Root Password - Documents - Docslide [PDF]

Upload (/upload/document.html)

LEADERSHIP (/CATEGORY/LEADERSHIP-MANAGEMENT.HTML)

MARKETING (/CATEGORY/MARKETING.HTML)

Login (/login.html?back=https%3A%2F%2Fdocslide.net%2Fdocuments%2Froot-password.html)

EDUCATION (/CATEGORY/EDUCATION.HTML) Search document...

TECHNOLOGY (/CATEGORY/TECHNOLOGY.HTML)

DESIGN (/CATEGORY/DESIGN.HTML)

MORE TOPICS (/CATEGORY.HTML)

SEARCH

Home (/) / Documents (/category/documents.html) / Root Password (/documents/root-password.html)



Download

1

of 63

RECOMMENDED

(/download/link/root-password) All materials on our website are shared by users. If you have any questions about copyright issues, please report (/document/report/root-password) us to resolve them. We

(/documents/rootpassword.html)

Reset Root Password

are always happy to assist you.

ROOT PASSWORD

1,242

views

by amandeep-singh

on Oct 27, 2014 Report (/document/report/root-password)

(/technology/reset-root-password.html)

Category: DOCUMENTS

Download: 40 CUCM Linux Root Password Recover

Comment: 0

Reset the passwords of the CUCM Page 1 of 4 « RIP timer Cisco » Reset the passwords of the CUCM There are three kinds of CUCM (/documents/cucm-linux-root-passwordpassword : administrator…

(/category/documents.html) Like 0

Tweet

Share Share

0

Share

Comments

recover.html)

