IBM

Breaking in to an inherited AIX installation

aperezbios
From San Francisco Bay Area Peninsula
Who joined March 20, 2009, 9:40 p.m.
Wrote the following at June 19, 2015, 10:58 a.m...
As mentioned in another thread, I picked up an IBM RS/6000 7043-140, a 266MHz based 604e, and it came with an install of AIX 4.2 on a hellaciously-loud 4GB SCSI-II drive. I'd like to know if there's any equivalent in AIX-land to what I would do under Linux to recover root access to a machine, eg interrupt boot loader, add "single init=/bin/sh" to the bootargs, and then modify /etc/password and/or shadow.

Suggestions?
uunix avatar
uunix
From Stourbridge / England / UK
Who joined March 27, 2011, 12:48 p.m.
Wrote the following at June 19, 2015, 11:34 a.m...
iirc even booting into single user requires the root password.

Do you have the media disks?
-----------------------------------------------------------------------
Hey Ho! Pip & Dandy!
:Octane2: :Octane2: :O2: :Indy: loft => :Indigo: :540: :Octane: :Octane: :Indy:
nyef
Who joined April 28, 2015, 7:54 p.m.
Wrote the following at June 19, 2015, 11:58 a.m...
Crazy question, but... Can you mount the disk in another machine and hack the password file that way?
Trippynet avatar
Trippynet
From Scotland, UK
Who joined Aug. 15, 2013, 6:22 a.m.
Wrote the following at June 19, 2015, 12:38 p.m...
Yes.

Full instructions are in the Wiki .
Systems in use:
:Fuel: - Lithium : R14000 600MHz CPU, 4GB RAM, V10 Graphics, 36GB 15k HDD & 300GB 10k HDD, New/quiet fans, IRIX 6.5.30
:Indigo2IMP: - Nitrogen : R10000 195MHz CPU, 384MB RAM, SolidIMPACT Graphics, 36GB 15k HDD & 300GB 10k HDD, New/quiet fans, IRIX 6.5.22
Other systems in storage: :O2: x 2, :Indy: x 2
foetz avatar
foetz
Moderator
Who joined April 14, 2003, 4:34 a.m.
Wrote the following at June 19, 2015, 12:45 p.m...
Trippynet wrote: Yes.

Full instructions are in the Wiki .

this is about irix, not aix
r-a-c.de
uunix avatar
uunix
From Stourbridge / England / UK
Who joined March 27, 2011, 12:48 p.m.
Wrote the following at June 19, 2015, 1:35 p.m...
Same would apply if you have another AIX box able to take said drive. I don't think shadow password malarkey was too strong in 4.x ???
-----------------------------------------------------------------------
Hey Ho! Pip & Dandy!
:Octane2: :Octane2: :O2: :Indy: loft => :Indigo: :540: :Octane: :Octane: :Indy:
foetz avatar
foetz
Moderator
Who joined April 14, 2003, 4:34 a.m.
Wrote the following at June 19, 2015, 2:16 p.m...
sure, the general concept goes for all. usually comes down to either booting with the os cd or putting the disk into another machine
r-a-c.de
ClassicHasClass avatar
ClassicHasClass
From Sunny So Cal
Who joined July 25, 2012, 7:12 p.m.
Wrote the following at June 19, 2015, 3:29 p.m...
There are a couple of local attacks you can mount, but you need to have *a* login (I broke into one of my old systems this way when I forgot what the root password was). I believe there are some CDE attacks you can try too, but since you have a real IBM machine, better just to get an AIX disc. You'll need it sooner or later anyway.
smit happens.

:Fuel: bigred , 900MHz R16K, 4GB RAM, V12 DCD, 6.5.30
:Indy: indy , 150MHz R4400SC, 256MB RAM, XL24, 6.5.10
:Indigo2IMP: purplehaze , R10000, Solid IMPACT
probably posted from Image bruce , Quad 2.5GHz PowerPC 970MP, 16GB RAM, Mac OS X 10.4.11
plus IBM POWER6 p520 * Apple Network Server 500 * HP C8000 * BeBox * Solbourne S3000 * Commodore 128 * many more...
Trippynet avatar
Trippynet
From Scotland, UK
Who joined Aug. 15, 2013, 6:22 a.m.
Wrote the following at June 20, 2015, 5:29 a.m...
foetz wrote: this is about irix, not aix


Whoops, so it is. My bad :(
Systems in use:
:Fuel: - Lithium : R14000 600MHz CPU, 4GB RAM, V10 Graphics, 36GB 15k HDD & 300GB 10k HDD, New/quiet fans, IRIX 6.5.30
:Indigo2IMP: - Nitrogen : R10000 195MHz CPU, 384MB RAM, SolidIMPACT Graphics, 36GB 15k HDD & 300GB 10k HDD, New/quiet fans, IRIX 6.5.22
Other systems in storage: :O2: x 2, :Indy: x 2