{"id":852,"date":"2012-04-05T05:03:32","date_gmt":"2012-04-05T05:03:32","guid":{"rendered":"http:\/\/41j.com\/blog\/?p=852"},"modified":"2014-03-15T11:35:16","modified_gmt":"2014-03-15T11:35:16","slug":"the-dude-databasepassword-extraction","status":"publish","type":"post","link":"https:\/\/41j.com\/blog\/2012\/04\/the-dude-databasepassword-extraction\/","title":{"rendered":"The dude &#8211; database\/password extraction"},"content":{"rendered":"<p>I was trying to extract SNMP passwords from a dude data export, I couldn&#8217;t actually find them, but the dude password itself is in cleartext&#8230; here are the first steps in this process anyway:<\/p>\n<p>1. Export from dude, download the file called backup*.tgz<\/p>\n<p>2. Download and install sqlite3<\/p>\n<p>3. Extract backup data:<\/p>\n<p>3.1 Create the following C++ program, which converts the sqllite blob data to text:<\/p>\n<pre class=\"brush: cpp; title: ; notranslate\" title=\"\">\r\n#include &lt;iostream&gt;\r\n#include &lt;fstream&gt;\r\n#include &lt;sstream&gt;\r\n\r\nusing namespace std;\r\n\r\nint main() {\r\n\r\n  ifstream file(&quot;o.txt&quot;);\r\n\r\n  for(;!file.eof();) {\r\n\r\n    string t;\r\n    getline(file,t);\r\n    if(file.eof()) break;\r\n\r\n    size_t startpos=0;\r\n    size_t endpos=0;\r\n    bool first=true;\r\n    for(size_t n=0;n&lt;t.size();n++) {\r\n      if(t&amp;#91;n&amp;#93; == '\\'') {\r\n        if(first) startpos = n+1;\r\n             else endpos = n;\r\n        first=false;\r\n      }\r\n    }\r\n    t = t.substr(startpos,endpos-startpos);\r\n\r\n    cout &lt;&lt; &quot;output: &quot;;\r\n    if(t.size() &gt; 0)\r\n    for(size_t n=0;n&lt;(t.size()-1);n+=2) {\r\n      string s;\r\n      s += t&amp;#91;n&amp;#93;;\r\n      s += t&amp;#91;n+1&amp;#93;;\r\n\r\n      unsigned int c;\r\n      stringstream ss;\r\n      ss &lt;&lt; std::hex &lt;&lt; s;\r\n      ss &gt;&gt; c;\r\n\r\n      cout &lt;&lt; string(1,c);\r\n    }\r\n    cout &lt;&lt; endl;\r\n\r\n  }\r\n\r\n}\r\n&amp;#91;\/sourcecode&amp;#93;\r\n\r\ng++ fileabove.cpp #compile the above code.\r\n\r\nThe do the following to extract the strings from the blobs:\r\n\r\n&amp;#91;sourcecode language=&quot;bash&quot;&amp;#93;\r\nmkdir dudebackup\r\ncd dudebackup\r\ncp ..\/backup*.tgz .\r\ntar xvzf backup*.tgz\r\n~\/Downloads\/sqlite3 .\/dude.db # or wherever sqlite is...\r\necho '.dump' | ~\/Downloads\/sqlite3 dude.db &gt; dude.txt\r\ngrep objs o &gt; o.txt\r\n.\/a.out &gt; o.conv\r\n<\/pre>\n<p>o.conv will then contain a load of blob data. If you grep for &#8220;password&#8221; you&#8217;ll find the dude password. The same password seems to be used to encrypt the login credentials but I haven&#8217;t figured out where those are yet.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I was trying to extract SNMP passwords from a dude data export, I couldn&#8217;t actually find them, but the dude password itself is in cleartext&#8230; here are the first steps in this process anyway: 1. Export from dude, download the file called backup*.tgz 2. Download and install sqlite3 3. Extract backup data: 3.1 Create the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[1],"tags":[],"class_list":["post-852","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p1RRoU-dK","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/posts\/852","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/comments?post=852"}],"version-history":[{"count":4,"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/posts\/852\/revisions"}],"predecessor-version":[{"id":1103,"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/posts\/852\/revisions\/1103"}],"wp:attachment":[{"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/media?parent=852"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/categories?post=852"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/41j.com\/blog\/wp-json\/wp\/v2\/tags?post=852"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}