07-25-2006, 09:39 AM | #1 |
Uebermensch
Posts: 2,583
Karma: 1094606
Join Date: Jul 2003
Location: Italy
Device: Kindle
|
Thoughts on 2.5 and root password
I was just thinking what should we do if we cannot crack the root password using conventional mentions like John The Ripper, at least not in a suitable time? Possibilities:
- start a distributed brute-force attack - stick to 2.4 (I know, bad idea ) - sniff the traffic to catch the 2.5 flash update. Save it to a file, hex it on a PC to change password, then manually put it back on the iRex and run the flash upgrade routines. Any more ideas or possible solutions? |
07-25-2006, 09:59 AM | #2 |
iLiad Maniac
Posts: 1,382
Karma: 2369
Join Date: Apr 2006
Location: Germany
Device: Bookeen Opus (i love that thing) and iPad (what an irony)
|
we could easily replace it with a password of our choice. But i would like to have it cracked rather, so we dont have to fiddle with the passwd file.
|
Advert | |
|
07-25-2006, 10:00 AM | #3 |
Addict
Posts: 261
Karma: 156
Join Date: Jul 2006
Device: iliad
|
we don't need to crack the root password, i think.
with netcat we spawned a root shell, i think. so we can just create a new password hash for the passwd file and insert it there. it only works till the next update, so cracking the password is only useful for the future. Or we just add a new user with superuser privilegues Did i say we? I meant you. I'm just watching :P |
07-25-2006, 10:12 AM | #4 |
Uebermensch
Posts: 2,583
Karma: 1094606
Join Date: Jul 2003
Location: Italy
Device: Kindle
|
I see where you guys are getting... love the netcat idea... trust me Dher, I am quite upset myself about your misfortune. Let's hope you can get your iLiad fixed asap.
If we had the real password, couldn't iRex just replace it again with another one during the next update? I think it doesn't really matter whether we have the real password or just replace it with our own. |
07-25-2006, 10:18 AM | #5 |
Junior Member
Posts: 1
Karma: 10
Join Date: Jul 2006
|
why don't you just overwrite the current (new) passwd file with the old one?
doing this will result in a root account without password. then create client certificates on your computer and store the public key of the certificate in the file ~/.ssh/authorized_keys (on the iliad) if you do this and iRex does not fiddle with the userhomes you will always have root access with ssh. |
Advert | |
|
07-25-2006, 10:52 AM | #6 |
Addict
Posts: 261
Karma: 156
Join Date: Jul 2006
Device: iliad
|
is there still a ssh daemon in 2.5 or did they remove it completely?
If it's still there, the idea with the user certificate is really great. |
07-25-2006, 11:11 AM | #7 | |
iLiad Geek
Posts: 110
Karma: 10
Join Date: Jul 2006
Location: Regensburg / Germany
Device: iLiad #505; Sony T1, Amazon Paperwhite first Gen & sec is coming!
|
Quote:
|
|
07-25-2006, 11:11 AM | #8 | |
Guru
Posts: 607
Karma: 2157
Join Date: Oct 2005
Device: NCR3125, Nokia 770,...
|
Quote:
BTW, I have found that a funny system to execute things is to use cntrl-P in the first page of a pdf file, and then selecting the "print command". |
|
07-25-2006, 11:18 AM | #9 | |
Member
Posts: 20
Karma: 56
Join Date: Jul 2006
Location: Hamburg, Germany
Device: IRex Iliad
|
Quote:
|
|
07-25-2006, 11:21 AM | #10 | |
Member
Posts: 20
Karma: 56
Join Date: Jul 2006
Location: Hamburg, Germany
Device: IRex Iliad
|
Quote:
|
|
07-25-2006, 11:24 AM | #11 | |
Guru
Posts: 607
Karma: 2157
Join Date: Oct 2005
Device: NCR3125, Nokia 770,...
|
Quote:
Secondly, if the ssh is removed... are you using netcat or similar tricks, or just navegating across the html? Or does it the xrvt work? |
|
07-25-2006, 11:35 AM | #12 |
iLiad Geek
Posts: 110
Karma: 10
Join Date: Jul 2006
Location: Regensburg / Germany
Device: iLiad #505; Sony T1, Amazon Paperwhite first Gen & sec is coming!
|
We could simply use the tar.gz from the 2.4 version to restore the sshd
|
07-25-2006, 11:37 AM | #13 |
Member
Posts: 20
Karma: 56
Join Date: Jul 2006
Location: Hamburg, Germany
Device: IRex Iliad
|
Yes I took the 3 steps completely...
I used the new hacking pdf from Dher in conjunction with netcat for windows to gain console access... the pdf-execution is still working |
07-25-2006, 11:51 AM | #14 | |
Guru
Posts: 607
Karma: 2157
Join Date: Oct 2005
Device: NCR3125, Nokia 770,...
|
Quote:
https://www.mobileread.com/forums/sho...1&postcount=28 Well I will try to upgrade and to provide a non-network hacking method, assuming the pdf execution still works. I hope your 2.5 is 2.5b and not 2.5a (there is some comment about a earlier corrected on the flight) |
|
07-25-2006, 10:53 PM | #15 | |
Member
Posts: 24
Karma: 10
Join Date: Jun 2006
Location: Townsville, AU
Device: Iliad & REB1100
|
Quote:
EDIT: Oops, CTRL-p implies a keyboard and PC, not the Illiad. My bad. However, if he can still access the UI, loading a pdf/script/etc on CF/USB and killing the process that way might still be possible. My Illiad is still a long way from delivery, so this is just speculation on my part. Last edited by astfgl; 07-25-2006 at 10:58 PM. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
How to root the Alex eReader | Bluebrain | Spring Design Alex | 22 | 08-10-2013 06:43 PM |
Classic Soft Root for 1003 SN? | bruenorz | Nook Developer's Corner | 7 | 09-07-2010 02:16 PM |
Classic Few questions regarding root | shrktank | Nook Developer's Corner | 4 | 02-15-2010 12:50 PM |
Getting a root shell | guylhem | Sony Reader Dev Corner | 4 | 02-27-2009 05:24 AM |
iLiad dropbear ssh: how to change root password? | daudi | iRex Developer's Corner | 2 | 01-10-2008 04:49 PM |