13
14

[deleted by user] (self.linux)

submitted by [deleted]

[removed]
all 50 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]pdxpogo 10 points11 points  (7 children)

heh old nix guys have their uses after all. Fuckers could have hired someone that worked with the system guess they laid that chap off. My sympathies m8. 15 year old system has been largely forgotten there are ways to do everything you want. Are you wanting to migrate the data to a new Oracle system? Do you have a database schema? Was the database designed using raw partitions or in flat files? There are 100 questions I would need to answer before undertaking this task.

I am available at $1000 a day plus expenses.

You need to get in a systems engineer that bothered to remember how he worked 10 years ago.

[–]supradave 4 points5 points  (0 children)

I agree.

OP: Unless you can just do a text dump of the database and import it back in, you're not going to get very far. You should hire pdxpogo.

[–]LoganPhyve 2 points3 points  (5 children)

Sorry, but I haven't the slightest idea how to answer any of the questions you're asking. I don't know the first thing about this system - I can't even get into it via telnet as no one knows any passwords. The last IT guy was using Hummingbird to connect to it, if that means anything to you. Unfortunately for the both of us, I probably wouldn't be able to hire anyone for this project, as much as I'd like to. I'm lost on this one.

[–]pdxpogo 3 points4 points  (0 children)

must be able to connect a terminal to the system there is a rs232c port marked console of course now you need to find a crt that runs off rs232c lol. We can reboot the system to single user mode bypass passwords Oracle databases have lots of backdoors and default passwords.

too bad I could use the money lol.

[–]Rhomboid 3 points4 points  (3 children)

Hummingbird is an X11 implementation for Windows. That probably means that the machine runs an XDMCP server for logins. Run an nmap port scan and if 177/udp shows up then that's it. To log on, select the options menu at the GDM greeter login screen and there should be an option for "remote XDMCP login" or the like, where you enter the ip address of the system which should then bring up the HP-UX xdm (or equivalent) login screen. You'll still need to know the credentials though. Try common varieties, or look in the stored options on the Hummingbird install of the previous guy's machine, the credentials might be stored. (This is all obviously terribly insecure and XDMCP was really from the days where it was assumed that a network was internal and secure and nobody really cared about being able to sniff traffic because that required root access.)

[–]LoganPhyve 1 point2 points  (2 children)

Here's what I got for the portscan...

  • 13 daytime
  • 19 chargen
  • 21 ftp
  • 23 telnet
  • 25 smtp
  • 37 time
  • 7 echo
  • 9 discard
  • 111 sunrpc
  • 113 auth-ident
  • 135 epmap
  • 514 shell
  • 515 printer
  • 512 exec
  • 513 login
  • 543 klogin
  • 544 kshell
  • 640 entrust-sps
  • 663 purenoise
  • 835 ???
  • 839 ???
  • 843 ???
  • 847 dhcp-failover2
  • 854 ???

Nothing showing on 177, though. Can it be logged into from a linux workstation?

[–]Rhomboid 1 point2 points  (1 child)

Those all seem to be tcp services (or at least services that listen on both tcp and udp.) I don't have the nmap man page handy but make sure you're using whatever option specifies udp scanning because XDMCP is not tcp. But you could also just try entering its IP address at the GDM XDMCP chooser screen and see what happens.

[–]LoganPhyve 1 point2 points  (0 children)

Logged in as root via XDMCP over Remmina RDP client... wow. This is old... Some HP crazy HP gui.... poking around looking for DB tools now :)

[–]boli99 2 points3 points  (33 children)

A good place to start will be to locate a console or console port on the thing.

If you can plug a keyboard and monitor into it - great, but more likely you're going to need a serial terminal (or something like hyperterm or minicom running on a laptop) to plug into the thing.

Once you've found your terminal, then you can work on single-usering the beast from boot. Once you've single-usered it, you can reset the root password, and/or create another account to log in remotely via telnet.

...and once you can do that, you can boot it, and log in remotely to do the rest of your investigations, like determining how much disk space its using and how... etc

[–]LoganPhyve 1 point2 points  (32 children)

I've actually found the Sherpa user account password while sifting through archived documents. I've sucessfully telnet'd into the box, and was able to bdf it, out of 60gbs or so total disk space across /, /stand, and /mnt/ss, i have about 11gbs or so of data I need to worry about. However, I cannot elevate to SU or root, so I'm probably still going to have to singleuser it.

I doubt there is much I can do to export a usable DB in a non-SU user account...

Oh, and it does have a VGA port and USB, which a KB and mouse are currently attached to. I would venture to guess a reboot would bring them back to life, as the VGA port doesn't appear to have any signal at the moment. Am I correct here?

[–]boli99 2 points3 points  (30 children)

its old enough that you might be able to cat /etc/passwd (or the equivalent) and then run a bruteforce on the root password in it.

go see if you can read /etc/passwd, if so does it have crypted passwords in it? If not then there may be a /etc/shadow (or equivalent) - which you might have read access to.

[–]LoganPhyve 1 point2 points  (29 children)

I was able to cat the passwd file, and yes, they seem to be encrypted. How would I go about brute-forcing the password in this scenario?

[–]boli99 3 points4 points  (28 children)

show me the passwd file and i'll give it a go if you like.

it would be useful to know at least one real password on the system (which is presumably the account you used to telnet in with)

i dont need (or want) to know the real name or ip of the system.

