HackFest Tomorrow@ Gangplankhq.com in Chandler Noon-3PM

2011-07-15 Thread Lisa Kachold 
Hackfest in Chandler Noon-3PM at Gangplankhq.com 250 Arizona Avenue.

We have a lab tomorrow with flags (ala Vmware) including Exploitable and
Debian Lenny (and a few others) for your exploitation glee. I also will go
through a quick Metasploit demonstration using WebDAV.

We also will be going over DefCon 19  (August 4-Aug 7 2011) presentations
and discussions: https://www.defcon.org/html/defcon-19/dc-19-index.html

Almost all of their presentations are made available somewhere, so if you
can't go, be assured you will actually get more out of the videos and other
materials that come out of the events.

http://hackfest.obnosis.com

http://plug.phoenix.az.us

-- 
(602) 791-8002  Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice** http://www.homesmartinternational.com
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Is it possible to extract the root password from the file system?

2011-07-15 Thread Lisa Kachold 
Mark,

On Thu, Jul 14, 2011 at 6:56 PM, Mark Phillips
m...@phillipsmarketing.bizwrote:

 Lisa,

 John the Ripper has been running for almost 2 days trying to crack the
 passwordstill no success.


I think it's hung.  What options did you pass it?

Did you feed it a dictionary file?

It probably has a different encryption format than the linux john is on.

What ports are open on the thing?  SSH?  You can try ettercap with arp spoof
MITM?

 :)

 Mark
 On Jul 14, 2011 4:28 PM, Lisa Kachold lisakach...@obnosis.com wrote:
  If you don't have the ability to boot something like a DVD/CD or USB key,
  try john the ripper?
 
  Save the encrypted string to a test file and run it through john the
 ripper
  running on your system:
 
  Ubuntu:
 
  # apt-get install john
 
  Centos/RH/Fedora:
 
  # yum install john
 
  Example use:
 
  # john -single crackme.txt
 
  References:
 
  http://www.openwall.com/john/doc/
 
 
 http://www.google.com/url?sa=tsource=videocd=1ved=0CDIQtwIwAAurl=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D3YyscD_tADkrct=jq=john%20the%20rippertbm=videi=t3ofTsXRNqTv0gHB2bmYAwusg=AFQjCNE8vdlkxhwQ15zCuBePI9Y9qk3mAQcad=rja
 
  http://www.osix.net/modules/article/?id=455
 
 
  On Thu, Jul 14, 2011 at 11:19 AM, Sam Kreimeyer skrei...@gmail.com
 wrote:
 
  Hello Mark,
 
  Have you tried using Kon-Boot? It's a bootable image that edits the
 kernel
  to bypass the password prompt.
 
 
  --
  (602) 791-8002 Android
  (623) 239-3392 Skype
  (623) 688-3392 Google Voice
  **
  HomeSmartInternational.com http://www.homesmartinternational.com

 ---
 PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
 To subscribe, unsubscribe, or to change your mail settings:
 http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss




-- 
(602) 791-8002  Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
HomeSmartInternational.com http://www.homesmartinternational.com
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Is it possible to extract the root password from the file system?

2011-07-15 Thread Mark Phillips 
On Fri, Jul 15, 2011 at 7:27 PM, Lisa Kachold lisakach...@obnosis.comwrote:

 Mark,

 On Thu, Jul 14, 2011 at 6:56 PM, Mark Phillips m...@phillipsmarketing.biz
  wrote:

 Lisa,

 John the Ripper has been running for almost 2 days trying to crack the
 passwordstill no success.


 I think it's hung.

Nope. the log file keeps spitting out what it is testing. I stopped it today
and moved the process to another machine. You can see the results as
reported in the log file at http://pastebin.com/pBZHfAS2 when I stopped the
program . The other machine is slower (about 1.85 times slower, so it will
take until Monday for it to catch upthe original machine was a x64, and
the new machine is an i386, so I couldn't resume on the new machine). I will
let you know if it finds the password after a week or two;-)


 What options did you pass it?

None. Except that I used another program that came with john to join the
passwd and shadow files into one file. John needed that. I can send you the
passwd  file if you are interested.


 Did you feed it a dictionary file?

Just the one that came with john...


 It probably has a different encryption format than the linux john is on.

 What ports are open on the thing?  SSH?  You can try ettercap with arp
 spoof MITM?

SSH seems to be open since it asks for a password. rsync and telnet are all
that I know. There is a java hack program acp_commander.jar that will
connect with telnet, but I do not get any response from the device, although
it says it is connected. acp-commander.jar use to be the way in, but since
firmware version 1.41, it has not worked.
http://downloads.buffalo.nas-central.org/TOOLS/ALL_LS_KB_ARM9/ACP_COMMANDER/,
http://buffalo.nas-central.org/index.php/Open_Stock_Firmware and my
particular box.

I have downloaded the firmware for the box and modified it to accept ssh
login without a password (using ssh keys). I just have not been able to
reflash the unit. The web interface only flashes what it downloads from
buffalo.com. The windows program the box came with does not have a way to
flash the unit. Embedded in the firmware download is a windows exe which is
supposed to be a program to flash the unitjust haven't had the
intestinal fortitude to try it out...I need to find the way back in case I
brick the device, and I haven't had time to research that.

Thanks for your interest!

P.S. You have no idea how hard it is to not type dear john every time I
refer to the program john the ripper.;-)  anyway, back to TGIF
time;-)

Mark

 :)

 Mark
 On Jul 14, 2011 4:28 PM, Lisa Kachold lisakach...@obnosis.com wrote:
  If you don't have the ability to boot something like a DVD/CD or USB
 key,
  try john the ripper?
 
  Save the encrypted string to a test file and run it through john the
 ripper
  running on your system:
 
  Ubuntu:
 
  # apt-get install john
 
  Centos/RH/Fedora:
 
  # yum install john
 
  Example use:
 
  # john -single crackme.txt
 
  References:
 
  http://www.openwall.com/john/doc/
 
 
 http://www.google.com/url?sa=tsource=videocd=1ved=0CDIQtwIwAAurl=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D3YyscD_tADkrct=jq=john%20the%20rippertbm=videi=t3ofTsXRNqTv0gHB2bmYAwusg=AFQjCNE8vdlkxhwQ15zCuBePI9Y9qk3mAQcad=rja
 
  http://www.osix.net/modules/article/?id=455
 
 
  On Thu, Jul 14, 2011 at 11:19 AM, Sam Kreimeyer skrei...@gmail.com
 wrote:
 
  Hello Mark,
 
  Have you tried using Kon-Boot? It's a bootable image that edits the
 kernel
  to bypass the password prompt.
 
 
  --
  (602) 791-8002 Android
  (623) 239-3392 Skype
  (623) 688-3392 Google Voice
  **
  HomeSmartInternational.com http://www.homesmartinternational.com

 ---
 PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
 To subscribe, unsubscribe, or to change your mail settings:
 http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss




 --
 (602) 791-8002  Android
 (623) 239-3392 Skype
 (623) 688-3392 Google Voice
 **
 HomeSmartInternational.com http://www.homesmartinternational.com















 ---
 PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
 To subscribe, unsubscribe, or to change your mail settings:
 http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

Re: Is it possible to extract the root password from the file system?

2011-07-15 Thread Lisa Kachold 
On Fri, Jul 15, 2011 at 8:03 PM, Mark Phillips
m...@phillipsmarketing.bizwrote:



 On Fri, Jul 15, 2011 at 7:27 PM, Lisa Kachold lisakach...@obnosis.comwrote:

 Mark,

 On Thu, Jul 14, 2011 at 6:56 PM, Mark Phillips 
 m...@phillipsmarketing.biz wrote:

 Lisa,

 John the Ripper has been running for almost 2 days trying to crack the
 passwordstill no success.


 I think it's hung.

 Nope. the log file keeps spitting out what it is testing. I stopped it
 today and moved the process to another machine. You can see the results as
 reported in the log file at http://pastebin.com/pBZHfAS2 when I stopped
 the program . The other machine is slower (about 1.85 times slower, so it
 will take until Monday for it to catch upthe original machine was a x64,
 and the new machine is an i386, so I couldn't resume on the new machine). I
 will let you know if it finds the password after a week or two;-)


 What options did you pass it?

 None. Except that I used another program that came with john to join the
 passwd and shadow files into one file. John needed that. I can send you the
 passwd  file if you are interested.


