LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Closed Thread
  Search this Thread
Old 08-24-2014, 06:27 PM   #1
thething
LQ Newbie
 
Registered: Aug 2014
Posts: 1

Rep: Reputation: Disabled
Question Editing root password /etc/passwd and /etc/shadow is not working


I have a Seowonintech WiMAX router series 9x00. The router is running linux. I want to access the shell in order to learn about it more. Using a hack at a form in the router's webUI I am able to (painstakingly) execute root privileged commands that doesn't require user input and "> OR >>" operators don't work. Using nmap it appears SSH is working on port 22 using "Dropbear sshd 0.52".

The issue is that root password is not known. A quick look at /etc/passwd shows:
Code:
root:$1$QNYY***HASH****ytJk5y/4s0Q/:0:0:root:/root:/bin/sh
admin:$1$QNYY***HASH****ytJk5y/4s0Q/:0:0:root:/root:/bin/sh
demo:x:5000:5000:Demo User:/home/demo:/bin/bash
maintain:x:6000:6000:maintainer:/var:/bin/sh
nobody:*:32767:32767:Nobody:/home/demo:/bin/bash
And a look at /etc/shadow shows:
Code:
root:$1$UUvyj5qY***HASH****ETrrdRSr0:13768:0:99999:7:::
After googling I tried to change the root password using a sed command and ended up with /etc/shadow showing:
Code:
root:root1234:13768:0:99999:7:::
But after trying to SSH into the router the new password is not working (even after reboot)!!. I tried then to add another line to /etc/shadow for the admin user, and the /etc/shadow I ended up with is:
Code:
admin:root123:13768:0:99999:7:::
root:root1234:13768:0:99999:7:::
Still no luck using the new passwords over SSH. I even tried changing the /etc/passwd into this:
Code:
root:root1234:0:0:root:/root:/bin/sh
admin:root1234:0:0:root:/root:/bin/sh
demo:root1234:5000:5000:Demo User:/home/demo:/bin/bash
maintain:root1234:6000:6000:maintainer:/var:/bin/sh
nobody:*:32767:32767:Nobody:/home/demo:/bin/bash
Still not working. Any thoughts on what is the reason that editing /etc/shadow is not working?, or simply any advice how to be able to access the device shell using ssh?

Thanks in advance!

Note: I tried using hydra to brute it out but it stops after the first trial with no error messages.

Last edited by thething; 08-24-2014 at 06:33 PM.
 
Old 08-24-2014, 06:37 PM   #2
notKlaatu
Senior Member
 
Registered: Sep 2010
Location: Wellington, New Zealand
Distribution: Slackware, Fedora, NetBSD
Posts: 1,071

Rep: Reputation: 725Reputation: 725Reputation: 725Reputation: 725Reputation: 725Reputation: 725Reputation: 725
Cool hack. Sounds like something you should report to the vendor.
 
Old 08-25-2014, 02:37 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Indeed. We have no means to verify if you are legally entitled to muck with the router in this way so I judge this not a question suitable for LQ. Since this is the current status: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Seowon do contact wimax@seowonintech.co.kr and upgrade the devices firmware.
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Deleted root from passwd and shadow file adloaiz Linux - Newbie 1 10-07-2010 02:34 PM
How can i check a string with actual user passwd (ie password in /etc/shadow) iamjayanth Linux - Software 6 09-29-2009 02:34 AM
user password failed after migrating /etc/shadow, /etc/passwd ect from SUSE9 to CenOS monkeyxu Linux - Newbie 1 05-21-2009 10:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration