Great, now I am looking at hardware firewalls on ebay for a side project to do
-
$1$hwrbwjlu$/Tr8NgIA4oKuqpC.1pnk3.:aaaaaaaaaa
-
Ryan Castellucci :nonbinary_flag:replied to kajer last edited by
@kajer why is it so fabulous?
-
Ryan Castellucci :nonbinary_flag:replied to kajer last edited by
@kajer that's a password an idiot would use on their luggage
-
kajerreplied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc
// changePassword is used by Local User Databa/Users and Administrators
// its main purpose is to replace UI 'password' field with <phash>
// It assumes that UI is responsible for sending password when appropirate
// If password is not changed from UI, <password> must NOT be sent, instead
// original <phash> (if available) must be sent back
static function changePassword(&$jsonArgs) {
if ($jsonArgs) {
if (!is_array($jsonArgs)) {
$jsonArgs = Util::objectToArray($jsonArgs);
}
}
$doc = new DOMDocument();
$doc->preserveWhiteSpace = false;
$editing = is_object($jsonArgs);
$id = $jsonArgs['id'];
// <password> is not part of schema we need to trim it out of final xml data
// to do that, load data, then trim
if (!$jsonArgs['set']) {
$doc->loadXML($jsonArgs['data']);
} else {
// new record: Add wrapper <entry> data..</entry> for loading DOMDocument
$doc->loadXML('<entry>' . $jsonArgs['data'] . '</entry>');
}$domData = $doc->documentElement;
$password = $doc->getElementsByTagName('password')->item(0);
$passChange = false;
$passwordValue = '';
// Debug::log("Raw data " . __LINE__ . ' ' . $jsonArgs['data']);if ($password) {
$foundPhash = false;
$passwordValue = $password->nodeValue;
// NOTE: this routine expecting phash is always sent for password change
$phash = $doc->getElementsByTagName('phash')->item(0);
// hash new password
$template = $jsonArgs['template'];
$tplPart = isset($template) ? "<templatename>$template</templatename>": "";
$opCmd = "<request><password-hash><password>" . Xml::escape($password->nodeValue) . "</password><username>" . Xml::escape($jsonArgs["id"]) . "</username>$tplPart</password-hash></request>";
$phashResult = Direct::noLog("Direct::runOpCommand", array($opCmd));
//<response status="success"><result><phash>$1$hwrbwjlu$/Tr8NgIA4oKuqpC.1pnk3.</phash></result></response>
if ($phashResult["@status"] !== "success") {
$exceptionMessage = "";
if (is_array($phashResult["msg"]["line"])) {
$exceptionMessage = join("\n", $phashResult["msg"]["line"]);
}
else if (is_array($phashResult["msg"])) {
$exceptionMessage = join("\n", $phashResult["msg"]);
} else {
$exceptionMessage = $phashResult["msg"]["line"];
}
$exceptionMessage = str_replace("request -> password-hash ->", "-", $exceptionMessage);
throw new Exception (Xml::escape($exceptionMessage));
}
// trim password
$domData->removeChild($password);
if ($phash) {
$phash->nodeValue = Xml::escape($phashResult['result']['phash']);
$foundPhash = true;
}
// LIBXML_NOXMLDECL does not work
//$jsonArgs->data = $doc->saveXML(null, LIBXML_NOXMLDECL);
$xml = $doc->saveXML();
// Debug::log("Line" . __LINE__ . " xml=" . $xml . ' foundHash=' . $foundPhash);
// need to set start to after XML decl <?xml version="1.0"
$xml = substr_replace($xml, '', 0, strlen('<?xml version="1.0"?>'));
// add new object
$phashXML = '<phash>' . Xml::escape($phashResult['result']['phash']) . '</phash>';
if ($jsonArgs['set']) {
// strip off <entry> and </entry> for 'set' command
$start = strpos($xml, "<entry>");
$xml = substr_replace($xml, '', $start, strlen('<entry>'));
$start = strrpos($xml, "</entry>");
$xml = substr_replace($xml, '', $start, strlen('</entry>'));
if ($foundPhash)
$jsonArgs['data'] = $xml;
else
$jsonArgs['data'] = $xml . $phashXML;
} else { //editing object
if ($foundPhash)
$jsonArgs['data'] = $xml;
else
$jsonArgs['data'] = substr_replace($xml, $phashXML, strrpos($xml, "</entry>"), 0);
}
//Debug::log("Line" . __LINE__ . " data=" . $jsonArgs['data']);
$passChange = true;
$jsonArgs['password'] = $passwordValue;
$jsonArgs['phash'] = $phashResult['result']['phash'];
}
return $passChange;
} -
I was unsuccessful in getting a different OS on the existing motherboard.
PXEboot results in continuous beeping just after trying to get the pxelinux.0 file
Booting FreeBSD11 results in a partial load of the kernel until something beeps and the boot hangs.
Booting various i386 linux is the same, something causes a short beep and the boot process hangs.
I swapped the X6 motherboard with a X11, but with the ASIC installed, the MB won't post.
-
I dug in to the OS a little bit last night after doing hardware stuff. The OS is based on RHEL but can't quite tell which version.
I am thinking I clone the HDD back to another disk, but inject a root password in to the shadow file so I can login to the underlying OS before PanOS takes over getty.
-
kajerreplied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc My guess is: It's a custom bios that supports some sort of additional PCIe expander.
Given the issue that the ASIC card won't let me POST on another newer motherboard, but that is just a guess.
-
If I do manage to boot a vanilla RHEL, I might be able to pillage some device /asic drivers out of the rpm library I found in the disk I mounted.
-
put everything back, but with a video card installed. Managed to stop GRUB in an attempt to get single user mode.
Grub has a MD5crypt password (hashcat -m 500)
yay
I can either change it on disk, or... CRACK IT
-
cool, cool... not in the rockyou.txt I have
Time to fire up my CMIYC cluster... my laptop 940MX won't be up to the abuse I have planned.
-
Ryan Castellucci :nonbinary_flag:replied to kajer last edited by
@kajer never change
