SunOS 2.4 Exploit

David Griffith dave at 661.org
Thu Dec 13 01:40:01 CST 2018


My reply is at the bottom.
Please put your reply there too.
On Mon, 10 Dec 2018, Christian Corti via cctalk wrote:
> On Sun, 9 Dec 2018, Ken Seefried wrote:
>> I believe SunOS 2.4 is old enough all you need to do is delete the
>> password hash from /etc/passwd to log in without a password.
>
> Please tell me more: what is SunOS 2.4?
> I know of SunOS (1.x, 2.0, 3.x, 4.x) and Solaris (1.x and 2.x).
> Or do you mean Solaris 2.4 (i.e. SunOS 5.4)?

I'm wondering how a Sparcstation was able to run SunOS 2.x.

In any case, Christian, here's something that usually works with any 
flavor of Unix: Mount the drive on some other machine where you have root 
access, then blank the password hash field in /etc/passwd or /etc/shadow, 
depending on where the hash really is.  If the OS on the drive that you're 
trying to break into doesn't like that, figure out the hashing scheme it 
uses, then generate a new hash and put that in.  Since you've managed to 
guess the password of a regular user account, you can use that hash.


-- 
David Griffith
dave at 661.org

A: Because it fouls the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?


More information about the cctech mailing list