The dude – database/password extraction

I was trying to extract SNMP passwords from a dude data export, I couldn’t actually find them, but the dude password itself is in cleartext… here are the first steps in this process anyway:

1. Export from dude, download the file called backup*.tgz

2. Download and install sqlite3

3. Extract backup data:

3.1 Create the following C++ program, which converts the sqllite blob data to text:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#include <iostream>
#include <fstream>
#include <sstream>
 
using namespace std;
 
int main() {
 
  ifstream file("o.txt");
 
  for(;!file.eof();) {
 
    string t;
    getline(file,t);
    if(file.eof()) break;
 
    size_t startpos=0;
    size_t endpos=0;
    bool first=true;
    for(size_t n=0;n<t.size();n++) {
      if(t&#91;n&#93; == '\'') {
        if(first) startpos = n+1;
             else endpos = n;
        first=false;
      }
    }
    t = t.substr(startpos,endpos-startpos);
 
    cout << "output: ";
    if(t.size() > 0)
    for(size_t n=0;n<(t.size()-1);n+=2) {
      string s;
      s += t&#91;n&#93;;
      s += t&#91;n+1&#93;;
 
      unsigned int c;
      stringstream ss;
      ss << std::hex << s;
      ss >> c;
 
      cout << string(1,c);
    }
    cout << endl;
 
  }
 
}
&#91;/sourcecode&#93;
 
g++ fileabove.cpp #compile the above code.
 
The do the following to extract the strings from the blobs:
 
&#91;sourcecode language="bash"&#93;
mkdir dudebackup
cd dudebackup
cp ../backup*.tgz .
tar xvzf backup*.tgz
~/Downloads/sqlite3 ./dude.db # or wherever sqlite is...
echo '.dump' | ~/Downloads/sqlite3 dude.db > dude.txt
grep objs o > o.txt
./a.out > o.conv

o.conv will then contain a load of blob data. If you grep for “password” you’ll find the dude password. The same password seems to be used to encrypt the login credentials but I haven’t figured out where those are yet.

Leave a Reply