2 Feb
2018
2 Feb
'18
1:10 p.m.
Hi...
From memory there were a number of remote exploits
against AIX 4.x.x
The most simple were against ftpd.
A quick search found this..
https://www.exploit-db.com/exploits/14409/. This extracts the root user
hash.
Of course if you have local access there is the rlogin vulnerability
against some versions that allowed a normal user to have root privileges
with a trivial command line such as rlogin -l. But my memory is foggy
there.
Should be a fun task. One of the nice things about old operating systems
is that there security is pretty well non existent as.things that were zero
days in the 90s are well known now.
Doug
On 3 Feb. 2018 7:49 am, "Ian Finder via cctalk" <cctalk at
classiccmp.org>
wrote:
I had this experience with a Tadpole N40, running AIX
3.
I simply DD'ed the drive, took the image...
$ strings aix-machine.img | grep root:
...to get the password line.
Dump that into a passwd file and run john (the password cracker utility) on
it for a couple days.
I don't think Linux can mount the early AIX filesystems directly.
On Thu, Feb 1, 2018 at 8:24 PM, r.stricklin via cctalk <
cctalk at classiccmp.org> wrote:
On Feb 1, 2018, at 7:28 PM, Tapley, Mark via cctech wrote:
the
> Image the hard drive off to a raw file using
a linux host with a SCSI
HBA?
>>
>> Once that is done, it might be possible to run a hex editor against hard drive (one that doesn't copy the
contents into RAM) and then search
for the password file. From there you can copy the des hash and use
rainbow
tables / wordfiles to crack it or replace it with
a known DES hash?
You don't need to do any of these things.
> Update, I did locate a CD saying ?AIX V4.2.1 for 5765-C34? and this
URL:
All you need is this disk. You can boot it, and use it to start a
maintenance shell, from which you can mount the root filesystem and edit
the password file(s) directly. The procedure you found will get you
there,
easily.
ok
bear.
--
until further notice
--
Ian Finder
(206) 395-MIPS
ian.finder at gmail.com