SGI: Security

I bought a sgi 230 (800mhz PIII). Go it fired it up... booted up to Red 7.1 and had login screen. Thinking I am NOT going to get in to snoop, thought I'd try logging in as root with no passwd... no success, so tried one more time as root and passwd as root

Lo and behold she opened up... cool snooped a little, got to the user admin console and redid all the user passwords... and continued to snoop... now I have figure out that either Pratt/Whitney Corp owned this or Dodge... not sure which one yet , but

I found it as evidently connected to some real MIPS hardware and had logged hinv and some configuration and processes...

VERY INTERESTING... a 64CPU 65Gig machine on 16 nodes called violet1
and several other configurations of mips SGI's


so if anyone interested I can post these "logs" for interesting reading.

some configurational stuff I had never seen before. and sn of boards
tests that was performed.


TALK ABOUT SECURITY huh?
weak password linked to root



and best of all I think this SGI230 is using the "factory" installed red hat though it must have been upgraded to 7.1

The seller might have set the password as a favour to the buyer. I have bought stuff with the root password deleted. Leaving the rest of the crud on the drive was bit of a corporate no-no.

Regan

this isnt the first time I have found weak passwords as root.

I had gotten a sun ultra1 once that came from a university and it had a root with the password set to the machines name and one of the users logins name was a classroom location and instructors name for password.

I got lucky finding that one out too...


same university also sold me a password protected xerox photocopier... I gounded out all on board batteries... and after it warned me to contact xerox cause of failure it proceeded to reinitialize itself AND after 45 minutes of exercise it came up to ready to copy with the total copy count being 0... making it act like a "NEW" copier.

well it did belong to pratt whitney as disvored through ip addressing scheme, and thanks to whats my ip

also found that it was the l3 controller for an origin 3000 system possibly two or three

one known as violet (141.119.204.90) a 4 proc 400 mhz 4 gig machine
another known as viola (141.119.204.91) which was a 64 proc/400mhz origin 3000 with 64Gig of mem and piles of hard drives

and one known as verbena (141.119.204.92) unknown info about it

and their servers gateway way at 141.119.119.120




anyway that was interesting and worth the $$$ forthe hardware and dissection

-legal hacking- through ones OWN machine acquired through purchase.

Still, it's not considered nice or cricket to post the details of other people's networks without their permission. This kind of behavior tends to encourage companies to go the "crush it just in case" route.

I'll defer to the professionals here, though.

This system was probably used as an L3 controller to the MIPS systems.


That's unethical, if you ask me. Even if they were stupid.

your right it was an L3 controller must have been a package deal when they got their servers.

and I have killed out the routing information as I have it now on my network.

there wasn't anything there to compromise their system and addresses aren't too much concern.. so worry not.

I think admins make it too easy for passwords. When I was back in school, our admin used the word hammer for the administrator password and for the bios password. He didnt even care if people had it really. He never changed it. I knew it from 9th grade till I completed school and it always been the same. Probably still is the same up to today.

I think almost everybody now is getting better about passwords - in fact the government and educational institutions in Canada go to the other extreme and are often complete fanatics about passwords (even the ordinary job) often to the point of making the password much too diffucalt for the non-kodak memory equipment (no dictionary words, palindromes, reverse dictionary words, 8 characters or more, no embedded dates and must contain both letters and numbers) - sometimes even 8-12 digit random passwords - that the exact oppisite is the results and you see little hand written notes on the back of the machine, under the desk, organizer etc ....

It's a bit different now though - it's almost impossible to put any machine on the internet without it being scanning by robots many times a day looking for weak passwords. I've never had anything intentional but I work with allot of small companies in my little home town - and it's very to boss around the boss who used to being master of his domain and sometimes they'll use a password that's work just to prove a point (which ends up proving my point). It's normally not the root account that's compromised (I make a uniqie password for each customers root access) and the handfull of times it's happened it's been just to send spam

The *time* time I even had root compromised was one of the first firewalls, development machine to a accounting network. This machine just had some Script-Kiddy programs/scripts to hack other machines and upload the results - but he did a terrible job cleaning up his tracks. And it turns out that wasn't even a weak password - that was in the early days of Linux meets Internet meets ScriptKiddys and they got into the system from one of the many buffer-overflows that existed back then (it was one of the rpc daemons). Now thankfully privilege separation has become standard - or a standard option with many key packages and it's much easier to chroot jail them to limit the damage (plus many daemons have traps to try and detect unknown buffer overflow exploits) plus I was being kind of lazy not uing xinetd to limit many services to loadl only, or just commenting them out of inetd.conf all together !

I completely agree. That should not be done. At least not here on nekochan.