailing list