Lost root password

[pp]

Hi,

I bought a Sun V120 from eBay, but I don't have the root password, the
seller also forgot the password.
All I found in google search is boot from cdrom.
I dont' have a Solaris 10 CD.
Can anyone tell me a way to reset the root password without booting
Solaris 10 CD?

Thanks
S

[SunnySideUp]

This Web site has a step by step process for bypassing the "root" password:

http://www.stsolutions.com/newsletter/ask_al_issue04.html

SunnySide

[Liam Greenwood]

On Thu, 17 May 2007 22:13:45 +1000, pp <p...@mm.org> wrote:
> Hi,
>
> I bought a Sun V120 from eBay, but I don't have the root password, the
> seller also forgot the password.

If it has telnet enabled, and it's not up to date on patches then
you can try the telnet exploit:

telnet -l "-froot" [hostname]

Once logged in, change the password.

Cheers, Liam

[Oscar del Rio]

Download the Solaris CDs or DVD from Sun website and burn them!

You have no idea what trojans/rootkits might be installed in that box,
you do want to reinstall it from scratch, so you need the CDs/DVD anyway.

[Rich Teer]

On Thu, 17 May 2007, SunnySideUp wrote:

> This Web site has a step by step process for bypassing the "root" password:
>
> http://www.stsolutions.com/newsletter/ask_al_issue04.html

Yeah, but it says to boot from a SOlaris CD, which the OP doesn't have...

--
Rich Teer, SCSA, SCNA, SCSECA, OGB member

CEO,
My Online Home Inventory

Voice: +1 (250) 979-1638
URLs: http://www.rite-group.com/rich
http://www.myonlinehomeinventory.com

[Rich Teer]

On Thu, 17 May 2007, pp wrote:

> Can anyone tell me a way to reset the root password without booting Solaris 10
> CD?

Simply put: you don't. Given that you'd be wise to reinstall anyway,
I'd download a copy of Solaris 10 and go from there.

[Bruce Porter]

Use a Solaris 9 CD ?

--
Bruce

"The internet is a huge and diverse community and
not every one is friendly"
http://www.ytc1.co.uk

[Liam Greenwood]

On Thu, 17 May 2007 16:37:59 GMT, Rich Teer <rich...@rite-group.com> wrote:

> On Thu, 18 May 2007, Liam Greenwood wrote:
>
>> If it has telnet enabled, and it's not up to date on patches then
>> you can try the telnet exploit:
>>
>> telnet -l "-froot" [hostname]
>>
>> Once logged in, change the password.
>

> THat won't work out of the box, because by default Solaris doesn't
> allow remote root logins.

As long as the box has the telnet demon running it will work.

Cheers, Liam

[Liam Greenwood]

On 18 May 2007 06:53:45 +1200, Liam Greenwood <li...@nessie.xinqu.net> wrote:
> On Thu, 17 May 2007 16:37:59 GMT, Rich Teer <rich...@rite-group.com> wrote:
>> On Thu, 18 May 2007, Liam Greenwood wrote:
>>
>>> If it has telnet enabled, and it's not up to date on patches then
>>> you can try the telnet exploit:
>>>
>>> telnet -l "-froot" [hostname]
>>>
>>> Once logged in, change the password.
>>
>> THat won't work out of the box, because by default Solaris doesn't
>> allow remote root logins.
>
> As long as the box has the telnet demon running it will work.

Oops.. I just tried it today - and it doesn't. That means I have to
go find the way I got into the boxes I was locked out of again...
Dang, I was sure it was that one :-(

Cheers, Liam

[Darren Dunham]

Richard B. Gilbert <rgilb...@comcast.net> wrote:

> Rich Teer wrote:
>> On Thu, 18 May 2007, Liam Greenwood wrote:
>>
>>

>>>If it has telnet enabled, and it's not up to date on patches then
>>>you can try the telnet exploit:
>>>
>>>telnet -l "-froot" [hostname]
>>>
>>>Once logged in, change the password.
>>
>>

>> THat won't work out of the box, because by default Solaris doesn't
>> allow remote root logins.

> Er, Rich. . . .
> I believe that the point is that IT DOES work "out of of the box".
> There's a bug in unpatched telnet that allows it. Of course it won't
> work if the patch has been installed but it's worth a try.

The 'telnet bug' exists out of the box, but it only allows connections
to accounts that would otherwise accept telnet logins. By default, you
can't telnet to the box as root (with or without a password), so this
particular exploit won't get you root directly.

--
Darren Dunham ddu...@taos.com
Senior Technical Consultant TAOS http://www.taos.com/
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >

[swun...@gmail.com]

On May 18, 2:17 am, Huge <H...@nowhere.much.invalid> wrote:

> On 2007-05-17, SunnySideUp <noem...@no.com> wrote:
>
> > This Web site has a step by step process for bypassing the "root" password:
>
> >http://www.stsolutions.com/newsletter/ask_al_issue04.html
>

> The OP said he doesn't have a Solaris 10 CD. This web site says, as
> step 2;
>
> "insert the Solaris installation CD into the System's CD-ROM drive and type boot
> cdrom"
>
> --
If the telnet froot not work, there is no other way other than insert
a Solaris installation CD to reset the root password?
SS

[Tim Bradshaw]

On 2007-05-17 17:17:40 +0100, Huge <Hu...@nowhere.much.invalid> said:

> The OP said he doesn't have a Solaris 10 CD. This web site says, as
> step 2;

If the OP isn't up to downloading and cutting a CD they probably should
not be allowed too close to computers :-)

[Tim Bradshaw]

On May 18, 9:14 am, Huge <H...@nowhere.much.invalid> wrote:

>
> There seems to be a lot of it about.

