«
»

The dude – database/password extraction

April 5, 2012, 5:03 am

I was trying to extract SNMP passwords from a dude data export, I couldn’t actually find them, but the dude password itself is in cleartext… here are the first steps in this process anyway:

1. Export from dude, download the file called backup*.tgz

2. Download and install sqlite3

3. Extract backup data:

3.1 Create the following C++ program, which converts the sqllite blob data to text:

#include <iostream>
#include <fstream>
#include <sstream>

using namespace std;

int main() {

  ifstream file("o.txt");

  for(;!file.eof();) {

    string t;
    getline(file,t);
    if(file.eof()) break;

    size_t startpos=0;
    size_t endpos=0;
    bool first=true;
    for(size_t n=0;n<t.size();n++) {
      if(t&#91;n&#93; == '\'') {
        if(first) startpos = n+1;
             else endpos = n;
        first=false;
      }
    }
    t = t.substr(startpos,endpos-startpos);

    cout << "output: ";
    if(t.size() > 0)
    for(size_t n=0;n<(t.size()-1);n+=2) {
      string s;
      s += t&#91;n&#93;;
      s += t&#91;n+1&#93;;

      unsigned int c;
      stringstream ss;
      ss << std::hex << s;
      ss >> c;

      cout << string(1,c);
    }
    cout << endl;

  }

}
&#91;/sourcecode&#93;

g++ fileabove.cpp #compile the above code.

The do the following to extract the strings from the blobs:

&#91;sourcecode language="bash"&#93;
mkdir dudebackup
cd dudebackup
cp ../backup*.tgz .
tar xvzf backup*.tgz
~/Downloads/sqlite3 ./dude.db # or wherever sqlite is...
echo '.dump' | ~/Downloads/sqlite3 dude.db > dude.txt
grep objs o > o.txt
./a.out > o.conv

o.conv will then contain a load of blob data. If you grep for “password” you’ll find the dude password. The same password seems to be used to encrypt the login credentials but I haven’t figured out where those are yet.

Category: Uncategorized  |  Comment (RSS)  |  Trackback