Apparently, all IRIX systems come by default with a unpassworded guest account. Almost as stupid as HP/UX's staticly passworded uid 0 sam_exec accounts.
well known, but Mike Neuman <mcn@RIPOSTE.ENGARDE.COM> mentioned it on bugtraq
remotely obtain local user privileges.
IRIX, apparently all versions up to 6.3
15 May 1997
Date: Thu, 15 May 1997 10:24:28 -0600
From: Mike Neuman <mcn@RIPOSTE.ENGARDE.COM>
Subject: Re: Reminder for irix ppl
> On a slightly different beat, perhaps SGI will consider changes the
> default settings, in either case I'd be interested in finding out why it
> is the default behavior.
SGI (in IRIX 6.3) has a really nice interface which will allow you to turn
this feature on and off.
Another warning: The "guest" account exists without password on every IRIX
system by default.
One more: Beware the IPForwarding on/off checkbox on IRIX 6.3 (and possibly
others). It doesn't do a thing. A dual-homed SGI O2 running 6.3 clearly said
that IPForwarding was off, and was still forwarding my packets through to the
other side. The sysadmin who was running the machine had to modify a couple
scripts in /etc/init.d to fix the problem. I don't have any further details,
as I was busy breaking into other systems, not paying attention to how it was
fixed. :-) Anyway, if you have a dual-homed SGI, make sure it's not forwarding
by actually testing it rather than believing the GUI.
(And who said penetration testing wasn't a useful security service?) :-)
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces: