Logging In As root - Scalar i2000 (and maybe i6000)

Submitted by gpmidi on Fri, 12/14/2018 - 16:02
  1. Connect to the service port
    1. It's that little black covered on that says not to use
  2. Set your ip to 10.10.1.100
    1. The last octet can be anything but .1
  3. Use 'telnet' to connect to 10.10.1.1
  4. Login with "root" and "dallas"

 

I found this by using john the ripper on /etc/shadow in 10.10.1.1:/tftpboot/cmboot/initrd-dmcb (NFS). The initrd is gzip'ed. Once unzipped you can mount it with a loop device.

 

/etc/passwd

 

root:x:0:0:root:/root:/bin/ash
adicadm:x:600:100:ADIC Administrator:/home/adicadm:/bin/ash
bin:x:1:1:bin:/bin:/bin/ash
ftp:x:40:49:FTP account:/srv/ftp:/bin/ash
admin:x:100:0:admin:/home/admin:/bin/ash
nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/ash
sshd:x:71:65:SSH daemon:/var/lib/sshd:/bin/false

/etc/shadow

root:E.XuAZhbYJOrU:11815:0:10000::::
bin:*:8902:0:10000::::
ftp:*:13698::::::
admin:library:12000:0:99999:7:::