RadarG Posted October 22, 2006 Posted October 22, 2006 I picked up a origin 200 at a yard sale for 15 bucks. I took it home and powered it up. It powered up just fine. The box is headless and the only way that I can log into it is via telnet. I am unable to get in because I dont know the root password. I have ran a few nmap scans and a nessus scan and here is the info below. Any help getting into this box would be most welcome. Thanks C:nmap>nmap -A -v 10.28.216.194 Starting Nmap 3.95 ( http://www.insecure.org/nmap ) at 2006-10-21 22:59 Central Standard Time Initiating ARP Ping Scan against 10.28.216.194 [1 port] at 22:59 The ARP Ping Scan took 0.08s to scan 1 total hosts. Initiating SYN Stealth Scan against 10.28.216.194 [1670 ports] at 23:00 Discovered open port 21/tcp on 10.28.216.194 Discovered open port 23/tcp on 10.28.216.194 Discovered open port 513/tcp on 10.28.216.194 Discovered open port 37/tcp on 10.28.216.194 Discovered open port 19/tcp on 10.28.216.194 Discovered open port 512/tcp on 10.28.216.194 Discovered open port 514/tcp on 10.28.216.194 Discovered open port 7/tcp on 10.28.216.194 Discovered open port 1/tcp on 10.28.216.194 Discovered open port 1025/tcp on 10.28.216.194 Discovered open port 79/tcp on 10.28.216.194 Discovered open port 13/tcp on 10.28.216.194 Discovered open port 111/tcp on 10.28.216.194 Discovered open port 1024/tcp on 10.28.216.194 Discovered open port 9/tcp on 10.28.216.194 The SYN Stealth Scan took 0.83s to scan 1670 total ports. Initiating service scan against 15 services on 10.28.216.194 at 23:00 The service scan took 106.97s to scan 15 services on 1 host. Initiating RPCGrind Scan against 10.28.216.194 at 23:01 The RPCGrind Scan took 0.03s to scan 1 ports on 10.28.216.194. For OSScan assuming port 1 is open, 2 is closed, and neither are firewalled For OSScan assuming port 1 is open, 2 is closed, and neither are firewalled For OSScan assuming port 1 is open, 2 is closed, and neither are firewalled Host 10.28.216.194 appears to be up ... good. Interesting ports on 10.28.216.194: (The 1655 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 1/tcp open tcpmux 7/tcp open echo 9/tcp open discard? 13/tcp open daytime 19/tcp open chargen 21/tcp open ftp SGI IRIX ftpd 23/tcp open telnet IRIX telnetd 6.X 37/tcp open time? 79/tcp open finger SGI IRIX or NeXTSTEP fingerd 111/tcp open rpcbind 2 (rpc #100000) 512/tcp open exec 513/tcp open rlogin 514/tcp open tcpwrapped 1024/tcp open kdm? 1025/tcp open NFS-or-IIS? 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi -bin/servicefp-submit.cgi : SF-Port37-TCP:V=3.95%I=7%D=10/21%Time=453AECC7%P=i686-pc-windows-windows%r SF:(NULL,4,"xc8xe5k`")%r(GenericLines,4,"xc8xe5k`")%r(GetRequest,4,"x SF:c8xe5k`")%r(HTTPOptions,4,"xc8xe5k`")%r(RTSPRequest,4,"xc8xe5k`")% SF:r(RPCCheck,4,"xc8xe5k`")%r(DNSVersionBindReq,4,"xc8xe5k`")%r(DNSSta SF:tusRequest,4,"xc8xe5k`")%r(Help,4,"xc8xe5k`")%r(SSLSessionReq,4,"x SF:c8xe5k`")%r(SMBProgNeg,4,"xc8xe5k`")%r(X11Probe,4,"xc8xe5k`")%r(LP SF:DString,4,"xc8xe5k`")%r(LDAPBindReq,4,"xc8xe5k`")%r(LANDesk-RC,4," SF:xc8xe5k`")%r(TerminalServer,4,"xc8xe5k`")%r(NCP,4,"xc8xe5k`")%r(No SF:tesRPC,4,"xc8xe5k`")%r(WMSRequest,4,"xc8xe5k`")%r(oracle-tns,4,"xc SF:8xe5k`"); MAC Address: 08:00:69:0D:98:78 (Silicon Graphics) No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi). TCP/IP fingerprint: SInfo(V=3.95%P=i686-pc-windows-windows%D=10/21%Tm=453AED36%O=1%C=2%M=080069) TSeq(Class=RI%gcd=20%SI=2E1%IPID=I%TS=2HZ) TSeq(Class=RI%gcd=20%SI=5E5%IPID=I%TS=2HZ) TSeq(Class=RI%gcd=20%SI=4C0%IPID=I%TS=2HZ) T1(Resp=Y%DF=N%W=C000%ACK=S++%Flags=AS%Ops=MNWNNT) T1(Resp=Y%DF=N%W=C000%ACK=O%Flags=AS%Ops=MNWNNT) T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T3(Resp=Y%DF=N%W=C000%ACK=O%Flags=A%Ops=NNT) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Uptime 0.007 days (since Sat Oct 21 22:51:26 2006) TCP Sequence Prediction: Class=random positive increments Difficulty=1216 (Medium) IPID Sequence Generation: Incremental Service Info: Host: erasv01; OS: IRIX Nmap finished: 1 IP address (1 host up) scanned in 130.531 seconds Raw packets sent: 1713 (70.2KB) | Rcvd: 1712 (79.1KB) Tenable Nessus Security ReportTenable Nessus Security Report Start Time:Sun Oct 22 17:26:19 2006 Finish Time:Sun Oct 22 17:30:13 2006 10.28.216.194 10.28.216.19430 Open Ports, 57 Notes, 11 Warnings, 2 Holes. 