Please consider a donation to the Higher Intellect project. See https://preterhuman.net/donate.php or the Donate to Higher Intellect page for more info. |
IRIX Root Password Removal
Hard drive edit
If you don't have IRIX media or an install device.
- Remove the drive and put it in an external SCSI enclosure.
- Connect the external enclosure with another system.
- Mount the file system as /tmpmnt or something
Using your preferred text editor edit the password file.
eg
vi /tmpmnt/etc/passwd
Remove the second field in the user root entry, in the file
eg
root:X3df3gut5:0:0:/sbin/ksh root::0:0:/sbin/ksh
If you see a file called /tmpmnt/etc/shadow or there is just an x in the password hash then you are probably seeing shadow passwords. Edit the shadow file and/or google about how shadow passwords work.
Yet another hard drive edit method
If you don't have IRIX media or an install device, or the above method doesn't work due to LDAP, NIS, or something else..
- Remove the drive and put it in an external SCSI enclosure.
- Connect the external enclosure with another system.
- Mount the file system as /tmpmnt or something
- open a winterm and type:
- echo "root" > /tmpmnt/etc/autologin
- shutdown, replace the drive in the original machine, Xdm should automatically ( Autologin ) login into the root account.
- Open a winterm and type "passwd root" ... choose any password you like.
Try Cracking the password file
- Download John the Ripper (JtR)
- Copy the password file to another machine
- run JtR against it.
Just create a one line file (e.g. passwd.txt) using the Irix root password entry from '/etc/passwd' in a text file as follows:
root:H6adwKXXbVszw:0:0:Super-User:/:/bin/tcsh
Then at the Dos prompt command line in XP simply run "john passwd.txt"
If nothing else you can open up the raw device with a hex editor, search for the root string from either password or shadow, and replace it with a known hash from another UNIX box
Try one of the many security holes in IRIX
For example KSHs setuid_exec problem. Copy the /etc/passwd file and edit the root password elsewhere and then copy it back with an exploit. More for fun than a quick or easy resolution.
Depending on which version of Irix is installed, any one of a number of the LSD cracks should be able to get you in:
http://www.securiteam.com/exploits/5HP07202AK.html
Download them all from LSD's site:
milw0rm had a good one for getting in from the login screen, but it doesn't seem to be loading just now:
http://www.milw0rm.com/exploits/265