Re: 3B2 Disks
- From: "DoN. Nichols" <dnichols@xxxxxxxxxxx>
- Date: 11 Jan 2009 04:04:00 GMT
On 2009-01-11, awesie@xxxxxxxxx <awesie@xxxxxxxxx> wrote:
[Originally posted in comp.sys.att. Forwarded here on recommendation.]
I have a 3b2 that works but whose password has been lost to the ages.
I have a copy of the disk images for the 3b2 including the "System
Essentials" disk, but I need to find a way to get these onto a floppy.
O.K. I've never worked with a 3B2 -- just the 3B1 -- but what
is the floppy size -- 5.25" or 3.5"
If the former, based on how the 3B1 did it, some disks were 8
sectors/track and others were 10 sectors/track. (You can tell based on
how large the whole file is. The boot floppys had to be 8
sectors/track, but once a later OS was in, the rest could be 10 S/T.
8 S/T is a bit easier to manage with a PC, as the standard was 9
S/T, so you could simply not use one per track.
10 S/T was possible with a version of linux on a PC, compiled
with support for the 3B1 floppy format.
The alternative, of course, is to find a way to read the passwd file
off of the 3b2's MFM harddrive.
Best there would likely be a 3B1 or another 3B2 with capability
to read the disk format. The 3B1 was designed for one MFM drive, but
could be modified to handle a second one.
If the system used a SCSI drive (IIRC, there were some with MFM
to SCSI adaptors), you could hang it on another unix box and just access
it in raw mode sector-by-sector until you found the password file.
Or -- could it be that someone left the "guest" account password
free? If so, you can list the password file (it is world readable,
because it needs to be accessed by lots of programs for information
about file ownership and the like), so you should be able to see the
encrypted (really hashed) passwords. You can then copy the one you need
to another system and start attacking it -- with a program like security
program like "crack" or "jack the ripper" (which look for weak passwords
by attacking them, and cracking them if possible), *or* you could
replace the password on the disk by raw disk edits with the hash of a
known one. (They are all the same length until recent systems which
allow other hashing systems.) Just edit in the proper characters one at
a time, then boot from the disk and log in.
I have done both of these with older systems. I used the 3B1 to
attempt possible passwords from /usr/dict/words with a single salt
(extracted from the unknown password) on a Tektronix 6130, and the raw
disk attack on a disk from an Intergraph Interact 32/C (IIRC). That
latter one was a real pain. I got in, but it only had demo copies of
licensed things like the networking and the compilers installed, which
timed out before I was through playing with it. :-(
There may be security holes in the 3B2 like the ones in the 3B1
(the "mail" icon was one of them), but you will need someone more
familiar with the 3B2. (I *keep* tying 3B1 when I mean 3B2 -- shows what
habit my fingers have learned over the years, and not forgotten.
Both of these I have attempted and haven't been successful with. Any
help would be appreciated.
You have my suggestions. What will work depends on what the
hardware is, and how much other hardware you have on hand.
Enjoy,
DoN.
--
Email: <dnichols@xxxxxxxxxxx> | Voice (all times): (703) 938-4564
(too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html
--- Black Holes are where God is dividing by zero ---
.
- Follow-Ups:
- Re: 3B2 Disks
- From: awesie
- Re: 3B2 Disks
- From: Bill Gunshannon
- Re: 3B2 Disks
- References:
- 3B2 Disks
- From: awesie
- 3B2 Disks
- Prev by Date: 3B2 Disks
- Next by Date: Re: 3B2 Disks
- Previous by thread: 3B2 Disks
- Next by thread: Re: 3B2 Disks
- Index(es):
Relevant Pages
|
