Re: hpux 10.0 remote administration

[Matt_Barrie () oti com (Matt Barrie SYD)]

Hmmm. I have a hpux (10.01) box here. I took a brief look at it and
a) can't see where the default (or any password) is used,
nor b) see where sam_exec is used. Is sam_exec an executable
or a system call? The documentation mentions a few things have
been completely revised in 10.x re remote clusters etc, so if you
could tell me precisely to look for these problems, I'll tell you
if theyre still around

matt

 ----------
> > sam_exec is still used
>
> > Do you happen to know what password they use for sam_exec ;-)
> > (the concept looks dangerous, I have not had time to really
> > look at it. But I didn't enable it either...)
>
> Yes. there is a default password. Im not sure if
> it has been changed for 10.X, but if you run
> crack on it, you will find it without a question.

Where is this encrypted password stored?

> At that point, anyone can pretty much log into your
> machine as sam_exec and hit ctl-c to obtain a
> uid 0 shell.