Very Computer

by **Marius Aamodt Erikse** » Wed, 11 Oct 2000 04:00:00

F> I'm a sys adm at a small company and I really

Quote:> messed, I put roots shell as /sbin/bash in the
> passwd file on Solaris 7, now I cannot login as
> root since the bash shell doesn't exist in that
> directory. This is the company file server, along
> with all the other important services.

> How do I correct this since I have no way of
> writing to the passwd file to change this, I was
> going to boot to single user mode but to shutdown
> you need to be root! I would appreciate any help
> anybody can give me here, including any ways of
> exploiting the system. This box runs to many
> service to just give up and reinstall from the
> cd. However, I don't even know how to boot to a
> cd or diskette. I am in a tight squeeze here.

su -c "sh"

Marius.

by **Marius Aamodt Erikse** » Wed, 11 Oct 2000 04:00:00

> su -c "sh"

su -s `which sh`
would also work

Marius.

by **Chris Harshma** » Wed, 11 Oct 2000 04:00:00

As a regular user (you do know the root password, right?), run:
su root -c /bin/sh

BTW, this newsgroup is full of great reasons to leave root's shell as
/bin/sh.

> I'm a sys adm at a small company and I really
> messed, I put roots shell as /sbin/bash in the
> passwd file on Solaris 7, now I cannot login as
> root since the bash shell doesn't exist in that
> directory. This is the company file server, along
> with all the other important services.

> How do I correct this since I have no way of
> writing to the passwd file to change this, I was
> going to boot to single user mode but to shutdown
> you need to be root! I would appreciate any help
> anybody can give me here, including any ways of
> exploiting the system. This box runs to many
> service to just give up and reinstall from the
> cd. However, I don't even know how to boot to a
> cd or diskette. I am in a tight squeeze here.

--
Chris Harshman

310-840-8967

by **Jefferson Ogat** » Wed, 11 Oct 2000 04:00:00

> I'm a sys adm at a small company and I really
> messed, I put roots shell as /sbin/bash in the
> passwd file on Solaris 7, now I cannot login as
> root since the bash shell doesn't exist in that
> directory. This is the company file server, along
> with all the other important services.

> How do I correct this since I have no way of
> writing to the passwd file to change this, I was
> going to boot to single user mode but to shutdown
> you need to be root! I would appreciate any help
> anybody can give me here, including any ways of
> exploiting the system. This box runs to many
> service to just give up and reinstall from the
> cd. However, I don't even know how to boot to a
> cd or diskette. I am in a tight squeeze here.

Power-cycle, hit L1-A (i.e. hold down L1 or "Stop" on the keyboard, and type
the A key) before kernel load completes to get ok prompt. boot -s to come up
single user. Enter root password for single-user shell. Run fsck until
filesystems are clean. Fix /etc/passwd. Exit single-user shell to go
multi-user. Don't change root's shell again. Just type "bash" at the "#" prompt
if you want to run bash. It's easy.

--
Jefferson Ogata : Internetworker, Antibozo

by **Jefferson Ogat** » Wed, 11 Oct 2000 04:00:00

> > I'm a sys adm at a small company and I really
> > messed, I put roots shell as /sbin/bash in the
> > passwd file on Solaris 7, now I cannot login as
> > root since the bash shell doesn't exist in that
> > directory. This is the company file server, along
> > with all the other important services.

> > How do I correct this since I have no way of
> > writing to the passwd file to change this, I was
> > going to boot to single user mode but to shutdown
> > you need to be root! I would appreciate any help
> > anybody can give me here, including any ways of
> > exploiting the system. This box runs to many
> > service to just give up and reinstall from the
> > cd. However, I don't even know how to boot to a
> > cd or diskette. I am in a tight squeeze here.

> Power-cycle, hit L1-A (i.e. hold down L1 or "Stop" on the keyboard, and type
> the A key) before kernel load completes to get ok prompt. boot -s to come up
> single user. Enter root password for single-user shell. Run fsck until
> filesystems are clean. Fix /etc/passwd. Exit single-user shell to go
> multi-user. Don't change root's shell again. Just type "bash" at the "#" prompt
> if you want to run bash. It's easy.

Sorry, I'm half-asleep here and you sound desperate. Don't bother
power-cycling; just hit L1-A, then type sync, then L1-A again after system
initializion, proceed with boot -s...

--
Jefferson Ogata : Internetworker, Antibozo

by **parkerl5..** » Thu, 12 Oct 2000 10:08:15

I'm a sys adm at a small company and I really
messed, I put roots shell as /sbin/bash in the
passwd file on Solaris 7, now I cannot login as
root since the bash shell doesn't exist in that
directory. This is the company file server, along
with all the other important services.

