On Feb 2, 2018, at 2:49 PM, Ian Finder via cctalk <cctalk@classiccmp.org> wrote:
> I had this experience with a Tadpole N40, running AIX 3.
>
> I simply DD'ed the drive, took the image...
> $ strings aix-machine.img | grep root:
> ...to get the password line.
>
> Dump that into a passwd file and run john (the password cracker utility) on
> it for a couple days.
>
> I don't think Linux can mount the early AIX filesystems directly.
>
> On Thu, Feb 1, 2018 at 8:24 PM, r.stricklin via cctalk <
> cctalk@classiccmp.org> wrote:
>
>>
>> On Feb 1, 2018, at 7:28 PM, Tapley, Mark via cctech wrote:
>>
>>>> Image the hard drive off to a raw file using a linux host with a SCSI
>> HBA?
>>>>
>>>> Once that is done, it might be possible to run a hex editor against the
>> hard drive (one that doesn't copy the contents into RAM) and then search
>> for the password file. From there you can copy the des hash and use rainbow
>> tables / wordfiles to crack it or replace it with a known DES hash?
>>
>> You don't need to do any of these things.
>>
>>> Update, I did locate a CD saying “AIX V4.2.1 for 5765-C34” and this URL:
>>
>> All you need is this disk. You can boot it, and use it to start a
>> maintenance shell, from which you can mount the root filesystem and edit
>> the password file(s) directly. The procedure you found will get you there,
>> easily.
>>
>> ok
>> bear.
>>
>>
>> --
>> until further notice
>>
>>
>
>
> --
> Ian Finder
> (206) 395-MIPS
> ian.fin...@gmail.com
All,
thanks most kindly to all! It is rare in this hobby that I can report
that things went perfectly the first time, but this is one of those times. I
have reset the root password and logged in successfully, and the machine
appears to be responding nominally. I believe I will be using that machine to
push command databases for the re-animated IMAGE spacecraft up the wire to
Goddard Space Flight Center starting Monday morning.
To recap, the system is a Risc System 6000 43P-140 running AIX 4
(possibly 4.1; I will amplify if anyone cares). The CD described above and this
website
http://www-01.ibm.com/support/docview.wss?uid=isg3T1000366
did the trick perfectly. This is a PCI based PowerPC machine. I did need to
obtain an IBMid to read the web page completely.
I have a SCSI2SD which I will probably use as a target for dd,
following the suggestion to back up the hard drive. Hopefully i have time
enough to do my homework to configure that, but as before any pointers will be
welcome.
Again, many thanks for your help!
- Mark