10.28.216.194[Return to top] sunrpc (111/tcp) Port is open Plugin ID : 11219 The RPC portmapper is running on this port. An attacker may use it to enumerate your list of RPC services. We recommend you filter traffic going to this port. Risk Factor : Low CVE : CVE-1999-0632, CVE-1999-0189 BID : 205 Plugin ID : 10223 RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port Plugin ID : 11111 echo (7/udp) Port is open Plugin ID : 11219 Synopsis : An echo service is running on the remote host. Description : The remote host is running the 'echo' service. This service echoes any data which is sent to it. This service is unused these days, so it is strongly advised that you disable it, as it may be used by attackers to set up denial of services attacks against this host. Solution: - Under Unix systems, comment out the 'echo' line in /etc/inetd.conf and restart the inetd process - Under Windows systems, set the following registry key to 0 : HKLMSystemCurrentControlSetServicesSimpTCPParametersEnableTcpEcho HKLMSystemCurrentControlSetServicesSimpTCPParametersEnableUdpEcho Then launch cmd.exe and type : net stop simptcp net start simptcp To restart the service. Risk Factor : None / CVSS Base Score : 0 (AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N) CVE : CVE-1999-0103, CVE-1999-0635 Plugin ID : 10061 discard (9/udp) Port is open Plugin ID : 11219 daytime (13/udp) Port is open Plugin ID : 11219 Synopsis : A daytime service is running on the remote host Description : The remote host is running a 'daytime' service. This service is designed to give the local time of the day of this host to whoever connects to this port. The date format issued by this service may sometimes help an attacker to guess the operating system type of this host, or to set up timed authentication attacks against the remote host. In addition to that, the UDP version of daytime is running, an attacker may link it to the echo port of a third party host using spoofing, thus creating a possible denial of service condition between this host and a third party. Solution: - Under Unix systems, comment out the 'daytime' line in /etc/inetd.conf and restart the inetd process - Under Windows systems, set the following registry keys to 0 : HKLMSystemCurrentControlSetServicesSimpTCPParametersEnableTcpDaytime HKLMSystemCurrentControlSetServicesSimpTCPParametersEnableUdpDaytime Then launch cmd.exe and type : net stop simptcp net start simptcp To restart the service. Risk Factor : None / CVSS Base Score : 0 (AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N) CVE : CVE-1999-0103 Plugin ID : 10052 chargen (19/udp) Port is open Plugin ID : 11219 time (37/udp) Port is open Plugin ID : 11219 bootps (67/udp) Port is open Plugin ID : 11219 tftp (69/udp) Port is open Plugin ID : 11219 Synopsis : A TFTPD server is listening on the remote port. Description : The remote host is running a TFTPD (Trivial File Transfer Protocol). TFTPD is often used by routers and diskless hosts to retrieve their configuration. It is also used by worms to propagage. Solution: If you do not use this service, you should disable it. Risk Factor : None CVE : CVE-1999-0616 Plugin ID : 11819 sunrpc (111/udp) Port is open Plugin ID : 11219 RPC program #100000 version 2 'portmapper' (portmap sunrpc rpcbind) is running on this port Plugin ID : 11111 snmp (161/udp) Synopsis : The community name of the remote SNMP server can be guessed. Description : It is possible to obtain the default community names of the remote SNMP server. An attacker may use this information to gain more knowledge about the remote host, or to change the configuration of the remote system (if the default community allow such modifications). Solution: Disable the SNMP