26 Feb
2003
26 Feb
'03
4:22 a.m.
On Wed, 26 Feb 2003 Frank Arnold <fm.arnold(a)gmx.net> wrote:
cctech-request(a)classiccmp.org schrieb am 25.02.2003:
This should probably be in an FAQ for RSX.
1. The passwords along with all account information is stored in
LB:[0,0]RSX11.SYS
2. The file is not an ASCII file.
3. Passwords in RSX11M are not encrypted, while passwords in RSX11M+ are.
4. (and this is the important one) to break into an RSX system:
When the system boots, abort the startup script.
(If it asks for the time, press ^Z, if it just runs ahead, press
^C and type ABO AT. (the period is *not* optional)).
Run $ACNT, which is the account managing program.
Change password for a system account (anything with a group number
<= 10)
Reboot, and then log in.
A small explanation:
When the system boots, the console terminal is privileged.
The startup script normally finished by logging out the console.
If you stop it before that, you'll remain logged in at a
privileged terminal.
This can be regarded as a security problem. Normally it wasn't,
since people are not supposed to have access to the console
terminal of a computer. It's locked away inside the computer hall.
If you want to, you can protect yourself against this exploit,
but noone does.
Johnny
Johnny Billquist || "I'm on a bus
|| on a psychedelic trip
email: bqt(a)update.uu.se || Reading murder books
pdp is alive! || tryin' to stay hip" - B. Idol
From: <chu(a)verizon.net>
To: <cctalk(a)classiccmp.org>
Subject: Help with my PDP 11/73
Date: Tue, 25 Feb 2003 12:36:31 -0800
I have gotten my PDP 11/73 to
start up and go through an initialization
script for RSX-11Mplus. However, I do not
know any uids/passwords, so I cannot
login; I can only watch the script go by.
I am able, while the script is running, to break
into MCR and run commands like PDP and DMP.
I am able to dump in octal
some of the files like [0,0]001054.DIR;1.
Does anyone know where the user names/passwords
are stored? My memory says that the maybe
they are not encrypted? Is that so?
The passwords are stored in a file [0,0]RSX11M.sys if I recall it correctley.
Should be a rather small file, just pip it to the printer to see it, it should
be an ASCII-file.
I think that after version 3.2 of rsx11m passwords were encripted, before that,
in plain text. Copy this file to some other media and delete it from your
system disk, After a new cold start you should have an open system. with RUN
$ACNT you can create new user-accounts if you desire.