Hobbit Login Credentials
list Gary Ellison
Hello, I had a consulting firm setup Hobbit monitoring for my company and they literally closed down business over night without giving me the login id and password. Is there any way you may be able to help me regain administration access? Thank you.
list Rich Smrcina
The only thing that Hobbit requires a login for is certain administrative functions, like enabling and disabling tests. Is that what you are referring to? Or is it access to the machine that Hobbit is running on?
▸
Ellison, Gary wrote:Hello, I had a consulting firm setup Hobbit monitoring for my company and they literally closed down business over night without giving me the login id and password. Is there any way you may be able to help me regain administration access? Thank you.
--
Rich Smrcina VM Assist, Inc. Phone: XXX-XXX-XXXX Ans Service: XXX-XXX-XXXX user-61add9955ef9@xymon.invalid Catch the WAVV! http://www.wavv.org WAVV 2007 - Green Bay, WI - May 18-22, 2007
list Gary Ellison
Just being able to edit and enable\disable alerts would be great for now! Thank you!
▸
-----Original Message-----
From: Rich Smrcina [mailto:user-cf452ff334e0@xymon.invalid] Sent: Sunday, March 18, 2007 10:31 AM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] Hobbit Login Credentials
The only thing that Hobbit requires a login for is certain administrative functions, like enabling and disabling tests. Is that what you are referring to? Or is it access to the machine that Hobbit is running on?
Ellison, Gary wrote:Hello, I had a consulting firm setup Hobbit monitoring for my company and they literally closed down business over night without giving me the login id and password. Is there any way you may be able to help me regain administration access? Thank you.
-- Rich Smrcina VM Assist, Inc. Phone: XXX-XXX-XXXX Ans Service: XXX-XXX-XXXX user-61add9955ef9@xymon.invalid Catch the WAVV! http://www.wavv.org WAVV 2007 - Green Bay, WI - May 18-22, 2007
list Rich Smrcina
Fixing that would be easy, if you have command line access to the machine. If not, you may be stuck. So can you telnet, ssh, scp or rlogin at all? If they set up any other machines (like Hobbit clients) try the hobbit user passwords from those systems.
▸
Ellison, Gary wrote:Just being able to edit and enable\disable alerts would be great for now! Thank you! -----Original Message----- From: Rich Smrcina [mailto:user-cf452ff334e0@xymon.invalid] Sent: Sunday, March 18, 2007 10:31 AM To: user-ae9b8668bcde@xymon.invalid Subject: Re: [hobbit] Hobbit Login Credentials The only thing that Hobbit requires a login for is certain administrative functions, like enabling and disabling tests. Is that what you are referring to? Or is it access to the machine that Hobbit is running on? Ellison, Gary wrote:Hello, I had a consulting firm setup Hobbit monitoring for my company and they literally closed down business over night without giving me the login id and password. Is there any way you may be able to help me regain administration access? Thank you.
-- Rich Smrcina VM Assist, Inc. Phone: XXX-XXX-XXXX Ans Service: XXX-XXX-XXXX user-61add9955ef9@xymon.invalid Catch the WAVV! http://www.wavv.org WAVV 2007 - Green Bay, WI - May 18-22, 2007
list Gary Ellison
I will be in front of the machine sometime this week so I may be surprised to find it logged in where I will have cmd line access...taking a shot in the dark here but what would be the default credentials after a virgin install? Maybe they never got around to changing it. Thanks.
▸
-----Original Message-----
From: Rich Smrcina [mailto:user-cf452ff334e0@xymon.invalid] Sent: Sunday, March 18, 2007 10:56 AM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] Hobbit Login Credentials
Fixing that would be easy, if you have command line access to the machine. If not, you may be stuck. So can you telnet, ssh, scp or rlogin at all?
If they set up any other machines (like Hobbit clients) try the hobbit user passwords from those systems.
Ellison, Gary wrote:Just being able to edit and enable\disable alerts would be great for now! Thank you! -----Original Message----- From: Rich Smrcina [mailto:user-cf452ff334e0@xymon.invalid] Sent: Sunday, March 18, 2007 10:31 AM To: user-ae9b8668bcde@xymon.invalid Subject: Re: [hobbit] Hobbit Login Credentials The only thing that Hobbit requires a login for is certain administrative functions, like enabling and disabling tests. Is that what you are referring to? Or is it access to the machine that Hobbit
is running on? Ellison, Gary wrote:Hello, I had a consulting firm setup Hobbit monitoring for my company and they literally closed down business over night without giving me the login id and password. Is there any way you may be able to help me regain administration access? Thank you.
-- Rich Smrcina VM Assist, Inc. Phone: XXX-XXX-XXXX Ans Service: XXX-XXX-XXXX user-61add9955ef9@xymon.invalid Catch the WAVV! http://www.wavv.org WAVV 2007 - Green Bay, WI - May 18-22, 2007
list Stef Coene
▸
On Sunday 18 March 2007, Ellison, Gary wrote:
I will be in front of the machine sometime this week so I may be surprised to find it logged in where I will have cmd line access...taking a shot in the dark here but what would be the default credentials after a virgin install? Maybe they never got around to changing it. Thanks.
If you can get in front of the machine, you can try to reboot the machine. It is possible that you will be presented with a boot menu where you can select rescue mode. And it is possible that you will get a root prompt without a password. passwd can be used to change the pasword. An other trick is to interrupt the boot process and change the kernel boot parameters and load /bin/sh as init process. This will give you a root prompt without a password. IF you can get physical access to a machine and know how it works, you can change the password of any OS user. Stef
list Rich Smrcina
According to the rpm spec file a user called hobbit is created, but no password is assigned to it. Some password would need to be assigned in order for the account to work, so I would have to guess that that was done. If Hobbit was installed from source, the same rationale applies. A 'hobbit' (maybe) user was created and a password was assigned.
