SGI Indy

From IdeleWiki

Jump to: navigation, search

So, I finally got my hands on a couple of SGI Indy boxes. They are fairly low-end, but I got them dirt cheap, so I can't complain. Here's the configuration for one of them: 

# uname -a
IRIX alston 5.3 11091812 IP22 mips
# hinv
Iris Audio Processor: version A2 revision 4.1.0
1 100 MHZ IP22 Processor
FPU: MIPS R4610 Floating Point Chip Revision: 0.0
CPU: MIPS R4600 Processor Chip Revision: 1.0
On-board serial ports: 2
On-board bi-directional parallel port
Data cache size: 16 Kbytes
Instruction cache size: 16 Kbytes
Main memory size: 32 Mbytes
Integral ISDN: Basic Rate Interface unit 0, revision 1.0
Integral Ethernet: ec0, version 1
Integral SCSI controller 0: Version WD33C93B, revision D
Disk drive / removable media: unit 2 on SCSI controller 0
Disk drive: unit 1 on SCSI controller 0
Graphics board: Indy 8-bit
Vino video: unit 0, revision 0, IndyCam not connected

Ufortunately, no IndyCam or manuals or media. After all, it was all for $30.

[edit]

got Root?

The first problem I had with them was getting the case open. Surprisingly, it seems to be a pretty common problem. It took some fiddling, but eventually it worked, and I didn't have to resort to violence.

With that out of the way, the next task was to get root access. Although they came with IRIX installed, they didn't come with the IRIX installation media. I first tried netbooting them with Debian, which is pretty straightforward, but then I realised the Debian boot image doesn't have write support for EFS. Since I had no intention of running any version of Linux on either of these boxes, I started googling for a solution.

If you google for sgi irix root password lost or something of the sort, all you find is people claiming that you need the IRIX installation CD to rewrite the password file. For me, this was not an option.

It eventually dawned on me that all I needed was read access to the password/shadow file. I could then use one of the many free password crackers out there [1] [2].

The first step is, of course, to get the encrypted passwords.

[edit]

Cracking the root password

  • Boot the Indy, stop the boot process and go into maintenance mode.
  • Enter the command monitor and type sash
  • At the sash: prompt, type 
cat dksc(0,1,0)/etc/passwd

and carefully write down the line for root.

  • To crack that the root password, I used John the Ripper. Just copy the line for root to a file in the box that runs the password cracker: 
$ cat >passwd
root:foKntnEF3KSXA
^D
$ ./john passwd

and let it run until the password is cracked. For the first Indy, I got extremely lucky and the password was cracked in under 10 minutes. For the second one, I had to leave it running overnight, but finished in about 14 hours.

Retrieved from "http://www.idele.org:8000/wiki/index.php/SGI_Indy"
Personal tools