[nintendoeats]

IRIX doesn't have /bin/bash.

I just meant in many UNIX-like systems, not IRIX specifically.

[Raion]

/bin/bash is a GNU/Linux-ism, so it's not really correct.
/bin/sh itself is what you're technically talking about. This isn't to correct you, it's for the next person's benefit who comes across the thread.

[sgt_barnes]

Yeah, perfect physical security is just not possible, so why bother?

This is how i used to do it with Windows NT back in the days:

Code:

1. Take the harddrive out of the target box and hook it up to another NT computer
2. Open a cmd shell
3. C:\> copy <TargetSystemRoot>\System32\logon.scr .
   C:\> copy <TargetSystemRoot>\System32\cmd.exe <TargetSystemRoot>\System32\logon.scr
4. Swap the disk back, boot the target box to the login prompt, and wait
5. When the screensaver kicks in, type "musrmgr" into th command prompt that appears
6. Use that to change the Administrator password

Works also on Win 2000, IIRC. I had to do that several times for colleagues, friends, and family. And stuff similar to what you did on Solrais, IRIX, and Linux. Nowadays, everybody works with admin rights all the time, so that is not happening any more, but back then it was pretty common.

[Trippynet]

Another trick was to replace the stickykeys executable (sethc.exe) with cmd.exe by booting from a Linux live CD, or a WinPE disk. Boot Windows, press Shift 5 times and an elevated command prompt would appear. It was then pretty trivial to reset the admin password, or create another local admin account. This worked up to and including Windows 7. I used to use it at a previous place of work I contracted at when a machine got kicked out of the domain. Local admin accounts were locked and it was a damn-sight quicker than backing up data and re-imaging the machine.

[ghost180sx]

Anybody else remember l0pht and l0phtcrack? Man, this takes me back...

Yes, I used similar tricks to
a) gain the passwd file from a 486 portable 'laptop' a friend gave me, which had Slackware 1.2 on it. I used johntheripper to decipher his passwords.
b) gain access to a Sparcstation IPX i found that had SunOS 4.1.3_U1 on it. It was fun to poke around the OS and software that hadn't been booted in decades

Have fun!

[vishnu]

Pretty much every OS vendor ever has said publicly that there's way to secure systems that the black hats have physical access to. Network security, yes; everyone tries really hard to thwart remote exploits, physical security, no; they don't even think about it...