Re: Bypass grub edit protection password

[Juan Pablo <juan.quine () gmail com>]

What have you found in ethernet ports?

Anything ussable?
Maybe a web interfase, it could have some bugs and enter by there.
Or try to analize each port independently, first identify what
protocol is working on each one, then, order your self, to try with
each port as an independently machine.

Did you got the manuals? or have you access to them? what sort of
mecanisms did it use to configure, or to setup the equipment.

Don't think in a onebug-root thing, you have to work in stages, first
identify everything you got of the box, for what it serves, what
services it use, search for many fabric, or support manuals (if there
some), from that, search for each way the equipment has to setup, or
configure, search any possibility to alter something there. Any
default or rescue thing could give you default password access. Then
go for serial, see what can you get, and what can you give to the box,
in order to get something there, have you tried execute grub by
commands manually? so you could get some different access via grub
(see grub documentation, there are some commands might be useful).

Then go each port, try bruteforce, where ever you could, maybe a
customized script. But I start on the web interfases, there always is
some mini bug that could be useful. Spider the site, try a guest user
if not a better one. At least to get more information of files or
services,and with luck some injection.

And continue working with each service. If nothing works, start
fuzzing each service, and go search some 0 day bug.

I have not more ideas at the moment.
I hope that will help.

Juan Pablo.

On Thu, Feb 9, 2012 at 6:08 PM, Carlos Pantelides
<carlos_pantelides () yahoo com> wrote:
> Have you access to any other account? Is there any network service running? Being centos 4.1 (2005-Oct-21 says the 
> mirror) if it is unpatched perhaps you can find a vulnerability and gain more access.
>
>
> nmap it, is sshd running? try 500 most common passwords. Do you have time? try a bigger dictionary.
>
> Carlos Pantelides
>
>
> -----------------
>
>
> http://seguridad-agile.blogspot.com/
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------



-- 

===============================================
|_|0|_| Ing Juan Quiñe, CISSP, OSCP, GISP, ISO 27001 LA, Cobit-F.
|_|_|0| visita: http://hackspy.blogspot.com/
|0|0|0| a.k.a. HaCKsPy - from Security Wari Projects, now PeruSEC

"... hacking is a way to live your life, not a day job or semi-ordered
list of instructions found in a thick book ..." Anthony Bunyan
"... Live your life as if you will die tomorrow but learn as if you
will live forever ..." Mahatma Gandhi
"... Romper un sistema de seguridad los acerca tanto a ser hackers
como encender autos puenteando cables los convierte en ingenieros
automitrices ..."
"... Nada es tan importante, ni tan urgente que no pueda ser hecho con
seguridad ..."

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------