▸
Ellison, Gary wrote:I will be in front of the machine sometime this week so I may be surprised to find it logged in where I will have cmd line access...taking a shot in the dark here but what would be the default credentials after a virgin install? Maybe they never got around to changing it. Thanks. -----Original Message----- From: Rich Smrcina [mailto:user-cf452ff334e0@xymon.invalid] Sent: Sunday, March 18, 2007 10:56 AM To: user-ae9b8668bcde@xymon.invalid Subject: Re: [hobbit] Hobbit Login Credentials Fixing that would be easy, if you have command line access to the machine. If not, you may be stuck. So can you telnet, ssh, scp or rlogin at all? If they set up any other machines (like Hobbit clients) try the hobbit user passwords from those systems. Ellison, Gary wrote:Just being able to edit and enable\disable alerts would be great for now! Thank you! -----Original Message----- From: Rich Smrcina [mailto:user-cf452ff334e0@xymon.invalid] Sent: Sunday, March 18, 2007 10:31 AM To: user-ae9b8668bcde@xymon.invalid Subject: Re: [hobbit] Hobbit Login Credentials The only thing that Hobbit requires a login for is certain administrative functions, like enabling and disabling tests. Is that what you are referring to? Or is it access to the machine that Hobbitis running on? Ellison, Gary wrote:Hello, I had a consulting firm setup Hobbit monitoring for my company and they literally closed down business over night without giving me the login id and password. Is there any way you may be able to help me regain administration access? Thank you.
-- Rich Smrcina VM Assist, Inc. Phone: XXX-XXX-XXXX Ans Service: XXX-XXX-XXXX user-61add9955ef9@xymon.invalid Catch the WAVV! http://www.wavv.org WAVV 2007 - Green Bay, WI - May 18-22, 2007
list Gary Ellison
Thank you. -----Original Message----- From: Rich Smrcina [mailto:user-cf452ff334e0@xymon.invalid] Sent: Sunday, March 18, 2007 11:51 AM To: user-ae9b8668bcde@xymon.invalid Subject: Re: [hobbit] Hobbit Login Credentials According to the rpm spec file a user called hobbit is created, but no password is assigned to it. Some password would need to be assigned in order for the account to work, so I would have to guess that that was done. If Hobbit was installed from source, the same rationale applies. A 'hobbit' (maybe) user was created and a password was assigned. Ellison, Gary wrote:
I will be in front of the machine sometime this week so I may be surprised to find it logged in where I will have cmd line access...taking a shot in the dark here but what would be the default credentials after a virgin install? Maybe they never got around to changing it. Thanks. -----Original Message----- From: Rich Smrcina [mailto:user-cf452ff334e0@xymon.invalid] Sent: Sunday, March 18, 2007 10:56 AM To: user-ae9b8668bcde@xymon.invalid Subject: Re: [hobbit] Hobbit Login Credentials Fixing that would be easy, if you have command line access to the machine. If not, you may be stuck. So can you telnet, ssh, scp or rlogin at all? If they set up any other machines (like Hobbit clients) try the hobbit
user passwords from those systems. Ellison, Gary wrote:Just being able to edit and enable\disable alerts would be great for now! Thank you! -----Original Message----- From: Rich Smrcina [mailto:user-cf452ff334e0@xymon.invalid] Sent: Sunday, March 18, 2007 10:31 AM To: user-ae9b8668bcde@xymon.invalid Subject: Re: [hobbit] Hobbit Login Credentials The only thing that Hobbit requires a login for is certain administrative functions, like enabling and disabling tests. Is that
what you are referring to? Or is it access to the machine that
Hobbit
is running on? Ellison, Gary wrote:Hello, I had a consulting firm setup Hobbit monitoring for my company and they literally closed down business over night without giving me the login id and password. Is there any way you may be able to help me regain administration access? Thank you.
-- Rich Smrcina VM Assist, Inc. Phone: XXX-XXX-XXXX Ans Service: XXX-XXX-XXXX user-61add9955ef9@xymon.invalid Catch the WAVV! http://www.wavv.org WAVV 2007 - Green Bay, WI - May 18-22, 2007
list Buchan Milne
▸
On Sunday 18 March 2007, Ellison, Gary wrote:
Hello, I had a consulting firm setup Hobbit monitoring for my company and they literally closed down business over night without giving me the login id and password. Is there any way you may be able to help me regain administration access?
Hobbit does not use password authentication at all itself.
Any restrictions on accessing parts of Hobbit are usually done at by adding
access controls to the URLs in the web server.
E.g., it could be using htpasswd files for authentication.
So, locate the section of the web server configuration that relates to the
Hobbit URLs to find the authentication configuration.
For example, on my installation, I use /etc/http/conf.d/hobbit-apache.conf,
which has a section like this:
<Directory "/usr/lib/hobbit/cgi-secure">
AllowOverride None
Options ExecCGI Includes
Order allow,deny
Allow from all
<IfModule mod_authz_ldap.c>
AuthzLDAPMethod ldap
AuthzLDAPServer xxxxx
AuthzLDAPUserBase ou=People,dc=xx
AuthzLDAPUserKey uid
AuthzLDAPUserScope onelevel
#AuthzLDAPGroupBase ou=group,dc=xx
#AuthzLDAPGroupKey cn
#AuthzLDAPMemberKey member
AuthType basic
AuthName "Monitoring authentication"
require valid-user
#require group monitoring
</IfModule>
</Directory>
--
Buchan Milne
ISP Systems Specialist - Monitoring/Authentication Team Leader
B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)