Tuesday, March 1, 2016

Dell "FOR DELL INTERNAL USE" Password Protected Software

I have a Dell Inspiron 3147 which has an interesting item listed in the "Downloads and Drivers" section of the Dell support page:

INSPIRON 3147/3148/3152/3153/3157/3158 G-SENSOR CALIBRATION TOOL(FOR DELL INTERNAL USE)
This package provides Dell G-sensor calibration internally and is supported on Inspiron 3147/3148 that is running the following Operating Systems: Windows 8.1(64bit).
Link: http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=1MGNJ

So what's actually interesting is that this software is provided publicly and is contained in a password protected zip file.

 (Just want to take a moment and say - the average user of this system does not need this software, I have no idea what it actually does. It's likely there so support can have customers acquire and run it when their issue meets a specific set of criteria. Also, if you break something because you ran it, that's your fault not Dell's.)

Anyways, I dumped the hashes and fed them into John the Ripper (community enhanced "Jumbo" release has support for zip file).

$ ./john ~/encrypted/gsensor.hashes 
Using default input encoding: UTF-8
Loaded 1 password hash (PKZIP [32/64])
Will run 4 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:06:41:48  3/3 0g/s 18284Kp/s 18284Kc/s 18284KC/s hrrlek0e
0g 0:07:29:56  3/3 0g/s 18130Kp/s 18130Kc/s 18130KC/s sumspy752*..sumskres9a
0g 0:09:38:53  3/3 0g/s 17980Kp/s 17980Kc/s 17980KC/s 1823adors4..1823adysac
0g 0:12:22:09  3/3 0g/s 17700Kp/s 17700Kc/s 17700KC/s 10932sho1*..10932spyon
0g 0:12:40:15  3/3 0g/s 17654Kp/s 17654Kc/s 17654KC/s 03433750458..03434741048
0g 0:13:21:40  3/3 0g/s 17532Kp/s 17532Kc/s 17532KC/s tutiairayes..tutiaimurla
0g 0:14:12:37  3/3 0g/s 17421Kp/s 17421Kc/s 17421KC/s lemrodm118..lemras061a
0g 0:15:01:52  3/3 0g/s 17302Kp/s 17302Kc/s 17302KC/s julk4tu00..julk46mb3
0g 1:05:22:06  3/3 0g/s 18348Kp/s 18348Kc/s 18348KC/s hg,bsp14s..hg,bh kuz
0g 1:08:09:16  3/3 0g/s 18343Kp/s 18343Kc/s 18343KC/s syarcr2ab..syarf0r61
0g 1:08:40:48  3/3 0g/s 18324Kp/s 18324Kc/s 18324KC/s zzjy@sk..zz42OF5
0g 1:13:25:46  3/3 0g/s 18142Kp/s 18142Kc/s 18142KC/s lk2hv''92..lk2hv/rs5
breakfix         (gsensor.zip)
1g 3:08:27:17 DONE 3/3 (2016-02-28 11:35) 0.000003g/s 18723Kp/s 18723Kc/s 18723KC/s bree3xyh..breal5fs
Use the "--show" option to display all of the cracked passwords reliably
Session completed
$

I assumed it would be something easy/simple that support could give an end-user over the phone, but still let JTR run with the default charset just in case. Leaving it to run over the weekend - the password is:
breakfix
Kind of a let-down. My Google-fu couldn't find any other software that had similar strings in Dell's support portal. Please comment if you find others. Also interesting that I can't find any examples of this password anywhere.

Curious if this is a one-time deal, or a common password used across multiple packages to keep the average user from accidentally running something.

I will add that the zip file contains some screenshots of the software running as well as a PDF instructions:



The 2nd pic shows what appears to be a snazzy Sensors Self Test Utility (SST).

Posted by at 9 comments:
Labels: ,

Monday, July 13, 2015

Remove Leading Zeros from IP Address

I was working on some automation where I'd need to translate an IP address that was always represented as 3 digits per octet - like 001.002.003.004 instead of 1.2.3.4.

Since I didn't want to reinvent the wheel I went to Google and to my surprise found no examples that worked well - some would only remove 1 leading zero.

So, after some testing and code borrowing, here are two solutions:

Using sed:
sed -r 's/^0*([0-9]+)\.0*([0-9]+)\.0*([0-9]+)\.0*([0-9]+)$/\1.\2.\3.\4/'

Using awk:
awk -F'[.]' '{w=$1+0; x=$2+0; y=$3+0; z=$4+0; print w"."x"."y"."z}'

POC:
$ echo 001.002.003.004 | sed -r 's/^0*([0-9]+)\.0*([0-9]+)\.0*([0-9]+)\.0*([0-9]+)$/\1.\2.\3.\4/'
1.2.3.4
$ echo 001.002.003.004 | awk -F'[.]' '{w=$1+0; x=$2+0; y=$3+0; z=$4+0; print w"."x"."y"."z}'
1.2.3.4
Posted by at 1 comment:
Labels:

Wednesday, May 20, 2015

Level 3 DNS Hijacking - 4.2.2.2 and others

I posted about Verizon's DNS servers and how some of them perform DNS hijacking for domains which don't resolve. While troubleshooting a problem today I found out to my surprise that Level 3's DNS severs do the same thing, one of which has some notoriety.

Level 3 DNS Servers:
4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
4.2.2.6

The odd ones (.1, .3, .5) will correctly reply with NXDOMAIN for FQDNs which don't exist. The even ones (.2, .4, .6) will instead resolve to two "SearchGuide" IPs:
~]$ dig @4.2.2.2 domain-i-just-made-up.fake +short
198.105.244.11
198.105.254.11
Any hosts that may have been configured to use these Level 3 DNS servers will have some interesting outgoing connections when trying to connect to internal hosts that aren't externally resolvable. Hopefully this will save a few minutes when investigated unusual connections to 198.105.244.11 or 198.105.254.11.
Posted by at 1 comment:
Subscribe to: Posts (Atom)