Hi Janis, i'm writing you to confirm that no logs where found in the routerand
to ask you a question (i hope i'm not bothering you ..)i could access 7
partitions in the router's memory, actually i imaged them with ddand netcat
saving the dd images on my pc.The partitions where called mtd0, mtd1 .... mtd6
and the total amount of space is 17.8 mb but in the boot messages of the router
(among a lot of other stuff) you can find this line:
"[ 0.000000] Memory: 29736k/32768k available (1991k kernel code, 3032k
reserved, 330k data, 176k init, 0k highmem)"it seems that the device has 32 mb
of physical memory so here is my question:how can i address the remaining 15
(more or less) mb?what's the name of the device/partition/whatever .. the
system use to refer to the memory spacethat is not comprised into the 7
partitions mtd0, mtd1 .... mtd6 ???
Thank you.Regards.
Il Giovedì 20 Agosto 2015 17:37, Pippo Pappo <[email protected]> ha
scritto:
Jannis, i can confirm that the messages that pass through the console
connectiongives the chance to "Press the [f] key and hit [enter] to enter
failsafe mode".I haven't done that because i was trying to leave the system
"untouched" hopingto find some traces of abuse but all my findings say that
once the device has beenpowered off there is nothing left to find (as you and
Ronaldo confirmed) so, as i
said, now i was just trying things out of curosity and as the official
documentationsays that during firsboot (like failsafe mode) the system is
accessible via telnetand asks to set for a password, then telnet is disabled
and dropbear becomesthe way to access the device for "low level stuff" ... but
through the web interfaceof the router the manul says that the default
credentials are "admin" "admin01".I tried "admin" "admin01" and it says wrong
credentials! Now that i could accessthe entire file system as root through the
serial console i've tested the passwordsand i find 1 passwd file (some copies
really but all identical) and 3 different versionsof shadow so i tested all 3
with john the ripper and one copy gives "admin01" aspassword for root. I think
i'll try to login through web interface and "root" "admin01"and let you know
what happens.
Thanks againand if you have any idea about a different location for password
(admin user) or logsplease let me know.
Il Giovedì 20 Agosto 2015 17:17, Jannis Pinter <[email protected]> ha
scritto:
Hi Pippo,
by default, there is only the user "root". You should be able to login
via SSH and the web interface with the same credentials. You can always
reset the root password, by booting into fail safe mode [1].
Given the fact that you have serial console access, you should be able
to boot into fail safe mode by pressing f during boot when prompted
"Press the [f] key and hit [enter] to enter failsafe mode".
[1] http://wiki.openwrt.org/doc/howto/generic.failsafe#in_failsafe_mode
Regards,
Jannis
Am 20.08.2015 um 17:04 schrieb Pippo Pappo:
> Jannis,
>
> i get your point so, given that i'm talking of a device that was given
> to me to
> analyze the content, i assume nothing can be done to recover past activity.
> By the way i took the passwd and shadow files (through a connection made via
> serial console) and cracked the root password with john the ripper (because
> the client did'nt knew the password) and it was the default one for
> admin (admin01)
> but i've tried this in the web interface of the router and it did not
> worked so i think
> that this could be uses for dropbear/ssh login (i'll try later) but if
> it's so do you happen to
> know where is stored the password for the "admin" user (the one you can
> use in
> the web interface of the router) ? At this point this is just out of
> curiosity and to
> learn more about this kind of systems.
> Maybe i can use the one i discovered (as root) to change the one for the
> admin user?
_______________________________________________
openwrt-users mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users
_______________________________________________
openwrt-users mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users
