The dude – database/password extraction
I was trying to extract SNMP passwords from a dude data export, I couldn’t actually find them, but the dude password itself is in cleartext… here are the first steps in this process anyway:
1. Export from dude, download the file called backup*.tgz
2. Download and install sqlite3
3. Extract backup data:
3.1 Create the following C++ program, which converts the sqllite blob data to text:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 | #include <iostream> #include <fstream> #include <sstream> using namespace std; int main() { ifstream file( "o.txt" ); for (;!file.eof();) { string t; getline(file,t); if (file.eof()) break ; size_t startpos=0; size_t endpos=0; bool first= true ; for ( size_t n=0;n<t.size();n++) { if (t[n] == '\'' ) { if (first) startpos = n+1; else endpos = n; first= false ; } } t = t.substr(startpos,endpos-startpos); cout << "output: " ; if (t.size() > 0) for ( size_t n=0;n<(t.size()-1);n+=2) { string s; s += t[n]; s += t[n+1]; unsigned int c; stringstream ss; ss << std::hex << s; ss >> c; cout << string(1,c); } cout << endl; } } [/sourcecode] g++ fileabove.cpp #compile the above code. The do the following to extract the strings from the blobs: [sourcecode language= "bash" ] mkdir dudebackup cd dudebackup cp ../backup*.tgz . tar xvzf backup*.tgz ~/Downloads/sqlite3 ./dude.db # or wherever sqlite is... echo '.dump' | ~/Downloads/sqlite3 dude.db > dude.txt grep objs o > o.txt ./a.out > o.conv |
o.conv will then contain a load of blob data. If you grep for “password” you’ll find the dude password. The same password seems to be used to encrypt the login credentials but I haven’t figured out where those are yet.