Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ap305c compatibility #3

Open
m4rkg330 opened this issue Sep 21, 2024 · 5 comments
Open

Ap305c compatibility #3

m4rkg330 opened this issue Sep 21, 2024 · 5 comments

Comments

@m4rkg330
Copy link

Hey @NHAS
I've been having trouble with the ap305c on 10.6 using _shell.
I can confirm that the key is correct since _delete_sig works fine... Do you know if they renamed the command since I can't seem to find the code which actually calls the /bin/sh caller function...
Thanks in advance!
@NHAS
Copy link
Owner

NHAS commented Sep 21, 2024

Howdy,

Unfortunately I have kind of stopped looking at aerohive devices quite a while back. I did present then a report with this as one of the issues, so I wouldn't be surprised if it no longer exists in their platform (considering 10.6 is quite new).

I'd also say that exetremenetworks seemed to show a bit more initiative on the security side of things. So it would surprise me if they've actually patched it.

@m4rkg330
Copy link
Author

Hey,
Thanks for the swift response. It is unfortunate that the _shell command has been removed. Do you perhaps know how the serial console authentication is actually done as I've had a rather bizzare issue where my AP decides to change this password every so often and I'm trying to understand if it's a corruption issue or perhaps the way it saves the password...
Thanks in advance

@NHAS
Copy link
Owner

NHAS commented Sep 22, 2024

I've got a little section on an article I wrote about it that tells you how to connect to the serial console.

https://research.aurainfosec.io/pentest/hacking-the-hive/

@m4rkg330
Copy link
Author

Hi,
I've already accessed the serial console, however I'd like to gain actual shell access... any clues? Also, I've tried using my almost non-existent reverse-engineering skills however I've been completely unable to even find how on earth it encrypts passwords (the issue is that the password I've got seems to just change itself sometimes and while I have a 'shell', I can't reverse the key since it's obscured somehow...)
Thanks in advance,
Mark

@m4rkg330
Copy link
Author

Okay @NHAS, so essentially I'm just trying to reverse the 'HiveAP Obscured Passwords', do you have any idea on how to go about this? I know that they're not just calling ah_encrypt/decrypt_pwd, they seem to do some pre/post processing but I simply cannot tell what they're doing...
Thanks,
Mark

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@NHAS @m4rkg330