Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Cobalt Raq 4 Password.

Posted on 2003-03-14
9
Medium Priority
?
332 Views
Last Modified: 2010-03-04
Hi

I need to get access to a password on my Sun Cobalt Raq 4 server.
The client has lost thier password but does not want to change it.

Is ther a way I can find out what a password is set to.

I have root access.

Kind Regards

NTU
0
Comment
Question by:ntu
6 Comments
 
LVL 8

Expert Comment

by:heskyttberg
ID: 8139706
Hi!

There is no straightforward way of doing this!
If client lost password, why do they want to keep it ?
Just give them a new one, and if they ever figure out what they had, tell them they can get that one back at a later time.

Regards
/Hans - Erik Skyttberg
0
 
LVL 15

Expert Comment

by:samri
ID: 8143018
Hi NTU,

I do not have much experience on the specified products.
However, if the OS platform is UNIX, (most likely), chances are the password would be kept somewhere in the Cobalt config directory.

And even if you could locate the password file, chances are the password would be encrypted -- and would be not easy to reverse the  encryption (I think it's close to impossible).

So the best option would be assigning new password (just like Hans proposed).  I would believe that your client would settle for it if you could explain the scenario.

OR, if you still insist -- if you had the password file, you could try to crack the password (I think it will be long to crack -- the longer the password, the longer it takes).

So, try to settle for the new password approach.

0
 

Author Comment

by:ntu
ID: 8143218
Hi Samri

Thanks for the ideas.

To go into detail a bit more and to give a better reason to find that password. I moved there site from a the cobalt raq 4 (runs on linux) to a new Raq 550 Raid.
They have about 10 users which are collect email from my raq using a mail server which they no longer have got someone there to configure it. All the other email accounts where fine because they had writen list of passwords except one of them. So the move went fine with the other users because their mail server is still collecting from the same smtp sever name.

I have used hack software for windows NT sam files in the past which has worked very well, usually takes about 2 days on a dual pentium 4 machine. Some bad passwords are cracked in a matter of seconds.

I have thought, may be I am approaching this from the wrong angel. Does any one have any knoledge of using a packet sniffer. In that way I could see the password in plain text being sent to the server, when their mail server goes to collect the mail.

Any thoughts.

NTU

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 8

Accepted Solution

by:
heskyttberg earned 1000 total points
ID: 8144497
Hi!

Just go to netwrk section of www.tucows.com.

There are a bunh of sniffers availible.

Regards
/Hans - Erik Skyttberg
0
 
LVL 15

Assisted Solution

by:samri
samri earned 1000 total points
ID: 8146690
hi Ntu,

Well, it do sound like a different story (or maybe the way I see it).

Yes, Tucow or even Google, can be used to locate such tools.  

Ethereal could be used (http://www.ethereal.com/).

>> In that way I could see the password in plain text being sent to the server, when their mail server goes to collect the mail.

Well again, why do we need to be "sniffing" around while we could get to the respective client mail server, and lookup the password.

(or maybe I am a bit off the track here :)

cheers.


0
 
LVL 1

Expert Comment

by:digitalwav
ID: 8294041
I understand the situation- it seems like the client *can't* change the password at the mail client end, if they could the password change would be very easy.

I would think the sniffing method would be quite easy, but the password file should be easier if you have the file.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses
Course of the Month15 days, 13 hours left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question