service on the remote host if you do not use it, filter incoming UDP packets going to this port, or change the default community string. Risk Factor : High Plugin output : The remote SNMP server replies to the following default community strings : public CVE : CVE-1999-0517, CVE-1999-0186, CVE-1999-0254, CVE-1999-0516 BID : 11237, 10576, 177, 2112, 6825, 7081, 7212, 7317, 9681, 986 Other references : IAVA:2001-B-0001 Plugin ID : 10264 Port is open Plugin ID : 11219 Synopsis : The System Information of the remote host can be obtained via SNMP. Description : It is possible to obtain the system information about the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.1.1. An attacker may use this information to gain more knowledge about the target host. Solution: Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. Risk Factor : Low Plugin output : System information : sysDescr : Silicon Graphics Challenge/1 running IRIX64 6.4 sysObjectID : 1.3.6.1.4.1.59.1.1 sysUptime : 0d 4h 30m 20s sysContact : Contact Entry sysName : erasv01 sysLocation : Location Entry sysServices : 72 Plugin ID : 10800 Synopsis : The list of network interfaces cards of the remote host can be obtained via SNMP. Description : It is possible to obtain the list of the network interfaces installed on the remote host by sending SNMP requests with the OID 1.3.6.1.2.1.2.1.0 An attacker may use this information to gain more knowledge about the target host. Solution: Disable the SNMP service on the remote host if you do not use it, or filter incoming UDP packets going to this port. Risk Factor : Low Plugin output : Interface 1 information : ifIndex : 1 ifDescr : Silicon Graphics lo Loopback interface ifPhysAddress : Interface 2 information : ifIndex : 2 ifDescr : ef0 ifPhysAddress : 000000000000 Plugin ID : 10551 shell (514/udp) Port is open Plugin ID : 11219 ntalk (518/udp) Port is open Plugin ID : 11219 kdm (1024/udp) The rstatd RPC service is running. It provides an attacker interesting information such as : - the CPU usage - the system uptime - its network usage - and more Letting this service run is not recommended. Risk Factor : Low CVE : CVE-1999-0624 Plugin ID : 10227 Port is open Plugin ID : 11219 RPC program #100001 version 1 'rstatd' (rstat rup perfmeter rstat_svc) is running on this port RPC program #100001 version 2 'rstatd' (rstat rup perfmeter rstat_svc) is running on this port RPC program #100001 version 3 'rstatd' (rstat rup perfmeter rstat_svc) is running on this port Plugin ID : 11111 ms-lsa (1029/udp) Port is open Plugin ID : 11219 general/tcp Nessus snmp scanner was able to retrieve the open port list with the community name public Plugin ID : 14274 Nessus was not able to reliably identify the remote operating system. It might be: Enterasys XP 2004 10.0 Switch F5 Networks Appliance Juniper M7i Lexmark Printer The fingerprint differs from these known signatures on 2 points. If you know what operating system this host is running, please send this signature to os-signatures@nessus.org : :1:1:1:255:1:255:1:0:255:1:0:255:1:8:255:1:1:1:2:1:1:1:1:1:64:49152:MNWNNT:0:1:1 ($Revision: 1.138 $) Plugin ID : 11936 Information about this scan : Nessus version : 3.0.3 Plugin feed version : 200610201215 Type of plugin feed : Registered (7 days delay) Scanner IP : 10.28.216.192 Port scanner(s) : snmp_scanner synscan Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1 Report Verbosity : 1 Safe checks : yes Max hosts : 20 Max checks : 4 Scan Start Date : 2006/10/22 17:26 Scan duration : 209 sec Plugin ID : 19506 shell (514/tcp) Synopsis : The rsh service is running. Description : The remote host is running the 'rsh' service. This service is dangerous in the sense that it is not ciphered - that is, everyone can sniff the data that passes between the rsh client and the rsh server. This includes logins and passwords. Also, it may allow poorly authenticated logins without passwords. If the host is vulnerable to TCP sequence number guessing (from any network) or IP spoofing (including ARP hijacking on a