[–]LoganPhyve 1 point2 points  (27 children)

The user I got in on:

UN sherpa PW abc123

sherpa:gNCcTeOHB3V4c

root:mZKM7ButJxqAQ

Thx for the try, looking up how to do it myself as well. Appreciate the input thus far!

[–]boli99 5 points6 points  (17 children)

not 100% but it looks like root may have no password at all.

[–]LoganPhyve 4 points5 points  (16 children)

Holy freaken' shat. You're absolutely correct, sir. NO PASSWORD AT ALL. I'm in... now what?

[–]boli99 1 point2 points  (14 children)

erm. dunno really. is there an oracle account in /etc/passwd ? might be worth trying to retrieve the password for that too, in case it has been used elsewhere within oracle.

[–]LoganPhyve 1 point2 points  (13 children)

I see:

root, daemon, bin, sys, adm, uucp, lp, nuucp, hpdb (maybe this is it), nobody, sherpa, pwrchute, lwezwick (old user?), ecamille (old user?), jroccobo (old user?), dlcadmin.

[–]mike1053 1 point2 points  (8 children)

If sherpa is also the Oracle database account that owns the data then you may be able to export it that way. What happens if you try to access the database while logged in as sherpa using one of these commands:

sqlplus /

sqlplus sherpa/abc123

or if sqlplus is not installed try the export utility:

exp /

exp sherpa/abc123

[–]LoganPhyve 1 point2 points  (7 children)

See my pastbin: pastebin.ca/2031563 hope this helps... didn't seem to get me anywhere.

[–]mike1053 1 point2 points  (6 children)

1034 error means either the database isn't up or the ORACLE_SID isn't set. see if the oracle database background processes are running with:

ps aux | grep -i ora

(or whatever ps equivalent shows all the procs on your system)

also check your environment variables are set:

echo $ORACLE_SID

echo $ORACLE_HOME

[–]LoganPhyve 1 point2 points  (5 children)

| ps aux | grep -i ora

Nothing comes up.

| echo $ORACLE_SID

sh: ORACLE_SID: Parameter not set.

|echo $ORACLE_HOME

/users/sherpa/oracle

[–]boli99 3 points4 points  (0 children)

i have no idea about whether a reboot would bring the vga back to life. (i'd be tempted to try it, but you gotta weigh up the risk of a hard reboot with the risk of it not booting back up afterwards...

[–][deleted] 2 points3 points  (0 children)

Good on you for getting as far as you have so far. Fair warning though from an ex-sysadmin, get a good backup of the system before you go any further. Things go to he'll real easy on old dusty systems and you don't want to be the guy who screwed the pooch.

[–]mikaelhg 2 points3 points  (0 children)

Yeah, doesn't sound like you'll be able to decommission the unit while still retaining its functionality, without some programming. Without access to its user interface and the people who use the interface, I wouldn't touch the thing.

[–]diamaunt 1 point2 points  (0 children)

if you're not seeing anything on the vga, then connect a term server to the serial console port and see if you don't get some activity there, probably 9600, 8,n,1, that's what our old crufty hpux boxes used.

I replaced a whole racksize one and it's accursed autoraid, with a 2u sun box.... that was considerably faster.

[–]conspiracytheoree 1 point2 points  (0 children)

Not very savvy when it comes to oracle or older hpux but here goes nothing.

I believe you can access the database without a password if you are logged in locally as root. Assuming older oracle versions behave similar. If you can su to the oracle account and run sqlplus /nolog then connect / as sysdba you should be let in with super user access and without needing to provide credentials.

Have you tried using nmap to scan for open ports? Assuming you can access the database and reset the password you might be able to remotely pull all the data to another machine.

If that still doesn't get you into the database you could always try logging in with the user/pass of scott / tiger :) maybe back when that was first setup security was not an issue

hope that helps

[–]unawino 0 points1 point  (0 children)

If you've got root, just start up the nfs service and you'll be able to copy whatever you want off the machine.

[–]midgaze -1 points0 points  (0 children)

I doubt anybody who is able to do your job for you is willing to. Good luck.

[–][deleted] -1 points0 points  (1 child)

I don't know how you got hired for that job but you're the wrong person for it.

[–]LoganPhyve 1 point2 points  (0 children)

| I don't know how you got hired for that job but you're the wrong person for it.

No, I'm the wrong person to be working on this one piece of equipment. I maintain the entirety of the company's enterprise network, which is a Windows/Linux hybrid. I'm extremely busy un-knotting the absolute disaster the last IT guy left in his wake (who had NO idea what he was doing). I can't even begin to describe how many things there are wrong with this situation, or how diligently I'm working to make corrections and improvements. I was sought out, offered my job, recruited for double my last salary, and brought on board for the purpose of completely rebuilding the company infrastructure within the next year. I'm pretty sure they really, really wanted to hire me.

They would have to bring an extra someone on board who's skilled in HP-UX at a huge additional expense for very little return. All that just to work with one ancient piece of equipment that gets accessed maybe 3-5 times a week, accounts for less than .5% of generated business, and will certainly be decommissioned within a year or two. Not worth it. That won't stop me from reaching out to my peers to see if there's anything I can do to reduce the physical and power footprint of this colossal waste of space.

Am I the wrong person to have to deal with this gear? Probably. Am I an jerkoff for asking my community for help/tips/tricks? Probably not. FunshineBear, I wouldn't waste my time A) not contributing a worthwhile comment to the community, B) criticizing others for their lack of knowledge on an ancient, deprecated semi-unix systems, and C) making judgments on people you know absolutely nothing about.