Ask at work
> I ran an nmap scan
> on it and it has lots of ports open. I checked a few and they all look
> like default settings. If it helps I can post the open ports. Thanks.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.742 / Virus Database: 495 - Release Date: 8/19/2004
Well, the only ways I know are to
1) Boot a Unix system from floppy, mount the hard drive and edit the
password file
or
2) Boot it up into DOS or from a DOS floppy and then try to find the
password file and edit it.
Neither are much fun. I made up a boot disk for our techs which did (1)
automatically (backed up the password file then set root's password to
nothing). That way the techs could service the boxes when the customer
forgot/lost the root password.
N
>1) Boot a Unix system from floppy, mount the hard drive and edit the
>password file
That is the hard way to do it.
If you can mount the hard drive, then you should be able to
chroot to the mount point. If that is /mnt then a chroot
will make it look like /. Since you are comming off of a floppy
the paths won't be correct, so you just type
/bin/passwd <account>
>or
>2) Boot it up into DOS or from a DOS floppy and then try to find the
>password file and edit it.
That is not recommended. Get the Knoppix live Linux ISO and
boot it and edit from that - but doing it from DOS is the hardest
and potentially the worst.
>Neither are much fun. I made up a boot disk for our techs which did (1)
>automatically (backed up the password file then set root's password to
>nothing). That way the techs could service the boxes when the customer
>forgot/lost the root password.
Well if the customer has their own root password, the program
should backup up the file, let the tech work, and then restore
the password file.
--
Bill Vermillion - bv @ wjv . com
> Well if the customer has their own root password, the program
> should backup up the file, let the tech work, and then restore
> the password file.
It's amazing how often the customer loses the password! I always keep a copy
myself, just in case. One time one of the other reps went out to work on a
system I had set up. After a while he phoned me up and asked for the
password - customer had lost it. I said "It's mEf!3oO%" (or whatever). He
replied, "I never would have guessed that". I was speechless! What did he
expect, the customer's name spelled backwards?
>> Well if the customer has their own root password, the program
>> should backup up the file, let the tech work, and then restore
>> the password file.
>It's amazing how often the customer loses the password! I always
>keep a copy myself, just in case. One time one of the other reps
>went out to work on a system I had set up. After a while he
>phoned me up and asked for the password - customer had lost it.
>I said "It's mEf!3oO%" (or whatever). He replied, "I never would
>have guessed that". I was speechless! What did he expect, the
>customer's name spelled backwards?
I'd worry about having the person who said "I'd never have guesses
that" put passwords in any system.
The problem of course is having a password that is easy to remember
- even if you are using some phrase to generate a nmnemonic -
versus one that has to be written down. At one site there were two
of us who knew the passwords for many machines - and for emergency
they were written down and sealed in the safe in the data
department. That way in an emergency if someone had to have a
password it was there. The rule that if it was ever opened to get
a password, all passwords on the list would be change, and a new
list generated and sealed.
On one system that I have to access rarely and don't want to write
down the password - I have a long but easily remembered password -
and it uses some of the hacker tricks of substituting numbers for
letters.
It's remembered a six digits - actually a date - but where it
differs from the TV shows where you see somone trying the dates
of significant events in the person's live whose machine they are
trying to crack - and in differing orders - you remember it
as a simple date 101385 as an example.
But it is entered at
0n3z3r00n3thr3331ght41v3
That of course will almost surely eliminate the typical cracking
attempts - I don't claim it is perfect - but it is sufficiently
easy to remember without being guessable. And you vary it with
a long number by doing such things as alternating numbers would not
be spelled out.
Of course you have to have a system that uses all password
characters entered. Some will let you enter arbitrary lenght long
passwords but truncate all past the first eight, and those won't
do.
I've tested this system that I'm on at well over 40 characters -
and they all must match. The limit here is 128 characters for
the password.
Bill
...
> Of course you have to have a system that uses all password
> characters entered. Some will let you enter arbitrary lenght long
> passwords but truncate all past the first eight, and those won't
> do.
>
> I've tested this system that I'm on at well over 40 characters -
> and they all must match. The limit here is 128 characters for
> the password.
...
Almost all those I've worked on have been SCO so only the first eight
matter.
NM
Only the first eight matter BY DEFAULT. That's easily changed, and I'm
sure has been on many SCO systems. See
http://aplawrence.com/SCOFAQ/FAQ_scotec1passwordlen.html
--
Tony Lawrence
>Almost all those I've worked on have been SCO so only the first eight
>matter.
Which is outdated IMO. I used to work on 99% SCO systems from
the time the old Radio Shack / Tandy Model 16/6000s were being
replaced with Intel based machines. But there were a lot of Unix
systems extant then.
And in some of the early systems there were problems in uucp
connections if the system name exceeded 7 letters. Early DNS
could not have a number to start the domain name either. That
wasn't just SCO.
But as far as SCO goes I have one place that I need to add
another printer to next week - and when the vendor finishes the
software - it's about 2 years behind schedule that one will go
away. Another finishes up a conversion and the new machine and SW
is in and that SCO will be decommisioned about Sept 1.
And that will be the end of any SCO systems I have to work upon.
The SW on that last machine is pretty amazing. The database
application they were running on their SCO system was about $35K
as I recall. I don't know the cost of the app on the new SuSE
machine, but I got the impression it was over $75K. But there was
no off-the-shelf SW and it does far more than their original
program - which was on top of one of business basic variants.
Thanks for that link. Since my SCO sites are dwindling I had not
realized that had changed. I personally think the default should
be larger in this day and age.
On the beasties I maintain default is 128 characters unless you
recompile things. You could enter a short poem as a password with
that length :-)