i2000 Service Login - Interesting Findings

Submitted by gpmidi on Fri, 12/14/2018 - 16:10

Root's SSH Key

The root user has an ssh key allowed by default: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA17NPD/1mXAN2kZ/E4YneYYLD7UEi+MiZ94ijJ2+b+oUxdZlGrpZH3zEsJZZGdLrAD+iDs1a0DS44CPEUmh1IF9i/joV4dmJctZEp7H15Z09p+r/1SIsfjwdJ7yNxLy2gc5wmrr09vjmNq0v8+yTWdawll2zjvygqvtYMYR2kD8QT9GT+6yTjWNCq+l1LFXM8wwwK3NI9DTxJh7KcLt1OgbrAlc4ZUhcS/4oOunMASVa0FCxtu5yVetoVdGC8b7YWQQTkzs3z3mpK1iqVNBxfs+LcPJDed35BVwb4Ajm2SWR6XJxK/Evj5jDqekEU23M2i2E4+2L9zQANzZoq6AbUvQ=='

/etc/exports

 

/var/log/adic   *(rw,no_subtree_check,no_root_squash,async)
/etc/adic       *(rw,no_subtree_check,no_root_squash,async)
/tftpboot       *(ro,no_subtree_check,no_root_squash,async)

Postgres Login

root: # cat /usr/local/amc/app/config/db.properties
db.host_ip = 0.0.0.0
db.name = i2kdb
db.user = ilinkacc
db.password =

So you use...

psql -d i2kdb -U ilinkacc

/usr/local/share/db/shadow

root:E.XuAZhbYJOrU:11815:0:10000::::
bin:*:8902:0:10000::::
ftp:*:13698::::::
admin:library:12000:0:99999:7:::
adic_acc:foQD2kgL4MRTM:12769:0:99999:7:::
ilinkacc:E.XuAZhbYJOrU:12769:0:99999:7:::