How do I correct this since I have no way of
writing to the passwd file to change this, I was
going to boot to single user mode but to shutdown
you need to be root! I would appreciate any help
anybody can give me here, including any ways of
exploiting the system. This box runs to many
service to just give up and reinstall from the
cd. However, I don't even know how to boot to a
cd or diskette. I am in a tight squeeze here.

Sent via Deja.com http://www.deja.com/
Before you buy.

by **parkerl5..** » Thu, 12 Oct 2000 12:46:41

When I try to run su with a command it tries to open the shell I have
specified in the passwd file, then it attempts to run the command I have
specified.

When I try :
su root -c /bin/sh
Password:
su: no shell

I have given up trying to get into the machine as root. All I need to
do is halt the computer so I can boot into single user mode. This isnt'
working since root is the only one who can halt or shutdown my
computer. It always gives me a permission denied.

> As a regular user (you do know the root password, right?), run:
> su root -c /bin/sh

> BTW, this newsgroup is full of great reasons to leave root's shell as
> /bin/sh.

> > I'm a sys adm at a small company and I really
> > messed, I put roots shell as /sbin/bash in the
> > passwd file on Solaris 7, now I cannot login as
> > root since the bash shell doesn't exist in that
> > directory. This is the company file server, along
> > with all the other important services.

> > How do I correct this since I have no way of
> > writing to the passwd file to change this, I was
> > going to boot to single user mode but to shutdown
> > you need to be root! I would appreciate any help
> > anybody can give me here, including any ways of
> > exploiting the system. This box runs to many
> > service to just give up and reinstall from the
> > cd. However, I don't even know how to boot to a
> > cd or diskette. I am in a tight squeeze here.

> --
> Chris Harshman

> 310-840-8967

Sent via Deja.com http://www.deja.com/
Before you buy.

by **Peter Sundstro** » Thu, 12 Oct 2000 12:18:14

> F> I'm a sys adm at a small company and I really
> > messed, I put roots shell as /sbin/bash in the
> > passwd file on Solaris 7, now I cannot login as
> > root since the bash shell doesn't exist in that
> > directory. This is the company file server, along
> > with all the other important services.

> > How do I correct this since I have no way of
> > writing to the passwd file to change this, I was
> > going to boot to single user mode but to shutdown
> > you need to be root! I would appreciate any help
> > anybody can give me here, including any ways of
> > exploiting the system. This box runs to many
> > service to just give up and reinstall from the
> > cd. However, I don't even know how to boot to a
> > cd or diskette. I am in a tight squeeze here.

> su -c "sh"

I suggest you try it on your system and see what happens.

by **Rev. Don Koo** » Thu, 12 Oct 2000 04:00:00

> I'm a sys adm at a small company and I really
> messed, I put roots shell as /sbin/bash in the
> passwd file on Solaris 7, now I cannot login as
> root since the bash shell doesn't exist in that
> directory.

Another shining example of why learning pseudo UNIX systems like
LINUX and FreeBSD does not make someone a UNIX system administrator.

Quote:> This is the company file server, along
> with all the other important services.

If it is so important, why did they give you root in the first
place. Did you snow them with your LINUX knowledge or something?

Quote:> How do I correct this since I have no way of
> writing to the passwd file to change this, I was
> going to boot to single user mode but to shutdown
> you need to be root!

This question is asked all the time. Just go back through previous
postings and see the answer. Basically you boot off of your SOLARIS
CD-ROM, mount the root file system and "vi" the password file to
correct your mistake.

Quote:> I would appreciate any help
> anybody can give me here, including any ways of
> exploiting the system. This box runs to many
> service to just give up and reinstall from the
> cd. However, I don't even know how to boot to a
> cd or diskette. I am in a tight squeeze here.

Boot to the CD-ROM by typing "boot cdrom" at the "OK" prompt.

Hope this helps,
Don

--
********************** You a bounty hunter?
* Rev. Don McDonald * Man's gotta earn a living.
* Baltimore, MD * Dying ain't much of a living, boy.
********************** "Outlaw Josey Wales"
http://members.home.net/oldno7

by **BugSpra** » Thu, 12 Oct 2000 04:00:00

On my system you have to specify the user, even if it is root, when
using -c. So the correct syntax would be :
su root -c "sh"

which also crossed my mind when I saw the problem, but I am not goint to
pork my /etc/passwd file to test it ! :)

> F> I'm a sys adm at a small company and I really
> > messed, I put roots shell as /sbin/bash in the
> > passwd file on Solaris 7, now I cannot login as
> > root since the bash shell doesn't exist in that
> > directory. This is the company file server, along
> > with all the other important services.

