From owner-freebsd-questions@FreeBSD.ORG Tue Apr 17 16:31:29 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1E64816A415 for ; Tue, 17 Apr 2007 16:31:29 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from out4.smtp.messagingengine.com (out4.smtp.messagingengine.com [66.111.4.28]) by mx1.freebsd.org (Postfix) with ESMTP id B5D6713C4DE for ; Tue, 17 Apr 2007 16:31:28 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from compute2.internal (compute2.internal [10.202.2.42]) by out1.messagingengine.com (Postfix) with ESMTP id 6B23621755B; Tue, 17 Apr 2007 12:31:28 -0400 (EDT) Received: from heartbeat2.messagingengine.com ([10.202.2.161]) by compute2.internal (MEProxy); Tue, 17 Apr 2007 12:31:28 -0400 X-Sasl-enc: zanr3tucHRfXAlmlSRIBXIoRWEDbkhCIm+w9yqNBsivk 1176827487 Received: from [10.1.10.136] (n114.ewd.goldmark.org [72.64.118.114]) by mail.messagingengine.com (Postfix) with ESMTP id CF8DC18106; Tue, 17 Apr 2007 12:31:27 -0400 (EDT) In-Reply-To: <9E0E7A6C-BA2A-4EB8-B552-4572EE05C681@familyfunzone.net> References: <9E0E7A6C-BA2A-4EB8-B552-4572EE05C681@familyfunzone.net> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <623D70B8-E233-49CE-92C1-58D97BB06B62@goldmark.org> Content-Transfer-Encoding: 7bit From: Jeffrey Goldberg Date: Tue, 17 Apr 2007 11:31:25 -0500 To: Lewis Joshua X-Mailer: Apple Mail (2.752.2) Cc: freebsd-questions@freebsd.org Subject: Re: lost password caused by drunk admin X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Apr 2007 16:31:29 -0000 On Apr 16, 2007, at 8:59 PM, Lewis Joshua wrote: > Can anyone help me out? The unit has no reset buttons to reset it > to defaults there is nothing online that I can find to bypass the > unit. I did a port scan and it appears to only be listening on port > 80. Any thoughts out there? Please. Does it have any way to attach a console? If so, can you power cycle it and boot single user? If you do, you may be able to reset the password that way, or if you can't directly reset it, you can grab a copy of /etc/password.master and then run "john" on that. john, I think, can be configured to just try four digit numbers. But if it's only listening on port 80, and there is no console, then it shouldn't be too hard to put together a perl (or python or your favorite scripting language) to try the 10000 log ins via HTTP. Though a hangover might make the task more difficult. -j -- Jeffrey Goldberg http://www.goldmark.org/jeff/