 Did you feed it a dictionary file?

 Just the one that came with john...


 It probably has a different encryption format than the linux john is on.

 What ports are open on the thing?  SSH?  You can try ettercap with arp
 spoof MITM?

 SSH seems to be open since it asks for a password. rsync and telnet are all
 that I know. There is a java hack program acp_commander.jar that will
 connect with telnet, but I do not get any response from the device, although
 it says it is connected. acp-commander.jar use to be the way in, but since
 firmware version 1.41, it has not worked.
 http://downloads.buffalo.nas-central.org/TOOLS/ALL_LS_KB_ARM9/ACP_COMMANDER/,
 http://buffalo.nas-central.org/index.php/Open_Stock_Firmware and my
 particular box.

 I have downloaded the firmware for the box and modified it to accept ssh
 login without a password (using ssh keys). I just have not been able to
 reflash the unit. The web interface only flashes what it downloads from
 buffalo.com. The windows program the box came with does not have a way to
 flash the unit. Embedded in the firmware download is a windows exe which is
 supposed to be a program to flash the unitjust haven't had the
 intestinal fortitude to try it out...I need to find the way back in case I
 brick the device, and I haven't had time to research that.

 Thanks for your interest!

 P.S. You have no idea how hard it is to not type dear john every time I
 refer to the program john the ripper.;-)  anyway, back to TGIF
 time;-)

 Mark

  :)

 Mark
 On Jul 14, 2011 4:28 PM, Lisa Kachold lisakach...@obnosis.com wrote:
  If you don't have the ability to boot something like a DVD/CD or USB
 key,
  try john the ripper?
 
  Save the encrypted string to a test file and run it through john the
 ripper
  running on your system:
 
  Ubuntu:
 
  # apt-get install john
 
  Centos/RH/Fedora:
 
  # yum install john
 
  Example use:
 
  # john -single crackme.txt
 
  References:
 
  http://www.openwall.com/john/doc/
 
 
 http://www.google.com/url?sa=tsource=videocd=1ved=0CDIQtwIwAAurl=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D3YyscD_tADkrct=jq=john%20the%20rippertbm=videi=t3ofTsXRNqTv0gHB2bmYAwusg=AFQjCNE8vdlkxhwQ15zCuBePI9Y9qk3mAQcad=rja
 
  http://www.osix.net/modules/article/?id=455
 
 
  On Thu, Jul 14, 2011 at 11:19 AM, Sam Kreimeyer skrei...@gmail.com
 wrote:
 
  Hello Mark,
 
  Have you tried using Kon-Boot? It's a bootable image that edits the
 kernel
  to bypass the password prompt.
 
 
  --
  (602) 791-8002 Android
  (623) 239-3392 Skype
  (623) 688-3392 Google Voice
  **


 Since this is a drive buffalo, I might try ettercap ssh downgrade attack:

http://openmaniak.com/ettercap_filter.php
ttp://sites.google.com/site/clickdeathsquad/Home/cds-ssh-mitmdowngrade

Or Hydra:

Hydra Instructions:

http://www.youtube.com/watch?v=7CP-JB4QARo


 --
 (602) 791-8002  Android
 (623) 239-3392 Skype
 (623) 688-3392 Google Voice
 **
 HomeSmartInternational.com http://www.homesmartinternational.com















 ---
 PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
 To subscribe, unsubscribe, or to change your mail settings:
 http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss



 ---
 PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
 To subscribe, unsubscribe, or to change your mail settings:
 http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss




-- 
(602) 791-8002  Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
HomeSmartInternational.com http://www.homesmartinternational.com
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:

Re: Is it possible to extract the root password from the file system?

2011-07-15 Thread Mark Phillips 

 Since this is a drive buffalo, I might try ettercap ssh downgrade attack:

 http://openmaniak.com/ettercap_filter.php
 ttp://sites.google.com/site/clickdeathsquad/Home/cds-ssh-mitmdowngrade

 Not sure how a man in the middle attack will work, since I don't know the
password to begin with...

Or Hydra:

 Hydra Instructions:

 http://www.youtube.com/watch?v=7CP-JB4QARo


 Hydra is promising. I tried it with the common passwords list from
openwall. No luck. Do you have any better password lists?

Thanks,

Mark
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss