Re: OpenVMS resources

From: Steve Edwards (sedwards@sedwards.com)
Date: Tue Oct 22 2002 - 13:48:34 EDT


Here's a technique that I (if I remember correctly) used to recover from a
lost SYSTEM password.

Here are 2 ways to break into a VMS system. Note that you must have
physical access to the console.

# boot the system into a converstional bootstrap
# SYSBOOT> SET/STARTUP _OPA0:
# SYSBOOT> CONTINUE
# fix the problem
# MCR SYSGEN
# SYSGEN> USE CURRENT
# SYSGEN> SET/STARTUP SSY$SYSTEM:STARTUP.COM
# SYSGEN> WRITE CURRENT
# SYSGEN> EXIT
# @SYS$SYSTEM:STARTUP

# boot the system into a converstional bootstrap
# SYSBOOT> SET UAFALTERNATE 1
# SYSBOOT> CONTINUE
# fix the problem
# MCR SYSGEN
# SYSGEN> USE CURRENT
# SYSGEN> SET UAFALTERNATE 0
# SYSGEN> WRITE CURRENT
# SYSGEN> EXIT
# @SYS$SYSTEM:SHUTDOWN

It's been a long time since I've [ab]used VMS, but I think there were some
issues with DECnet that allowed privilege escalation. Old versions of
Oracle may prove fruitful as well.

On Tue, 22 Oct 2002, Qyves wrote:

> Hello all,
>
> During a pen-test I identified a machine running openVMS.
>
> I googled but could only find a couple of documents on OpenVMS, namely one from Compaq (openVMS guide to system security) and one from SANS reading room (a primer on OpenVMS) that refer to openVMS security.
>
> I was wondering if anyone knows of other resources (papers and tools) that can be used when pen-testing/auditing/securing an OpenVMS system so as to know places I need to look for info.
>
> Regards,
> Q
>
> __________________________________________________________________
> The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp
>
> Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
>

Thanks in advance,
------------------------------------------------------------------------
Steve Edwards sedwards@sedwards.com Voice: +1-760-468-3867 PST
Newline pagesteve@sedwards.com Fax: +1-760-731-3000

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:25 EDT