Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

UnixWare 7.1.1 missing password

3 views
Skip to first unread message

xero visibility

unread,
Aug 19, 2004, 11:36:06 PM8/19/04
to
I recently acquired an IBM Netfinity 5600 from my work because they
upgraded the servers. It's running UnixWare 7.1.1 and i don't know much
else about it. I want to learn more about UnixWare becuase I am used to
Linux and Have never used a commercial nix besides Solaris. I don't have
the login passwords and I was wondering if anybody knew any bootup key
combos or default accounts that i could login with. I ran an nmap scan
on it and it has lots of ports open. I checked a few and they all look
like default settings. If it helps I can post the open ports. Thanks.

Neil Morrison

unread,
Aug 20, 2004, 11:46:27 PM8/20/04
to

"xero visibility" <xe...@earthlink.net> wrote in message
news:41257145...@earthlink.net...

> I recently acquired an IBM Netfinity 5600 from my work because they
> upgraded the servers. It's running UnixWare 7.1.1 and i don't know much
> else about it. I want to learn more about UnixWare becuase I am used to
> Linux and Have never used a commercial nix besides Solaris. I don't have
> the login passwords and I was wondering if anybody knew any bootup key
> combos or default accounts that i could login with.

Ask at work

> I ran an nmap scan
> on it and it has lots of ports open. I checked a few and they all look
> like default settings. If it helps I can post the open ports. Thanks.


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.742 / Virus Database: 495 - Release Date: 8/19/2004


Nicolinux

unread,
Aug 21, 2004, 6:00:20 AM8/21/04
to

"xero visibility" <xe...@earthlink.net> ha scritto nel messaggio
news:41257145...@earthlink.net...

> I recently acquired an IBM Netfinity 5600 from my work because they
> upgraded the servers. It's running UnixWare 7.1.1 and i don't know much
> else about it. I want to learn more about UnixWare becuase I am used to
> Linux and Have never used a commercial nix besides Solaris. I don't have
> the login passwords and I was wondering if anybody knew any bootup key
> combos or default accounts that i could login with.
Mmmmmh,
Social engineering ???
Sure your "work" know about that ?
You should be smarter when you azk those kind of question !
Here some tips
http://www.neworder.box.sk/newsread.php?newsid=11944

xero visibility

unread,
Aug 21, 2004, 8:47:16 PM8/21/04
to
Nobody that works here now would know anything. Chrysler set up the
computer for the dealership. When they swithched out computers, they
just told us to throw everything else away.

Neil Morrison

unread,
Aug 21, 2004, 11:33:10 PM8/21/04
to

"xero visibility" <xe...@nowhere.net> wrote in message
news:4127ECBA...@nowhere.net...

> Nobody that works here now would know anything. Chrysler set up the
> computer for the dealership. When they switched out computers, they

> just told us to throw everything else away.

Well, the only ways I know are to

1) Boot a Unix system from floppy, mount the hard drive and edit the
password file

or

2) Boot it up into DOS or from a DOS floppy and then try to find the
password file and edit it.

Neither are much fun. I made up a boot disk for our techs which did (1)
automatically (backed up the password file then set root's password to
nothing). That way the techs could service the boxes when the customer
forgot/lost the root password.

N

Bill Vermillion

unread,
Aug 22, 2004, 12:25:01 AM8/22/04
to
In article <WtUVc.46741$fz2.3222@edtnps89>,

Neil Morrison <now...@to.me> wrote:
>
>"xero visibility" <xe...@nowhere.net> wrote in message
>news:4127ECBA...@nowhere.net...
>> Nobody that works here now would know anything. Chrysler set up the
>> computer for the dealership. When they switched out computers, they
>> just told us to throw everything else away.
>
>Well, the only ways I know are to

>1) Boot a Unix system from floppy, mount the hard drive and edit the
>password file

That is the hard way to do it.

If you can mount the hard drive, then you should be able to
chroot to the mount point. If that is /mnt then a chroot
will make it look like /. Since you are comming off of a floppy
the paths won't be correct, so you just type
/bin/passwd <account>


>or

>2) Boot it up into DOS or from a DOS floppy and then try to find the
>password file and edit it.

That is not recommended. Get the Knoppix live Linux ISO and
boot it and edit from that - but doing it from DOS is the hardest
and potentially the worst.

>Neither are much fun. I made up a boot disk for our techs which did (1)
>automatically (backed up the password file then set root's password to
>nothing). That way the techs could service the boxes when the customer
>forgot/lost the root password.

Well if the customer has their own root password, the program
should backup up the file, let the tech work, and then restore
the password file.


--
Bill Vermillion - bv @ wjv . com

Neil Morrison

unread,
Aug 22, 2004, 1:22:57 AM8/22/04
to

"Bill Vermillion" <b...@wjv.com> wrote in message news:I2tyr...@wjv.com...

> Well if the customer has their own root password, the program
> should backup up the file, let the tech work, and then restore
> the password file.

It's amazing how often the customer loses the password! I always keep a copy
myself, just in case. One time one of the other reps went out to work on a
system I had set up. After a while he phoned me up and asked for the
password - customer had lost it. I said "It's mEf!3oO%" (or whatever). He
replied, "I never would have guessed that". I was speechless! What did he
expect, the customer's name spelled backwards?

Bill Vermillion

unread,
Aug 22, 2004, 10:05:01 AM8/22/04
to
In article <R4WVc.46765$fz2.22393@edtnps89>,

Neil Morrison <now...@to.me> wrote:
>
>"Bill Vermillion" <b...@wjv.com> wrote in message news:I2tyr...@wjv.com...

