Page 1 of 1
Hacking FireFly 8S
Posted: Thu 29 Mar 29 2018 11:34 pm
by Daniel Wee
Default IP is 192.168.42.1
*use "ifconfig -a" to discover this.
telnet port 23 is open.
root doesn't require password.
default doesn't require password but cannot start shell due to lack of permission.
a8sdk has password a8me but cannot enter home directory due to lack of permission.
Wi-Fi server timesout if no valid connection is made after a few minutes.
/etc/passwd file
Posted: Fri 30 Mar 30 2018 12:00 am
by Daniel Wee
Code: Select all
root:x:0:0:root:/root:/bin/sh
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:100:sync:/bin:/bin/sync
mail:x:8:8:mail:/var/spool/mail:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
operator:x:37:37:Operator:/var:/bin/sh
haldaemon:x:68:68:hald:/:/bin/sh
ftp:x:83:83:ftp:/home/ftp:/bin/sh
nobody:x:99:99:nobody:/home:/bin/sh
sshd:x:103:99:Operator:/var:/bin/sh
default:x:1000:1000:Default non-root user:/home/default:/bin/sh
a8sdk:x:1001:1001:Linux User,,,:/home/a8sdk:/bin/sh
dbus:x:81:81:DBus messagebus user:/var/run/dbus:/bin/false
Re: Hacking FireFly 8S
Posted: Fri 30 Mar 30 2018 12:05 am
by Daniel Wee
Code: Select all
root::0:0:99999:7:::
bin:*:10933:0:99999:7:::
daemon:*:10933:0:99999:7:::
adm:*:10933:0:99999:7:::
lp:*:10933:0:99999:7:::
sync:*:10933:0:99999:7:::
shutdown:*:10933:0:99999:7:::
halt:*:10933:0:99999:7:::
uucp:*:10933:0:99999:7:::
operator:*:10933:0:99999:7:::
ftp:*:10933:0:99999:7:::
nobody:*:10933:0:99999:7:::
default::10933:0:99999:7:::
a8sdk:HHTiH8SGMjHoM:0:0:99999:7:::
dbus:*:::::::
Re: Hacking FireFly 8S
Posted: Fri 30 Mar 30 2018 12:10 am
by Daniel Wee
From the examination of the passwd and shadow password files, it looks like only one user may log into the ssh shell:-
a8sdk with the password hash of HHTiH8SGMjHoM
We'll have to have a go at cracking this.
./hashcat64.bin -m 1500 HHTiH8SGMjHoM -a 3
Cracked!
password is a8me