local network) then it may be possible to bypass authentication. Finally, rsh is an easy way to turn file-write access into full logins through the .rhosts or rhosts.equiv files. You should disable this service and use ssh instead. Solution: Comment out the 'rsh' line in /etc/inetd.conf Risk Factor : Low / CVSS Base Score : 2 (AV:R/AC:H/Au:R/C:P/A:N/I:N/B:C) CVE : CVE-1999-0651 Plugin ID : 10245 Port is open Plugin ID : 11219 login (513/tcp) Synopsis : The rlogin service is listening on the remote port. Description : The remote host is running the 'rlogin' service. This service is dangerous in the sense that it is not ciphered - that is, everyone can sniff the data that passes between the rlogin client and the rloginserver. This includes logins and passwords. Also, it may allow poorly authenticated logins without passwords. If the host is vulnerable to TCP sequence number guessing (from any network) or IP spoofing (including ARP hijacking on a local network) then it may be possible to bypass authentication. Finally, rlogin is an easy way to turn file-write access into full logins through the .rhosts or rhosts.equiv files. You should disable this service and use ssh instead. Solution: Comment out the 'login' line in /etc/inetd.conf Risk Factor : Low / CVSS Base Score : 2 (AV:R/AC:H/Au:R/C:P/A:N/I:N/B:C) CVE : CVE-1999-0651 Plugin ID : 10205 Port is open Plugin ID : 11219 exec (512/tcp) The rexecd service is open. This service is design to allow users of a network to execute commands remotely. However, rexecd does not provide any good means of authentication, so it may be abused by an attacker to scan a third party host. Solution: comment out the 'exec' line in /etc/inetd.conf and restart the inetd process Risk Factor : Medium CVE : CVE-1999-0618 Plugin ID : 10203 Port is open Plugin ID : 11219 finger (79/tcp) The remote finger service accepts to redirect requests. That is, users can perform requests like : finger user@host@victim This allows an attacker to use this computer as a relay to gather information on a third party network. Solution Disable the remote finger daemon (comment out the 'finger' line in /etc/inetd.conf and restart the inetd process) or upgrade it to a more secure one. Risk Factor : Low CVE : CVE-1999-0105, CVE-1999-0106 Plugin ID : 10073 There is a bug in the remote finger service which, when triggered, allows a user to force the remote finger daemon to display the list of the accounts that have never been used, by issuing the request : finger .@target This list will help an attacker to guess the operating system type. It will also tell him which accounts have never been used, which will often make him focus his attacks on these accounts. Here is the list of accounts we could obtain : Login name: operator Directory: /us2/convt01 Shell: /us2/obj/convt.o/shell/sd.menu Never logged in. No Plan. Login name: convert Directory: /us2/convt01 Shell: /us2/obj/convt.o/shell/menu Never logged in. No Plan. Login name: susi Directory: / Never logged in. No Plan. Login name: sebd Directory: / Never logged in. No Plan. Solution: disable the finger service in /etc/inetd.conf and restart the inetd process, or upgrade your finger service. Risk Factor : Medium CVE : CVE-1999-0198 Plugin ID : 10072 The 'finger' service provides useful information to attackers, since it allows them to gain usernames, check if a machine is being used, and so on... Here is the output we obtained for 'root' : Login name: root In real life: Super-User Directory: / Last login at Wed Oct 6, 2004 on ttyb No Plan. Solution: comment out the 'finger' line in /etc/inetd.conf Risk Factor : Low CVE : CVE-1999-0612 Plugin ID : 10068 Port is open Plugin ID : 11219 A finger server seems to be running on this port Plugin ID : 10330 time (37/tcp) Port is open Plugin ID : 11219 A time server seems to be running on this port Plugin ID : 10330 daytime (13/tcp) Port is open Plugin ID : 11219 Synopsis : A daytime service is running on the remote host Description : The remote host is running a 