Getting Started, Documentation, Tips & Tricks

A friend of mine is an IT director for a school, and handed me an Indy. I am told it has 256MB of RAM and an R5000 processor. The good news is that it boots! It went right to the login screen. It seems to be running Irix 5.2. The bad news is that all usernames and passwords have long been forgotten. So, my quesiton is: What can I do with this? I do not have any installation media. (Or a cd drive, for that matter) It does have an ethernet adapter.

I would prefer to install Irix 6.5, but if that is not possible, I have heard that there is a version of Gentoo that will work with it. I like the massive CRT that it came with.

Any suggestions?

One of these should be able to present you with a nice shiny root shell: http://www.exploit-db.com/platform/?p=irix

Most of those look like you need local access already. However, this one looks very promising: http://www.exploit-db.com/exploits/20149/ ... assuming it's running Telnetd, assuming you know its IP (or arp -a might be able to tell you).

It also looks like you can execute arbitrary commands on the box through in.lpd using http://www.exploit-db.com/exploits/10033/ (look at the socket code; you don't need Metasploit to actually do what it's doing), again with similar assumptions.

To crack into my own Indy, I ended up mounting the filesystem r/w and changing the password file from install media, but obviously you need install media for that.

Good luck! It sounds like a nice box!

Correct me if I'm wrong, but wasn't root-password on single user mode required only for post 6.5?

Put your location in your profile. For all we know, you're three blocks away from another SGI owner who would be happy to stick your Indy drive into their Fuel, blow away the passwords and hand it back to you.

I think 5.2 is new enough to require the password for single-user mode.

You can get a Linux distro that has EFS read-only support and SGI disklabel support, grab the password file, and run it through John. For 5.2 it's a basic passwd, so should be fast on any modern h/w.

Or then there's always the "I don't have anything that reads that" approach for UNIX machines. Open the disk on a hex editor, search for the string ":0:0:", then either snag the password to run through John or replace it with a known password (you need to have a compatible version, so don't use the password from your new UNIX box using Blowfish or whatever.

First things first: check if the guest account is active, and allows you access.

"Guest" "4Dgifts" and "EZSetup" are the most common unpassworded accounts, but if your friend's department is halfway competent and managed that particular Indy they won't be active.

If it really is a R5000 model it will be running no less than "5.3 for Indy Including R5000" or 6.2. In either case you'll probably find 6.5 a less frustrating experience (more software available in tardists, more people know their way around it, newer patches), so you might want to start looking for a copy.