• There has been a recent cluster of spammers accessing BARFer accounts and posting spam. To safeguard your account, please consider changing your password. It would be even better to take the additional step of enabling 2 Factor Authentication (2FA) on your BARF account. Read more here.

Cracking AIX Password

zphreak

zphreak

- - - - - - - -
Joined
May 7, 2004
Location
Elk Grove
Moto(s)
'06 CBR1000RR
Name
Sam
Have an AIX box that we use for an accounting/inventory application. Problem is, the administrator who was with the company we purchased left right before the transition. We have 2 user logins but need root access, need to change the IP on the server for a WAN migration project.

So, question is does anyone know how to crack the password on an AIX 5 box? or want to get paid to do it?
 
That would be for lower case alpha. It will be much longer for mix alpha + numbers + other chars. Remember for each extra character choice time required grows exponentially.

Also, we both assumed he already has the hashes. If he doesn't, he is out of luck with John.
 
Can't you just boot from a CD or the network, mount the root filesystem somewhere and edit /etc/shadow ???
 
Cleanly reboot the server? Why? You've lost the root pw. Time to power cycle and hack root. Simple.

If you've a journaled filesystem that's great. Otherwise, after the system has been idle a few moments hit the big red switch. Get 'er done. This is pedestrian.
Menke said:
How do you cleanly reboot the server without the root pwd?
Click to expand...
 
egrep said:
Cleanly reboot the server? Why? You've lost the root pw. Time to power cycle and hack root. Simple.

If you've a journaled filesystem that's great. Otherwise, after the system has been idle a few moments hit the big red switch. Get 'er done. This is pedestrian.
Click to expand...

I'm very familiar with the process, I just hate to see lost root password escalated into a corrupt accounting db. I'm currently fighting with xfs_repair on a 1.5TB partition, and I think the corruption is going to win.:(

My coupla thoughts -
1. How is the server being backed up? A lot of times root level credentials are embedded in the backup server (usually unencrypted or XORd if you poke around a bit)

2. Contact the old administrator and offer a $250 consulting fee if he can come up with the password.

3. Troll through the previous administrators workstation and see what ssh client he used. Lots of people either save their commonly used ssh sessions with the passwords, or use private key auth without password protecting the keys

4. Have you tried sudo ksh from the two user logins? Sometimes you get lucky.
 
Haven't tried anything.

I know nothing about the server.. the previous admin has said he'll come by but never shows up (he was let go for being unreliable). I've been here about 1.5 years now and his old workstation was gone long before that. It was basically just left running and we rotate the tapes once a month.

haven't tried sudo ksh yet.. will try Monday
 
Frankly, if this takes more than half an hour, reprovision the box.

Of course, folks back up their programs, configurations and other data and they've got runbooks that depict exactly why, where and how their system is built, right? :rofl
Menke said:
I'm very familiar with the process, I just hate to see lost root password escalated into a corrupt accounting db. I'm currently fighting with xfs_repair on a 1.5TB partition, and I think the corruption is going to win.:(

My coupla thoughts -
1. How is the server being backed up? A lot of times root level credentials are embedded in the backup server (usually unencrypted or XORd if you poke around a bit)

2. Contact the old administrator and offer a $250 consulting fee if he can come up with the password.

3. Troll through the previous administrators workstation and see what ssh client he used. Lots of people either save their commonly used ssh sessions with the passwords, or use private key auth without password protecting the keys

4. Have you tried sudo ksh from the two user logins? Sometimes you get lucky.
Click to expand...
 
egrep said:
Frankly, if this takes more than half an hour, reprovision the box.

Of course, folks back up their programs, configurations and other data and they've got runbooks that depict exactly why, where and how their system is built, right? :rofl
Click to expand...

Exactly why I haven't touched it.. I have no idea what's on the box, how it's configured, nothing.. It's running a Petroleum specific application, I'm hoping that the company who was outsourced to manage the box will still have the password. I guess it was 2.5 years ago since they've been in it.
 
You must log in or register to reply here.
Back
Top