More on ROOT password recovery

More on ROOT password recovery

Post by nikonpledg » Sat, 15 Oct 2005 21:12:56



I am working on an Army contract here in Iraq.  I have inherited some
network monitoring systems that are running on Sun V210s with Solaris 9
installed.  The problem is that I do not have the ROOT password.

These are some of the steps I have performed so far.  I restart the
system.  Perform a break sequence on the laptop that I have terminaled
into the server.  I get the ">" prompt.  I then type boor cdrom -s.  At
this point I get the "enter Firmware Password" prompt.  Two questions,
am I in the right place?  and what is the firmware password?

 
 
 

More on ROOT password recovery

Post by Man Cubu » Sat, 15 Oct 2005 21:56:07


The OpenFirmware password blocks you from redirecting the boot sequence from
the default-boot.
Are you sure you want to hack into the army server?

Good God, I thought you have some order there...


Quote:>I am working on an Army contract here in Iraq.  I have inherited some
> network monitoring systems that are running on Sun V210s with Solaris 9
> installed.  The problem is that I do not have the ROOT password.

> These are some of the steps I have performed so far.  I restart the
> system.  Perform a break sequence on the laptop that I have terminaled
> into the server.  I get the ">" prompt.  I then type boor cdrom -s.  At
> this point I get the "enter Firmware Password" prompt.  Two questions,
> am I in the right place?  and what is the firmware password?


 
 
 

More on ROOT password recovery

Post by Mr. Johan Andersso » Sat, 15 Oct 2005 22:12:55



> I am working on an Army contract here in Iraq.  I have inherited some
> network monitoring systems that are running on Sun V210s with Solaris 9
> installed.  The problem is that I do not have the ROOT password.

> These are some of the steps I have performed so far.  I restart the
> system.  Perform a break sequence on the laptop that I have terminaled
> into the server.  I get the ">" prompt.  I then type boor cdrom -s.  At
> this point I get the "enter Firmware Password" prompt.  Two questions,
> am I in the right place?  and what is the firmware password?

Someone installed a firmware password on it, duh!

Start by getting the people responsible for running it before you
inherited it and try to get the passwords from them, as they should have
done with the root password when they transfered the system to you.

If you dont have that option, then your in for some trouble...

It is possible to get around it, but it is a hassle and not worth the time,
as an army outfit your sure to have a sun contract? Give them a call and
they will help you out I am sure.

/Johan A

 
 
 

More on ROOT password recovery

Post by Chris Rid » Sat, 15 Oct 2005 22:32:22


On 14/10/05 2:12, in article



>> I am working on an Army contract here in Iraq.  I have inherited some
>> network monitoring systems that are running on Sun V210s with Solaris 9
>> installed.  The problem is that I do not have the ROOT password.

>> These are some of the steps I have performed so far.  I restart the
>> system.  Perform a break sequence on the laptop that I have terminaled
>> into the server.  I get the ">" prompt.  I then type boor cdrom -s.  At
>> this point I get the "enter Firmware Password" prompt.  Two questions,
>> am I in the right place?  and what is the firmware password?

> Someone installed a firmware password on it, duh!

> Start by getting the people responsible for running it before you
> inherited it and try to get the passwords from them, as they should have
> done with the root password when they transfered the system to you.

Apple's implementation of Open Firmware allows you to circumvent the OF
password if you change the amount of RAM in the box and then reset the
machine's PRAM 3 times.

Try * out some RAM and see what happens.

Cheers,

Chris

 
 
 

More on ROOT password recovery

Post by CJT » Sat, 15 Oct 2005 23:05:09



> I am working on an Army contract here in Iraq.  I have inherited some
> network monitoring systems that are running on Sun V210s with Solaris 9
> installed.  The problem is that I do not have the ROOT password.

> These are some of the steps I have performed so far.  I restart the
> system.  Perform a break sequence on the laptop that I have terminaled
> into the server.  I get the ">" prompt.  I then type boor cdrom -s.  At
> this point I get the "enter Firmware Password" prompt.  Two questions,
> am I in the right place?  and what is the firmware password?

