Page 1 of 1

Hacking FireFly 8S

Posted: Thu 29 Mar 29 2018 11:34 pm
by Daniel Wee
Default IP is 192.168.42.1
*use "ifconfig -a" to discover this.

telnet port 23 is open.

root doesn't require password.
default doesn't require password but cannot start shell due to lack of permission.
a8sdk has password a8me but cannot enter home directory due to lack of permission.

Wi-Fi server timesout if no valid connection is made after a few minutes.

/etc/passwd file

Posted: Fri 30 Mar 30 2018 12:00 am
by Daniel Wee

Code: Select all

root:x:0:0:root:/root:/bin/sh
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:100:sync:/bin:/bin/sync
mail:x:8:8:mail:/var/spool/mail:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
operator:x:37:37:Operator:/var:/bin/sh
haldaemon:x:68:68:hald:/:/bin/sh
ftp:x:83:83:ftp:/home/ftp:/bin/sh
nobody:x:99:99:nobody:/home:/bin/sh
sshd:x:103:99:Operator:/var:/bin/sh
default:x:1000:1000:Default non-root user:/home/default:/bin/sh
a8sdk:x:1001:1001:Linux User,,,:/home/a8sdk:/bin/sh
dbus:x:81:81:DBus messagebus user:/var/run/dbus:/bin/false

Re: Hacking FireFly 8S

Posted: Fri 30 Mar 30 2018 12:05 am
by Daniel Wee

Code: Select all

root::0:0:99999:7:::
bin:*:10933:0:99999:7:::
daemon:*:10933:0:99999:7:::
adm:*:10933:0:99999:7:::
lp:*:10933:0:99999:7:::
sync:*:10933:0:99999:7:::
shutdown:*:10933:0:99999:7:::
halt:*:10933:0:99999:7:::
uucp:*:10933:0:99999:7:::
operator:*:10933:0:99999:7:::
ftp:*:10933:0:99999:7:::
nobody:*:10933:0:99999:7:::
default::10933:0:99999:7:::
a8sdk:HHTiH8SGMjHoM:0:0:99999:7:::
dbus:*:::::::

Re: Hacking FireFly 8S

Posted: Fri 30 Mar 30 2018 12:10 am
by Daniel Wee
From the examination of the passwd and shadow password files, it looks like only one user may log into the ssh shell:-

a8sdk with the password hash of HHTiH8SGMjHoM

We'll have to have a go at cracking this.
./hashcat64.bin -m 1500 HHTiH8SGMjHoM -a 3

Cracked!

password is a8me