>> Well if the customer has their own root password, the program
>> should backup up the file, let the tech work, and then restore
>> the password file.

>It's amazing how often the customer loses the password! I always
>keep a copy myself, just in case. One time one of the other reps
>went out to work on a system I had set up. After a while he
>phoned me up and asked for the password - customer had lost it.
>I said "It's mEf!3oO%" (or whatever). He replied, "I never would
>have guessed that". I was speechless! What did he expect, the
>customer's name spelled backwards?

I'd worry about having the person who said "I'd never have guesses
that" put passwords in any system.

The problem of course is having a password that is easy to remember
- even if you are using some phrase to generate a nmnemonic -
versus one that has to be written down. At one site there were two
of us who knew the passwords for many machines - and for emergency
they were written down and sealed in the safe in the data
department. That way in an emergency if someone had to have a
password it was there. The rule that if it was ever opened to get
a password, all passwords on the list would be change, and a new
list generated and sealed.

On one system that I have to access rarely and don't want to write
down the password - I have a long but easily remembered password -
and it uses some of the hacker tricks of substituting numbers for
letters.

It's remembered a six digits - actually a date - but where it
differs from the TV shows where you see somone trying the dates
of significant events in the person's live whose machine they are
trying to crack - and in differing orders - you remember it
as a simple date 101385 as an example.

But it is entered at

0n3z3r00n3thr3331ght41v3

That of course will almost surely eliminate the typical cracking
attempts - I don't claim it is perfect - but it is sufficiently
easy to remember without being guessable. And you vary it with
a long number by doing such things as alternating numbers would not
be spelled out.

Of course you have to have a system that uses all password
characters entered. Some will let you enter arbitrary lenght long
passwords but truncate all past the first eight, and those won't
do.

I've tested this system that I'm on at well over 40 characters -
and they all must match. The limit here is 128 characters for
the password.

Bill

Neil Morrison

unread,
Aug 22, 2004, 12:28:01 PM8/22/04
to

"Bill Vermillion" <b...@wjv.com> wrote in message news:I2upp...@wjv.com...

...


> Of course you have to have a system that uses all password
> characters entered. Some will let you enter arbitrary lenght long
> passwords but truncate all past the first eight, and those won't
> do.
>
> I've tested this system that I'm on at well over 40 characters -
> and they all must match. The limit here is 128 characters for
> the password.

...

Almost all those I've worked on have been SCO so only the first eight
matter.

NM

Tony Lawrence

unread,
Aug 22, 2004, 1:32:30 PM8/22/04
to
Neil Morrison wrote:
> "Bill Vermillion" <b...@wjv.com> wrote in message
news:I2upp...@wjv.com...
>
> ...
> > Of course you have to have a system that uses all password
> > characters entered. Some will let you enter arbitrary lenght long
> > passwords but truncate all past the first eight, and those won't
> > do.
> >
> > I've tested this system that I'm on at well over 40 characters -
> > and they all must match. The limit here is 128 characters for
> > the password.
> ...
>
> Almost all those I've worked on have been SCO so only the first eight
> matter.


Only the first eight matter BY DEFAULT. That's easily changed, and I'm
sure has been on many SCO systems. See
http://aplawrence.com/SCOFAQ/FAQ_scotec1passwordlen.html
--
Tony Lawrence

Bill Vermillion

unread,
Aug 22, 2004, 5:15:37 PM8/22/04
to
In article <lQ3Wc.46206$X12.27731@edtnps84>,

Neil Morrison <now...@to.me> wrote:
>
>"Bill Vermillion" <b...@wjv.com> wrote in message news:I2upp...@wjv.com...
>
>...
>> Of course you have to have a system that uses all password
>> characters entered. Some will let you enter arbitrary lenght long
>> passwords but truncate all past the first eight, and those won't
>> do.
>>
>> I've tested this system that I'm on at well over 40 characters -
>> and they all must match. The limit here is 128 characters for
>> the password.
>...

>Almost all those I've worked on have been SCO so only the first eight
>matter.

Which is outdated IMO. I used to work on 99% SCO systems from
the time the old Radio Shack / Tandy Model 16/6000s were being
replaced with Intel based machines. But there were a lot of Unix
systems extant then.

And in some of the early systems there were problems in uucp
connections if the system name exceeded 7 letters. Early DNS
could not have a number to start the domain name either. That
wasn't just SCO.

But as far as SCO goes I have one place that I need to add
another printer to next week - and when the vendor finishes the
software - it's about 2 years behind schedule that one will go
away. Another finishes up a conversion and the new machine and SW
is in and that SCO will be decommisioned about Sept 1.

And that will be the end of any SCO systems I have to work upon.

The SW on that last machine is pretty amazing. The database
application they were running on their SCO system was about $35K
as I recall. I don't know the cost of the app on the new SuSE
machine, but I got the impression it was over $75K. But there was
no off-the-shelf SW and it does far more than their original
program - which was on top of one of business basic variants.

Bill Vermillion

unread,
Aug 22, 2004, 5:25:01 PM8/22/04
to
In article <cgalbe$l...@odbk17.prod.google.com>,

Thanks for that link. Since my SCO sites are dwindling I had not
realized that had changed. I personally think the default should
be larger in this day and age.

On the beasties I maintain default is 128 characters unless you
recompile things. You could enter a short poem as a password with
that length :-)

0 new messages