18 Jan
2023
18 Jan
'23
10:38 p.m.
On Wed, Jan 18, 2023 at 04:27:50PM +0000, Ron Natalie wrote:
Occassionally, we???d get random other IBM hardware
dropped on us. One day
an RS/6000 showed up. The problem was that they didn???t give us any
indication what the logins were (let alone the root password). Being the
long time security ???investigator??? that I was I started poking around at
the thing while waiting for IBM to call me back. The thing had a key
switch that switched you from power OFF to NORMAL ot a WRENCH icon
(maintenance mode). So I powered it up in the wrench mode. The thing
booted up Unix but rather than a shell gave some maintenance program. I
poked around at the options hoping for something that would be useful for me
without luck. One option was to view the documentation so I brought that
up and it displayed some text. The neat thing (for me) was that it used
???more??? to paginate it. Sure enough, when I got to the end of the first
page, I could just hit ! at the prompt and get a root shell. It was then
pretty easy to get the machine set up to our liking.
Someone once told me that if they had physical access to a Unix box, they
would get root. That has been true forever and it's even more true today,
pull the root disk, mount it on Linux, drop your ssh keys in there or add
a no password root or setuid a shell, whatever, if you can put your hands
on it, you can get in.
--
---
Larry McVoy Retired to fishing http://www.mcvoy.com/lm/boat