Hi all,

I just got an old 7043-140 from eBay. It seems to be perfectly working
but I do not have any root password or bootable CD.

I've tried to find a way navigating through the menus that appears when
hitting the 1 or 5 key while booting ... but I didn't find anything (I'm
an AIX newbie).

Now, I think I have at least two solutions :

1) Buy an AIX bootable CD. _But which version/level ?_ (On the console
it is only printed : "AIX Version 4")

2) Gain access through security holes in the services that are launched
at startup. There is no anonymous ftp account. _any clues ?_

nmap standard output :
(The 1637 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
7/tcp open echo
9/tcp open discard
13/tcp open daytime
19/tcp open chargen
21/tcp open ftp
23/tcp open telnet
25/tcp open smtp
37/tcp open time
111/tcp open rpcbind
199/tcp open smux
512/tcp open exec
513/tcp open login
514/tcp open shell
515/tcp open printer
543/tcp open klogin
544/tcp open kshell
784/tcp open unknown
785/tcp open unknown
2401/tcp open cvspserver
32770/tcp open sometimes-rpc3

Nmap run completed -- 1 IP address (1 host up) scanned in 1.560 seconds


Thanks for your help

kato

kato fong wrote:
> 1) Buy an AIX bootable CD. _But which version/level ?_ (On the
console
> it is only printed : "AIX Version 4")

Take this option, purchase AIX 4.3.3 (which is the last revision of AIX
4), install Maintenance Level (ML) 11, which is the last maintenance
level and can be downloaded from IBM, and have at it. The installation
CD set contains 4 CDs, the Bonus Pack also contains 4 CDs, and I would
strongly suggest obtaining the Base and Extended Documentation CDs, for
a total of 10 CDs. These CD sets appear on eBay now and then, I used
to sell them myself but I sold out.

Rick Ekblaw

RickE wrote:
> kato fong wrote:
>
>>1) Buy an AIX bootable CD. _But which version/level ?_ (On the
>>console it is only printed : "AIX Version 4")
>
>
> Take this option, purchase AIX 4.3.3 (which is the last revision of AIX
> 4), install Maintenance Level (ML) 11, which is the last maintenance
> level and can be downloaded from IBM, and have at it. The installation
> CD set contains 4 CDs, the Bonus Pack also contains 4 CDs, and I would
> strongly suggest obtaining the Base and Extended Documentation CDs, for
> a total of 10 CDs. These CD sets appear on eBay now and then, I used
> to sell them myself but I sold out.

Thanks for your advice. I can see some "IBM AIX V4 Bonus Pack 5765-C34"
on eBay now.
>
> Rick Ekblaw
>

kato fong wrote:
> Hi all,
>
> I just got an old 7043-140 from eBay. It seems to be perfectly
working
> but I do not have any root password or bootable CD.
>
> I've tried to find a way navigating through the menus that appears
when
> hitting the 1 or 5 key while booting ... but I didn't find anything
(I'm
> an AIX newbie).
>
> Now, I think I have at least two solutions :
>
> 1) Buy an AIX bootable CD. _But which version/level ?_ (On the
console
> it is only printed : "AIX Version 4")
>
> 2) Gain access through security holes in the services that are
launched
> at startup. There is no anonymous ftp account. _any clues ?_
>
> nmap standard output :
> (The 1637 ports scanned but not shown below are in state: closed)
> PORT STATE SERVICE
> 7/tcp open echo
> 9/tcp open discard
> 13/tcp open daytime
> 19/tcp open chargen
> 21/tcp open ftp
> 23/tcp open telnet
> 25/tcp open smtp
> 37/tcp open time
> 111/tcp open rpcbind
> 199/tcp open smux
> 512/tcp open exec
> 513/tcp open login
> 514/tcp open shell
> 515/tcp open printer
> 543/tcp open klogin
> 544/tcp open kshell
> 784/tcp open unknown
> 785/tcp open unknown
> 2401/tcp open cvspserver
> 32770/tcp open sometimes-rpc3
>
> Nmap run completed -- 1 IP address (1 host up) scanned in 1.560
seconds
>
>
> Thanks for your help
>
> kato

You can boot into a maintenance shell fro CD #1 and then change the
root passwd select the mount/work with rootvg option.

tmpolzin@netscape.net wrote:
>
> You can boot into a maintenance shell fro CD #1 and then change the
> root passwd select the mount/work with rootvg option.
>

Thanks for your help, but unfortunately I do not have yet the CD set I'm
looking for on ebay.

While waiting for the CD, I have done images of the hard drives with dd
under linux. With the "strings" and "grep" commands I found the content
of /etc/passwd and /etc/security/passwd. And now john the ripper is
working for me.

kato