'daytime' service. This service is designed to give the local time of the day of this host to whoever connects to this port. The date format issued by this service may sometimes help an attacker to guess the operating system type of this host, or to set up timed authentication attacks against the remote host. In addition to that, the UDP version of daytime is running, an attacker may link it to the echo port of a third party host using spoofing, thus creating a possible denial of service condition between this host and a third party. Solution: - Under Unix systems, comment out the 'daytime' line in /etc/inetd.conf and restart the inetd process - Under Windows systems, set the following registry keys to 0 : HKLMSystemCurrentControlSetServicesSimpTCPParametersEnableTcpDaytime HKLMSystemCurrentControlSetServicesSimpTCPParametersEnableUdpDaytime Then launch cmd.exe and type : net stop simptcp net start simptcp To restart the service. Risk Factor : None / CVSS Base Score : 0 (AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N) CVE : CVE-1999-0103 Plugin ID : 10052 discard (9/tcp) Port is open Plugin ID : 11219 The remote host is running a 'discard' service. This service typically sets up a listening socket and will ignore all the data which it receives. This service is unused these days, so it is advised that you disable it. Solution: - Under Unix systems, comment out the 'discard' line in /etc/inetd.conf and restart the inetd process - Under Windows systems, set the following registry key to 0 : HKLMSystemCurrentControlSetServicesSimpTCPParametersEnableTcpDiscard Then launch cmd.exe and type : net stop simptcp net start simptcp To restart the service. Risk Factor : Low CVE : CVE-1999-0636 Plugin ID : 11367 echo (7/tcp) Port is open Plugin ID : 11219 An echo server is running on this port Plugin ID : 10330 Synopsis : An echo service is running on the remote host. Description : The remote host is running the 'echo' service. This service echoes any data which is sent to it. This service is unused these days, so it is strongly advised that you disable it, as it may be used by attackers to set up denial of services attacks against this host. Solution: - Under Unix systems, comment out the 'echo' line in /etc/inetd.conf and restart the inetd process - Under Windows systems, set the following registry key to 0 : HKLMSystemCurrentControlSetServicesSimpTCPParametersEnableTcpEcho HKLMSystemCurrentControlSetServicesSimpTCPParametersEnableUdpEcho Then launch cmd.exe and type : net stop simptcp net start simptcp To restart the service. Risk Factor : None / CVSS Base Score : 0 (AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N) CVE : CVE-1999-0103, CVE-1999-0635 Plugin ID : 10061 tcpmux (1/tcp) Port is open Plugin ID : 11219 A tcpmux server seems to be running on this port Plugin ID : 10330 blackjack (1025/tcp) Port is open Plugin ID : 11219 kdm (1024/tcp) Port is open Plugin ID : 11219 RPC program #391002 version 1 'sgi_fam' (fam) is running on this port Plugin ID : 11111 telnet (23/tcp) Synopsis : A telnet server is listening on the remote port Description : The remote host is running a telnet server. Using telnet is not recommended as logins, passwords and commands are transferred in clear text. An attacker may eavesdrop on a telnet session and obtain the credentials of other users. Solution: Disable this service and use SSH instead Risk Factor : Medium / CVSS Base Score : 4 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C) Plugin output: Remote telnet banner: IRIX (erasv01) login: Plugin ID : 10281 Port is open Plugin ID : 11219 A telnet server seems to be running on this port Plugin ID : 10330 ftp (21/tcp) It is possible to gather the real path of the public area of the ftp server (like /home/ftp) by issuing the following command : CWD We determined that the root of the remote FTP server is located under '/us1/obj/anftp.o'. This problem may help an attacker to find where to put a .rhost file using other security flaws. Risk Factor : Low CVE : CVE-1999-0201 Plugin ID : 10087 It is possible to force the FTP server to connect to third parties hosts by using the PORT command. This problem allows intruders to use your network resources to scan other hosts, making them think the attack comes from your network, or it can even allow them to go through your firewall. Solution: Upgrade to the latest version of your FTP server, or use another FTP server. Risk Factor : Medium CVE : CVE-1999-0017 BID : 126 Plugin ID : 10081 Port is open Plugin ID : 11219 An FTP server is running on this port. Here is its banner : 220 erasv01 FTP server ready. Plugin ID : 10330 Synopsis : An FTP server is listening on this port Description : It is possible to obtain the banner of the remote FTP server by connecting to the remote port. Risk Factor : None Plugin output : The remote FTP banner is : 220 erasv01 FTP server ready. Plugin ID : 10092 Synopsis : Anonymous logins are allowed on the remote FTP server. Description : This FTP service allows anonymous logins. If you do not want to share data with anyone you do not know, then you should deactivate the anonymous account, since it can only cause troubles. Risk Factor : Low / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N) CVE : CVE-1999-0497 Plugin ID : 10079 chargen (19/tcp) Port is open Plugin ID : 11219 Chargen is running on this port Plugin ID : 10330 general/icmp Synopsis : It is possible to determine the exact time set on the remote host. Description : The remote host answers to an ICMP timestamp request. This allows an attacker to know the date which is set on your machine. This may help him to defeat all your time based authentication protocols. Solution: filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14). Risk Factor : None / CVSS Base Score : 0 (AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N) Plugin output : The difference between the local and remote clocks is -25 seconds CVE : CVE-1999-0524 Plugin ID : 10114 unknown (844/tcp) RPC program #100083 version 1 is running on this port Plugin ID : 11111 unknown (842/udp) The tooltalk RPC service is running. A possible implementation fault in the ToolTalk object database server may allow an attacker to execute arbitrary commands as root. This warning may be a false positive since the presence of this vulnerability is only * accurately identified with local access. Solution: Disable this service. See Also : CERT Advisory CA-98.11 Risk Factor : High CVE : CVE-1999-0003, CVE-1999-0693 BID : 122, 641 Other references : CERT:CA-98.11 Plugin ID : 10239 The tooltalk RPC service is running. There is a format string bug in many versions of this service, which allow an attacker to gain root remotely. In addition to this, several versions of this service allow remote attackers to overwrite abitrary memory locations with a zero and possibly gain privileges via a file descriptor argument in an AUTH_UNIX procedure call which is used as a table index by the _TT_ISCLOSE procedure. This warning may be a false positive since the presence of the bug was not verified locally. Solution: Disable this service or patch it See Also : CERT Advisories CA-2001-27 and CA-2002-20 Risk Factor : High CVE : CVE-2002-0677, CVE-2001-0717, CVE-2002-0679 BID : 3382, 5082 Other references : IAVA:2001-a-0011, IAVA:2002-b-0005, IAVA:2002-t-0012 Plugin ID : 10787 RPC program #100083 version 1 is running on this port Plugin ID : 11111 general/udp For your information, here is the traceroute from 10.28.216.192 to 10.28.216.194 : 10.28.216.192 10.28.216.194 Plugin ID : 10287 Quote
Sparda Posted October 22, 2006 Posted October 22, 2006 If the question is "How do I get the root password on this computer I bought?" the answer is, reinstall the OS. Your post is too long for me to bother to read. Quote
RadarG Posted October 22, 2006 Author Posted October 22, 2006 I could do that if I had the install cds. I tied a few linux distros for MIPS systems and they didnt seem to work. Quote
