Re: OpenVMS resources

From: Steve Edwards (sedwardsat_private)
Date: Tue Oct 22 2002 - 10:48:34 PDT

Next message: Frank Knobbe: "Re: Covert Channels"

Previous message: Qyves: "OpenVMS resources"
In reply to: Qyves: "OpenVMS resources"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Here's a technique that I (if I remember correctly) used to recover from a
lost SYSTEM password.

Here are 2 ways to break into a VMS system. Note that you must have
physical access to the console.

# boot the system into a converstional bootstrap
# SYSBOOT> SET/STARTUP _OPA0:
# SYSBOOT> CONTINUE
# fix the problem
# MCR SYSGEN
# SYSGEN> USE CURRENT
# SYSGEN> SET/STARTUP SSY$SYSTEM:STARTUP.COM
# SYSGEN> WRITE CURRENT
# SYSGEN> EXIT
# @SYS$SYSTEM:STARTUP

# boot the system into a converstional bootstrap
# SYSBOOT> SET UAFALTERNATE 1
# SYSBOOT> CONTINUE
# fix the problem
# MCR SYSGEN
# SYSGEN> USE CURRENT
# SYSGEN> SET UAFALTERNATE 0
# SYSGEN> WRITE CURRENT
# SYSGEN> EXIT
# @SYS$SYSTEM:SHUTDOWN

It's been a long time since I've [ab]used VMS, but I think there were some
issues with DECnet that allowed privilege escalation. Old versions of
Oracle may prove fruitful as well.

On Tue, 22 Oct 2002, Qyves wrote:

> Hello all,
>
> During a pen-test I identified a machine running openVMS.
>
> I googled but could only find a couple of documents on OpenVMS, namely one from Compaq (openVMS guide to system security) and one from SANS reading room (a primer on OpenVMS) that refer to openVMS security.
>
> I was wondering if anyone knows of other resources (papers and tools) that can be used when pen-testing/auditing/securing an OpenVMS system so as to know places I need to look for info.
>
> Regards,
> Q
>
> __________________________________________________________________
> The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp
>
> Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
>

Thanks in advance,
------------------------------------------------------------------------
Steve Edwards      sedwardsat_private      Voice: +1-760-468-3867 PST
Newline           pagesteveat_private            Fax: +1-760-731-3000


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Frank Knobbe: "Re: Covert Channels"
Previous message: Qyves: "OpenVMS resources"
In reply to: Qyves: "OpenVMS resources"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Oct 22 2002 - 15:54:30 PDT