[nintendoeats]

I can understand if this is not something people want to dive into, but I want to be clear that I am only motivated by historical interest. Given that IRIX gave me a warning that the clock had jumped ahead 19 years, I don't think anybody cares much anymore about what's on this drive.

I just obtained an Indigo 2, which came with a working HDD loaded with IRIX 6.2. I am curious what is on it, since that could provide insight into what it was used for (as well as possibly some fun software to play with). Unfortunately the login screen doesn't even provide any account names.

Does anybody have any suggestions of how one might break in? I tried root with the usual lazy passwords (including no password), now I'm wondering if there is anything better than a brute force attack. I'm currently considering extracting the drive from its tray and hooking it up to my Indy to access the files directly, but that wouldn't tell the whole story.

Of course I am going to image this drive regardless, but due to global extenuating circumstances I am unable to access the Linux machine with SCSI I would normally do that with.

Thanks!

[Raion]

/etc/passwd on 6.2 doesn't use shadow passwords, so hooking it up to the Indy, and then replacing the root password with a known crypt() hash should work fine.

You can also transfer the passwd file to another computer and run jacktheripper on it to brute-force the passwd hashes.

on 6.5.22, I know that EZSetup can be logged into with no password. There's probably similar passwordless users.

You can also try hooking it up to the network and using tcpdump/wireshark/glasswire to analyze the traffic coming out of the different ports for it, and then find a suitable exploit to force your way in.

[nintendoeats]

Thanks, those are great directions to look in! I put the drive into an external enclosure and it clicked but did not spin up when I turned on my Indy. I have therefore decided that this is a weekend problem, not a Tuesday night problem. I shall, however, persevere.

[Raion]

Probably SCSI ID issues.

[nintendoeats]

May the record state:

Simply deleting the password hash from \etc\password is sufficient to gain access to the root account. SECURITY!

---

Sadly there doesn't seem to be much on here. I think all the actual files were on either a local drive that was removed, or a network drive. Most of the accounts can't be used, because their associated path in /usr/people/ does not exist.

[kirikoo]

If you have a CD-ROM drive and the IXIX installation disks try this :

Removing the root password
If you are the system administrator and you have forgotten the root password, you
can change it as follows:
1. Push the power button (to shutdown and switch off the SGI)
2. Push the power button again (to switch on the SGI)
3. In the window ‘Starting up the System’:
• Click Stop for Maintenance
4. Click Install System Software
5. In the window ‘Install System Software’:
• Click Local CDROM
• Click Install
6. When the window ‘Insert the installation CDROM’ appears
• Insert the CD “IRIX 6.3 for O2 including R10000” or “IRIX 6.5 Installation
tools” depending on your operating system.
• Wait about 5 seconds for the CD to load
• Click Continue
• Wait until the installation tools have been copied to disk
7. The program inst will start automatically, the prompt will change to Inst>
Inst> admin shroot
The prompt will change again to #:
# passwd
Enter a new password for root.
# exit
Inst> quit
8. Answer the question “Restart? [y,n]“ with y
The computer will now boot.

[nintendoeats]

That is probably an even worse security hole, though in my case not necessary (since I'm already in).

[jan-jaap]

It's worth mentioning that you can put a password on the PROM monitor to close this hole. Yes, you can pull and replace the Dallas chip, but you can put a lock on the lockbar if you're afraid of that (or someone removing the disk from the system).

Basically, if you want 100% security against people with physical access for these systems, you need to yank the network cable and put it in a room with an armed marine guarding the door

[nintendoeats]

It's worth mentioning that you can put a password on the PROM monitor to close this hole. Yes, you can pull and replace the Dallas chip, but you can put a lock on the lockbar if you're afraid of that (or someone removing the disk from the system).

Basically, if you want 100% security against people with physical access for these systems, you need to yank the network cable and put it in a room with an armed marine guarding the door

A few hours ago, I was talking to somebody who pointed out that you can bypass root by setting init =/bin/bash . That led me down a path of searching that led to an interesting discussion about security that was along similar lines. I hadn't really thought about security of a computer in quite this way before; I didn't consider that it might be acceptable in an industrial environment for physical security to be a substitute for software security. Under many circumstances, I can see how that is reasonable.

[Raion]

IRIX doesn't have /bin/bash.