cctalk digest, Vol 1 #482 - 53 msgs

From: Johnny Billquist <bqt_at_update.uu.se>
Date: Wed Feb 26 12:22:01 2003

On Wed, 26 Feb 2003 Frank Arnold <fm.arnold_at_gmx.net> wrote:

> cctech-request_at_classiccmp.org schrieb am 25.02.2003:
> >From: <chu_at_verizon.net>
> >To: <cctalk_at_classiccmp.org>
> >Subject: Help with my PDP 11/73
> >Date: Tue, 25 Feb 2003 12:36:31 -0800
> >
> >I have gotten my PDP 11/73 to
> >start up and go through an initialization
> >script for RSX-11Mplus. However, I do not
> >know any uids/passwords, so I cannot
> >login; I can only watch the script go by.
> >I am able, while the script is running, to break
> >into MCR and run commands like PDP and DMP.
> >I am able to dump in octal
> >some of the files like [0,0]001054.DIR;1.
> >Does anyone know where the user names/passwords
> >are stored? My memory says that the maybe
> >they are not encrypted? Is that so?
>
> The passwords are stored in a file [0,0]RSX11M.sys if I recall it correctley.
> Should be a rather small file, just pip it to the printer to see it, it should
> be an ASCII-file.
> I think that after version 3.2 of rsx11m passwords were encripted, before that,
> in plain text. Copy this file to some other media and delete it from your
> system disk, After a new cold start you should have an open system. with RUN
> $ACNT you can create new user-accounts if you desire.

This should probably be in an FAQ for RSX.

1. The passwords along with all account information is stored in
   LB:[0,0]RSX11.SYS
2. The file is not an ASCII file.
3. Passwords in RSX11M are not encrypted, while passwords in RSX11M+ are.
4. (and this is the important one) to break into an RSX system:

When the system boots, abort the startup script.
(If it asks for the time, press ^Z, if it just runs ahead, press
^C and type ABO AT. (the period is *not* optional)).
Run $ACNT, which is the account managing program.
Change password for a system account (anything with a group number
<= 10)
Reboot, and then log in.

A small explanation:
When the system boots, the console terminal is privileged.
The startup script normally finished by logging out the console.
If you stop it before that, you'll remain logged in at a
privileged terminal.

This can be regarded as a security problem. Normally it wasn't,
since people are not supposed to have access to the console
terminal of a computer. It's locked away inside the computer hall.
If you want to, you can protect yourself against this exploit,
but noone does.

        Johnny

Johnny Billquist || "I'm on a bus
                                  || on a psychedelic trip
email: bqt_at_update.uu.se || Reading murder books
pdp is alive! || tryin' to stay hip" - B. Idol
Received on Wed Feb 26 2003 - 12:22:01 GMT