> > How do I correct this since I have no way of
> > writing to the passwd file to change this, I was
> > going to boot to single user mode but to shutdown
> > you need to be root! I would appreciate any help
> > anybody can give me here, including any ways of
> > exploiting the system. This box runs to many
> > service to just give up and reinstall from the
> > cd. However, I don't even know how to boot to a
> > cd or diskette. I am in a tight squeeze here.

> su -c "sh"

> Marius.

by **Anthony W. Youngma** » Thu, 12 Oct 2000 04:00:00

And just as an extra - something I did for my (linux) system but I
presume it would work well here ...

Create a user called "shutdown", shell "shutdown", user-id 0.

That way you can shut the system down under password control without
needing root password.

-----Original Message-----

Posted At: 11 October 2000 02:08
Posted To: admin
Conversation: Getting to single user mode with out using root
Subject: Getting to single user mode with out using root

I'm a sys adm at a small company and I really
messed, I put roots shell as /sbin/bash in the
passwd file on Solaris 7, now I cannot login as
root since the bash shell doesn't exist in that
directory. This is the company file server, along
with all the other important services.

How do I correct this since I have no way of
writing to the passwd file to change this, I was
going to boot to single user mode but to shutdown
you need to be root! I would appreciate any help
anybody can give me here, including any ways of
exploiting the system. This box runs to many
service to just give up and reinstall from the
cd. However, I don't even know how to boot to a
cd or diskette. I am in a tight squeeze here.

Sent via Deja.com http://www.deja.com/
Before you buy.

by **Chris Harshma** » Thu, 12 Oct 2000 04:00:00

It's ugly, but it will work:
On the console, Stop-A (or, from a serial console, BRK).
At the go> prompt, type 'sync'

Chris

> When I try to run su with a command it tries to open the shell I have
> specified in the passwd file, then it attempts to run the command I have
> specified.

> When I try :
> su root -c /bin/sh
> Password:
> su: no shell

> I have given up trying to get into the machine as root. All I need to
> do is halt the computer so I can boot into single user mode. This isnt'
> working since root is the only one who can halt or shutdown my
> computer. It always gives me a permission denied.

--
Chris Harshman

310-840-8967

by **Chris Matter** » Thu, 12 Oct 2000 04:00:00

NO, it *won't*. You're the second person to post this,
and *it doesn't work.* Period. You *cannot* gain
access to an account with an invalid shell with su,
no matter how you try invoking it.

--
Chris Mattern

> > su -c "sh"

> su -s `which sh`
> would also work

> Marius.

by **jarobin..** » Thu, 12 Oct 2000 04:00:00

Someone else posted this, and we tried it once and it worked, but if
your machine melts down, don't blame me!!

(sorry, I do not have the orginal posters name, but thanks!)

If you can bring the machine down to the OK prompt, you can change the
euid of a non root id to root.

Good luck ....

> F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
> 8 S 108 4663 4658 0 51 20 f60e9b88 383 f69e8bf8 pts/10 0:00
ksh

>Find the address of the "cred" structure (24 bytes from start of
process) :-
> (down to OK prompt)

>f592a908

>Set the effective user found at this memory address to zero :-

>ok hex 0 f592a908 4 + l!
>ok go

>Done, check our effective user now :-

>uid=108(xxxx) gid=30(sysadmin) euid=0(root)

- Show quoted text -

> I'm a sys adm at a small company and I really
> messed, I put roots shell as /sbin/bash in the
> passwd file on Solaris 7, now I cannot login as
> root since the bash shell doesn't exist in that
> directory. This is the company file server, along
> with all the other important services.

> How do I correct this since I have no way of
> writing to the passwd file to change this, I was
> going to boot to single user mode but to shutdown
> you need to be root! I would appreciate any help
> anybody can give me here, including any ways of
> exploiting the system. This box runs to many
> service to just give up and reinstall from the
> cd. However, I don't even know how to boot to a
> cd or diskette. I am in a tight squeeze here.

> Sent via Deja.com http://www.deja.com/
> Before you buy.

--
Jeff Robinson

Sent via Deja.com http://www.deja.com/
Before you buy.

by **Rev. Don Koo** » Thu, 12 Oct 2000 04:00:00

> And just as an extra - something I did for my (linux) system but I
> presume it would work well here ...

> Create a user called "shutdown", shell "shutdown", user-id 0.

> That way you can shut the system down under password control without
> needing root password.

It also makes for great fun when some prankster TELNETs in as
"shutdown".

Hope this helps,
Don

--
********************** You a bounty hunter?
* Rev. Don McDonald * Man's gotta earn a living.
* Baltimore, MD * Dying ain't much of a living, boy.
********************** "Outlaw Josey Wales"
http://members.home.net/oldno7