- - Hard-coded credentials - CVE-2010-3038
Three accounts have a login shell and a password the administrator can neither
disable nor change. The affected accounts are "root", "cs" and "develop".
Matta didn't spend the CPU cycles required to get those passwords but will
provide the salted hashes to interested parties. The credentials can be used
against both the FTP and the SSH daemon running on the device.
Well once I saw that posting, I emailed them asking for the hashes, threw it into john, and forgot about it.
root:$1$6zg2QNQC$tFuy.f7z/jDo/Ek.LNmDh1:12571:0:99999:7:::
cs:$1$2VdEp4KK$cSdr5jM.rXn1r6dpxSW5m0::0:99999:7:::
develop:$1$AY0XLoFu$7PQYVb.c//7kXX3DQY6YH0:14332:0:99999:7:::
Last week we were doing a little maintenance on the system and to my surprise, we cracked it. I was a bit shocked that it took such a long time: just for a six character alphanumeric string it took the admittedly old, single cpu VM, 154 days using the most basic john options
From the john.log
154:05:15:37 + Cracked root
Anyway, since then that particular cracking system has been drastically upgraded.
Oh, and in case you missed it in the title, here's that root password:
RvShos
No comments:
Post a Comment