On Mon, Jul 18, 2011 at 10:06 PM, Dan Dubovik wrote:
> Can you SSH as the hammerhead user?
>
No
mark@orca:~/Desktop/buffalo_nas$ ssh hammerh...@xxx.xxx.xxx.xxx
Password:
Connection to xxx.xxx.xxx.xxx closed by remote host.
Connection to xxx.xxx.xxx.xxx closed.
>
> When you FTP as the hammerhead
Can you SSH as the hammerhead user?
When you FTP as the hammerhead user, can you move the script.php file to the
htdocs directory? It has 777 permissions, so should be able to open it /
drop a file there.
If you can get a PHP file uploaded and able to execute properly, perhaps a
PHP based shell
I believe the script.php has to be moved the webroot directory and given
permissions there I believe, but well if you can't get a login via ssh... --
how to do it?
On Sun, Jul 17, 2011 at 8:58 AM, Mark Phillips
wrote:
> On Sun, Jul 17, 2011 at 3:54 AM, Lisa Kachold wrote:
>
>> There are alot of p
I was not saying you knew the root password just that you knew a
password and a corresponding hash to said password and the root hash
JTR should be able to get you the correct root password.
On 7/17/11, Mark Phillips wrote:
> Bryan,
>
> I think what you are missing is the "...and you know your pa
[possible_device_bricking_advice]
You might try just extracting the tarball, editing the shadow file removing
the root password altogether (::), then, re-tar the extracted archived then
re-flashing with the updated tarball. Then hit 'enter' for the the root
password, and then set it to whatever y
Bryan,
I think what you are missing is the "...and you know your password...". I
don't know the root password for the NAS box. That is what I am trying to
figure out so I can ssh into the box as root. What I have:
* Buffalo NAS LS-WXL with firmware rev 1.43
* I can ssh as root and get a password
if you can get a copy of the password hash file. And you know your
password. Then you should be able to figure out the hash function and
JTR should give you every password on the box. So... I seem to be
missing something in this conversation thread. ?
On 7/17/11, Mark Phillips wrote:
> On Sun, Ju
On Sun, Jul 17, 2011 at 3:54 AM, Lisa Kachold wrote:
> There are alot of password files and dictionary lists on various sites.
> Backtrack5 contains a good number.
>
> But I imagine that it's either not allowing root via ssh or you have the
> wrong username.
>
It turns out the box is smarter than
Mark,
Openwall is one of the better free lists out there. BT5 has darkc0de in it
(17mb). I can't think of any others that you don't have to pay for. However,
you can pass rules to JTR for creating word permutations on the fly to
expand your list (use the --rules option [note: default rules will in
There are alot of password files and dictionary lists on various sites.
Backtrack5 contains a good number.
But I imagine that it's either not allowing root via ssh or you have the
wrong username.
Or it's a truely random string.
On Fri, Jul 15, 2011 at 10:33 PM, Mark Phillips
wrote:
> Since this
>
> Since this is a drive buffalo, I might try ettercap ssh downgrade attack:
>
> http://openmaniak.com/ettercap_filter.php
> ttp://sites.google.com/site/clickdeathsquad/Home/cds-ssh-mitmdowngrade
>
> Not sure how a man in the middle attack will work, since I don't know the
password to begin with..
On Fri, Jul 15, 2011 at 8:03 PM, Mark Phillips
wrote:
>
>
> On Fri, Jul 15, 2011 at 7:27 PM, Lisa Kachold wrote:
>
>> Mark,
>>
>> On Thu, Jul 14, 2011 at 6:56 PM, Mark Phillips <
>> m...@phillipsmarketing.biz> wrote:
>>
>>> Lisa,
>>>
>>> John the Ripper has been running for almost 2 days trying to
On Fri, Jul 15, 2011 at 7:27 PM, Lisa Kachold wrote:
> Mark,
>
> On Thu, Jul 14, 2011 at 6:56 PM, Mark Phillips > wrote:
>
>> Lisa,
>>
>> John the Ripper has been running for almost 2 days trying to crack the
>> passwordstill no success.
>>
>
> I think it's hung.
>
Nope. the log file keeps sp
Mark,
On Thu, Jul 14, 2011 at 6:56 PM, Mark Phillips
wrote:
> Lisa,
>
> John the Ripper has been running for almost 2 days trying to crack the
> passwordstill no success.
>
I think it's hung. What options did you pass it?
Did you feed it a dictionary file?
It probably has a different encr
Lisa,
John the Ripper has been running for almost 2 days trying to crack the
passwordstill no success.
:)
Mark
On Jul 14, 2011 4:28 PM, "Lisa Kachold" wrote:
> If you don't have the ability to boot something like a DVD/CD or USB key,
> try john the ripper?
>
> Save the encrypted string to a
If you don't have the ability to boot something like a DVD/CD or USB key,
try john the ripper?
Save the encrypted string to a test file and run it through john the ripper
running on your system:
Ubuntu:
# apt-get install john
Centos/RH/Fedora:
# yum install john
Example use:
# john -single c
Hello Mark,
Have you tried using Kon-Boot? It's a bootable image that edits the kernel
to bypass the password prompt.
---
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
ht
-
From: Mark Phillips
Sent: Jul 12, 2011 11:16 AM
To: Phoenix Linux Users
Subject: Is it possible to extract the root password from the file system?
I have a new Buffalo LS-WXL NAS and I would like to root it. It has the
newer firmware version, 1.43, and the instructions for rooting it
From: Mark Phillips
> I was able to unzip the firmware to my laptop and it appears that
> ssh root login is now enabled in the stock firmware. I confirmed
> this by trying ssh to the machine.but, I need the root password
> to login. How can I extract the root password from the file system
> fo
I have a new Buffalo LS-WXL NAS and I would like to root it. It has the
newer firmware version, 1.43, and the instructions for rooting it (
http://buffalo.nas-central.org/wiki/Category:LS-WXL) have not caught up with
the new firmware. However, I was able to unzip the firmware to my laptop and
it ap
20 matches
Mail list logo