Description Download Root Password

Transcript Certified Penetration Tester (CPT) Practical Examination Report Matthew Tiedeman [email protected] February 21st, 2009 Contents 1. 2. 3. 4. Overview.......................................................................................4 Assumptions..................................................................................4 Tools.............................................................................................4 Penetration test details....................................................................5 A. Scanning...................................................................................5 i. Baseline scan of network..........................................................5 ii. Port scanning and OS fingerprinting...........................................5 iii. Service fingerprinting - TCP services.........................................7 iv. Service fingerprinting - Validation of Apache HTTP service............9 v. SNMP enumeration................................................................11 vi. Service fingerprinting - UDP services.......................................13 B. Sites used during the exploit research phase.................................14 C. Remote exploits........................................................................15 i. Research via anyside.org.........................................................15 ii. Exploits – round 1.................................................................18 iii. Research via secwatch.org.....................................................19 iv. Exploits – round 2.................................................................19 D. User discovery..........................................................................19 i. Abuse of finger......................................................................19 E. Brute force password guessing....................................................21 i. Discovery of password for “user” account..................................21 ii. Discovery of password for “cptvm1” and “cptvm2” accounts........23 F. Research of cptvm1 and cptvm2 hosts..........................................25 i. cptvm1.................................................................................25 ii. cptmv2................................................................................27 G. Penetration of cptvm1...............................................................29 i. Local exploit research via anyside.org.......................................29 ii. Local exploit research via secwatch.org....................................32 iii. Privilege escalation using a Kernel VMA exploit..........................33 iv. Maintaining access via creation of a new “r00t” account.............34 v. Gathering the shadow password file.........................................35 H. Cracking passwords of the cptvm1 host.......................................35 i. Cracking of “user”, “cptvm1” and “cptvm2”................................35 I. Penetration of cptvm2................................................................36 i. Privilege escalation using a Kernel vmsplice exploit.....................36 ii. Maintaining access via creation of a new “r00t” account..............37 iii. Gathering the shadow password file........................................38 J. Cracking passwords of the cptvm2 host........................................39 i. Cracking of “cptvm1”, “cptvm2”, “root” and “r00t”.......................39 K. Cracking passwords of the cptvm1 host – round 2.........................40 i. Cracking of “root” and “r00t”...................................................40 L. Ultimate goal............................................................................43 i. Cptvm1 and ctpvm2 hosts compromised...................................43 ii. Passwords for root accounts on cptvm1 and cptvm2...................43 M. Lessons learned.......................................................................43 i. Searching exploit sites............................................................43 ii. Attack vectors.......................................................................44 5. Appendix.....................................................................................44 A. Source code for the Kernel 2.4 VMA exploit...................................44 B. Source code for the Kernel 2.6 vmsplice exploit.............................59 1. Overview The certified pen tester practical examination consists of the compromising of two VMware virtual machines, the recovery of the root passwords for each system and the creation of a penetration report. The penetration report will contain, at a minimum, the details of all of the penetration test findings and a prioritized list of the vulnerabilities discovered. The penetration report should be submitted for review to: [email protected] The following information was provided as part of the examination documentation: ! Virtual machine 1 (cptvm1) – VM containing a Linux system. " The system has the following static configuration: # IP Address: 192.168.1.200 # Netmask: 255.255.255.0 # Gateway: 192.168.1.254 # DNS: 192.168.1.254 ! Virtual machine 2 (cptvm2) – VM containing a Linux system. " The system has been configured to gain its network information via DHCP. ! Information gathered from one of the VM's during the penetration test may be required in order to compromise the other VM. 2. Assumptions ! ! While the penetration testing process consists of 5 phases (reconnaissance, scanning, penetration, maintaining connectivity and covering tracks), the reconnaissance and covering tracks phases will not be covered within this report. Stealthy scanning and penetration techniques will not be used. 3. Tools The following tools were used during the completion of the penetration testing practical examination. ! back|track3 – Collection of penetration tester utilities. ! VMware Fusion – VMware virtual host software for OSX. ! Apple OSX – Host operating system used to execute VMware Fusion. ! nmap – Port scanning, fingerprinting, “swiss army knife” utility. ! httprint – HTTP fingerprinting utility. ! snmpenum.pl – SNMP enumeration utility. ! vi – Text editor. ! emacs – A “swiss army knife” editor (text/source code/etc). ! gcc – C, etc compiler. ! tftp – Trivial File Transfer Protocol client ! ssh – Secure shell client ! ! ! ! ! ! ! ! finger – Finger utility. bash shell scripting – Small scripts and main interactive shell. sed – A stream editing utility. awk – Lightweight regular expression text scripting utility. sort – Unix text sort utility. hydra – Multiple protocol dictionary attack utility. aspell – Dictionary utility. John the ripper, password cracker. 