Your best bet, if it's an option, is to temporarily replace the boot
disk drive with a spare (preferably one with a copy of Solaris on it
for which you know the root password -- otherwise you'll have to install
Solaris), boot up from that drive, and use the eeprom command to reset
the firmware to no longer require a password.  Then swap back to the
original disk and proceed as you were.

--
The e-mail address in our reply-to line is reversed in an attempt to

 
 
 

More on ROOT password recovery

Post by Mr. Johan Andersso » Sat, 15 Oct 2005 23:47:35




> > I am working on an Army contract here in Iraq.  I have inherited some
> > network monitoring systems that are running on Sun V210s with Solaris 9
> > installed.  The problem is that I do not have the ROOT password.

> > These are some of the steps I have performed so far.  I restart the
> > system.  Perform a break sequence on the laptop that I have terminaled
> > into the server.  I get the ">" prompt.  I then type boor cdrom -s.  At
> > this point I get the "enter Firmware Password" prompt.  Two questions,
> > am I in the right place?  and what is the firmware password?

> Your best bet, if it's an option, is to temporarily replace the boot
> disk drive with a spare (preferably one with a copy of Solaris on it
> for which you know the root password -- otherwise you'll have to install
> Solaris), boot up from that drive, and use the eeprom command to reset
> the firmware to no longer require a password.  Then swap back to the
> original disk and proceed as you were.

Hmm, if he has a second system, he could pop this disk in as a add-on,
mount and edit and return it to the original system, but that needs
another system into which teh disk would fit as a second or nth disk.

Thsi will not solve the fiormware password problem though, only delay
the effect of it by working around it.

BTW, removing RAM from the system will not reset the firmware password.
you would need to short (in a controllable way) the nvram that has it
stored, not something I recoomend for the normal user.

Better let Sun fix it.

 
 
 

More on ROOT password recovery

Post by CJT » Sun, 16 Oct 2005 00:07:03





>>>I am working on an Army contract here in Iraq.  I have inherited some
>>>network monitoring systems that are running on Sun V210s with Solaris 9
>>>installed.  The problem is that I do not have the ROOT password.

>>>These are some of the steps I have performed so far.  I restart the
>>>system.  Perform a break sequence on the laptop that I have terminaled
>>>into the server.  I get the ">" prompt.  I then type boor cdrom -s.  At
>>>this point I get the "enter Firmware Password" prompt.  Two questions,
>>>am I in the right place?  and what is the firmware password?

>>Your best bet, if it's an option, is to temporarily replace the boot
>>disk drive with a spare (preferably one with a copy of Solaris on it
>>for which you know the root password -- otherwise you'll have to install
>>Solaris), boot up from that drive, and use the eeprom command to reset
>>the firmware to no longer require a password.  Then swap back to the
>>original disk and proceed as you were.

> Hmm, if he has a second system, he could pop this disk in as a add-on,
> mount and edit and return it to the original system, but that needs
> another system into which teh disk would fit as a second or nth disk.

That's true.  He could reset the root password that way and then proceed
with the eeprom command.  But it would take a second system rather than
just a second disk.

Quote:

> Thsi will not solve the fiormware password problem though, only delay
> the effect of it by working around it.

> BTW, removing RAM from the system will not reset the firmware password.
> you would need to short (in a controllable way) the nvram that has it
> stored, not something I recoomend for the normal user.

> Better let Sun fix it.

--
The e-mail address in our reply-to line is reversed in an attempt to

 
 
 

More on ROOT password recovery

Post by Logan Sha » Sun, 16 Oct 2005 03:50:22




>> I am working on an Army contract here in Iraq.  I have inherited some
>> network monitoring systems that are running on Sun V210s with Solaris 9
>> installed.  The problem is that I do not have the ROOT password.

>> These are some of the steps I have performed so far.  I restart the
>> system.  Perform a break sequence on the laptop that I have terminaled
>> into the server.  I get the ">" prompt.  I then type boor cdrom -s.  At
>> this point I get the "enter Firmware Password" prompt.  Two questions,
>> am I in the right place?  and what is the firmware password?

