An easy first step is to harden/alter the current xor method. I suggest changing the password management procedure. Also, the passwords are stored and restored via a simple xor method (which is revealed by the mtpass tool). I think this is considered a security flaw, since this password recovery procedure isn't official and officially passwords cant be recovered without resetting the configuration. The password recovery from backup files is verified for versions 5 and 6. The mtpass tool decrypts passwords from mikrotik backups too (generated by the "/system backup save" command)!! The procedure for both hacks is described at the above link. Then the user.dat file is parsed by the tool mtpass and all the passwords are revealed. The procedure is valid on all openwrt supported routerboards (AR7XXX, AR9XXX) by building the openwrt kernel and ramdisk images and booting routerboard via tftpd. and how to grab password hashes from a local system and crack them. I recently found this article which claims that the user passwords (the admin's too) can be recovered without resetting the configuration. In this video we learn how to use a proxy server to hack PS3 store.
0 Comments
Leave a Reply. |