Sparda Posted October 22, 2006 Posted October 22, 2006 I could do that if I had the install cds. I tied a few linux distros for MIPS systems and they didnt seem to work. I'm sure you can aquire the CDs one way or another ;) Quote
RadarG Posted October 22, 2006 Author Posted October 22, 2006 last time I checked IRIX install cds weren't the hotest item on piratebay Quote
Sparda Posted October 22, 2006 Posted October 22, 2006 Forgiv me for been cynical, but no one will tell you how to get the password for it, paticulaly if it has to be done remotly for what ever reason, simply for the reason that you could actualy be targeting some elses box. If you where to target some ones actual box and you got cought, who ever told you how to brake in effectivly becomes an acessorie to your crime. Quote
RadarG Posted October 22, 2006 Author Posted October 22, 2006 I understand your point but this is my own box. If I had an ISO that worked I would have all ready nuked it. Seeing how its a MIPS system and headless it makes it a bit difficult. Using your analogy I could use the hacksaw usb and blame hak5. Looks like this a poor hacking forum. Quote
metatron Posted October 22, 2006 Posted October 22, 2006 I would tell you or do it for you but as you’re new, I don’t know if this is your box or not. Quote
Sparda Posted October 22, 2006 Posted October 22, 2006 The hak.5 crew do it as a demonstration, they demonstrate attacks and then surrgest ways in witch you can prevent such attacks. Using the same argument you could say that most of the presenters at defcon should be imprisoned for knowing and showing others how to do potentily illegal stuff. The key word there been potentialy. Surrly there must be some thing physicly on the device that allows you to reset it. Quote
metatron Posted October 22, 2006 Posted October 22, 2006 I can send you a copy of IRIX if you need it. Quote
RadarG Posted October 23, 2006 Author Posted October 23, 2006 I would be most welcome. thank you I sent you a PM. Quote
RadarG Posted October 23, 2006 Author Posted October 23, 2006 Surrly there must be some thing physicly on the device that allows you to reset it. I read two of the manuals that I was able to find. They wanted to use the install cds. Quote
cooper Posted October 23, 2006 Posted October 23, 2006 IRIX 6.4 uses the XFS filesystem by default. Open up the machine, and place its harddisk(s) in your own box, mount it and then edit the passwd file and/or shadow file to suit your preferences. Quote
a5an0 Posted October 23, 2006 Posted October 23, 2006 IRIX 6.4 uses the XFS filesystem by default.Open up the machine, and place its harddisk(s) in your own box, mount it and then edit the passwd file and/or shadow file to suit your preferences. Good call Cooper! I would have just put debian on it! Quote
RadarG Posted October 23, 2006 Author Posted October 23, 2006 Thats a great idea. I never thought of that. The bummer about that way is that I dont have a SCSI controller card. Are you sure this can be done because the system has three hardrives. Could the drives be using RAID? Quote
cooper Posted October 24, 2006 Posted October 24, 2006 Thats a great idea. I never thought of that. The bummer about that way is that I dont have a SCSI controller card. Are you sure this can be done because the system has three hardrives. Could the drives be using RAID? It could be using RAID. You'll know when you hook up the drives. If it is using RAID, chances are it'll be hardware RAID, so you'll know _really_ fast when you hook the drive up to a different machine if it is. Don't worry about it. Just be careful not to write anything to the drive. Quote
degoba Posted October 25, 2006 Posted October 25, 2006 I understand your point but this is my own box. If I had an ISO that worked I would have all ready nuked it. Seeing how its a MIPS system and headless it makes it a bit difficult. Using your analogy I could use the hacksaw usb and blame hak5. Looks like this a poor hacking forum. This isnt a hacking forum. This is the everything else section on the ha5 fan forums. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.