Dan Gahlinger wrote:
actually, you do. to do an "interactive
login" you need a valid
license.
Not as SYSTEM on OPA0:. Quite what counts as OPA0: on workstation
depends on how your console switch is set.
otherwise you need to do the password bypass method
I used B/R5 break method, set /startup opa0:, set writesysparams 0,
continue, spawn after that run authorize, change password. logout,
login, failed.
thats what the openvpn faq suggests, and I believe I've used it
before.
There are, as always, gotchas and quid-pro-quos.
The FAQ tells you to:
I used B/R5 break method, set /startup opa0:, set
writesysparams 0,
continue, spawn
OK.
after that run authorize, change password. logout
No. It's more like:
$ SPAWN
$ @SYS$SYSTEM:STARTUP
Then, when that's done, you
$ SET DEFAULT SYS$SYSTEM
If you don't do that bit you probably end up creating a new
UAF file in whatever directory you left yourself in. Then
you'll quite happily go and modify that, but the system won't use it!
Now you can run authorize and fiddle.
But even there you need to do a SHOW SYSTEM afterwards and make sure
that
it hasn't been DISUSER'd or whatever through too many failed attempts or
some other bad flag hasn't been set.
It's also possible (although generally unlikely) that the system uses
an alternate UAF.
Have another go .. at least this system works!
Antonio
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.21.0/1296 - Release Date:
24/02/2008 12:19