**** BEGIN LOGGING AT Mon Apr 23 02:59:58 2012 Apr 24 00:39:44 I've lost the root password for ssh-ing my guruplug...I was out of the country for 6 months and came back having forgot it. However, the samba password is still nosoup4u...I have no JTAG board...is there any hope for me? Apr 24 00:51:24 i'm trying to regain root access, if i didn't make that clear Apr 24 00:57:39 mrgary: what do you have exported through samba? Apr 24 00:58:12 Tootoot222: all that's there is usb, usb0, usb1, ... usb7 Apr 24 00:59:23 mrgary: you don't have any regular users via ssh with sudo? Apr 24 00:59:31 or perhaps a ssh rsa key you can use to login to root with? Apr 24 01:01:03 I can't remember any user's name or password on the box and I don't think I had any keys either Apr 24 01:01:32 lol Apr 24 01:01:36 is samba the only service you have running? Apr 24 01:01:49 I honestly can't remember...how can I check for other services? Apr 24 01:01:54 nmap Apr 24 01:02:10 (from another box on the same network, nmap 192.168.1.123 ) Apr 24 01:02:33 I think I did something strange too, cause 192.168.1.1 (its IP) resolves to a 404 page Apr 24 01:04:14 where is the filesystem running from? the internal nand? Apr 24 01:04:42 as far as i know Apr 24 01:06:37 I'm installing nmap here soon to scan it Apr 24 01:13:52 ftp, ssh, port 53 (?), rpcbind (111), netbios (139), 445 (micrisoft-ds?) are all open Apr 24 01:18:13 if it still has the default ssh key, can we use that to exploit it? I read on discarded-ideas.org/guruconfig that all plugs are shipped wit the same SSH host keys on each one Apr 24 01:20:07 i don't think there's any default ssh key Apr 24 01:20:17 and you don't have the private key that goes with it even if it did Apr 24 01:20:28 what is accessable via ftp? Apr 24 01:20:51 I can't get in via ftp...I can just see that the port's open Apr 24 01:21:11 no anonymous logins? Apr 24 01:22:23 I get Login incorrect trying to login anonymously Apr 24 01:24:53 well then Apr 24 01:25:11 i'd say get john the ripper and start bruetforcing the password =p Apr 24 01:25:16 or try to remember what you set it to Apr 24 01:25:33 without a jtag and no running services there's not a whole lot else you can really do Apr 24 01:26:03 haha I've been trying to remember all night Apr 24 01:26:06 thanks for your help :) Apr 24 01:26:21 how likely do you think it is some kind soul would lend me their jtag? Apr 24 01:27:09 yeah, i doubt that's all too likely Apr 24 01:27:26 I figured :) Apr 24 01:27:34 they're not too terribly expensive, and they're good to keep around, they work with any sort of jtag or uart device Apr 24 01:28:33 somebody made their own jtag stuff using individual parts and the cost came out to about the same as globalscale sells them for Apr 24 01:28:51 mrgary: the only other thing i could think of, is if your system was setup for multiboot Apr 24 01:28:57 you could put an sd card or something in and boot it from there Apr 24 01:29:07 then mount the nand and change the password Apr 24 01:29:10 no, it's pretty vanills I think Apr 24 01:29:39 did you buy it from globalscale or newit? Apr 24 01:31:13 globalscale Apr 24 01:31:28 ah Apr 24 01:31:34 yeah, i'm out of ideas then =p Apr 24 01:31:45 haha how would newit have helped? Apr 24 01:32:01 they make all of their plugs multiboot capeable Apr 24 01:32:42 ah Apr 24 02:11:20 So how do I go about changing the root password once I Get a jtag board? Apr 24 02:21:29 mrgary: 2 ways Apr 24 02:21:37 you could add "single" on to the end of the boot line for the kernel Apr 24 02:21:46 which will drop you into a root shell halfway through the boot process Apr 24 02:21:54 or you could boot from alternate media Apr 24 02:22:12 mount the nand and overwrite the line in /etc/shadow with a line containing a known password Apr 24 02:23:50 is $10 shipping for a little jtag board pricey or is that just me? Apr 24 02:25:35 yeah, it is a bit much Apr 24 02:30:00 is there anyone trustworthy enough to just send to them for a day or two and have them reset the password? I doubt globalscale would do that... Apr 24 02:54:34 mrgary: you might end up paying close to the same amount on shipping Apr 24 02:54:42 and not have the jtag module for next time =p **** ENDING LOGGING AT Tue Apr 24 02:59:58 2012