Need help getting root access - Unusual Situation
Hi All:
I have physical access to an old Micron Netframe 5001 machine that is running an old AMI Megaraid controller. I also have access to the machine via a non-root user account. Distribution is Redhat 5, kernel 2.2.7. I have tried all of the standard tricks of typing "linux single", "linux init=/bin/bash", etc at the LILO prompt. The only thing that happens is the the machine boots into it's default kernel. (Hitting tab reveals four different kernel selections.) ... Is there a way to break out into the "true" LILO: prompt that will allow me to execute "linux single" ? I've also tried to boot off of a linux install diskette and then running the install and breaking it in the middle. This doesn't seem to work because of the RAID controller and Linux not recognizing it during the install process. I've also tried Tom's Root Boot diskette and running the "mknod" command to try to mount "/dev/sda1" and this doesn't work either. Unfortunately, the CDROM is not bootable (talked to micron tech support and they said this model did not have a bootable cdrom - some did and some didn't and I was unlucky, I guess). I have downloaded the ISO for Super Rescue 2.1.0 and COULD install a bootable CDROM drive, but would like to avoid having to take the server apart to do this. I would hope that the Super Rescue boot CD would have the appropriate AMI Megaraid drivers. I cannot afford to take this server down and rebuild it, so my options are limited. Any help would be greatly appreciated... S |
And here's the lilo.conf file:
boot=/dev/sda #map=/boot/map install=/boot/boot.b prompt timeout=50 image=/boot/2.2.7t label=2.2.7t root=/dev/sda1 read-only image=/boot/2.2.7 label=2.2.7 root=/dev/sda1 read-only image=/boot/2.2.2 label=2.2.2 root=/dev/sda1 read-only image=/boot/2.2.3ac2 label=2.2.3ac2 root=/dev/sda1 read-only |
So single mode is not working?
at lilo prompt boot: 2.2.7t single won't work? |
hmm... I'm not sure if I tried that or not....
LILO: <image name> single I will give that a try... much thanks |
Maybe you could use some bootdisk that has megaraid support, have a look at domsch.com/linux/, halfway down the page.
|
Forgive me for asking, but where did the system admin go? Will he be gone long enough that it is absolutely critical that you have root access to this machine? You'll have to forgive my skepticism as many people post in security forums about how to gain root access "on a broken machine at work" or "for a friend" or some other excuse.
|
Forgive me for asking, but where did the system admin go? Will he be gone long enough that it is absolutely critical that you have root access to this machine? You'll have to forgive my skepticism as many people post in security forums about how to gain root access "on a broken machine at work" or "for a friend" or some other excuse.
I share your concerns about questions like these, truth is we have no means to vrfy if he's in his right to break this box. Stupidly enough, we didn't even try to question it. The other question is how far would we go supporting this kind of stuff. If more ppl object against questions like these and have an idea of where they would like to put the limit, plz post your comments. |
I understand your concerns. All I can say is that I am administering this box now and was not given the root password.
I can't and won't expect you to believe me, but consider this: If I have physical access to the machine, woudn't it be likely that I AM the admin? Otherwise, the admin would be an idiot to let other people have physical access to the machine. I am NOT asking for hacks to get to the machine remotely. I only want suggestions for obtaining root assuming PHYSICAL access. S |
unSpawn... thanks for the info on the Megaraid drivers... that was pretty helpful!
|
I think solo545 makes a fairly good point. Questions on how to hack a remote machine will not be tolerated here. Once someone has physical access however it becomes a grey area. In reality with physical access you could just take out the HD and mount it in another machine if needed, so I think this question is acceptable. I am also interested in others opinions on this though. Thank you for bringing this up TruckStuff.
--jeremy |
Perhaps a good universal answer would be "use crack"? If someone can get the passwd/shadow file there is probably some kind of high-level access, be it remote or local. Might not want to give too many details on exactly how to use or run crack, but it might be a start.
And that would be my suggestion to solo: try crack to get the password. |
OK, I do have a copy of the /etc/shadow file and ran "John the Ripper" for 15 days on just the root passwd with no results. I'll definitely have to check this out. Thanks Truckstuff...S
|
All times are GMT -5. The time now is 06:47 PM. |