On Sun, Jul 17, 2011 at 3:54 AM, Lisa Kachold <lisakachold@obnosis.com> wrote:
There are alot of password files and dictionary lists on various sites.  Backtrack5 contains a good number.

But I imagine that it's either not allowing root via ssh or you have the wrong username.

It turns out the box is smarter than a fifth grader.....after a few hydra attacks, it started rejecting all the hydra attempts to ssh in via root. Once I stopped hydra (after running all night), it took a couple of hours before it would respond to ssh attempts from root. It now will ask for the root password, but I still have no idea what it is.

Or it's a truely random string. 
It could be....the password for the zip file to unzip the file system is
 YvSInIQopeipx66t_DCdfEvfP47qeVPhNhAuSYmA4
. Someone retrieved it using a disassembler on the file system.

I did some more reading, and one person was able to use php to allow ssh login. The box allows one to create a web space, and it comes with php installed. One can edit the php.ini file, and I can upload via ftp a php script. The script they suggested is:
<?php
$file = '../../../../etc/pam.d/sshd';
$fh=fopen($file, 'w') or die("can't open file");
$stringData = "account  required   pam_unix.so\n";
fwrite($fh, $stringData);
$stringData = "session  required   pam_unix.so\n";
fwrite($fh, $stringData);
$stringData = "auth required pam_permit.so\n";
fwrite($fh, $stringData);
fclose($fh);
?>

I uploaded the script, but I get a 404 File not Found when I access the page. I thought it might be a file permission error since the file is only rw. I tried chmod 777 at the ftp prompt, and got the error message File not Found, but ls shows it is there.

ftp> ls
200 PORT command successful
150 Opening ASCII mode data connection for file list
drwxrwxrwx   2 apache   apache          6 Jul 17 08:23 cgi-bin
drwxrwxrwx   2 apache   apache         22 Jul 17 08:23 htdocs
drwxrwxrwx   2 apache   apache         39 Jul 17 08:23 log
-rw-rw-rw-   1 hammerhead hdusers       335 Jul 17 08:49 script.php
226 Transfer complete
ftp> chmod 777 script.php
550 CHMOD 777 script.php: No such file or directory
ftp>

Is there anything I can change in the php.ini file to make this script execute? Or, am I missing something else?

BTW, I cannot ftp as root, but I can ftp as a user I created, hammerhead.

Thanks,

Mark

On Fri, Jul 15, 2011 at 10:33 PM, Mark Phillips <mark@phillipsmarketing.biz> wrote:
Since this is a drive buffalo, I might try ettercap ssh downgrade attack:

http://openmaniak.com/ettercap_filter.php
ttp://sites.google.com/site/clickdeathsquad/Home/cds-ssh-mitmdowngrade

Not sure how a man in the middle attack will work, since I don't know the password to begin with...

Or Hydra:

Hydra Instructions:

http://www.youtube.com/watch?v=7CP-JB4QARo

Hydra is promising. I tried it with the common passwords list from openwall. No luck. Do you have any better password lists?

Thanks,

Mark

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss



--
(602) 791-8002  Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice


HomeSmartInternational.com
















---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss