Path: utzoo!attcan!uunet!lll-winken!lll-tis!helios.ee.lbl.gov!pasteur!ucbvax!NRL3.ARPA!youngdale%v6550c.DECnet
From: youngdale%v6550c.DECnet@NRL3.ARPA ("V6550C::YOUNGDALE")
Newsgroups: comp.os.vms
Subject: (none)
Message-ID: <8806210458.AA24159@ucbvax.Berkeley.EDU>
Date: 14 Jun 88 16:20:00 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 26


	I remember that a week or two back people were interested in finding
the privileged password for a terminal server. The consensus reached at the
time was that there was no way to do this, and the only option was to reset the
server to the factory defaults. 
	I have discovered that when a server bugchecks, and dumps its memory to
a VAX host, that the password is located in the second block in an ASCII form
(at least for a Decserver 100), and is followed by the non-privileged password
(I think), and the software name.  These strings start with a 1 byte length,and
are followed by the ASCII characters. 
	The problem is that I do not know of a way to force a server to
bugcheck and dump its memory to a VAX.  I discovered this by looking at an old
dump and I do not remember why it dumped. Perhaps someone else has an idea of
how to force a dump.
	For your information, our server(and LAT) has the following
version numbers:
	Decserver 100:		V1.3 BL15B
	LAT protocol version:	5.1
	Hardware version:	B.B
	Microcode version:	BL8
------------------------------------------------------------------
Eric Youngdale	      YOUNGDALE%V6550C.DECNET@NRL.ARPA
Code 6551
Naval Research Lab		"Some user assembly required"
Washington, DC  20375
  (202) 767-3276
------------------------------------------------------------------