Default IP is 192.168.42.1
*use "ifconfig -a" to discover this.
telnet port 23 is open.
root doesn't require password.
default doesn't require password but cannot start shell due to lack of permission.
a8sdk has password a8me but cannot enter home directory due to lack of permission.
Wi-Fi server timesout if no valid connection is made after a few minutes.
Hacking FireFly 8S
-
- Site Admin
- Posts: 2449
- Joined: Wed 25 Feb 25 2009 8:00 pm
/etc/passwd file
Code: Select all
root:x:0:0:root:/root:/bin/sh
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:100:sync:/bin:/bin/sync
mail:x:8:8:mail:/var/spool/mail:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
operator:x:37:37:Operator:/var:/bin/sh
haldaemon:x:68:68:hald:/:/bin/sh
ftp:x:83:83:ftp:/home/ftp:/bin/sh
nobody:x:99:99:nobody:/home:/bin/sh
sshd:x:103:99:Operator:/var:/bin/sh
default:x:1000:1000:Default non-root user:/home/default:/bin/sh
a8sdk:x:1001:1001:Linux User,,,:/home/a8sdk:/bin/sh
dbus:x:81:81:DBus messagebus user:/var/run/dbus:/bin/false
-
- Site Admin
- Posts: 2449
- Joined: Wed 25 Feb 25 2009 8:00 pm
Re: Hacking FireFly 8S
Code: Select all
root::0:0:99999:7:::
bin:*:10933:0:99999:7:::
daemon:*:10933:0:99999:7:::
adm:*:10933:0:99999:7:::
lp:*:10933:0:99999:7:::
sync:*:10933:0:99999:7:::
shutdown:*:10933:0:99999:7:::
halt:*:10933:0:99999:7:::
uucp:*:10933:0:99999:7:::
operator:*:10933:0:99999:7:::
ftp:*:10933:0:99999:7:::
nobody:*:10933:0:99999:7:::
default::10933:0:99999:7:::
a8sdk:HHTiH8SGMjHoM:0:0:99999:7:::
dbus:*:::::::
-
- Site Admin
- Posts: 2449
- Joined: Wed 25 Feb 25 2009 8:00 pm
Re: Hacking FireFly 8S
From the examination of the passwd and shadow password files, it looks like only one user may log into the ssh shell:-
a8sdk with the password hash of HHTiH8SGMjHoM
We'll have to have a go at cracking this.
./hashcat64.bin -m 1500 HHTiH8SGMjHoM -a 3
Cracked!
password is a8me
a8sdk with the password hash of HHTiH8SGMjHoM
We'll have to have a go at cracking this.
./hashcat64.bin -m 1500 HHTiH8SGMjHoM -a 3
Cracked!
password is a8me