I've noticed this too. I figure it's because Solaris is doing really
well with people who live on the moon and they really have awful
bandwidth to the rest of the net.

[SunnySideUp]

I figured I'd add this as a point of reference. It doesn't hurt to have it out there in case someone needs it.

[Rich Teer]

On Thu, 18 May 2007, Liam Greenwood wrote:

> If it has telnet enabled, and it's not up to date on patches then
> you can try the telnet exploit:
>
> telnet -l "-froot" [hostname]
>
> Once logged in, change the password.

THat won't work out of the box, because by default Solaris doesn't
allow remote root logins.

--

[Richard B. Gilbert]

Darren Dunham wrote:
> Richard B. Gilbert <rgilb...@comcast.net> wrote:
>
>>Rich Teer wrote:
>>
>>>On Thu, 18 May 2007, Liam Greenwood wrote:
>>>
>>>
>>>
>>>>If it has telnet enabled, and it's not up to date on patches then
>>>>you can try the telnet exploit:
>>>>
>>>>telnet -l "-froot" [hostname]
>>>>
>>>>Once logged in, change the password.
>>>
>>>
>>>THat won't work out of the box, because by default Solaris doesn't
>>>allow remote root logins.
>>
>
>>Er, Rich. . . .
>>I believe that the point is that IT DOES work "out of of the box".
>>There's a bug in unpatched telnet that allows it. Of course it won't
>>work if the patch has been installed but it's worth a try.
>
>
> The 'telnet bug' exists out of the box, but it only allows connections
> to accounts that would otherwise accept telnet logins. By default, you
> can't telnet to the box as root (with or without a password), so this
> particular exploit won't get you root directly.
>

Rich,

I no longer have an unpatched S10 system to try it on but, when the bug
was first reported, I tried it and it worked! I was in as root. The
S10 system I tried it on was an "out of the box" Solaris 10 1/06 system.
I had done nothing to "lock it down" because there was nothing on it to
protect; physical security and my firewall prevent anyone but my wife
and me from accessing it. My wife has the root password.

[Richard B. Gilbert]

Rich Teer wrote:
> On Thu, 18 May 2007, Liam Greenwood wrote:
>
>
>>If it has telnet enabled, and it's not up to date on patches then
>>you can try the telnet exploit:
>>
>>telnet -l "-froot" [hostname]
>>
>>Once logged in, change the password.
>
>
> THat won't work out of the box, because by default Solaris doesn't
> allow remote root logins.
>

Er, Rich. . . .

[Casper H.S. Dik]

"Richard B. Gilbert" <rgilb...@comcast.net> writes:

>I believe that the point is that IT DOES work "out of of the box".
>There's a bug in unpatched telnet that allows it. Of course it won't
>work if the patch has been installed but it's worth a try.

It still does not allow root logins using -froot.

You'll get "Not on console" if you use -l -froot when the telnetd bug
is present and the system has an otherwise default configuration.

Getting from adm/lp/bin to root is left as an excercise for the reader.

Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.

[Casper H.S. Dik]

Liam Greenwood <li...@nessie.xinqu.net> writes:

>On Thu, 17 May 2007 22:13:45 +1000, pp <p...@mm.org> wrote:
>> Hi,
>>
>> I bought a Sun V120 from eBay, but I don't have the root password, the
>> seller also forgot the password.

>If it has telnet enabled, and it's not up to date on patches then
>you can try the telnet exploit:

>telnet -l "-froot" [hostname]

On a default configuration that does not work for root, though.

Try booting from CD, DVD or net.

Casper

[Alain]

pp a écrit :

> I dont' have a Solaris 10 CD.

Your goal seems suspect.
1) You have an Internet connection since you post here.
2) S10 DVD is available for free at Sun.
3) Burn it and voilà !
4) May be are you searching a problem where there is no problem.

[CJT]

Mount the hard disk on another Sun and delete the password.

--
The e-mail address in our reply-to line is reversed in an attempt to
minimize spam. Our true address is of the form che...@prodigy.net.

[Wolfgang]

pp schrieb:

OBP> boot net ;-)

[Casper H.S. Dik]

"Richard B. Gilbert" <rgilb...@comcast.net> writes:

>I no longer have an unpatched S10 system to try it on but, when the bug
>was first reported, I tried it and it worked! I was in as root. The
>S10 system I tried it on was an "out of the box" Solaris 10 1/06 system.
>I had done nothing to "lock it down" because there was nothing on it to
>protect; physical security and my firewall prevent anyone but my wife
>and me from accessing it. My wife has the root password.

You must have enabled remote root logins. (Believe me I tried this on
100s of systems on Sun's internal network; only a small fraction allowed
-l -froot)