4. Penetration test details A. Scanning i. Baseline scan of network An initial scan of the network was performed to establish a baseline of the network configuration. The gateway (192.168.1.1), host computer (192.168.1.30), back| track3 (192.168.1.102), cptvm2 (192.168.1.104) and cptvm1 (192.168.1.200) were identified. At this point, the identification of the hosts and their use comes mainly from the exam documentation and the knowledge of how the local network is configured. bt live # nmap sP -n 192.168.1.1/24 Starting Nmap 4.60 ( http://nmap.org ) at 2009-01-19 07:59 GMT Host 192.168.1.1 appears to be up. MAC Address: XX:XX:XX:XX:XX:XX (Cisco-Linksys) Host 192.168.1.30 appears to be up. MAC Address: XX:XX:XX:XX:XX:XX (Apple Computer) Host 192.168.1.102 appears to be up. MAC Address: XX:XX:XX:XX:XX:XX (Apple Computer) Host 192.168.1.104 appears to be up. MAC Address: 00:0C:29:3B:43:BC (VMware) Host 192.168.1.200 appears to be up. MAC Address: 00:0C:29:27:60:0A (VMware) Nmap done: 256 IP addresses (4 hosts up) scanned in 3.269 seconds From the information gathered during this step, the systems of interest are configured as follows: cptvm1 (192.168.1.200) cptvm2 (192.168.1.104) ii. Port scanning and OS fingerprinting To determine the open ports and host operating system, a port scan and OS fingerprint of the specific VM IP addresses was conducted. The port scan included all TCP ports from 1 to 65535. Due to the differences between TCP and UDP, the UDP scan was completed only on ports from 1 to 1024. Based upon the list of open ports, it can be concluded that cptvm1, 192.168.1.200, is most likely a server. While cptvm2, 192.168.1.104, is most likely a client workstation. bt live # nmap -sS -O -n -p1-65535 192.168.1.200 192.168.1.104 Starting Nmap 4.60 ( http://nmap.org ) at 2009-01-20 12:04 GMT Interesting ports on 192.168.1.200: Not shown: 65517 closed ports PORT STATE SERVICE 7/tcp open echo 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 79/tcp open finger 80/tcp open http 109/tcp open pop2 110/tcp open pop3 111/tcp open rpcbind 143/tcp open imap 199/tcp open smux 443/tcp open https 686/tcp open unknown 993/tcp open imaps 995/tcp open pop3s 6000/tcp open X11 32768/tcp open unknown 32770/tcp open sometimes-rpc3 MAC Address: 00:0C:29:27:60:0A (VMware) Device type: general purpose Running: Linux 2.4.X OS details: Linux 2.4.18 - 2.4.32 (likely embedded) Uptime: 0.121 days (since Tue Jan 20 09:11:03 2009) Network Distance: 1 hop Interesting ports on 192.168.1.104: Not shown: 65532 closed ports PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind 939/tcp open unknown MAC Address: 00:0C:29:3B:43:BC (VMware) Device type: general purpose Running: Linux 2.6.X OS details: Linux 2.6.9 2.6.23 Uptime: 0.106 days (since Tue Jan 20 09:32:16 2009) Network Distance: 1 hop OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 2 IP addresses (2 hosts up) scanned in 19.321 seconds bt live # nmap -sU -T5 -n -p1-1024 192.168.1.200 192.168.1.104 Starting Nmap 4.60 ( http://nmap.org ) at 2009-01-20 15:53 GMT Warning: Giving up on port early because retransmission cap hit. Stats: 0:00:20 elapsed; 0 hosts completed (2 up), 2 undergoing UDP Scan UDP Scan Timing: About 22.18% done; ETC: 15:54 (0:01:11 remaining) Stats: 0:00:22 elapsed; 0 hosts completed (2 up), 2 undergoing UDP Scan UDP Scan Timing: About 24.37% done; ETC: 15:54 (0:01:09 remaining) Stats: 0:00:22 elapsed; 0 hosts completed (2 up), 2 undergoing UDP Scan UDP Scan Timing: About 24.89% done; ETC: 15:54 (0:01:08 remaining) Stats: 0:00:23 elapsed; 0 hosts completed (2 up), 2 undergoing UDP Scan UDP Scan Timing: About 25.05% done; ETC: 15:54 (0:01:08 remaining) Interesting ports on 192.168.1.200: Not shown: 870 open|filtered ports, 151 closed ports PORT STATE SERVICE 7/udp open echo 13/udp open daytime 37/udp open time MAC Address: 00:0C:29:27:60:0A (VMware) All 1024 scanned ports on 192.168.1.104 are open|filtered (872) or closed (152) MAC Address: 00:0C:29:3B:43:BC (VMware) Nmap done: 2 IP addresses (2 hosts up) scanned in 146.229 seconds From the information gathered during this step, the systems of interest are configured as follows: cptvm1 (192.168.1.200) Operating system: Linux Kernel version: Linux 2.4.18 - 2.4.32 TCP ports: 7, 21, 22, 23, 79, 80, 109, 110, 111, 143, 199, 443, 686, 993, 995, 6000, 32768, 32770 UDP ports: 7, 13, 37 cptvm2 (192.168.1.104) Operating system: Linux Kernel version: Linux 2.6.9 - 2.6.23 TCP ports: 22, 111, 939 iii. Service fingerprinting - TCP services As a TCP port number does not directly identify a service, fingerprinting of the services listening on the ports is required. The majority of the TCP services were fingerprinted via nmap. The remaining services, port 109, port 993 and port 995 will require further research to properly fingerprint. bt live # nmap -sV --version-all -n p7,21-23,79,80,109111,143,199,443,686,993,995,6000,32768,32770 192.168.1.200 Starting Nmap 4.60 ( http://nmap.org ) at 2009-01-20 12:27 GMT Interesting ports on 192.168.1.200: PORT STATE SERVICE VERSION 7/tcp open echo 21/tcp open ftp vsftpd 1.1.3 22/tcp open ssh OpenSSH 3.5p1 (protocol 1.99) 23/tcp open telnet Linux telnetd 79/tcp open finger Linux fingerd 80/tcp open http Apache httpd 2.0.40 ((Red Hat Linux)) 109/tcp open pop2? 110/tcp open pop3 ipopd 2001.78rh 111/tcp open rpcbind 2 (rpc #100000) 143/tcp open imap UW Imapd 2001.315rh 199/tcp open smux Linux SNMP multiplexer 443/tcp open ssl/http Apache httpd 2.0.40 ((Red Hat Linux)) 686/tcp open rquotad 1-2 (rpc #100011) 993/tcp open imaps? 995/tcp open pop3s? 6000/tcp open X11 (access denied) 32768/tcp open status 1 (rpc #100024) 32770/tcp open mountd 1-3 (rpc #100005) 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port109-TCP:V=4.60%I=9%D=1/20%Time=4975C33E%P=i686-pc-linux-gnu%r(Gener SF:icLines,4B,"\+\x20POP2\x20\[192\.168\.1\.200\]\x20v2001\.63rh\x20server SF:\x20ready\r\n\x20Missing\x20or\x20null\x20command\r\n")%r(Verifier,60, SF:"\+\x20POP2\x20\ [192\.168\.1\.200\]\x20v2001\.63rh\x20server\x20ready\r SF:\n\x20Bogus\x20or\x20out\x20of\x20sequence\x20command\x20-\x20SUBSCRIB SF:E\r\n"); MAC Address: 00:0C:29:27:60:0A (VMware) Service Info: Host: 192.168.1.200; OSs: Unix, Linux Service detection performed. Please