> Your best bet, if it's an option, is to temporarily replace the boot
> disk drive with a spare (preferably one with a copy of Solaris on it
> for which you know the root password -- otherwise you'll have to install
> Solaris), boot up from that drive

It is not preferable to have a copy of Solaris with a known root password
on it; it's required.  You won't be able to install Solaris on the spare
drive on that machine because you can't boot from the CD-ROM, which is
the same reason you can't just reset the original hard disk's root password
in the first place.

   - Logan

 
 
 

More on ROOT password recovery

Post by Casper H.S. Di » Sun, 16 Oct 2005 20:02:07



>> Hmm, if he has a second system, he could pop this disk in as a add-on,
>> mount and edit and return it to the original system, but that needs
>> another system into which teh disk would fit as a second or nth disk.
>That's true.  He could reset the root password that way and then proceed
>with the eeprom command.  But it would take a second system rather than
>just a second disk.

Or, if he can get on the system at all, he could check for unpatched
security issues and break root that way and then clear the eeprom
password and root password.  Still, this points to some procedural error
of some kind.

Casper

 
 
 

More on ROOT password recovery

Post by UNIX admi » Sun, 16 Oct 2005 23:52:20



> I am working on an Army contract here in Iraq.  I have inherited some
> network monitoring systems that are running on Sun V210s with Solaris 9
> installed.  The problem is that I do not have the ROOT password.

> These are some of the steps I have performed so far.  I restart the
> system.  Perform a break sequence on the laptop that I have terminaled
> into the server.  I get the ">" prompt.  I then type boor cdrom -s.  At
> this point I get the "enter Firmware Password" prompt.  Two questions,
> am I in the right place?  and what is the firmware password?

You're BUSTED!
Somebody set the passwd on the OpenBoot PROM, thereby preventing you
from booting into single user mode from the CDROM.  You'll have to
obtain the OBP firmware passwd as set by whoever you inherited these
systems from; some detective work'll be in order, as you'll have to find
the person that administered these systems before you. BUSTED.
 
 
 

More on ROOT password recovery

Post by UNIX admi » Sun, 16 Oct 2005 23:56:48



> It is not preferable to have a copy of Solaris with a known root password
> on it; it's required.  You won't be able to install Solaris on the spare
> drive on that machine because you can't boot from the CD-ROM, which is
> the same reason you can't just reset the original hard disk's root password
> in the first place.

True, but you could take the secondary disk out, put the primary disk in
his place, then he could put his own Solaris disk in place of former
primary disk, then boot the sucker without touching anything (boot path
remains the same, therefore OBP doesn't prompt for the FW password),
then, once booted, mount the former primary disk under /mnt, and go to town.
 
 
 

More on ROOT password recovery

Post by CJT » Mon, 17 Oct 2005 02:38:08





>>> I am working on an Army contract here in Iraq.  I have inherited some
>>> network monitoring systems that are running on Sun V210s with Solaris 9
>>> installed.  The problem is that I do not have the ROOT password.

>>> These are some of the steps I have performed so far.  I restart the
>>> system.  Perform a break sequence on the laptop that I have terminaled
>>> into the server.  I get the ">" prompt.  I then type boor cdrom -s.  At
>>> this point I get the "enter Firmware Password" prompt.  Two questions,
>>> am I in the right place?  and what is the firmware password?

>> Your best bet, if it's an option, is to temporarily replace the boot
>> disk drive with a spare (preferably one with a copy of Solaris on it
>> for which you know the root password -- otherwise you'll have to install
>> Solaris), boot up from that drive

> It is not preferable to have a copy of Solaris with a known root password
> on it; it's required.  You won't be able to install Solaris on the spare
> drive on that machine because you can't boot from the CD-ROM, which is
> the same reason you can't just reset the original hard disk's root password
> in the first place.

>   - Logan

Oops, I think you're right.  Forgive the temporary lapse of logic.

