lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <5598cfa10702091644r17c22188pfb3ea952a12c4505@mail.gmail.com>
Date: Fri, 9 Feb 2007 18:44:56 -0600
From: "Mark Sec" <mark.sec@...il.com>
To: "H D Moore" <fdlist@...italoffense.net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: DVR (Digital Video Recorders) + hack?

Thanks HD,

I only have user u:admin p:admin

With this information:


$ uname -a
Linux xxxxxxxxxxx 2.4.30cmp #1 Tue Jul 5 11:12:11 EDT 2005 i686 unknown

$pwd
/admin

$ ls
bin           scandisk      setports      showip        showssh
help          setaccess     setppp        showmgr       showtasks
openupgrades  setdisk       setsecure     shownic       showvers
phelp         setip         setsnmp       showports     testnet
rebootdvr     setmgr        setssh        showppp
repairdisk    setnic        showaccess    showsecure
restartdvr    setpass       showdisk      showsnmp

#####################
Only jave 2 binaries suid+guid
#####################


$ ls -la /bin/su
-r-sr-xr-x    1 root     root        18452 May 31  2004 /bin/su

$ ls -la /usr/bin/smbmnt
-r-sr-xr-x    1 root     root       409532 Mar 27  2006 /usr/bin/smbmnt
$

#######
passwd
#######

$ cat /etc/passwd
root:x:0:0:root:/root:/bin/sh
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:*:2:2:daemon:/sbin:/sbin/nologin
uucp:x:10:14:uucp:/:/sbin/nologin
rpc:x:70:70:system user for portmap:/:/bin/false
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nobody:*:99:99:Nobody:/:/sbin/nologin
sshd:x:100:100:sshd:/sshdjail:/sbin/nologin
dvr:x:101:101:DVRaccount:/:/sbin/nologin
admin:x:102:102:Administrator:/admin:/sbin/chrootash
radmin:x:103:103:Remote Administrator:/admin:/sbin/chrootash
DVRDialup:x:104:104::/dialup:/usr/sbin/pppd
ntpd:x:105:105:ntpd:/:/sbin/nologin
snmpd:x:106:106:snmpd:/:/sbin/nologin

We don't have a root password, anyone how to reset the pass o root default
pass?





On 09/02/07, H D Moore <fdlist@...italoffense.net> wrote:
>
> Try using root:root, root:admin, admin:admin, and radmin:radmin via telnet
> and ssh for these systems:
>
>
> http://www.linuxforums.org/forum/other-distributions/63848-help-linux-version.html
>
> -HD
>
>
> On Friday 09 February 2007 05:22, Mark Sec wrote:
> > any1 have experience over these "boxes"?, we have many flavors, we
> > looking more information about to "howto" hack the firmware, app or
> > ports by default (80.23,22), we found a DoS over port 80...
> >
> > any1 with more information?
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