Manual Cambio Password Root Centos MANUAL CAMBIO CONTRASEÑA USUARIO ROOT Antes de comenzar este manual es necesario aclarar que el cambio de la (/documents/manual-cambio-password-rootcontraseña es un proceso critico del sistema y centos.html) por ese motivo…

Solaris 10 forget root password 1. MD. BUDRUL HASAN BHUIYAN SOLARIS 10 FORGET ROOT PASSWORD Step 1: Boot the Server from CDROM Step 2: Step 3: 2. (/technology/solaris-10-forget-rootMD. BUDRUL HASAN BHUIYAN Step 4: Step password.html)5: 3. MD. BUDRUL HASAN…

Reset Root Password Zfs Boot File System {0} ok boot cdrom -s SC Alert: Host System has Reset Probing system devices Probing memory Probing I/O buses Sun Fire V240, No (/documents/reset-root-password-zfs-boot-fileKeyboard Copyright 2007 Sun Microsystems, system.html) Inc.…

Changing a Forgotten Root Password on Aix Changing a forgotten root password on AIX: 1. Insert the product media for the same version and level as the current installation into the (/documents/changing-a-forgotten-rootappropriate drive. 2. Power on… password-on-aix.html)

Recuperar password de root en linux centos Guia de pasos para recuperar el password del root en Linux Centos (/technology/recuperar-password-de-root-enlinux-centos.html)

Sudo-User for Resetting Root Password AmitS Sudo user for resetting root password Installation: mkdir /amit cd /amit bash-2.05# mkdir /export/home/labadmin bash-2.05# (/documents/sudo-user-for-resetting-rootuseradd -o -u100 -g3 -d/export/home/labadmin s/bin/bash… password-amits.html)

Cara Mengembalikan Password Root yang Hilang Instan Sotusi Tutorial Berita UlasanUtama Bisnis Alternatif Praktik I I I I I I I Solusilbmi BuatAnda Password Mengembalikan Cara (/documents/cara-mengembalikan-password-root-yangyang Root Hilang :;:: ^::.T, wli#'… hilang.html)

Best Way to reset Root Password in Solaris 10 The exact procedure to reset root password differes in different OS and in Unix it esentially involves booting with OS CD in standalone (/documents/best-way-to-reset-root-password-inmode and then editing the passwd or… solaris-10.html)

Root user password is missing or forgot for linux Root user password is missing or forgot for linux (/software/root-user-password-is-missing-or-forgot-forlinux.html)

Don Crawley Article--How to Prevent Root Password Guessing Attacks Don Crawley Article--How to Prevent Root Password Guessing Attacks (/documents/don-crawley-article-how-to-prevent-rootpassword-guessing-attacks.html)

Root UNIT 1 arch = chief, rule ( , ) arch( arch( ) arch( ) an( ) archbishop…

)

(/documents/root54785bb5b4af9f59058b456e.html)

Root Root Bluestack build 0.7.5.2700 file root.fs ini udah ane edit (udah di custom rom bluestacksnya) ada beberapa tambahan app + fix superuser lihat dibawah changelognya (/documents/root544f3d4ab1af9f2f258b4844.html) seperti… root Lecture Notes for Algorithm Analysis and Design Sandeep Sen 1 November 15, 2009 1 Department of Computer Science and (/documents/root.html) Engineering, IIT Delhi, New Delhi 110016, India. E-mail:[email protected]… Root root slide

(/documents/root55cf8548550346484b8c54a0.html)

Root 1.Eastern Shore Rural Health System Dental Program:Partnering with Accomac County Public Schools,Eastern Shore of Virginia Dr. (/healthNoel Root, Dental DirectorEastern Shore Rural… medicine/root554b8002b4c90574668b47fd.html)

Root 1.Oleh: Triyo Rachmadi, S.Kep. 2. KOMPETENSI KHUSUSMengetahui bentuk2 ROOTMenggunakan bentuk2 ROOT (/healthdlmTerminologiMenganalisa penggunaan ROOT padaTerminologi 3. ROOT:unsur… medicine/root554b7f1cb4c9056d5f8b499b.html)

root 1.ROOTIntrodu¸˜o caInforma¸˜es coDesafiosGrid O Framework ROOTB´sico a N˜o apenas para f´a ısicosSerializa¸˜o… (/documents/root554b7f5ab4c90561588b4b49.html)

Root 1. Solution of Nonlinear Equations 1 Introduction Finding the solutions of the nonlinear equations occurs often in the scientific computing. For example, let us (/documents/root55b78800bb61eb34268b470d.html) consider…

View more (https://docslide.net/search/? q=Root+Password)

Subscribe to our Newsletter for latest news.

NEWLETTER

We built a platform for members to share documents and knowledge. And we are not related to any other website. (Our website list) (https://docslide.us/about.html)

About

(/about.html) Terms

(/info/dmca.html) Contact STARTUP - SHARE TO SUCCESS

(https://www.facebook.com/docslide.net)

(/info/terms.html) DMCA

(/contacts.html)

(https://twitter.com/docslide_net)

(https://www.google.com/+DocslideNet)