--
The e-mail address in our reply-to line is reversed in an attempt to

 
 
 

More on ROOT password recovery

Post by Greg Brow » Wed, 19 Oct 2005 10:18:24


To reset the OBP password your going to have to get in the programming
menu interface. On the Enterprise class systems (i.e, E3x00 -E6x00) you
will put the key switch DIAG mode and during the extended POST you will
hit the CONTROL-F key and that will drop you into the programming
interface. From there you will have to drill down to reset the
password.  I am not certain about the v210's.

Your other option is to replace the OBP information by swapping out the
System Configuration Card of another v210. There are some disadvantages
to this method if your running Veritas VxVM due to licensing issues or
any other apps for that matter that are licensed by the HostID

Your third option, and perhaps your only option, is to do what the
others above recommends, is to take the drive out of the v210, put it
in another system, boot off the CDROM in single user mode and mount the
root filesystem to /a and vi the /a/etc/shadow file.

Hope this help.

Good luck,

 
 
 

More on ROOT password recovery

Post by Mr. Johan Andersso » Thu, 20 Oct 2005 16:24:54






> >>>I am working on an Army contract here in Iraq.  I have inherited some
> >>>network monitoring systems that are running on Sun V210s with Solaris 9
> >>>installed.  The problem is that I do not have the ROOT password.

> >>>These are some of the steps I have performed so far.  I restart the
> >>>system.  Perform a break sequence on the laptop that I have terminaled
> >>>into the server.  I get the ">" prompt.  I then type boor cdrom -s.  At
> >>>this point I get the "enter Firmware Password" prompt.  Two questions,
> >>>am I in the right place?  and what is the firmware password?

> >>Your best bet, if it's an option, is to temporarily replace the boot
> >>disk drive with a spare (preferably one with a copy of Solaris on it
> >>for which you know the root password -- otherwise you'll have to install
> >>Solaris), boot up from that drive, and use the eeprom command to reset
> >>the firmware to no longer require a password.  Then swap back to the
> >>original disk and proceed as you were.

> > Hmm, if he has a second system, he could pop this disk in as a add-on,
> > mount and edit and return it to the original system, but that needs
> > another system into which teh disk would fit as a second or nth disk.

> That's true.  He could reset the root password that way and then proceed
> with the eeprom command.  But it would take a second system rather than
> just a second disk.

Hmm, I dont think so, I dont think you can reset the firmware password
from the system, if that was possible it would be pointless to have one.
I believe you need the password to be able to reset it.

I might be wrong though, never been stupid enough to set it in the first
place, this since I believe it doesnt add enough security to warrant the
trouble it can make and with the easy ways around it if you have a second
system to mount the disks in anyway.

- Show quoted text -

> > Thsi will not solve the fiormware password problem though, only delay
> > the effect of it by working around it.

> > BTW, removing RAM from the system will not reset the firmware password.
> > you would need to short (in a controllable way) the nvram that has it
> > stored, not something I recoomend for the normal user.

> > Better let Sun fix it.

> --
> The e-mail address in our reply-to line is reversed in an attempt to


 
 
 

More on ROOT password recovery

Post by Darren Dunha » Fri, 21 Oct 2005 06:48:36



Quote:>> That's true.  He could reset the root password that way and then proceed
>> with the eeprom command.  But it would take a second system rather than
>> just a second disk.
> Hmm, I dont think so, I dont think you can reset the firmware password
> from the system, if that was possible it would be pointless to have one.
> I believe you need the password to be able to reset it.

No, once running Solaris, you do not need the old password.

Quote:> I might be wrong though, never been stupid enough to set it in the first
> place, this since I believe it doesnt add enough security to warrant the
> trouble it can make and with the easy ways around it if you have a second
> system to mount the disks in anyway.

Depends on your environment.  We had labs where we could physically
secure the disks with locks, but wanted users to be on the console.
Putting eeprom passwords on the machines did away with lots of ... shall
we say.. experimentation ... that would otherwise tend to require
someone go out and fix later.

Because of known bugs in the OS, I wouldn't regard it as a perfect
security solution, but it was very effective for our purposes.

--

Senior Technical Consultant         TAOS            http://www.taos.com/
Got some Dr Pepper?                           San Francisco, CA bay area
         < This line left intentionally blank to confuse you. >