password Hack

Posted on 1998-08-12
Last Modified: 2008-03-06
We recently purchased a company that went bankrupt.  They had 6 CAD machines running off of a central server (and what a dinosaur it is).  When they went out of business, everyone went their separate way, and now, after the purchase, we can't access their drawing database on the server, because there is a boot password that we have no idea what it is.  Is there any way to hack or reset the password so that we can access the database for their drawings?  There is nothing illegal here.  Everything belongs to us.  The machine manufacturer told us that they couldn't get in.  They cracked the BIOS (?) password, but after that, they said we're SOL.  I don't think so.  HELP!  This is a real dinosaur.  I'd say, later 80's machine.  I have no idea the make, model, specs, etc., so any input is most desired.  Thanks!
Question by:Undertow
  • 2

Expert Comment

ID: 2009226
I need further information.

When you power it on, is there anything on the screen at all?
That is, are you prompted for a login?  If there is any
text before the login prompt,what is it?

Are there any logos on the machine -- any indicator of
manufacaturer?  Serial/model plate on the back?


Expert Comment

ID: 2009227
 if it is a BIOS password you need to open the computer case and remove then put it back the pin(usually J6-7) that connects battery with BIOS(actually this happens in most of the computers). By removing the the pin and putting it back the computer will forget the boot password but the problem stands at the fact if they made other changes in the machine hardware which are not recognized by the default BIOS. See what vendor the machine is and ask the vendor which pin should be removed. My best bet is for you to call those guys who owned that computer and ask them for everything.

Good Luck ...

Author Comment

ID: 2009228
The machine (upon further review) is a Digital ApplicationDEC 433MP.  Model PS10A-A9, March 1991.  After the boot process (about 30 minutes worth) it says


Welcome to SCO Open Desktop


Alma is the name of the company it used to belong to, I believe. . .

After a timeout on the login, there is this error message:
WARNING: aha: No controller response : 3    

There is no way of tracking the people that used to use this machine/system.  All employee records to my knowledge have been discarded.  Hope this helps.

Accepted Solution

sherwood earned 40 total points
ID: 2009229
     Sherwood Botsford
      Answers Unlimited

This is a partial answer.  Let me know if it works.

You are running SCO Unix.  I've copied below the stuff from
the SCO FAQ regarding lost root passwords.

Most of these methods require some start up disks.  These
may be in the stuff that came from the office where
the computer was stored.  If you can't find them, check
with SCO. They will probably be able to help you.

Note:  Administering a multiuser unix box is not trivial.
If you actually intend to run the application that produced
the drawings, you will need to create a user, and change
the ownership of the files so that that new user has
access to them.

If you have an application on another computer that knows how
to read these drawing files, then an option may be to move
the disk to another machine.  (This assumes a disk that
is hardware compatible with another machine.)

How do I reset the root password if I forget it?  (part 1)
  This procedure will work for Xenix, and for Unix as well if you are using
  a very relaxed security level (one which stores encrypted passwords
  directly in /etc/passwd).  If you're using a higher security level on
  Unix, look for part 2 below.

  Boot the system from your emergency boot diskettes (if you didn't make
  these and keep them up to date, shame on you, but you should be able to
  use N1/N2 instead, and see the entry on crashing out of these diskettes
  below).  Next, mount /dev/hd0root /mnt; this will mount your
  hard drive's root filesystem on /mnt.  Edit /mnt/etc/passwd.  The first
  line will be your root line, such as
  Edit out the encrypted password (don't touch anything else!) so that
  the line reads something like
  Save the file and shut down.  Reboot from the hard drive.  Your root
  password has now been removed, and you can reset it normally.

How do I reset the root password if I forget it?  (part 2)
  This is another procedure involving manually editing files, and is
  specific to SCO Unix 3.2v4.0 through 3.2v4.2.  The location of the
  encrypted passwords depends on the security settings.  Look in
  /etc/passwd, /etc/shadow, and /tcb/files/auth/r/root; one or more
  of these will be used depending on how you have security configured.
  Follow the procedure in part 1 above; instead of editing /etc/passwd,
  edit the appropriate file(s) from the above list, and delete the
  encrypted password field.  Note that formatting is critical; while you
  can delete the contents of the field, you must not remove separators,
  and making seemingly minor errors such as leaving blank lines can
  cause problems.  Save, shut down, and reboot.  C2 security
  will complain about what you've done; to make it happy, run /etc/fixmog.
  You may also want to run /tcb/bin/integrity and /etc/tcbck.

How do I reset the root password if I forget it?  (part 3)
  This procedure will work for any variant of SCO Xenix or Unix.  As
  above, boot from your emergency boot diskettes and mount /dev/hd0root /mnt
  to gain access to your hard drive's root filesystem.  Now, run
  /mnt/bin/chroot /mnt "/mnt/bin/passwd root" (check the chroot man page
  for more info on how it works).  As before, shut down and reboot.
  It has been reported that on 3.2v4.2 (and possibly others), this
  must be done in two steps:  /mnt/bin/chroot /mnt "/bin/su root",
  followed by passwd.

How do I crash out of the N1/N2 install script?
  On OpenServer Release 5, boot from the boot diskette, and at the
  Boot: prompt, type "tools" (no quotes).  This is not an undocumented
  option, but rather a special line in /etc/default/boot on the
  installation diskette.

  For older SCO Unix/Xenix/ODT releases, wait until the question early
  in the process that asks you what your keyboard type is.  For
  character-mode installations, this is a regular textual prompt; for
  ODT, it's a box in a curses-style installation program.  How to break
  out at this point depends on the OS.  Under Xenix, press Del.  Under
  Unix, type shell and press enter.  Under ODT, press Control-A.


Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (, discussed installing the Solaris Operating S…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question