Is it possible to extract the root password from the file system?

Mark Phillips mark at phillipsmarketing.biz
Fri Jul 15 20:03:03 MST 2011 

On Fri, Jul 15, 2011 at 7:27 PM, Lisa Kachold <lisakachold at obnosis.com>wrote:

> Mark,
>
> On Thu, Jul 14, 2011 at 6:56 PM, Mark Phillips <mark at phillipsmarketing.biz
> > wrote:
>
>> Lisa,
>>
>> John the Ripper has been running for almost 2 days trying to crack the
>> password....still no success.
>>
>
> I think it's hung.
>
Nope. the log file keeps spitting out what it is testing. I stopped it today
and moved the process to another machine. You can see the results as
reported in the log file at http://pastebin.com/pBZHfAS2 when I stopped the
program . The other machine is slower (about 1.85 times slower, so it will
take until Monday for it to catch up....the original machine was a x64, and
the new machine is an i386, so I couldn't resume on the new machine). I will
let you know if it finds the password after a week or two....;-)


> What options did you pass it?
>
None. Except that I used another program that came with john to join the
passwd and shadow files into one file. John needed that. I can send you the
passwd  file if you are interested.

>
> Did you feed it a dictionary file?
>
Just the one that came with john...

>
> It probably has a different encryption format than the linux john is on.
>
> What ports are open on the thing?  SSH?  You can try ettercap with arp
> spoof MITM?
>
SSH seems to be open since it asks for a password. rsync and telnet are all
that I know. There is a java "hack" program acp_commander.jar that will
connect with telnet, but I do not get any response from the device, although
it says it is connected. acp-commander.jar use to be the way in, but since
firmware version 1.41, it has not worked.
http://downloads.buffalo.nas-central.org/TOOLS/ALL_LS_KB_ARM9/ACP_COMMANDER/,
http://buffalo.nas-central.org/index.php/Open_Stock_Firmware and my
particular box.

I have downloaded the firmware for the box and modified it to accept ssh
login without a password (using ssh keys). I just have not been able to
reflash the unit. The web interface only flashes what it downloads from
buffalo.com. The windows program the box came with does not have a way to
flash the unit. Embedded in the firmware download is a windows exe which is
supposed to be a program to flash the unit....just haven't had the
intestinal fortitude to try it out...I need to find the "way back" in case I
brick the device, and I haven't had time to research that.

Thanks for your interest!

P.S. You have no idea how hard it is to not type "dear john" every time I
refer to the program "john the ripper".....;-)  anyway, back to TGIF
time....;-)

Mark

> :)
>>
>> Mark
>> On Jul 14, 2011 4:28 PM, "Lisa Kachold" <lisakachold at obnosis.com> wrote:
>> > If you don't have the ability to boot something like a DVD/CD or USB
>> key,
>> > try john the ripper?
>> >
>> > Save the encrypted string to a test file and run it through john the
>> ripper
>> > running on your system:
>> >
>> > Ubuntu:
>> >
>> > # apt-get install john
>> >
>> > Centos/RH/Fedora:
>> >
>> > # yum install john
>> >
>> > Example use:
>> >
>> > # john -single crackme.txt
>> >
>> > References:
>> >
>> > http://www.openwall.com/john/doc/
>> >
>> >
>> http://www.google.com/url?sa=t&source=video&cd=1&ved=0CDIQtwIwAA&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D3YyscD_tADk&rct=j&q=john%20the%20ripper&tbm=vid&ei=t3ofTsXRNqTv0gHB2bmYAw&usg=AFQjCNE8vdlkxhwQ15zCuBePI9Y9qk3mAQ&cad=rja
>> >
>> > http://www.osix.net/modules/article/?id=455
>> >
>> >
>> > On Thu, Jul 14, 2011 at 11:19 AM, Sam Kreimeyer <skreimey at gmail.com>
>> wrote:
>> >
>> >> Hello Mark,
>> >>
>> >> Have you tried using Kon-Boot? It's a bootable image that edits the
>> kernel
>> >> to bypass the password prompt.
>> >>
>> >>
>> > --
>> > (602) 791-8002 Android
>> > (623) 239-3392 Skype
>> > (623) 688-3392 Google Voice
>> > **
>> > HomeSmartInternational.com <http://www.homesmartinternational.com>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> (602) 791-8002  Android
> (623) 239-3392 Skype
> (623) 688-3392 Google Voice
> **
> HomeSmartInternational.com <http://www.homesmartinternational.com>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110715/9476b124/attachment.html>

More information about the PLUG-discuss mailing list