29.netapp hack, login root without password

The header up here may be looks very bad. But it is the normal setup for most of system admin that i know.
Normally system admin will configure password less key into the admin host. So, her is the loophole.
So, to get to know which server acting as the admin host and the trusted host. Again you still need a local account
into that system. Ok, step by step on how i did it.
1. Check where the vol0 of the filer was mounted. It is very easy. Normally it is not confidential. Anyone able to get it.
Run a show mount command followed by the filer name.
#showmount filer1 | grep vol0

2.login to adminhost1 server. Firstly where the vol0 is mounted. If it is not mounted. You can mount it by your own.
Then, find the file hosts.equiv file name.
#df -k | grep vol0
filer1:/vol/vol0 37748736 2324744 35423992 7% /filer1-root
#cd /filer1-root/etc

3.hen find the trusted host of the filer. It is all inside hosts.equiv file.
#grep root hosts.equiv
server2 root

4. some sys admin configured admin host and trusted host on the same server. But for security reason.Some doing it separately.
#ssh server2
From the trusted host, you can ssh or rsh to filer directly. But first you must become a root. Because the filer allow root to access the filer.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: